Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

files disappearing new ones appearing, some software misbehaves


  • This topic is locked This topic is locked
44 replies to this topic

#1 ninjarig

ninjarig

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 18 March 2018 - 08:54 AM

Hello I my son had been using my laptop. He had been party to some file sharing without my knowledge or approval.

 

Even with my admittedly limited knowledge of its inner workings, THe FRST  logs look like something is definiteyly going on.

 

Once again i defer to those wiser than me.

 

PLEASE HELP THIS IS MY LIVELYHOOD AT STAKE WITH THIS PC.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by theri (administrator) on WINDOWS-302NSHC (18-03-2018 08:38:34)
Running from C:\Users\theri.WINDOWS-302NSHC\Downloads\FRST-OlderVersion
Loaded Profiles: theri & Brad (Available Profiles: theri & Brad)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\IntelCpHDCPSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Pro Tools First\MMERefresh.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\IntelCpHeciSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxEM.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3893296 2016-05-17] (Dell Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [940976 2016-11-19] (Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-06] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Avid\Pro Tools First\MMERefresh.exe [117760 2017-10-16] (Avid Technology, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44032 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1163264 2015-03-30] (Ruiware LLC)
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [150016 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-3269376985-2225278655-3997078210-1005\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
IFEO\isoviewer8.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\pcdlauncher.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\pdr.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\power2go8.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerdvd.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\silhouettelinkconsole.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2017-12-16]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{91827909-3ed3-4ac1-9746-2006816ac56e}: [DhcpNameServer] 10.49.34.1 10.49.34.2
Tcpip\..\Interfaces\{e1e45779-a10b-447c-8458-7502141595e5}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yahoo.com?fr=fp-comodo&type=33090001005_10.1.0.6476_i_hp
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
HKU\S-1-5-21-3269376985-2225278655-3997078210-1005\Software\Microsoft\Internet Explorer\Main,Start Page = www.dell.com
HKU\S-1-5-21-3269376985-2225278655-3997078210-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
SearchScopes: HKU\S-1-5-21-3269376985-2225278655-3997078210-1003 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33090001005_10.1.0.6476_i_ds
SearchScopes: HKU\S-1-5-21-3269376985-2225278655-3997078210-1003 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33090001005_10.1.0.6476_i_ds
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\IEExt\ie_plugin.dll [2018-02-14] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\IEExt\ie_plugin.dll [2018-02-14] (AO Kaspersky Lab)
 
FireFox:
========
FF DefaultProfile: afq36rgh.default
FF ProfilePath: C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\Mozilla\Firefox\Profiles\afq36rgh.default [2018-03-16]
FF Extension: (Avast Passwords) - C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\Mozilla\Firefox\Profiles\afq36rgh.default\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2018-02-01]
FF Extension: (Avast SafePrice) - C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\Mozilla\Firefox\Profiles\afq36rgh.default\Extensions\sp@avast.com.xpi [2018-01-05]
FF Extension: (Avast Online Security) - C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\Mozilla\Firefox\Profiles\afq36rgh.default\Extensions\wrc@avast.com.xpi [2017-12-13]
FF ProfilePath: C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\KompoZer\Profiles\gb601llp.default [2018-03-07]
FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-02-14]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-11] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default [2018-03-18]
CHR Extension: (Slides) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-09]
CHR Extension: (Docs) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-09]
CHR Extension: (Google Drive) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-09]
CHR Extension: (YouTube) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-09]
CHR Extension: (Avast Passwords) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2018-03-09]
CHR Extension: (Avast SafePrice) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-03-09]
CHR Extension: (Sheets) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-09]
CHR Extension: (Google Docs Offline) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-09]
CHR Extension: (Avast Online Security) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-09]
CHR Extension: (Kaspersky Protection) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2018-03-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-09]
CHR Extension: (Gmail) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-09]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-06] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-06] (AVAST Software)
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [7649576 2018-03-09] (AVAST Software)
S4 CLKMSVC10_3CD7F304; C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Common\NavFilter\KmSvc.exe [312088 2016-05-09] (CyberLink)
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [13824 2017-11-20] (Cybereason) [File not signed]
R2 DigiRefresh; C:\Program Files\Avid\Pro Tools First\MMERefresh.exe [117760 2017-10-16] (Avid Technology, Inc.) [File not signed]
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2223864 2017-01-06] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190216 2016-10-15] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
S4 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [215328 2016-05-16] (Intel Corporation)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe [426416 2018-02-14] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [321024 2016-11-17] (Realtek Semiconductor)
S3 ScannerService.exe; C:\WINDOWS\ComodoAptAtScanner\cmdapt64.exe [1130168 2016-11-30] (COMODO)
S4 SilhouetteLink; C:\Program Files (x86)\Silhouette America\Silhouette Link\Resources\Resources\SPEC_LK\SilhouetteLinkServer.32.exe [897200 2016-12-06] ()
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [410032 2016-11-19] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S2 NVU; C:\Windows\nvidia\wintask.exe [X]
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196648 2018-03-06] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-06] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-06] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-06] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-06] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [215320 2018-03-06] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-03-06] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146656 2018-03-06] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110328 2018-03-06] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-03-06] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-03-06] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-03-06] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-03-06] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-03-06] (AVAST Software)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (www.winchiphead.com)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 cmdcss; C:\WINDOWS\system32\drivers\cmdcss.sys [126568 2017-10-17] (COMODO)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
R2 DpmLiteDrv; C:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [79928 2017-01-06] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [75320 2017-01-06] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [358968 2017-01-06] (Intel Corporation)
R3 FocusriteUSB; C:\WINDOWS\System32\drivers\FocusriteUSB.sys [96424 2017-06-08] (Focusrite Audio Engineering Ltd.)
R3 FocusriteUSBAudio; C:\WINDOWS\system32\drivers\FocusriteUSBAudio.sys [54440 2017-06-08] (Focusrite Audio Engineering Ltd.)
R3 FocusriteUSBSwRoot; C:\WINDOWS\System32\drivers\FocusriteUSBSwRoot.sys [97960 2017-06-08] (Focusrite Audio Engineering Ltd.)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [63496 2017-01-12] (Intel Corporation)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [47928 2015-11-04] (Intel)
S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [84280 2016-05-16] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [135992 2015-11-04] (Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [71992 2015-11-09] (Intel)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-25] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [120008 2018-02-21] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29816 2016-10-14] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [207576 2018-02-14] (AO Kaspersky Lab)
R1 KLHK; C:\WINDOWS\System32\drivers\klhk.sys [594144 2018-02-14] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1055944 2018-02-21] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-02-21] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50672 2017-12-25] (AO Kaspersky Lab)
R3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [44768 2017-01-20] (AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [231312 2018-03-01] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2018-02-14] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [252600 2018-03-01] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [107656 2018-03-01] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [174664 2018-03-01] (AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [93888 2018-02-21] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [135904 2017-12-25] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-12-25] (AO Kaspersky Lab)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-16] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [436224 2016-12-15] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3149824 2016-11-14] (Realtek Semiconductor Corp.)
S3 usbaudio2; C:\WINDOWS\system32\DRIVERS\usbaudio2.sys [239616 2017-09-29] (Microsoft Corporation)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-03-31] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-02-15] (Zemana Ltd.)
U1 aswbdisk; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
========================== Drivers MD5 =======================
 
C:\WINDOWS\System32\drivers\1394ohci.sys 08312DEEF0D3F8647AA53AD90A69094E
C:\WINDOWS\System32\drivers\3ware.sys 645009E711BBF117CCEE917A03FB0CDD
C:\WINDOWS\System32\drivers\ACPI.sys 334BAC25FE297342B119730E699B826C
C:\WINDOWS\System32\drivers\AcpiDev.sys 44EA35A4B397898A83BF1B9B4B8DAE35
C:\WINDOWS\System32\Drivers\acpiex.sys 91D113A1532B8AB1E25B7DE5AB3C2F83
C:\WINDOWS\System32\drivers\acpipagr.sys 620BB2682BA625DF037072D89F44F6EE
C:\WINDOWS\System32\drivers\acpipmi.sys B9805A3C479390CEAEA5AEF5E4A90A2E
C:\WINDOWS\System32\drivers\acpitime.sys ABD4EB55C661143B015BD0B9B47B235C
C:\WINDOWS\System32\drivers\ADP80XX.SYS 8C58BD711FAD5F11E8CFDBC5CED973A5
C:\WINDOWS\system32\drivers\afd.sys AD7B46330B55170ED706043DE88AC1A9
C:\WINDOWS\System32\DRIVERS\ahcache.sys 56166D110D3ECFFC595E5FA02D9BA491
C:\WINDOWS\System32\drivers\amdk8.sys 62619E31AFF88F906A7E793AC4A9FF51
C:\WINDOWS\System32\drivers\amdppm.sys 735142DD039BEB35632765C41FC6E397
C:\WINDOWS\System32\drivers\amdsata.sys F1C16AABA27E9E153AEC7BD2AB853F30
C:\WINDOWS\System32\drivers\amdsbs.sys C834D0F1ECB8473E9E6D18EE1BCEECB2
C:\WINDOWS\System32\drivers\amdxata.sys 49203D2FFE30CBB36BE66A0E70F3D954
C:\WINDOWS\System32\drivers\appid.sys 3692C75C47285D388C886D162F54C430
C:\WINDOWS\System32\drivers\applockerfltr.sys 1E085E2302D568F0CE041732B3E887B0
C:\WINDOWS\System32\drivers\arcsas.sys B42C83DE28776B80DBA1310C56DD4F74
C:\WINDOWS\System32\drivers\aswArPot.sys DCD966874B4C8C952662D2D16DDB4D7C
C:\WINDOWS\System32\drivers\aswbidsdrivera.sys A2F689B3E2BEAF05DD6DBE6ED862F781
C:\WINDOWS\System32\drivers\aswbidsha.sys 9CAF76B70650DBF39AD85E6CE885F5B7
C:\WINDOWS\System32\drivers\aswbloga.sys A846D0306A72F8AF5515009D811F344B
C:\WINDOWS\System32\drivers\aswbuniva.sys 6A4C9AEBDBB30D9DF0A6F03BC3B4007B
C:\WINDOWS\System32\drivers\aswHdsKe.sys 385F63137F179F0ED040E3D7899AF149
C:\WINDOWS\System32\drivers\aswHwid.sys 92F25DFDF0C1051B311A7BD980A0E9AE
C:\WINDOWS\System32\drivers\aswMonFlt.sys 6B24EFD741C02480A7AFDD68A334EA4F
C:\WINDOWS\System32\drivers\aswRdr2.sys B9C7752B3D482D8CAEE9848F414164A9
C:\WINDOWS\System32\drivers\aswRvrt.sys 841177ED7A3F4A899E50736FBA7E9AB2
C:\WINDOWS\System32\drivers\aswSnx.sys CC12B6E35CCC5282DEFE3E74A9C7D33D
C:\WINDOWS\System32\drivers\aswSP.sys CD8387672DA9F706481EF9D3F7C32BB2
C:\WINDOWS\System32\drivers\aswStm.sys 95B840B4BEDA5DBCC60D7A5FEF0DAE54
C:\WINDOWS\System32\drivers\aswVmm.sys CA1FC21F1A2D55AE0BB5F6E8FBEA8ECF
C:\WINDOWS\System32\drivers\asyncmac.sys C2151380227CD1F7DDA2401C1F151367
C:\WINDOWS\System32\drivers\atapi.sys 6191B9B2EE0E8CB957C683B9B341CC86
C:\WINDOWS\System32\drivers\bxvbda.sys A921805C1ED3253DF48FCA4D724173EB
C:\WINDOWS\System32\drivers\bam.sys 763CF81762483E244BAEB83DEFFC53F3
C:\WINDOWS\System32\drivers\BasicDisplay.sys 2A7267AA15E508F6D05A5B562F1FD1CE
C:\WINDOWS\System32\drivers\BasicRender.sys FAFAEDFC7CAFD8B8FADA6A81BAF92E3A
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys EDDAA3A563E7EB71C991FE91249C7D81
C:\WINDOWS\System32\DRIVERS\bowser.sys D030A1203680D66716F4E74053468627
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys A4863B7B1F0DB513D6E34547BACC211A
C:\WINDOWS\System32\drivers\BthEnum.sys 82BD96D56574231AD0E9BBF293EA2E7F
C:\WINDOWS\System32\drivers\bthhfenum.sys 9C9EE272C11252C651C5DE6A1AC1EDAA
C:\WINDOWS\System32\drivers\BthHFHid.sys 69734E386826ED857C889330F35B4D9C
C:\WINDOWS\system32\DRIVERS\bthl2cap.sys 338B8D45C7DFB03DB7957188E16C9661
C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys 47BF82E2A6D11279C8501E08518AB835
C:\WINDOWS\System32\drivers\bthmodem.sys A94AFAEA86F5F792BB4ECA095B231464
C:\WINDOWS\System32\drivers\bthpan.sys 4F58D8C265FFA943878CF7F922432847
C:\WINDOWS\System32\drivers\BTHport.sys 5FAA7A57251BAAE5D1DDBA5FEFA232B9
C:\WINDOWS\System32\drivers\BTHUSB.sys 55C836530A9602255BFB4F5D9DA2B737
C:\WINDOWS\System32\drivers\bttflt.sys 39E7437FC59CDD7A303ABD514E462E8B
C:\WINDOWS\System32\drivers\buttonconverter.sys 522888590B0C19BC8128119060AE7901
C:\WINDOWS\System32\drivers\CAD.sys 2AB01CE5E233A6FBA3E91BD57772AA4B
C:\WINDOWS\System32\drivers\capimg.sys F6F97879F53AD57194C6BC8272FD73EA
C:\WINDOWS\System32\DRIVERS\cdfs.sys 9E82A95D77AC78C84BA75FF896B060BF
C:\WINDOWS\System32\drivers\cdrom.sys 6D83565C1652E80447EDEA6947FA89D7
C:\WINDOWS\System32\Drivers\CH341S64.SYS 3C0A1B6F538E00F318C109F4A3F29515
C:\WINDOWS\System32\drivers\cht4sx64.sys D81954CE5E016FD716EDDB2B2FD9BA58
C:\WINDOWS\System32\drivers\cht4vx64.sys F9A8570805807FFD66488F0A858E1308
C:\WINDOWS\System32\drivers\circlass.sys 9798D58461706930190F1F2F6BF21D80
C:\WINDOWS\System32\drivers\cldflt.sys 6AF3865AEF65623814209794409AA15F
C:\WINDOWS\System32\drivers\CLFS.sys 33609EDF8062E8FE79DD5F9079E4D3CE
C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys 5C646CAC91E086F7FF53C7F2E857F263
C:\WINDOWS\System32\drivers\CmBatt.sys 2BA3BA38B5A6A667B0EAEC477276707B
C:\WINDOWS\system32\drivers\cmdcss.sys 3FF3F42C76C255362778A732FC46FC6D
C:\WINDOWS\System32\DRIVERS\cm_km.sys F03BD81B9F81EE845D790B55417CD0AA
C:\WINDOWS\System32\Drivers\cng.sys DAD3FBE21D23064DF65F2E8B4413F341
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys C65AF00EF12A1755E7CA370B0C71935D
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys A50300498D56B2448F3593D25478D508
C:\WINDOWS\System32\drivers\condrv.sys 65602B0DB49199647FECB2D1212147BE
C:\WINDOWS\System32\drivers\dam.sys 72BE43ABD786E86AAE7EA2193201E100
C:\WINDOWS\System32\Drivers\dfsc.sys 9910E9CFF5ECDCB225F82E72CE9DE459
C:\WINDOWS\System32\drivers\disk.sys 811173C821171BB910219E53C7FD97AD
C:\WINDOWS\System32\drivers\dmvsc.sys 569FE16775E15A49DC904DE20BF8CAA0
C:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys 204A3E7B9EBE96E8E17D52A7B025AFB6
C:\WINDOWS\System32\drivers\dptf_acpi.sys BA99F604B427595B7C56FB632E253550
C:\WINDOWS\System32\drivers\dptf_cpu.sys 5EDFFA7B6843A5586CC9A98DDC3C70C5
C:\WINDOWS\System32\drivers\drmkaud.sys F4800922F4ABA619585CE320A72E6389
C:\WINDOWS\System32\drivers\dxgkrnl.sys 1C0CD90ECC86B7B26D98EBA5BBF419C3
C:\WINDOWS\System32\drivers\evbda.sys C99D40C97841E0A7F0F90B8629593A97
C:\WINDOWS\System32\drivers\EhStorClass.sys 260BBD6B1ED06298E509B452354EDB91
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys F3BEBDC1B9DBA32F183079EAE6244837
C:\WINDOWS\System32\drivers\errdev.sys 1B63CA857FD03FD0A5A1379F2996784F
C:\WINDOWS\System32\drivers\esif_lf.sys F79A1339FDEFDB2A9141BF0BEC5B246E
C:\Windows\System32\Drivers\exfat.sys F1ACA42D448E3986565EA54275EEEA65
C:\Windows\System32\Drivers\fastfat.sys 0AF4B36754A6EAE794EE4398E219A9E1
C:\WINDOWS\System32\drivers\fdc.sys 7CD8426A33F06EB72BFEC51F7C264AF8
C:\WINDOWS\System32\drivers\filecrypt.sys DE51BBBCF358188F9736F031546F9908
C:\WINDOWS\System32\drivers\fileinfo.sys 822F664952B0F8D11BB6BD2F11779602
C:\WINDOWS\System32\drivers\filetrace.sys 5A4935682A0D47A4EAC4BE3C2ACF74D6
C:\WINDOWS\System32\drivers\flpydisk.sys 60641F22D1D38EAD197C25F0339C9712
C:\WINDOWS\System32\drivers\fltmgr.sys 56F9EAA7099159759B2F6C523007A13F
C:\WINDOWS\System32\drivers\FocusriteUSB.sys D01D70606985A21A8F76930B0055CCED
C:\WINDOWS\system32\drivers\FocusriteUSBAudio.sys 3DD6BE6C43404EE5C27AEE0115B080F2
C:\WINDOWS\System32\drivers\FocusriteUSBSwRoot.sys 82941593944658E8D58B723A98DA5923
C:\WINDOWS\System32\drivers\FsDepends.sys 5D8A0E58E3F82583697E3F07052435AA
C:\Windows\System32\Drivers\Fs_Rec.sys BB82CC2F51F7C3D5DCD13FA3B040D8F8
C:\WINDOWS\System32\DRIVERS\fvevol.sys 9E5E8464A9E6E177916DC010A9753CD4
C:\WINDOWS\System32\drivers\vmgencounter.sys 3B5DDF1061930A0A891FA63DB0CB878B
C:\WINDOWS\System32\drivers\genericusbfn.sys 8B34E3F794F652082D7E8AF112F71681
C:\WINDOWS\System32\Drivers\msgpioclx.sys 127C23F4720C8902A3AB0FEE12205317
C:\WINDOWS\System32\drivers\gpuenergydrv.sys C7DEA3458E50B691E69EFF0B47CBCCDB
C:\WINDOWS\System32\drivers\HdAudio.sys 0D4E1DE424440F1FC83E27EB30870B2E
C:\WINDOWS\System32\drivers\HDAudBus.sys 99A34FD1F6431A10D8C3BB50E170D0F2
C:\WINDOWS\System32\drivers\HidBatt.sys 2443FC6EEB9CF092B62127D867901B02
C:\WINDOWS\System32\drivers\hidbth.sys 205043CDC16ADE85E252DD54AE925161
C:\WINDOWS\System32\drivers\HidEventFilter.sys C2FDCCA7D173AE31E55386D70F2BBC7A
C:\WINDOWS\System32\drivers\hidi2c.sys B521DDDC9038C066B1B957BF063A531A
C:\WINDOWS\System32\drivers\hidinterrupt.sys 5AC0EBFA76E93273A806176D3178E986
C:\WINDOWS\System32\drivers\hidir.sys 366AC0E05EBF5D5C375F65CD8BC7F0DF
C:\WINDOWS\System32\drivers\hidusb.sys 7CB54D02746024648FCE184FC3F941FF
C:\WINDOWS\System32\drivers\HID_PCI.sys 78C78504A6C58E7A7F3156707A64CC2E
C:\WINDOWS\System32\drivers\HpSAMD.sys 835FB95D85D362057A72D21A48C2C7F8
C:\WINDOWS\System32\drivers\HTTP.sys 1BAAC22B54F149D26AFCD41446A1E2D1
C:\WINDOWS\System32\drivers\hvservice.sys 9F2CFC90306532866C62BDCDFD2532AA
C:\WINDOWS\System32\Drivers\mshwnclx.sys 3737FE486929AFC48F1D10677B698E52
C:\WINDOWS\System32\drivers\hwpolicy.sys 3C65EBF7F1BFD98426C355D66876ECEE
C:\WINDOWS\System32\drivers\hyperkbd.sys 7E00234C67A322988AFEA717D5609C9E
C:\WINDOWS\System32\drivers\HyperVideo.sys FBF5BB641DE99AE1DF4835E88D4F8993
C:\WINDOWS\System32\drivers\i8042prt.sys 56FF074E50F9042FD2856AB3418F4B18
C:\WINDOWS\System32\drivers\iagpio.sys B5EC43755E62591197DE5CBBDAA9FEB7
C:\WINDOWS\System32\drivers\iai2c.sys D8CA23F9C5FEF44296FDE1E005C06EC0
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 7B769C9D19C013F94874C4B15D59A005
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys E0F1B3A2A70FABE3BE1C9140BB55E607
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 89A869BCC0588A3009ECB875B09ECD39
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 2E693DF3C02A0859DB8DE25772751100
C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys 9FC5FEF534F277D1FD583CC5F8B5856B
C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys 6DD80E740B0A3BABDC14BE91E7A92832
C:\WINDOWS\System32\drivers\iaLPSS2_SPI.sys 74B65FA8552BD2C47B808527C89237FA
C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys 0B54F00176BE2F0E77ACDE13EA7F8290
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorA.sys 6B4BF2508CBDFC86E3547B0B3DFABB02
C:\WINDOWS\System32\drivers\iaStorAV.sys 435883A27A376B125BD4DF888417C85F
C:\WINDOWS\System32\drivers\iaStorV.sys 7118E4390C4ACDE61E280CE52BCAF44E
C:\WINDOWS\System32\drivers\ibbus.sys 9DBE8C359ABACE1BE1BBAB687D114506
C:\WINDOWS\system32\DRIVERS\ibtusb.sys 606148419C4F99C3102E1EF5E3AFC72A
C:\WINDOWS\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igdkmd64.sys EB6E75C37F2C3676B6D2D8C54A995311
C:\WINDOWS\System32\drivers\IndirectKmd.sys 42CAF6216A6E516DC56BA319ACC7EEC5
C:\WINDOWS\system32\drivers\RTKVHD64.sys A8FD69E79BF0468DA0C09983AF960C04
C:\WINDOWS\system32\DRIVERS\IntcDAud.sys DA7859458D03EF47FA344DF60AEAC28D
C:\WINDOWS\System32\drivers\intelide.sys 40943C1CD031ACE06A8374AD56B9E5EA
C:\WINDOWS\System32\drivers\intelpep.sys 327D9CCF5492543AEF3979F9EEAD02BE
C:\WINDOWS\System32\drivers\intelppm.sys 10F2757836F41BFAEA2AE19F6FE869B2
C:\WINDOWS\System32\drivers\invdimm.sys 8387E90B551B9B7F32EDC69909591E9E
C:\WINDOWS\System32\drivers\iorate.sys E207078E0E1BB3524277DB9077E4148E
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys FD8F64B7B345E539F2EA7F72846F83B4
C:\WINDOWS\System32\drivers\IPMIDrv.sys 8AAB863E72A4F9C578FED2EE3541545B
C:\WINDOWS\System32\drivers\ipnat.sys 7BEC2AF23F586EFF0DB4DBF4331B0C70
C:\WINDOWS\System32\drivers\ipt.sys 35A54F19E703D4FE5919F812F6CC5D0A
C:\WINDOWS\system32\drivers\irda.sys 359CDDBC825959DA28FA886B3C271B53
C:\WINDOWS\System32\drivers\irenum.sys F88664A2A82DDA456180FFF95A771765
C:\WINDOWS\System32\drivers\isapnp.sys A3B7A93F32E110949CA01DDE7C6B991B
C:\WINDOWS\System32\drivers\msiscsi.sys E352C745233D62AE43B2A9E98416F1D1
C:\WINDOWS\System32\drivers\ISH.sys 544FB0543707090EFA59C83F33BAC0EE
C:\WINDOWS\System32\drivers\ISH_BusDriver.sys 4F0F84A73442B7AD12EF3C2C645058E0
C:\WINDOWS\System32\drivers\kbdclass.sys E320F986BBE0CD9324EA0A193EBF29B1
C:\WINDOWS\System32\drivers\kbdhid.sys AFF5DDCC1A79217C9526FF5E01A69E89
C:\WINDOWS\System32\drivers\kdnic.sys 916E62AF3386F7A74603E5C545F6FF2D
C:\WINDOWS\System32\DRIVERS\kl1.sys 025177EB96DDB40DBA3CD003AD54D90B
C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys AD67F0BFD14CA21269A274C3A4BEF497
C:\WINDOWS\System32\DRIVERS\klbackupflt.sys D69BC00276AA42AB957B4420DD66436A
C:\WINDOWS\system32\DRIVERS\kldisk.sys 7DAA9047F50BF5A3F8C147719FC520AF
C:\WINDOWS\System32\DRIVERS\klelam.sys 7AD0CCE09BEBE47E578BDD567AAB4051
C:\WINDOWS\system32\DRIVERS\klflt.sys 44AAFFCBD506C15ED27BD2FA85BED2FE
C:\WINDOWS\System32\drivers\klhk.sys 2EBE042FF7CC4774D653D762CC02B395
C:\WINDOWS\System32\DRIVERS\klif.sys F49563A42667D8C4DB59502D69CEABF0
C:\WINDOWS\system32\DRIVERS\klim6.sys FE25B1DF1D5546EB45721C1022A3B048
C:\WINDOWS\system32\DRIVERS\klkbdflt.sys BCD71B7987E6A5DCECCDABE4B5C5675C
C:\WINDOWS\system32\DRIVERS\klmouflt.sys C8DCC1339A3E5548B09F439F28F4DF1D
C:\WINDOWS\System32\DRIVERS\klpd.sys C334FBE82E1ADE139FFCD43517378A4B
C:\WINDOWS\system32\DRIVERS\klpnpflt.sys ED9BCB990982C7D9AD7E98C1406B1D6D
C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys 5DF80B8ED56F8865D0AD904F3199F08D
C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys 34D207C9300529BE5E29267922483778
C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys 0EA41015CD1B41AFCCC896A916E8617A
C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys DA3C0A419D56B332FADF15546EF5FC04
C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys F31EC261ECC09DB51EE6EDC03A415140
C:\WINDOWS\system32\DRIVERS\klwfp.sys 6577A7495694DF82DFC80BB146AA296D
C:\WINDOWS\system32\DRIVERS\klwtp.sys 53FA5196D5C10C52F064F6DD1B99689F
C:\WINDOWS\system32\DRIVERS\kneps.sys C2E155A456E0E18953A41546C8769E63
C:\WINDOWS\System32\Drivers\ksecdd.sys 69FA8BEBADF807089FEFCD3F59CFAC1E
C:\WINDOWS\System32\Drivers\ksecpkg.sys D55A5888E11F74462849C348A9206914
C:\WINDOWS\system32\drivers\ksthunk.sys DD8C4726127CFE313233372D70787C37
C:\WINDOWS\System32\drivers\lltdio.sys CB5A6E117502156794F0DA9E61506006
C:\WINDOWS\System32\drivers\lsi_sas.sys 20048BEE892138A745B1C23EBB0E069F
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 9EAB16572B576979D585DDEDB12417CD
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 3B7B359C0870317106DF3438D4FF491D
C:\WINDOWS\System32\drivers\lsi_sss.sys 2DE03BA338A4B0ACDB416A30F1C7D56F
C:\WINDOWS\system32\drivers\luafv.sys 9A497169E145FCE2D8AA7DBC67377F64
C:\WINDOWS\System32\drivers\mausbhost.sys BF56CB9D02DEE8CA9CBA50220BE16F15
C:\WINDOWS\System32\drivers\mausbip.sys 01BDEE1FFF6D2216797DFEE4ABD937D9
C:\WINDOWS\System32\Drivers\mbamswissarmy.sys 4FA981BBE3DF0D3D91213793303F9C37
C:\WINDOWS\System32\drivers\megasas.sys C7B8B5053D646CBD30BE1BA6B487D396
C:\WINDOWS\System32\drivers\MegaSas2i.sys EB8ED3204499DDB2D3BA094A4563EE3E
C:\WINDOWS\System32\drivers\megasr.sys F1C1D4E752DE1D58295040E5BE8813AF
C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys 1039E2C190060B1A51289B47493DA456
C:\WINDOWS\System32\drivers\mlx4_bus.sys 16B078D1089FEA98710C9D07C152DCEE
C:\WINDOWS\system32\drivers\mmcss.sys 20C57CE47B1A877C48A4B68E9A4E21FA
C:\WINDOWS\System32\drivers\modem.sys A4467A5C080318F0CCCF5ED463821F8B
C:\WINDOWS\System32\drivers\monitor.sys 78BE85C1F1C7F3AF6C87BCE127007D5A
C:\WINDOWS\System32\drivers\mouclass.sys 8E262B34A8BD184B4B3025AA8C396B00
C:\WINDOWS\System32\drivers\mouhid.sys C094A555F148495EA130D3BBC5232D5E
C:\WINDOWS\System32\drivers\mountmgr.sys 6434BC884502E95EEA2379C92DD22B60
C:\WINDOWS\System32\drivers\mpsdrv.sys F36E4074C66DD31855A8D79EF0AE8066
C:\WINDOWS\system32\drivers\mrxdav.sys 215D672CB71987CD98EB2298EFB84DDC
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 71729B1EE949E1B092CB5CB75CC63715
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 87FF93E7420C9068C0D5B2F3109809F4
C:\WINDOWS\System32\drivers\bridge.sys 167408B38458ECAE545C57527BC99024
C:\Windows\System32\Drivers\Msfs.sys AE111778CA6AC08862B3C713F0413333
C:\WINDOWS\System32\drivers\msgpiowin32.sys 6DDDFCAB646BBBCFC583135C4430E10F
C:\WINDOWS\System32\drivers\mshidkmdf.sys 01C6A86BEA8279E557A5056148F068BF
C:\WINDOWS\System32\drivers\mshidumdf.sys F65ABC7DE945047147F17330F79732CB
C:\WINDOWS\System32\drivers\msisadrv.sys 05B23012427801E710BDD12720B9020B
C:\WINDOWS\System32\drivers\MSKSSRV.sys 021C34C1968B78ACFBF30553EE78A1D3
C:\WINDOWS\System32\drivers\mslldp.sys C3F5EA6B9041A30B4F11BE2E7863E487
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 601D666820F0408B896791D19BE6D258
C:\WINDOWS\System32\drivers\MSPQM.sys 46E61FBA0097E48E5628C74A3F72233A
C:\Windows\System32\Drivers\MsRPC.sys A423DA8D5E810AD35AE221A4BE1A23B7
C:\WINDOWS\System32\drivers\mssmbios.sys CBD56E0B55FB3672BA80382EC2F8835C
C:\WINDOWS\System32\drivers\MSTEE.sys 5734B2A36D3BB13A638E5305EEEC582D
C:\WINDOWS\System32\drivers\MTConfig.sys 85270E0DC6907C6B99F72A36F17AED34
C:\WINDOWS\System32\Drivers\mup.sys DB5B1539F5EBB3DD3A7ED25ADBC4D6D9
C:\WINDOWS\System32\drivers\mvumis.sys 3C57FF3BCF496D24C39C2198158864BB
C:\WINDOWS\System32\DRIVERS\nwifi.sys FD916B66910494DFF70C944FC38A2623
C:\WINDOWS\System32\drivers\ndfltr.sys 77B047B109CE758A017F58FAE5038D0D
C:\WINDOWS\System32\drivers\ndis.sys EC74F146BCA0586DF835027D56B6A68D
C:\WINDOWS\System32\drivers\ndiscap.sys 067AE5BA349CC35AF8975D22DC483DDF
C:\WINDOWS\System32\drivers\NdisImPlatform.sys 6FC4D7EB5D38CFB7966405036116F065
C:\WINDOWS\System32\DRIVERS\ndistapi.sys ED7CC4E16B76B2603C9F827188EA63B4
C:\WINDOWS\System32\drivers\ndisuio.sys 8D977AFC195A3F4B15B05D02B2BD0292
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys DC1D26D62F40B7552BCF49D92774F0C5
C:\WINDOWS\System32\drivers\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\NDProxy.sys 8ABF5B8D5839F8DAE2E0D3165AE732F6
C:\WINDOWS\System32\drivers\Ndu.sys A791792DC412CCD83DA0AF6871682552
C:\WINDOWS\System32\drivers\NetAdapterCx.sys BE79982A50AC88BC0765F3AFECFCB596
C:\WINDOWS\System32\drivers\netbios.sys E899D26A0C2555AC30ACDD526056E51F
C:\WINDOWS\System32\DRIVERS\netbt.sys 7FC54F2AF5EC52C7AC05AD90FFC757E6
C:\WINDOWS\System32\drivers\netvsc.sys 88D5C3BC8DE3DA7EC3C89D49060E97E9
C:\WINDOWS\System32\drivers\Netwtw04.sys 9018527E56D9CADB80FE5D1CB824D5D9
C:\Windows\System32\Drivers\Npfs.sys F337ACAC7C85DE7A80AC2106C505FD13
C:\WINDOWS\System32\drivers\npsvctrig.sys 5CB8082E51DE7D19042F0FF8C517CB0D
C:\WINDOWS\System32\drivers\nsiproxy.sys 958921BB7AE2671983743FDA0DD587C4
C:\Windows\System32\Drivers\NTFS.sys B6FDEBE8F640E9173AD2BA3F9C014195
C:\Windows\System32\Drivers\Null.sys 0D1E03A5F87F4DE04D97622C686910A2
C:\WINDOWS\System32\drivers\nvdimmn.sys 532F27A2B62D70C327E763F035AED6C1
C:\WINDOWS\System32\drivers\nvraid.sys 7E04652EB1A476BC0A72ECDC613AF0C5
C:\WINDOWS\System32\drivers\nvstor.sys 880B3E874914DAEF97119876543AE117
C:\WINDOWS\System32\drivers\parport.sys 2E07EC2C1622F5E7B535D62DCD61F3AB
C:\WINDOWS\System32\drivers\partmgr.sys 023DDF9DE429B2E6F0BADA72AA98EF8B
C:\WINDOWS\System32\drivers\pci.sys 38FABAC2072FC9E6459F7B7ECF3F6C47
C:\WINDOWS\System32\drivers\pciide.sys E5AF806815ED797086629741F29E4156
C:\WINDOWS\System32\drivers\pcmcia.sys 2A631D447B988AFBE847CBAA8E5CC298
C:\WINDOWS\System32\drivers\pcw.sys ACD510CF2B631A2D36B2CFB7D31E22FD
C:\WINDOWS\System32\drivers\pdc.sys 1796112EB89559910BC18865A29C8894
C:\WINDOWS\System32\drivers\peauth.sys F21127EDE5D72090A1B029AFF4AFFD17
C:\WINDOWS\System32\drivers\percsas2i.sys 35FD028E4323018202C0B7D115FD3AEF
C:\WINDOWS\System32\drivers\percsas3i.sys F9F3D8BE9BC9241CC726197261362AC4
C:\WINDOWS\System32\drivers\pmem.sys 36D43EA5517F3F4AAAC8EE061C957EF1
C:\WINDOWS\System32\drivers\pnpmem.sys 59048555B59FD69287CFAB6022B5CC86
C:\WINDOWS\System32\drivers\raspptp.sys AACA74DEF7BE3DED322411787494878B
C:\WINDOWS\System32\drivers\processr.sys B1111C47F128C946BDC87A18E44007EB
C:\WINDOWS\System32\drivers\pacer.sys 5818FE76C3C6AE0CA723EBE483BF447F
C:\WINDOWS\system32\drivers\qwavedrv.sys 16F9A6B593B52EB18F7ECB9D251BDF7A
C:\WINDOWS\System32\DRIVERS\ramdisk.sys 13600C467512147E99052806F2C1307A
C:\WINDOWS\System32\DRIVERS\rasacd.sys F57D1DE0C9522BCD590A69D044641B5A
C:\WINDOWS\System32\drivers\AgileVpn.sys ED0EE10911C16AD8B21B9003C90E968F
C:\WINDOWS\System32\drivers\rasl2tp.sys E0220BB6580D34001D4D1D133052DAA4
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 12EE1D92F4E5FAE4B6F65195A2016CE5
C:\WINDOWS\System32\drivers\rassstp.sys 91CE469015979E5B3C3DBC2C41A476E8
C:\WINDOWS\System32\DRIVERS\rdbss.sys 4525664EFB5EB71D4B155405F78D93DB
C:\WINDOWS\System32\drivers\rdpbus.sys 8A5285B38A203D15110E142DE68406DD
C:\WINDOWS\System32\drivers\rdpdr.sys DF83769C92527DB50653F8FB57D001FF
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 4D1A63ACEC42A88E52AFC4E84A8CE9EE
C:\WINDOWS\System32\drivers\rdyboost.sys 12AF835862F2B6B2FB9DEA8BA2288587
C:\Windows\System32\Drivers\ReFS.sys FB0577F6BC9E07549CEACF5224327499
C:\Windows\System32\Drivers\ReFSv1.sys 4136BCA61BCDCC79DCE145F9CB639CD6
C:\WINDOWS\System32\drivers\rfcomm.sys 5BF7698021DB13B55753FD921BEBE318
C:\WINDOWS\System32\drivers\rhproxy.sys BBC228CA2F96B784B01FE7F1C5E3CFBB
C:\WINDOWS\System32\drivers\rspndr.sys 27B80E5766B114621980F82FB78E912A
C:\WINDOWS\system32\Drivers\RtsUer.sys E7273015245874AF1AB41B476D914C71
C:\WINDOWS\system32\DRIVERS\rtsuvc.sys 6B9E2BB805D07F0FAEB76CCC92ABD241
C:\WINDOWS\System32\drivers\vms3cap.sys F0FA6B67B16EEFDEF8E8AFAD47A4F9B8
C:\WINDOWS\System32\drivers\sbp2port.sys 324FA3C337EB54B43448F7B08444DC8D
C:\WINDOWS\System32\DRIVERS\scfilter.sys 62A33CE69DB508BCEC63F4D3BFF400CE
C:\WINDOWS\System32\drivers\scmbus.sys 7B057373146CC4E5A1F1DA665EA55DC7
C:\WINDOWS\System32\drivers\sdbus.sys 1F58E6D5C1F211DE8BF5131BF12077D1
C:\WINDOWS\System32\drivers\SDFRd.sys 6D3853838864886B4F10B074282772E0
C:\WINDOWS\System32\drivers\sdstor.sys 80E9563F0B75E98482ECB7D5CBA56BBA
C:\WINDOWS\System32\drivers\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\System32\drivers\SerCx.sys 75A27472AFD009255DBDE52038E3BDB5
C:\WINDOWS\System32\drivers\SerCx2.sys 84005F54308109A022413D628E966412
C:\WINDOWS\System32\drivers\serenum.sys 40384793F74CFFA45BCC38DF65E978EC
C:\WINDOWS\System32\drivers\serial.sys 699470AD24D67908991A777716A352FD
C:\WINDOWS\System32\drivers\sermouse.sys 92453F065F52A8EF0328A926B2C9502F
C:\WINDOWS\System32\drivers\sfloppy.sys 1D8920C40F19B5FBA5F4897779840AD1
C:\WINDOWS\System32\drivers\SiSRaid2.sys A871F9CC9CF388DC7193D22EF8D8C8DF
C:\WINDOWS\System32\drivers\sisraid4.sys D30FC341550CC364880950152AE8B1C5
C:\WINDOWS\System32\drivers\spaceport.sys F0EF647D02C33FFB19C065C6CB5FAFDA
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys CCECE7E96B4F7B0E9F0FC82F6DADA917
C:\WINDOWS\System32\drivers\SpbCx.sys 545507AF670BC88B89200A118513ED9A
C:\WINDOWS\System32\DRIVERS\srv.sys 485BABF47A46EB298AB11E447B0D800C
C:\WINDOWS\System32\DRIVERS\srv2.sys 9608E59615382EA9A76C8BE2CC788A97
C:\WINDOWS\System32\DRIVERS\srvnet.sys 43480B3EE4D23F5AA8EE7C6D83B09487
C:\WINDOWS\System32\drivers\stexstor.sys 162A805E13B3C0DD06AE8B6FC1900156
C:\WINDOWS\System32\drivers\storahci.sys D218EA2F4126629BEAC03555216CB506
C:\WINDOWS\System32\drivers\vmstorfl.sys A12CFAAA0F113A25D8CEFE58B1CBB207
C:\WINDOWS\System32\drivers\stornvme.sys 15EA6F1F6BA9A0E2C8D32A6EB77129F8
C:\WINDOWS\System32\drivers\storqosflt.sys 57377953F5688158054BC8CB5A243115
C:\WINDOWS\System32\drivers\storufs.sys 4D6FF8DDBF9CC61EC95A4BF4096D52FF
C:\WINDOWS\System32\drivers\storvsc.sys 9B431079624306B5659B3B7208A71C75
C:\WINDOWS\System32\drivers\swenum.sys 027B27E4B9DB3931D64159B81BD915A0
C:\WINDOWS\System32\drivers\Synth3dVsc.sys AB15F9FDCD11D5283891BC956E8C5C95
C:\WINDOWS\System32\drivers\tcpip.sys CEB50240703E69F552116C7E9F0E0910
C:\WINDOWS\System32\drivers\tcpip.sys CEB50240703E69F552116C7E9F0E0910
C:\WINDOWS\System32\drivers\tcpipreg.sys 74A1BF4093FA7B7D6C9366A39911A78E
C:\WINDOWS\system32\DRIVERS\tdx.sys 571D82ABAC428D902ACA0CF60373C039
C:\WINDOWS\System32\drivers\terminpt.sys B4B68E1DB59456419D9E49645729502A
C:\Windows\System32\Drivers\Tpkd.sys D154DD00C8F12D94C9CC94027356B6E4
C:\WINDOWS\System32\drivers\tpm.sys F54728E32D67537C5A13454E23449C7A
C:\WINDOWS\System32\drivers\TsUsbFlt.sys 8D811209E34358EAD3FD8E40F657E59C
C:\WINDOWS\System32\drivers\TsUsbGD.sys 68DE1735FB020AE8948BD7B60F2EBD3B
C:\WINDOWS\System32\drivers\tunnel.sys ACD39B0E5CFDA7B1AB7DF33FC5CC0E46
C:\WINDOWS\System32\drivers\uaspstor.sys 04FC2C7F73AE58BF0DD674164E28A6DF
C:\WINDOWS\System32\Drivers\UcmCx.sys E437FC4B1833F6B745184F78C4921FB8
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 950A3E42167904CAB9AA64863C31CEB5
C:\WINDOWS\System32\drivers\UcmUcsi.sys F520EF2D24C1B43A2151DCA271865271
C:\WINDOWS\System32\drivers\ucx01000.sys E6E91B3980A495D2A9D28A09580EA993
C:\WINDOWS\System32\drivers\udecx.sys DACA289DFFA7658C04FEF6DCFA2AA9CE
C:\WINDOWS\System32\DRIVERS\udfs.sys 12383D410AEF99AD6979A8EFD3D61888
C:\WINDOWS\System32\drivers\UEFI.sys AB7FE51D818B6059C2F56FA62268CCAC
C:\WINDOWS\System32\drivers\ufx01000.sys 58447F28E697A93521DD20530A8D50ED
C:\WINDOWS\System32\drivers\UfxChipidea.sys 69ED2D00A7787D9D84E6C90CE0B02B2D
C:\WINDOWS\System32\drivers\ufxsynopsys.sys F061EC57330FBC597A4E7298BE667780
C:\WINDOWS\System32\drivers\umbus.sys D40BCED160D332005AF612E1228825E6
C:\WINDOWS\System32\drivers\umpass.sys 64CF24D7B1FA4975C52A31BF4C82EB73
C:\WINDOWS\System32\drivers\urschipidea.sys ACE4C3B4C7D17B154FFC5BBE5F7A9835
C:\WINDOWS\System32\drivers\urscx01000.sys ECE40EB976A5ACB366808AECF6B235BA
C:\WINDOWS\System32\drivers\urssynopsys.sys EB738F830D3E7EA62A218F101EF91FD4
C:\WINDOWS\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
C:\WINDOWS\system32\drivers\usbaudio.sys 51A397ECC1AB2BD54C935E74A9543330
C:\WINDOWS\system32\DRIVERS\usbaudio2.sys 2E43570FDDC3C1A485EE403AF7092CB7
C:\WINDOWS\System32\drivers\usbccgp.sys B43E28E5CF868517EEC0923AB2BC366B
C:\WINDOWS\System32\drivers\usbcir.sys 1080D80B5F6D249F23BAE1C0C36233A4
C:\WINDOWS\System32\drivers\usbehci.sys EE162DA2C92026A5B96ED89737975AA8
C:\WINDOWS\System32\drivers\usbhub.sys C27FEE9758E3BEDE4D48B5EDBE1122CF
C:\WINDOWS\System32\drivers\UsbHub3.sys 964721AD64F0F263A515CE70399D4834
C:\WINDOWS\System32\drivers\usbohci.sys 44B954306BB2B311E070EDA276FECAB1
C:\WINDOWS\System32\drivers\usbprint.sys EEF26F9034F0608B93D4D239534BB0BA
C:\WINDOWS\System32\drivers\usbser.sys 913CFF365DB1803525DBD2AA8B8188B4
C:\WINDOWS\System32\drivers\USBSTOR.SYS 441CAE778B6A1FF6E618E37814A7A52A
C:\WINDOWS\System32\drivers\usbuhci.sys 2D6BB2157B37B2D9DABF8C218F2A805B
C:\WINDOWS\System32\drivers\USBXHCI.SYS D4AF6826A473562C169B0916BFE3486C
C:\WINDOWS\System32\drivers\vdrvroot.sys C77C537077822D8EA529AD4EBFD971D6
C:\WINDOWS\System32\drivers\VerifierExt.sys 9D4EEE333603F3675685F644053499D5
C:\WINDOWS\System32\drivers\vhdmp.sys A8D889FDE8DFD73790D7A6469087F2EA
C:\WINDOWS\System32\drivers\vhf.sys E10FEBB566E1F0A3936AB304F338637E
C:\WINDOWS\System32\drivers\VirtualButtons.sys 1519BADAE98380CD2853DD67071F574A
C:\WINDOWS\System32\drivers\vmbus.sys 7F74310E6C734B14A2F352BA9BF46AC8
C:\WINDOWS\System32\drivers\VMBusHID.sys DC9E0600B356258E31403789119C78A9
C:\WINDOWS\System32\drivers\vmgid.sys B24F74B2710B66F647419697BDB9E163
C:\WINDOWS\System32\drivers\vnvdimm.sys D81F6B790519A60F3D1788B45D04B749
C:\WINDOWS\System32\drivers\volmgr.sys E79560E0D2735CE1F7C0B5D2051E6FF4
C:\WINDOWS\System32\drivers\volmgrx.sys 6D6CACED512C1EF1FEAC215E37E3A9BC
C:\WINDOWS\System32\drivers\volsnap.sys 5B27846CF4B1C21AFB3A35A8336BA02F
C:\WINDOWS\System32\drivers\volume.sys 72A95A844D6BAF2924A4C15BEDFD6BCA
C:\WINDOWS\System32\drivers\vpci.sys 702273C7C1BE9D366BAF1305D382F03C
C:\WINDOWS\System32\drivers\vsmraid.sys 075CE3C9E77D2666AFA888951E5F07A9
C:\WINDOWS\System32\drivers\vstxraid.sys 26D00E85BE4726B114335250FCDEDA89
C:\WINDOWS\System32\drivers\vwifibus.sys 3DFDB573E4D49EA8F416B573525B7A86
C:\WINDOWS\System32\drivers\vwififlt.sys A40FA64655AB5B8773A96A821616C5FC
C:\WINDOWS\System32\drivers\vwifimp.sys 0D34F98DBDF09D239533AC345C360F03
C:\WINDOWS\System32\drivers\wacompen.sys 5B5430522E0BDF2A753D758710BE7C5E
C:\WINDOWS\System32\DRIVERS\wanarp.sys 1FC3A8FB032B62A88283BC8113FDF1C5
C:\WINDOWS\System32\DRIVERS\wanarp.sys 1FC3A8FB032B62A88283BC8113FDF1C5
C:\WINDOWS\system32\drivers\wcifs.sys 06E308756F1B4A47AA7CBC82A1ED889A
C:\WINDOWS\system32\drivers\wcnfs.sys 47AEC992BDE2C98CAF94260367E52CDE
C:\WINDOWS\system32\drivers\WdBoot.sys 6FD8F1FBED780A7F3DF329C834E52AC5
C:\WINDOWS\System32\drivers\wdcsam64.sys ==> MD5 is legit
C:\WINDOWS\System32\drivers\Wdf01000.sys FCC960498E3CD899F0A429F7CF9E77AD
C:\WINDOWS\system32\drivers\WdFilter.sys 7D182F0F227FC141C5D2085175BE05F6
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys 394CCCA2A8C04BA14327636F20AB9DAD
C:\WINDOWS\System32\Drivers\WdNisDrv.sys 0D38C257A7B34A818726BA2F323B196E
C:\WINDOWS\System32\drivers\wdnsfltr.sys DF58AA71FBA55E15F572C93447696DEC
C:\WINDOWS\System32\drivers\wfplwfs.sys 8E101DF42D36E04EC610581BA478B38F
C:\WINDOWS\System32\drivers\wimmount.sys C8D3FC38426E990E2787771678B19C6D
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys 0484B0D01EA6F7017519EBDDBADE759D
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 813EE0F4D4B8D599DB1968682D080732
C:\WINDOWS\System32\drivers\winmad.sys E23475E9150E6A50B12DB176EA5CDD56
C:\WINDOWS\System32\drivers\winnat.sys E0551E7838C0D03E1E0FE7BD8CDA8B99
C:\WINDOWS\System32\drivers\WinUSB.SYS E92F3539C4758F6A9F4B80CBAC75B3E6
C:\WINDOWS\System32\drivers\winverbs.sys 59126AFCC64270747B5CC9B44A4A48F4
C:\WINDOWS\System32\drivers\wmiacpi.sys E8C793ED028E132771988760819E3754
C:\Windows\System32\Drivers\Wof.sys 8D6E6F6C233AF450C50FA615530B44D2
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 9EAE1EF282864674355B4B81DF6AE935
C:\WINDOWS\system32\drivers\ws2ifsl.sys 367B3ED0C688AFE28C376B0230814567
C:\WINDOWS\System32\drivers\WSDPrint.sys 7B44553610A89F2011CF69BEA9AFD4CB
C:\WINDOWS\system32\DRIVERS\WSDScan.sys 8068DC839C3729FFC70821FBEF05D5ED
C:\WINDOWS\System32\drivers\WudfPf.sys BD5E68B369DF3453A0A87663C6C5476D
C:\WINDOWS\System32\drivers\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\System32\drivers\xboxgip.sys 2244A4CEFE8F9C74091369ACE2E9EBC6
C:\WINDOWS\System32\drivers\xinputhid.sys 4A91B49C6B1E41151D47CB919ADF013A
C:\WINDOWS\System32\drivers\zamguard64.sys 21E13F2CB269DEFEAE5E1D09887D47BB
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-18 08:32 - 2018-03-18 08:32 - 042384886 _____ C:\Users\theri.WINDOWS-302NSHC\Desktop\outpatient.wav
2018-03-17 11:17 - 2018-03-17 11:17 - 000045954 _____ C:\Users\theri.WINDOWS-302NSHC\AppData\Local\recently-used.xbel
2018-03-17 10:01 - 2018-03-17 10:01 - 000522090 ____N C:\Users\Akmhy\repress-highway-rachel-rolled.xlsx
2018-03-17 10:01 - 2018-03-17 10:01 - 000509839 ____N C:\Users\uxpwb\eye_dancing_quoted.xlsx
2018-03-17 10:01 - 2018-03-17 10:01 - 000226993 ____N C:\Users\Akmhy\dissatisfaction.stimulate.obvious.mdb
2018-03-17 10:01 - 2018-03-17 10:01 - 000225785 ____N C:\Users\uxpwb\match.pinch.fact.rapidly.mdb
2018-03-17 10:01 - 2018-03-17 10:01 - 000070801 ____N C:\Users\Akmhy\radiation philip inspired.xls
2018-03-17 10:01 - 2018-03-17 10:01 - 000063443 ____N C:\Users\uxpwb\plow-among-describe.xls
2018-03-17 10:01 - 2018-03-17 10:01 - 000057306 ____N C:\Users\uxpwb\swung_suggest.pem
2018-03-17 10:01 - 2018-03-17 10:01 - 000050129 ____N C:\Users\Akmhy\stagesleanedaccordanceaccuse.pem
2018-03-17 10:01 - 2018-03-17 10:01 - 000033642 ____N C:\Users\Akmhy\virtual.environment.feels.txt
2018-03-17 10:01 - 2018-03-17 10:01 - 000027442 ____N C:\Users\Akmhy\giants newer.sql
2018-03-17 10:01 - 2018-03-17 10:01 - 000021207 ____N C:\Users\uxpwb\dancer.closed.sql
2018-03-17 10:01 - 2018-03-17 10:01 - 000020690 ____N C:\Users\uxpwb\supplement_aim_burning_pervade.txt
2018-03-17 10:01 - 2018-03-17 10:01 - 000000000 __SHD C:\Users\theri.WINDOWS-302NSHC\Desktop\0K, this directory is for Ransomware detection (just leave it here)
2018-03-17 10:01 - 2018-03-17 10:01 - 000000000 ___HD C:\Users\uxpwb
2018-03-17 10:01 - 2018-03-17 10:01 - 000000000 ___HD C:\Users\theri.WINDOWS-302NSHC\Documents\Wstore252
2018-03-17 10:01 - 2018-03-17 10:01 - 000000000 ___HD C:\Users\theri.WINDOWS-302NSHC\Documents\Ajcache225
2018-03-17 10:01 - 2018-03-17 10:01 - 000000000 ___HD C:\Users\Akmhy
2018-03-17 10:01 - 2018-03-17 10:01 - 000000000 ____D C:\Acconfiguration225
2018-03-17 10:01 - 2018-03-17 10:01 - 000000000 ____D C:\__Qtransfer153
2018-03-16 23:29 - 2018-03-16 23:29 - 006626871 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\1590b drill template.xcf
2018-03-16 09:32 - 2018-03-16 09:32 - 000004090 _____ C:\WINDOWS\System32\Tasks\Cybereason RansomFree Keepalive
2018-03-16 09:32 - 2018-03-16 09:32 - 000003196 _____ C:\WINDOWS\System32\Tasks\Cybereason RansomFree Autostart
2018-03-16 09:32 - 2018-03-16 09:32 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\Cybereason
2018-03-16 09:32 - 2018-03-16 09:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cybereason RansomFree
2018-03-16 09:32 - 2018-03-16 09:32 - 000000000 ____D C:\ProgramData\Cybereason
2018-03-16 09:32 - 2018-03-16 09:32 - 000000000 ____D C:\Program Files (x86)\Cybereason
2018-03-16 09:15 - 2018-03-16 09:15 - 061819320 _____ (Malwarebytes ) C:\Users\theri.WINDOWS-302NSHC\Downloads\mbarw-setup-consumer-0.9.18.807.exe
2018-03-16 09:14 - 2018-03-16 09:14 - 004198400 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\CybereasonRansomFree.msi
2018-03-16 09:14 - 2018-03-16 09:14 - 000457680 _____ (Bleeping Computer, LLC) C:\Users\theri.WINDOWS-302NSHC\Downloads\ListCWall.exe
2018-03-16 08:55 - 2018-03-16 08:55 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Documents\tweaking.com_windows_repair_aio
2018-03-15 16:57 - 2018-03-15 16:57 - 000001288 _____ C:\Users\theri.WINDOWS-302NSHC\Desktop\Custom Shop.lnk
2018-03-15 16:56 - 2012-08-29 12:23 - 012708016 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_def.dll
2018-03-15 16:56 - 2012-08-29 12:23 - 012474544 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_core.dll
2018-03-15 16:56 - 2012-08-29 12:23 - 009917616 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_intel_thread.dll
2018-03-15 16:56 - 2012-08-29 12:23 - 000529072 _____ (Intel Corporation) C:\WINDOWS\system32\libiomp5md.dll
2018-03-15 16:56 - 2012-08-29 12:23 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\msvcp71.dll
2018-03-15 16:56 - 2012-08-29 12:23 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\msvcr71.dll
2018-03-15 16:55 - 2018-03-15 16:55 - 000000000 ____D C:\Program Files\VstPlugIns
2018-03-15 16:55 - 2018-03-15 16:55 - 000000000 ____D C:\Program Files\IK Multimedia
2018-03-15 12:11 - 2018-03-02 16:09 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-15 12:11 - 2018-03-02 16:09 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-13 19:03 - 2018-03-01 22:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-13 19:03 - 2018-03-01 22:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-13 19:03 - 2018-03-01 22:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-13 19:03 - 2018-03-01 22:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-13 19:03 - 2018-03-01 22:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-13 19:03 - 2018-03-01 22:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-13 19:03 - 2018-03-01 21:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-13 19:03 - 2018-03-01 21:56 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationREST.dll
2018-03-13 19:03 - 2018-03-01 15:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-13 19:03 - 2018-03-01 02:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-13 19:03 - 2018-03-01 02:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-13 19:03 - 2018-03-01 02:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-13 19:03 - 2018-03-01 02:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-13 19:03 - 2018-03-01 02:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-13 19:03 - 2018-03-01 02:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-13 19:03 - 2018-03-01 02:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-13 19:03 - 2018-03-01 02:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-13 19:03 - 2018-03-01 02:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-13 19:03 - 2018-03-01 02:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-13 19:03 - 2018-03-01 02:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-13 19:03 - 2018-03-01 02:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-13 19:03 - 2018-03-01 02:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-13 19:03 - 2018-03-01 02:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-13 19:03 - 2018-03-01 02:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-13 19:03 - 2018-03-01 02:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-13 19:03 - 2018-03-01 02:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-13 19:03 - 2018-03-01 02:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-13 19:03 - 2018-03-01 02:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-13 19:03 - 2018-03-01 02:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-13 19:03 - 2018-03-01 02:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-13 19:03 - 2018-03-01 02:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-13 19:03 - 2018-03-01 02:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-13 19:03 - 2018-03-01 02:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-13 19:03 - 2018-03-01 02:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-13 19:03 - 2018-03-01 02:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-13 19:03 - 2018-03-01 02:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-13 19:03 - 2018-03-01 02:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-13 19:03 - 2018-03-01 02:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-13 19:03 - 2018-03-01 02:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-13 19:03 - 2018-03-01 02:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-13 19:03 - 2018-03-01 02:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-13 19:03 - 2018-03-01 02:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-13 19:03 - 2018-03-01 02:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-13 19:03 - 2018-03-01 02:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-13 19:03 - 2018-03-01 02:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-13 19:03 - 2018-03-01 02:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-13 19:03 - 2018-03-01 02:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-13 19:03 - 2018-03-01 02:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-13 19:03 - 2018-03-01 02:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-13 19:03 - 2018-03-01 02:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-13 19:03 - 2018-03-01 02:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-13 19:03 - 2018-03-01 01:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-13 19:03 - 2018-03-01 01:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-13 19:03 - 2018-03-01 01:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-13 19:03 - 2018-03-01 01:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-13 19:03 - 2018-03-01 01:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-13 19:03 - 2018-03-01 01:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-13 19:03 - 2018-03-01 01:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-13 19:03 - 2018-03-01 01:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-13 19:03 - 2018-03-01 01:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-13 19:03 - 2018-03-01 01:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-13 19:03 - 2018-03-01 01:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-13 19:03 - 2018-03-01 01:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-13 19:03 - 2018-03-01 01:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-13 19:03 - 2018-03-01 01:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-13 19:03 - 2018-03-01 01:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-13 19:03 - 2018-03-01 01:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-13 19:03 - 2018-03-01 01:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-13 19:03 - 2018-03-01 01:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-13 19:03 - 2018-03-01 01:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-13 19:03 - 2018-03-01 01:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-13 19:03 - 2018-03-01 01:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-13 19:03 - 2018-03-01 01:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-13 19:03 - 2018-03-01 01:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-13 19:03 - 2018-03-01 01:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-13 19:03 - 2018-03-01 01:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-13 19:03 - 2018-03-01 01:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-13 19:03 - 2018-03-01 00:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-13 19:03 - 2018-03-01 00:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-13 19:03 - 2018-03-01 00:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-13 19:03 - 2018-03-01 00:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-13 19:03 - 2018-03-01 00:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-13 19:03 - 2018-03-01 00:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-13 19:03 - 2018-03-01 00:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-13 19:03 - 2018-03-01 00:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-13 19:03 - 2018-03-01 00:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-13 19:03 - 2018-03-01 00:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-13 19:03 - 2018-03-01 00:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-13 19:03 - 2018-03-01 00:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-13 19:03 - 2018-03-01 00:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-13 19:03 - 2018-03-01 00:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-13 19:03 - 2018-03-01 00:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-13 19:03 - 2018-03-01 00:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-13 19:03 - 2018-03-01 00:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-13 19:03 - 2018-03-01 00:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-13 19:03 - 2018-03-01 00:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-13 19:03 - 2018-03-01 00:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-13 19:03 - 2018-03-01 00:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-13 19:03 - 2018-03-01 00:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-13 19:03 - 2018-03-01 00:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-13 19:03 - 2018-03-01 00:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-13 19:03 - 2018-03-01 00:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-13 19:03 - 2018-03-01 00:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-13 19:03 - 2018-03-01 00:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-13 19:03 - 2018-03-01 00:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-13 19:03 - 2018-03-01 00:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-13 19:03 - 2018-03-01 00:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-13 19:03 - 2018-03-01 00:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-13 19:03 - 2018-03-01 00:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-13 19:03 - 2018-03-01 00:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-13 19:03 - 2018-03-01 00:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-13 19:03 - 2018-03-01 00:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-13 19:03 - 2018-03-01 00:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-13 19:03 - 2018-03-01 00:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-13 19:03 - 2018-03-01 00:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-13 19:03 - 2018-03-01 00:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-13 19:03 - 2018-03-01 00:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-13 19:03 - 2018-03-01 00:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-13 19:03 - 2018-03-01 00:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-13 19:03 - 2018-03-01 00:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-13 19:03 - 2018-03-01 00:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-13 19:03 - 2018-03-01 00:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-13 19:03 - 2018-03-01 00:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-13 19:03 - 2018-03-01 00:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-13 19:03 - 2018-03-01 00:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-13 19:03 - 2018-03-01 00:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-13 19:03 - 2018-03-01 00:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-13 19:03 - 2018-03-01 00:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-13 19:03 - 2018-03-01 00:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-13 19:03 - 2018-03-01 00:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-13 19:03 - 2018-03-01 00:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-13 19:03 - 2018-03-01 00:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-13 19:03 - 2018-03-01 00:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-13 19:03 - 2018-03-01 00:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-13 19:03 - 2018-03-01 00:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-13 19:03 - 2018-03-01 00:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-13 19:03 - 2018-03-01 00:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-13 19:03 - 2018-03-01 00:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-13 19:03 - 2018-03-01 00:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-13 19:03 - 2018-03-01 00:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-13 19:03 - 2018-03-01 00:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-13 19:03 - 2018-03-01 00:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-13 19:03 - 2018-03-01 00:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-13 19:03 - 2018-03-01 00:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-13 19:03 - 2018-03-01 00:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-13 19:03 - 2018-03-01 00:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-13 19:03 - 2018-03-01 00:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-13 19:03 - 2018-03-01 00:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-13 19:03 - 2018-03-01 00:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-13 19:03 - 2018-03-01 00:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-13 19:03 - 2018-02-21 21:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-13 19:03 - 2018-02-21 21:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-13 19:03 - 2018-02-21 21:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-13 19:03 - 2018-02-21 21:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-13 19:03 - 2018-02-21 21:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-13 19:03 - 2018-02-21 21:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-13 19:03 - 2018-02-21 21:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-13 19:03 - 2018-02-21 21:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-13 19:03 - 2018-02-21 21:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-13 19:03 - 2018-02-21 21:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-13 19:03 - 2018-02-21 21:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-13 19:03 - 2018-02-21 21:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-13 19:03 - 2018-02-21 21:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-13 19:03 - 2018-02-21 21:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-13 19:03 - 2018-02-21 21:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-13 19:03 - 2018-02-21 21:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-13 19:03 - 2018-02-21 20:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-13 19:03 - 2018-02-21 20:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-13 19:03 - 2018-02-21 20:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-13 19:03 - 2018-02-21 20:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-13 19:03 - 2018-02-21 20:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-13 19:03 - 2018-02-21 20:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-13 19:03 - 2018-02-21 20:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-13 19:03 - 2018-02-21 20:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-13 19:03 - 2018-02-21 19:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-13 19:03 - 2018-02-21 19:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-13 19:03 - 2018-02-21 19:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-13 19:03 - 2018-02-21 19:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-13 19:03 - 2018-02-21 19:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-13 19:03 - 2018-02-21 19:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-13 19:03 - 2018-02-21 19:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-13 19:03 - 2018-02-21 19:26 - 000441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2018-03-13 19:03 - 2018-02-21 19:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-13 19:03 - 2018-02-21 19:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-13 19:03 - 2018-02-21 19:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-13 09:25 - 2018-03-13 09:25 - 000002072 _____ C:\Users\theri.WINDOWS-302NSHC\Desktop\Rkill.txt
2018-03-13 09:24 - 2018-03-18 08:38 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Downloads\FRST-OlderVersion
2018-03-13 00:50 - 2018-03-13 00:50 - 000007803 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\13.rpp
2018-03-11 22:19 - 2018-03-11 22:19 - 000000555 _____ C:\Users\theri.WINDOWS-302NSHC\Desktop\JRT.txt
2018-03-11 22:02 - 2018-03-11 22:02 - 001001556 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\bodrot.xcf
2018-03-10 19:39 - 2018-03-10 19:39 - 000000000 ____D C:\ProgramData\Reason
2018-03-10 09:32 - 2018-03-10 09:32 - 000000000 ____D C:\Program Files\Reason
2018-03-10 08:13 - 2018-03-10 08:13 - 000474037 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\MI Audio Crunch Box (1).pdf
2018-03-10 00:50 - 2018-03-10 00:50 - 000000000 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\InstallVoodooShield.exe
2018-03-10 00:09 - 2018-03-10 00:09 - 008828672 _____ (Reason Software Company Inc.) C:\Users\theri.WINDOWS-302NSHC\Downloads\reason-core-security-setup.exe
2018-03-09 23:43 - 2018-03-09 23:43 - 000000871 _____ C:\Users\Public\Desktop\REAPER (x64).lnk
2018-03-09 21:46 - 2018-03-09 21:46 - 000002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk
2018-03-09 21:46 - 2018-03-09 21:46 - 000000000 ____D C:\Program Files (x86)\iLok License Manager
2018-03-09 21:25 - 2018-03-09 21:25 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Documents\MPC
2018-03-09 21:25 - 2018-03-09 21:25 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\MPC
2018-03-09 21:06 - 2018-03-09 21:07 - 011708816 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\reaper577_x64-install.exe
2018-03-09 20:31 - 2018-03-09 20:31 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\PACE Anti-Piracy
2018-03-09 20:31 - 2018-03-09 20:31 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\PACE Anti-Piracy
2018-03-09 20:31 - 2018-03-09 20:31 - 000000000 ____D C:\ProgramData\PACE Anti-Piracy
2018-03-09 20:29 - 2018-03-16 10:00 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-09 17:08 - 2018-03-09 17:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-09 17:08 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-09 17:07 - 2018-03-09 17:08 - 068724528 _____ (Malwarebytes ) C:\Users\theri.WINDOWS-302NSHC\Downloads\mb3-setup-1878.1878-3.4.4.2398.exe
2018-03-09 17:06 - 2018-03-09 17:06 - 000001146 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\AdwCleanerS2.txt
2018-03-09 16:27 - 2018-03-09 20:25 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-09 16:27 - 2018-03-09 20:25 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-09 16:27 - 2018-03-09 16:27 - 001129816 _____ (Google Inc.) C:\Users\theri.WINDOWS-302NSHC\Downloads\ChromeSetup.exe
2018-03-09 16:27 - 2018-03-09 16:27 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-09 16:26 - 2018-03-09 16:26 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\theri.WINDOWS-302NSHC\Downloads\rkill-unsigned.exe
2018-03-09 12:17 - 2018-03-09 12:17 - 000000000 ___HD C:\__Previews
2018-03-09 12:10 - 2018-03-09 12:10 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\EQATEC Analytics
2018-03-09 12:10 - 2018-03-09 12:10 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\Altium
2018-03-09 12:10 - 2018-03-09 12:10 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Altium
2018-03-09 12:05 - 2018-03-09 12:05 - 000001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\CircuitMaker.lnk
2018-03-09 12:05 - 2018-03-09 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altium
2018-03-09 12:04 - 2018-03-09 12:05 - 000000000 ____D C:\ProgramData\Altium
2018-03-09 12:03 - 2018-03-09 12:03 - 000000000 ____D C:\Program Files (x86)\Altium
2018-03-09 12:00 - 2018-03-09 12:00 - 009467296 _____ (Altium Limited) C:\Users\theri.WINDOWS-302NSHC\Downloads\CircuitMakerSetup(2).exe
2018-03-09 11:48 - 2018-03-09 12:03 - 000000000 ____D C:\Users\Public\Documents\Altium
2018-03-09 11:48 - 2018-03-09 11:48 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\Altium2004
2018-03-09 11:48 - 2018-03-09 11:48 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\AltiumSecurityService
2018-03-09 11:48 - 2018-03-09 11:48 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Altium2004
2018-03-09 11:48 - 2018-03-09 11:48 - 000000000 ____D C:\ProgramData\Altium2004
2018-03-09 11:47 - 2018-03-09 11:47 - 009467296 _____ (Altium Limited) C:\Users\theri.WINDOWS-302NSHC\Downloads\CircuitMakerSetup(1).exe
2018-03-09 11:42 - 2018-03-09 11:43 - 009467296 _____ (Altium Limited) C:\Users\theri.WINDOWS-302NSHC\Downloads\CircuitMakerSetup.exe
2018-03-07 05:14 - 2018-03-08 18:46 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2018-03-07 05:09 - 2018-03-07 05:09 - 000000670 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\WindowsShell.Manifest111.txt
2018-03-07 04:50 - 2018-03-07 10:27 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\WinPatrol
2018-03-07 04:50 - 2018-03-07 04:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2018-03-07 04:50 - 2018-03-07 04:50 - 000000000 ____D C:\ProgramData\InstallMate
2018-03-07 04:50 - 2018-03-07 04:50 - 000000000 ____D C:\Program Files (x86)\Ruiware
2018-03-07 04:31 - 2018-03-07 04:31 - 001790024 _____ (Malwarebytes) C:\Users\theri.WINDOWS-302NSHC\Downloads\JRT.exe
2018-03-07 04:30 - 2018-03-18 06:03 - 000320444 _____ C:\WINDOWS\ntbtlog.txt
2018-03-07 03:58 - 2018-03-07 06:51 - 000000000 ____D C:\WINDOWS\ComodoAptAtScanner
2018-03-07 03:30 - 2018-03-07 03:30 - 000001298 _____ C:\Users\theri.WINDOWS-302NSHC\Desktop\startup.txt
2018-03-07 03:28 - 2018-03-07 03:28 - 000006288 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\cc_20180307_022837.reg
2018-03-07 03:19 - 2018-03-07 03:19 - 000004622 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\startup.txt
2018-03-07 03:16 - 2018-03-07 03:16 - 000137700 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\cc_20180307_021616.reg
2018-03-07 03:14 - 2018-03-07 03:14 - 009452370 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\ccsetup537.zip
2018-03-07 03:14 - 2018-03-07 03:14 - 000483809 _____ (Lars Hederer ) C:\Users\theri.WINDOWS-302NSHC\Downloads\ntregopt-setup.exe
2018-03-07 03:13 - 2018-03-07 03:13 - 036948693 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\tweaking.com_windows_repair_aio.zip
2018-03-07 03:13 - 2018-03-07 03:13 - 003871695 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\tweaking.com_simple_system_tweaker_portable.zip
2018-03-07 02:50 - 2018-03-07 02:50 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\.traverso
2018-03-07 02:47 - 2018-03-07 02:47 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\KompoZer
2018-03-07 02:07 - 2018-03-07 02:07 - 031973879 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\lmms-1.1.3-win64.exe
2018-03-06 15:03 - 2018-03-06 15:03 - 000380768 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-03-06 11:52 - 2018-03-06 11:54 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\webkit
2018-03-06 05:28 - 2018-03-09 20:45 - 000000000 ____D C:\Program Files (x86)\SoundToys
2018-03-06 05:12 - 2018-03-06 05:12 - 000000000 ___RD C:\Users\theri.WINDOWS-302NSHC\Downloads\325289AEDD75.TorrentSearchPRO_qtx9tqphctw9r!App
2018-03-04 22:12 - 2018-03-04 22:19 - 000007593 _____ C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Resmon.ResmonCfg
2018-03-04 01:43 - 2018-03-04 01:43 - 000000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2018-03-04 00:59 - 2018-03-04 01:00 - 309750200 _____ (Emsisoft Ltd. ) C:\Users\theri.WINDOWS-302NSHC\Documents\EmsisoftAntiMalwareSetup_bc.exe
2018-03-04 00:59 - 2018-03-04 00:59 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\theri.WINDOWS-302NSHC\Downloads\iExplore.exe
2018-03-02 05:07 - 2018-03-02 05:07 - 000000829 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\Pictures - Shortcut.lnk
2018-03-01 16:10 - 2018-03-01 20:18 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Desktop\New folder
2018-03-01 15:52 - 2018-03-01 15:52 - 001393630 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\13-180301_1452.wav
2018-03-01 15:52 - 2018-03-01 15:52 - 000013566 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\13-180301_1452.wav.reapeaks
2018-03-01 15:45 - 2018-03-01 15:46 - 005803486 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\13-180301_1445.wav
2018-03-01 15:45 - 2018-03-01 15:46 - 000056366 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\13-180301_1445.wav.reapeaks
2018-03-01 15:40 - 2018-03-01 15:41 - 010446814 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\13-180301_1440.wav
2018-03-01 15:40 - 2018-03-01 15:41 - 000101430 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\13-180301_1440.wav.reapeaks
2018-03-01 15:35 - 2018-03-01 15:36 - 002734558 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\13-180301_1435.wav
2018-03-01 15:35 - 2018-03-01 15:36 - 000026582 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\13-180301_1435.wav.reapeaks
2018-03-01 15:29 - 2018-03-01 15:30 - 002315230 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\12-180301_1429.wav
2018-03-01 15:29 - 2018-03-01 15:30 - 000022510 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\12-180301_1429.wav.reapeaks
2018-03-01 03:13 - 2018-03-01 03:13 - 000252600 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2018-03-01 03:12 - 2018-03-01 18:34 - 000174664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2018-03-01 03:12 - 2018-03-01 03:12 - 000231312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2018-03-01 03:12 - 2018-03-01 03:12 - 000107656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2018-02-27 08:05 - 2018-02-27 08:05 - 000008343 _____ C:\Users\theri.WINDOWS-302NSHC\Desktop\omg_bom.html
2018-02-27 07:38 - 2018-02-27 07:38 - 000023364 _____ C:\Users\theri.WINDOWS-302NSHC\Desktop\omg_pcb.svg
2018-02-25 11:53 - 2018-02-25 11:53 - 000004108 _____ C:\Users\theri.WINDOWS-302NSHC\Desktop\PWM_bom.html
2018-02-24 01:19 - 2018-02-24 01:20 - 000000000 ____D C:\EAGLE 8.6.3
2018-02-23 11:11 - 2018-02-23 11:10 - 000023443 _____ C:\Users\theri.WINDOWS-302NSHC\Desktop\omg.svg
2018-02-18 22:48 - 2018-02-18 22:48 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\PGP
2018-02-18 05:12 - 2018-03-05 06:19 - 000000000 ____D C:\Program Files (x86)\Pad2Pad
2018-02-18 03:45 - 2018-03-09 21:01 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Downloads\plugins
2018-02-16 11:58 - 2018-02-18 03:03 - 000006140 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\EGERGFF.rpp
2018-02-16 11:58 - 2018-02-16 11:58 - 000005040 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\EGERGFF.rpp-bak
2018-02-16 11:44 - 2018-02-16 11:44 - 010159976 _____ C:\Users\theri.WINDOWS-302NSHC\023123.wav
2018-02-16 03:55 - 2018-02-16 03:55 - 005417448 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\pedal_vectorpack.zip
2018-02-16 03:55 - 2018-02-16 03:55 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Downloads\pedal_vectorpack
2018-02-16 03:33 - 2018-02-16 03:33 - 000124947 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\1550G.rar
2018-02-16 03:32 - 2018-02-16 03:32 - 005894979 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\Knobs.psd
2018-02-16 03:31 - 2018-02-16 03:31 - 005450299 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\Hardware.psd
2018-02-16 03:31 - 2018-02-16 03:31 - 001761262 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\1590DD.psd
2018-02-16 03:31 - 2018-02-16 03:31 - 001412037 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\1590XX.psd
2018-02-16 03:31 - 2018-02-16 03:31 - 000831459 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\1590BB.psd
2018-02-16 03:31 - 2018-02-16 03:31 - 000787659 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\1590BB Portrait.psd
2018-02-16 03:31 - 2018-02-16 03:31 - 000687207 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\CB1590B.psd
2018-02-16 03:31 - 2018-02-16 03:31 - 000586675 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\1590B.psd
2018-02-16 03:31 - 2018-02-16 03:31 - 000496525 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\1590Av2.psd
2018-02-16 03:30 - 2018-02-16 03:30 - 002630762 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\1550G.psd
2018-02-16 03:30 - 2018-02-16 03:30 - 000628032 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\125B.psd
2018-02-16 03:30 - 2018-02-16 03:30 - 000458518 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\1590Av1.psd
2018-02-16 03:27 - 2018-02-16 03:27 - 003513013 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\anatomy of a website.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-18 08:38 - 2018-02-15 17:46 - 000731132 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-03-18 08:38 - 2018-02-04 19:48 - 000000000 ____D C:\FRST
2018-03-18 08:16 - 2018-02-14 18:42 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-03-18 07:59 - 2017-12-17 10:08 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Documents\REAPER Media
2018-03-18 07:42 - 2017-12-17 10:05 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\REAPER
2018-03-18 05:22 - 2018-01-01 05:17 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\LocalLow\Mozilla
2018-03-18 04:42 - 2017-12-16 03:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-18 03:59 - 2017-12-28 15:37 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{36BB3BB9-FBED-4F53-A6CA-CC78B9037C64}
2018-03-18 01:27 - 2018-02-15 23:49 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\CrashDumps
2018-03-17 21:42 - 2017-12-13 21:02 - 000000000 __SHD C:\Users\theri\IntelGraphicsProfiles
2018-03-17 14:39 - 2018-01-28 20:19 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\.gimp-2.8
2018-03-16 23:29 - 2018-01-28 20:22 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\gtk-2.0
2018-03-16 22:49 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-16 22:48 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-16 22:48 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-16 20:01 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-16 11:35 - 2018-01-11 11:56 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-16 10:06 - 2017-12-16 03:26 - 001935836 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-16 09:59 - 2017-12-16 03:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-16 09:58 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-16 09:54 - 2018-02-04 19:48 - 000083805 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\FRST.txt
2018-03-15 17:15 - 2018-02-03 19:44 - 000000048 _____ C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\msregsvv.dll
2018-03-15 17:15 - 2018-02-03 19:44 - 000000048 _____ C:\ProgramData\autobk.inc
2018-03-15 16:57 - 2018-02-03 19:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2018-03-15 16:56 - 2018-02-03 19:30 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Documents\IK Multimedia
2018-03-15 16:56 - 2018-02-03 19:30 - 000000000 ____D C:\Program Files (x86)\IK Multimedia
2018-03-15 16:42 - 2018-02-01 16:48 - 000000000 ____D C:\ProgramData\VIP
2018-03-15 16:40 - 2018-02-03 19:45 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\IK Multimedia
2018-03-15 12:15 - 2017-12-16 04:25 - 000000000 ___RD C:\Users\theri.WINDOWS-302NSHC\3D Objects
2018-03-15 12:15 - 2017-06-18 15:13 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-15 12:11 - 2017-12-16 03:15 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC
2018-03-15 12:11 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-15 12:10 - 2018-02-14 18:53 - 000290032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-15 12:08 - 2017-12-16 12:04 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-03-15 12:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-15 12:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-15 12:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-15 12:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-14 18:23 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-13 19:12 - 2017-12-14 01:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-13 19:10 - 2017-12-16 12:31 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-13 19:10 - 2017-12-16 12:30 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-13 19:05 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-13 19:05 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-13 19:04 - 2017-09-29 08:40 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2018-03-13 09:24 - 2018-02-04 19:48 - 002402816 _____ (Farbar) C:\Users\theri.WINDOWS-302NSHC\Downloads\FRST64.exe
2018-03-13 04:08 - 2017-12-16 11:53 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-03-13 03:20 - 2017-12-16 04:25 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Packages
2018-03-12 00:04 - 2017-12-16 12:03 - 000004284 _____ C:\WINDOWS\System32\Tasks\Avast TUNEUP Update
2018-03-11 23:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-11 19:10 - 2017-12-26 05:32 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\ElevatedDiagnostics
2018-03-11 12:54 - 2018-02-15 17:46 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-03-10 00:16 - 2018-01-19 12:31 - 000000000 ____D C:\EAGLE 8.5.2
2018-03-10 00:15 - 2017-12-14 05:11 - 000000000 ____D C:\EAGLE 8.5.0
2018-03-10 00:10 - 2018-02-15 17:46 - 000213053 _____ C:\WINDOWS\ZAM.krnl.trace
2018-03-09 23:43 - 2017-12-17 10:04 - 000000000 ____D C:\Program Files\REAPER (x64)
2018-03-09 21:46 - 2018-02-06 22:04 - 000033544 _____ C:\WINDOWS\system32\Drivers\iLokDrvr.sys
2018-03-09 21:46 - 2017-06-18 15:25 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-03-09 21:26 - 2017-12-16 12:19 - 000000000 ____D C:\REAPER
2018-03-09 20:47 - 2018-02-15 06:18 - 000000000 ____D C:\Program Files (x86)\Melodyne plugin
2018-03-09 20:25 - 2017-12-16 11:54 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-03-09 20:25 - 2017-12-16 03:26 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2018-03-09 20:25 - 2017-12-16 03:26 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3269376985-2225278655-3997078210-1005
2018-03-09 20:25 - 2017-12-16 03:26 - 000002770 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2018-03-09 20:25 - 2017-12-16 03:26 - 000002528 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2018-03-09 20:25 - 2017-12-16 03:26 - 000002528 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2018-03-09 17:08 - 2018-02-02 03:49 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-09 16:27 - 2017-12-16 11:55 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google
2018-03-09 16:27 - 2017-12-13 22:13 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-09 12:15 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-03-09 11:23 - 2018-02-15 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2018-03-09 11:23 - 2018-02-15 15:26 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Comodo
2018-03-08 04:39 - 2018-02-15 15:26 - 000000000 ____D C:\Program Files (x86)\Comodo
2018-03-07 05:14 - 2018-02-15 18:18 - 000000000 ____D C:\AdwCleaner
2018-03-07 05:01 - 2018-02-03 22:07 - 000000000 ____D C:\WINDOWS\nvidia
2018-03-07 04:26 - 2018-02-15 17:32 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Desktop\rkill
2018-03-06 15:04 - 2017-12-16 11:54 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-03-06 15:03 - 2017-12-25 17:43 - 000215320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-03-06 15:03 - 2017-12-16 11:53 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-06 15:03 - 2017-12-16 11:53 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-06 15:03 - 2017-12-16 11:53 - 000380528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-06 15:03 - 2017-12-16 11:53 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-03-06 15:03 - 2017-12-16 11:53 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-03-06 15:03 - 2017-12-16 11:53 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-03-06 15:03 - 2017-12-16 11:53 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-03-06 15:03 - 2017-12-16 11:53 - 000196648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-06 15:03 - 2017-12-16 11:53 - 000146656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-06 15:03 - 2017-12-16 11:53 - 000110328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-03-06 15:03 - 2017-12-16 11:53 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-06 15:03 - 2017-12-16 11:53 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-03-06 15:03 - 2017-12-16 11:53 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-05 17:59 - 2017-12-22 06:25 - 000064037 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\THE1-001.mp3.RPP
2018-03-05 06:56 - 2018-02-02 11:40 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-03-05 06:54 - 2017-12-16 04:43 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\PlaceholderTileLogoFolder
2018-03-04 08:58 - 2018-02-15 17:18 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\Comodo
2018-03-04 08:58 - 2018-02-15 15:23 - 000000000 ____D C:\ProgramData\Comodo
2018-03-04 02:08 - 2018-02-14 18:42 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-03-04 02:05 - 2017-06-18 15:40 - 000000000 ____D C:\Program Files\NewBlue
2018-03-02 14:11 - 2017-12-16 03:15 - 000000000 ____D C:\Users\Brad
2018-03-02 03:52 - 2018-02-04 13:33 - 448786620 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\SampleTank_Custom_Shop_3.7.1.zip
2018-03-02 03:51 - 2018-01-03 06:52 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Downloads\Pirates.of.the.Caribbean.Dead.Men.Tell.No.Tales.2017.HDRip.XviD.AC3-EVO
2018-03-01 16:10 - 2017-12-22 06:25 - 000064085 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\THE1-001.mp3.RPP-bak
2018-03-01 10:54 - 2018-01-16 21:33 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\vlc
2018-02-28 00:27 - 2017-12-31 07:49 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\Eagle
2018-02-27 02:46 - 2018-01-29 18:22 - 000000000 ___RD C:\Users\theri.WINDOWS-302NSHC\iCloudDrive
2018-02-23 22:17 - 2018-01-03 06:50 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\deluge
2018-02-23 11:04 - 2018-01-21 22:17 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Downloads\ToneBoosters All Plugins Bundle v3.0.4 x86.x64 VST WIN OSX Incl. KeyGen-CHAOS [deepstatus][h33t][1337x][flashtorrents]
2018-02-21 06:37 - 2018-02-14 18:42 - 001055944 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2018-02-21 06:37 - 2017-12-25 09:31 - 000120008 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupflt.sys
2018-02-21 06:37 - 2016-12-20 18:51 - 000093888 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwfp.sys
2018-02-21 06:37 - 2016-10-12 13:29 - 000057032 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys
2018-02-16 10:38 - 2018-02-02 03:42 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\DigiTech
2018-02-16 07:40 - 2018-01-22 03:56 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Downloads\Celemony.Melodyne.Plugin.VST.RTAS.v1.0.Incl.Keygen-AiR - Copy
2018-02-16 07:40 - 2018-01-21 22:18 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Downloads\Celemony.Melodyne.Plugin.VST.RTAS.v1.0.Incl.Keygen-AiR
 
==================== Files in the root of some directories =======
 
2018-01-22 03:39 - 2018-01-22 03:39 - 000000008 _____ () C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\com.silhouettesoftware.id
2018-02-03 19:44 - 2018-03-15 17:15 - 000000048 _____ () C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\msregsvv.dll
2018-03-17 11:17 - 2018-03-17 11:17 - 000045954 _____ () C:\Users\theri.WINDOWS-302NSHC\AppData\Local\recently-used.xbel
2018-03-04 22:12 - 2018-03-04 22:19 - 000007593 _____ () C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {44c00d06-efaa-11e7-8717-680715a684a1}
                        {44c00d07-efaa-11e7-8717-680715a684a1}
                        {44c00d08-efaa-11e7-8717-680715a684a1}
timeout                 2
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {da7ef24c-5468-11e7-afa7-00249b1b6198}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Firmware Application (101fffff)
-------------------------------
identifier              {44c00d06-efaa-11e7-8717-680715a684a1}
description             UEFI:CD/DVD Drive
 
Firmware Application (101fffff)
-------------------------------
identifier              {44c00d07-efaa-11e7-8717-680715a684a1}
description             UEFI:Removable Device
 
Firmware Application (101fffff)
-------------------------------
identifier              {44c00d08-efaa-11e7-8717-680715a684a1}
description             UEFI:Network Device
 
Windows Boot Loader
-------------------
identifier              {360cbe09-e249-11e7-9bf9-f95ccf4bbcf3}
device                  ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{360cbe0a-e249-11e7-9bf9-f95ccf4bbcf3}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{360cbe0a-e249-11e7-9bf9-f95ccf4bbcf3}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Setup
-------------
identifier              {7254a080-1510-4e85-ac0f-e7fb3d444736}
device                  ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{da7ef24e-5468-11e7-afa7-00249b1b6198}
custom:11000043         partition=C:
custom:11000083         partition=C:
path                    \windows\system32\winload.efi
description             Windows Rollback
locale                  en-US
custom:12000044         \$WINDOWS.~BT\Sources\Rollback\WinPE\bootstat.dat
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{da7ef24e-5468-11e7-afa7-00249b1b6198}
custom:21000152         partition=C:
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {da7ef24a-5468-11e7-afa7-00249b1b6198}
device                  ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{da7ef24b-5468-11e7-afa7-00249b1b6198}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{da7ef24b-5468-11e7-afa7-00249b1b6198}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {360cbe09-e249-11e7-9bf9-f95ccf4bbcf3}
displaymessageoverride  StartupRepair
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {da7ef24c-5468-11e7-afa7-00249b1b6198}
nx                      OptIn
bootmenupolicy          Standard
usefirmwarepcisettings  No
bootlog                 Yes
 
Resume from Hibernate
---------------------
identifier              {da7ef245-5468-11e7-afa7-00249b1b6198}
device                  partition=C:
path                    \windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {da7ef24a-5468-11e7-afa7-00249b1b6198}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {da7ef24c-5468-11e7-afa7-00249b1b6198}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {360cbe09-e249-11e7-9bf9-f95ccf4bbcf3}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Local
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
integrityservices       Enable
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {360cbe0a-e249-11e7-9bf9-f95ccf4bbcf3}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume4
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Device options
--------------
identifier              {da7ef24b-5468-11e7-afa7-00249b1b6198}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume4
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Device options
--------------
identifier              {da7ef24e-5468-11e7-afa7-00249b1b6198}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi
 
 
LastRegBack: 2018-03-16 14:14
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:53 PM

Posted 18 March 2018 - 10:08 AM

ninjarig:

 
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
Please copy and paste the contents of the "Addition.txt" file, which should be located in the same folder: C:\Users\theri.WINDOWS-302NSHC\Downloads\FRST-OlderVersion, as the "FRST.txt" file, which you have provided.
 
I will need some time to review your FRST logs.  That could take a day or two, but I hope to reply later today, if you can get me the "Addition.txt" file contents in the next hour or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:53 PM

Posted 18 March 2018 - 01:13 PM

ninjarig:

 

I have finished analyzing your "FRST.txt" file log.  I am still awaiting your "Addition.txt" log.  I will be going offline in about an hour.  I will be back tomorrow afternoon.

 

There are some issues with your computer that I have detected from the "FRST.txt" file log, but nothing too serious, ... so far.  Your biggest issue might be an over-abundance of security software, which can really jam up a computer.  I won't know for sure how to best tackle the issues with your computer until I can obtain and analyze the FRST "Addition.txt" file.

 

Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 ninjarig

ninjarig
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 19 March 2018 - 04:26 AM

pc barely workw now. took forever to post  addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018

Ran by theri (18-03-2018 08:39:42)
Running from C:\Users\theri.WINDOWS-302NSHC\Downloads\FRST-OlderVersion
Windows 10 Home Version 1709 16299.309 (X64) (2017-12-16 08:29:19)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3269376985-2225278655-3997078210-500 - Administrator - Disabled)
Brad (S-1-5-21-3269376985-2225278655-3997078210-1005 - Administrator - Enabled) => C:\Users\Brad
DefaultAccount (S-1-5-21-3269376985-2225278655-3997078210-503 - Limited - Disabled)
Guest (S-1-5-21-3269376985-2225278655-3997078210-501 - Limited - Disabled)
theri (S-1-5-21-3269376985-2225278655-3997078210-1003 - Administrator - Enabled) => C:\Users\theri.WINDOWS-302NSHC
WDAGUtilityAccount (S-1-5-21-3269376985-2225278655-3997078210-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Kaspersky Free (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Free (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AIR Xpand!2 (HKLM\...\{69A89482-FEC4-4E34-97F9-46BB287D0953}) (Version: 12.0.0.615 - AIR Music Technology)
Akai Professional MPK Mini MkII Editor (HKLM-x32\...\MPKminiMkIIEditor) (Version:  - )
AmpliTube 4 version 4.0.2 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.0.2 - IK Multimedia)
Antares Autotune Evo VST RTAS v6.0.9 (HKLM-x32\...\Antares Autotune Evo VST RTAS_is1) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 17.3.4228 - AVAST Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Avid Effects (HKLM\...\{F53B2C5A-9739-425A-B74C-E8D94DF2EFB5}) (Version: 12.8.2.105 - Avid Technology, Inc.)
Avid Pro Tools First (HKLM\...\{DE690717-9113-4E02-AD09-213B8E870694}) (Version: 12.8.2.105 - Avid Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Celemony Melodyne Plugin VST RTAS v1.0 (HKLM-x32\...\Celemony Melodyne Plugin_is1) (Version:  - )
CircuitMaker (HKLM-x32\...\CircuitMaker {1A42B17A-0827-4F5D-907C-7319C2D4427F}) (Version: 1.3.0.181 - Altium Limited)
COMODO Secure Shopping (HKLM-x32\...\{D15DF9B0-3A98-4BEF-B7D5-FC3AEA430655}) (Version: 1.3.134.0 - COMODO) Hidden
COMODO Secure Shopping (HKLM-x32\...\Comodo Secure_Shopping_list_uninstall) (Version: 1.3.430655.134 - Comodo)
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
Cybereason RansomFree 2.4.2.0 (HKLM-x32\...\{2A15E1FB-A1F5-4F11-B033-D8DB1E37C1E9}) (Version: 2.4.2.0 - Cybereason Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version:  - )
DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 1.1.6664.10 - PC-Doctor, Inc.) Hidden
EAGLE 8.6.3 (HKLM\...\{AUTODESK-EAGLE-8-6-3}_is1) (Version: 8.6.3 - Autodesk, Inc.)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Focusrite USB 4.36.0.484 (HKLM\...\Focusrite USB_is1) (Version: 4.36.0.484 - Focusrite Audio Engineering Ltd.)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.146 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
HL-L2320D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Hybrid (HKLM-x32\...\{a131ab43-5f9e-4241-87bf-e705d4045ac7}) (Version: 3.0.7.19000 - AIR Music Tech GmbH)
Hybrid AAX32 (HKLM-x32\...\{63FA7BA2-C720-4506-9379-43BFA5BC3A98}) (Version: 3.0.7.19000 - AIR Music Tech GmbH) Hidden
Hybrid AAX64 (HKLM\...\{C2CB3E60-B541-418D-A535-D3D73A644EC5}) (Version: 3.0.7.19000 - AIR Music Tech GmbH) Hidden
Hybrid Content (HKLM-x32\...\{77129154-5C4A-45D0-AFEF-5D9C2D307246}) (Version: 3.0.7.19000 - AIR Music Tech GmbH) Hidden
Hybrid VST32 (HKLM-x32\...\{592BA348-DA75-42DE-91C1-54FD5D62ABE8}) (Version: 3.0.7.19000 - AIR Music Tech GmbH) Hidden
Hybrid VST64 (HKLM\...\{EB4543A3-A9D8-4354-94BE-22400A619F7A}) (Version: 3.0.7.19000 - AIR Music Tech GmbH) Hidden
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
JamManagerXT version 2.3.5 (HKLM-x32\...\{777248DB-00AD-4567-9382-E991118BC6CC}_is1) (Version: 2.3.5 - Harman International, Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Kaspersky Free (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Free (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
License Support (HKLM\...\{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.) Hidden
License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
MAGIX Speed burnR (MSI) (HKLM\...\{FD275CD3-BF31-48EA-8ED2-162508C3C93A}) (Version: 7.0.1.27 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{FD275CD3-BF31-48EA-8ED2-162508C3C93A}) (Version: 7.0.1.27 - MAGIX AG)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.8942.2 - Waves Audio Ltd.) Hidden
Melodics version 2.0.1125.0 (HKLM\...\Melodics_is1) (Version: 2.0.1125.0 - )
Microsoft OneDrive (HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3269376985-2225278655-3997078210-1005\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Midnight 1.7 (HKLM\...\Midnight_is1) (Version: 1.7 - Focusrite)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 en-US)) (Version: 52.6.0 - Mozilla)
MPC Essentials 1.8.2 (HKLM\...\com.akaipro.mpc.essentials_is1) (Version: 1.8.2 - Akai Professional)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
PACE License Support Win64 (HKLM\...\{3336574B-08DD-41ba-B388-6BAB1322CF85}) (Version: 4.1.0.2095 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{3336574B-08DD-41ba-B388-6BAB1322CF85}) (Version: 4.1.0.2095 - PACE Anti-Piracy, Inc.)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.37 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7989 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11224 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Samplitude Music Studio 2014 (HKLM\...\{28B32C66-B399-491D-B648-96D0654DE07F}) (Version: 20.0.1.14 - MAGIX AG) Hidden
Samplitude Music Studio 2014 (HKLM-x32\...\MX.{28B32C66-B399-491D-B648-96D0654DE07F}) (Version: 20.0.1.14 - MAGIX AG)
Samplitude Music Studio 2014 (Introductory videos) (HKLM\...\{5FF37514-F9A9-46F1-ABBE-CA24FBBBA97E}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Samplitude Music Studio 2014 (Introductory videos) (HKLM-x32\...\MX.{5FF37514-F9A9-46F1-ABBE-CA24FBBBA97E}) (Version: 1.0.0.0 - MAGIX AG)
Silhouette Link (HKLM-x32\...\{C2136C80-F9D4-4096-86D4-C641BB36DFF3}) (Version: 1.0.096 - Silhouette America)
Silhouette Studio (HKLM-x32\...\{79D7838B-A4CF-4BB8-A7C2-AD797A09CF1F}) (Version: 4.1.206 - Silhouette America)
SONiVOX Wobble 2 (HKLM-x32\...\SONiVOX Wobble 2_is1) (Version:  - )
VIP 3.0.0.262 (HKLM-x32\...\{B3FC246F-87F6-4476-9E79-F14FB5A1F773}_is1) (Version:  - inMusic Brands)
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN)
Vocalist Live Librarian 1.2 (HKLM-x32\...\{3B5AFE4C-35D6-42C7-B855-C66CB272CDC3}_is1) (Version: 1.2 - Harman International, Inc.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - Ruiware)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3269376985-2225278655-3997078210-1003_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-06] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-06] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-02-14] (AO Kaspersky Lab)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-02-14] (AO Kaspersky Lab)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-06] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-02-14] (AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxDTCM.dll [2017-11-07] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-06] (AVAST Software)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-02-14] (AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07FE226B-E807-422E-A352-81CD21CA87B7} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {1614FD0C-BFF3-4755-8982-9EDAB1E8FFA3} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-03-09] (AVAST Software)
Task: {284DF695-10D3-4F4F-A299-B7AD6FCA297F} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-11-20] (Cybereason)
Task: {2939A1B1-D088-4A8F-A520-D64BD445223F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-05] (AVAST Software)
Task: {2B506C5B-1D59-4ACB-8850-2DAB0F581CAF} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-11-20] (Cybereason)
Task: {47C40749-84FC-4EFF-9511-29EE84CE2690} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel® Corporation)
Task: {6A5D9BB8-6428-400D-A8F3-8E070F46B826} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-06] (AVAST Software)
Task: {703E4BEE-9896-40D3-85B8-6B1E739000F2} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2016-04-27] (CyberLink)
Task: {7564B317-08A6-4CD0-BEDD-584902C4DAAF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {E3609DA0-05C9-406E-A20F-84E88E8A2481} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-09] (Google Inc.)
Task: {FBD838DE-C1BC-4C30-86B4-3286C253F745} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-09] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-03-09 17:08 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-13 19:03 - 2018-02-21 19:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 19:03 - 2018-02-21 19:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-02-14 18:42 - 2018-02-14 18:42 - 000836968 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\kpcengine.2.3.dll
2017-06-18 15:28 - 2014-12-08 02:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 15:28 - 2014-12-08 15:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2017-12-16 12:03 - 2016-09-12 15:53 - 048936448 _____ () C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.scr:  =>  <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 16:03 - 2018-03-11 22:18 - 000000832 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3269376985-2225278655-3997078210-1005\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Theme1\img2.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "DigidesignMMERefresh"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "vdcss"
HKLM\...\StartupApproved\Run32: => "InstallShieldSetup"
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3269376985-2225278655-3997078210-1005\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-3269376985-2225278655-3997078210-1005\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{5F5118A8-2AFA-4965-A5E0-795EB75B6B8C}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
FirewallRules: [UDP Query User{1619B740-FC8D-4809-BA4B-5822919D9BE0}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
FirewallRules: [TCP Query User{69F9C0A4-0389-44E6-A160-4A6C67AD3D43}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E2AE45A2-E20B-4157-8FB3-9D675BF6CF44}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{85E2E77C-F759-4CBD-8107-F4CBEE6E39E5}C:\program files (x86)\altium\cm\dxp.exe] => (Allow) C:\program files (x86)\altium\cm\dxp.exe
FirewallRules: [UDP Query User{29CCB2D8-AB7E-47BF-A3D0-CCD7D8DFFDA4}C:\program files (x86)\altium\cm\dxp.exe] => (Allow) C:\program files (x86)\altium\cm\dxp.exe
FirewallRules: [{BB18A534-E6EE-4C1C-A901-91F55F675C41}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{868ED2A8-BB87-49A7-9C41-E7D0F18026FA}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
FirewallRules: [UDP Query User{C543729B-2A12-451A-913E-1BB30363910B}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
 
==================== Restore Points =========================
 
23-02-2018 08:18:56 Scheduled Checkpoint
04-03-2018 01:15:13 Removed COMODO Secure Shopping
07-03-2018 02:43:13 JRT Pre-Junkware Removal
10-03-2018 00:11:20 Removed TeighaX 3.09
11-03-2018 22:15:09 JRT Pre-Junkware Removal
16-03-2018 09:16:28 Installed Cybereason RansomFree 2.4.2.0
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/18/2018 01:27:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.16299.15, time stamp: 0x59cda974
Faulting module name: MtcUvc.dll, version: 10.0.16299.15, time stamp: 0x59cda990
Exception code: 0xc0000005
Fault offset: 0x00000000000182f8
Faulting process id: 0x1054
Faulting application start time: 0x01d3be62e2074f4f
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\ShellExperiences\MtcUvc.dll
Report Id: 2b4b18b1-fb00-4c39-bcd7-d6a236f3dc54
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
 
Error: (03/16/2018 10:01:21 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.
 
Error: (03/16/2018 09:41:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.16299.248 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 213c
 
Start Time: 01d3bc8122a4c940
 
Termination Time: 0
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 4de1115c-7d55-403b-84a4-24a1a49076f2
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/15/2018 05:04:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AmpliTube 4.exe version 4.0.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1b68
 
Start Time: 01d3bca8e8bb0ec7
 
Termination Time: 10
 
Application Path: C:\Program Files\IK Multimedia\AmpliTube 4\AmpliTube 4.exe
 
Report Id: ff3324f9-67d1-413a-97bd-28a8d8d5b894
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/15/2018 04:53:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AmpliTube 4.exe, version: 4.0.2.0, time stamp: 0x5641c363
Faulting module name: AmpliTube 4.exe, version: 4.0.2.0, time stamp: 0x5641c363
Exception code: 0xc0000005
Fault offset: 0x00000000002206c0
Faulting process id: 0x1f80
Faulting application start time: 0x01d3bca808a97625
Faulting application path: E:\At402PB\AmpliTube 4.exe
Faulting module path: E:\At402PB\AmpliTube 4.exe
Report Id: 40d0020b-5381-4931-9ad5-0fe05935e1c7
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/15/2018 04:49:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AmpliTube 4.exe version 4.0.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2bb0
 
Start Time: 01d3bca7780f22f4
 
Termination Time: 4
 
Application Path: E:\At402PB\AmpliTube 4.exe
 
Report Id: 54fb1f56-3137-4650-8dda-e039b529cdbb
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/15/2018 04:46:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AmpliTube 4.exe, version: 4.0.2.0, time stamp: 0x5641c363
Faulting module name: AmpliTube 4.exe, version: 4.0.2.0, time stamp: 0x5641c363
Exception code: 0xc0000005
Fault offset: 0x00000000002206c0
Faulting process id: 0x1280
Faulting application start time: 0x01d3bca70d2f6eaa
Faulting application path: C:\Users\THERI~1.WIN\AppData\Local\Temp\Rar$EXa9248.4339\AmpliTube 4.exe
Faulting module path: C:\Users\THERI~1.WIN\AppData\Local\Temp\Rar$EXa9248.4339\AmpliTube 4.exe
Report Id: 2ccdcabe-fe0b-4078-ae75-14b69727e53a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/15/2018 04:44:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: reaper.exe, version: 5.7.7.0, time stamp: 0x5aa1a80f
Faulting module name: AmpliTube 4.vst3, version: 0.0.0.0, time stamp: 0x560bb41f
Exception code: 0xc000041d
Fault offset: 0x00000000000097fa
Faulting process id: 0x1d00
Faulting application start time: 0x01d3bca4c06eb1da
Faulting application path: C:\Program Files\REAPER (x64)\reaper.exe
Faulting module path: D:\STUDIO\AmpliTube 4.vst3
Report Id: 1ce156b2-fcea-4cb8-90a2-c9dcb1e7ddec
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (03/18/2018 08:36:22 AM) (Source: DCOM) (EventID: 10016) (User: WINDOWS-302NSHC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user WINDOWS-302NSHC\theri SID (S-1-5-21-3269376985-2225278655-3997078210-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/18/2018 04:02:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/18/2018 01:27:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/18/2018 01:24:39 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (03/18/2018 01:17:01 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (03/17/2018 10:15:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/17/2018 09:57:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/17/2018 09:44:10 PM) (Source: DCOM) (EventID: 10016) (User: WINDOWS-302NSHC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user WINDOWS-302NSHC\theri SID (S-1-5-21-3269376985-2225278655-3997078210-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
 
Date: 2018-03-18 08:33:37.099
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-18 08:33:37.095
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-18 08:33:01.900
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.
 
Date: 2018-03-18 08:28:21.668
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.
 
Date: 2018-03-18 08:27:55.502
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-18 08:27:55.499
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-18 08:27:35.658
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-18 08:27:35.656
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 24%
Total physical RAM: 16253.23 MB
Available physical RAM: 12244.52 MB
Total Virtual: 17277.23 MB
Available Virtual: 13620.4 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:930.46 GB) (Free:757.73 GB) NTFS
Drive d: (My Passport) (Fixed) (Total:931.48 GB) (Free:879.38 GB) NTFS
Drive e: () (Removable) (Total:7.45 GB) (Free:4.83 GB) FAT32
 
\\?\Volume{74b5ec3c-e489-4cdc-9d7f-6a3f5ff8322a}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32
\\?\Volume{fc523e6d-ec3f-4b35-93e4-a6ef0b2312b9}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AADD5618)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: E1228FBA)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0C)
 
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:53 PM

Posted 19 March 2018 - 01:17 PM

ninjarig:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Your computer is going to be really struggling since you are running two anti-virus applications. That is definitely NOT recommended. Please see this post by quietman7, one of Bleeping Computer's foremost computer security experts. I would recommend that you keep Kaspersky and uninstall Avast. See this link for more information as to why Avast is no longer being recommended.

You also have Avast Cleanup Premium installed. The use of such registry cleaners, tuneup utilities, and system optimizers is NOTt recommended. Please see this link and this link for more information.

I would also recommend that you consider uninstalling Comodo Secure Shopping. Personally, I would not have it on my computer. Kaspersky should provide adequate protection, as will Malwarebytes, if it is the Premium versions with real-time web protection.


We need to remove the Avast program with Revo Uninstaller Free:

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free.
    note: there is no need to click anything on that page, the download will start automatically.
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    AVAST Free Antivirus
    AVAST Cleanup Premium
    
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate scanning option is selected then click Next.
  • The program will run, If prompted again click Yes.
  • When the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • The program will first search for leftover registry entries, then following that, for leftover files and folders. If it finds leftover registry entries, then,
  • Verify the registry items on the list to ensure that you want to delete them (Press the "Select All" button) or uncheck any that might be shared with another program or that you want to keep, and then click Delete.
  • Next the program will present you with a list of leftover files and/or folders, if any are found.
    note: you may have to expand some folders by clicking the "+" mark.
  • Verify the files and folders found to ensure you want to delete them (Press the "Select All" button, or uncheck any that might be shared with another program or that you want to keep and then click Delete.
  • When prompted click on Yes and then on Next.
  • Put a check on any files and folders that are found and select Delete.
  • When prompted select Yes then Next.
  • Once done click Finish.

.

:step2: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
File: C:\WINDOWS\ComodoAptAtScanner\cmdapt64.exe
S2 NVU; C:\Windows\nvidia\wintask.exe [X]
U1 aswbdisk; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
HKLM\...\.scr:  =>  <==== ATTENTION
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#6 ninjarig

ninjarig
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 19 March 2018 - 07:35 PM

Well first I want to say thank you for all your help thusfar, and any additional help to come. Second, whatever was in that fix, did something because my keyboard and mouse restored upon the following reboot. no reboots had any effect prior. Third, it Nice to meet you Phil. May absolutely call me by name, it is Brad.  I apologize for being shorter earlier, i had to get creative in order to send even the smallest message. it took a combination of midi controllers and persistance, Again, Thank you for spending your time on me, a stranger and his own problems, its no small gift.

 

here is the fixlog from the frst

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by theri (19-03-2018 17:45:06) Run:1
Running from C:\Users\theri.WINDOWS-302NSHC\Downloads\FRST-OlderVersion
Loaded Profiles: theri & Brad (Available Profiles: theri & Brad)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
File: C:\WINDOWS\ComodoAptAtScanner\cmdapt64.exe
S2 NVU; C:\Windows\nvidia\wintask.exe [X]
U1 aswbdisk; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
HKLM\...\.scr:  =>  <==== ATTENTION
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => not found
 
========================= File: C:\WINDOWS\ComodoAptAtScanner\cmdapt64.exe ========================
 
C:\WINDOWS\ComodoAptAtScanner\cmdapt64.exe
File is digitally signed
MD5: E00C927537BE081075A86B1355C9F739
Creation and modification date: 2018-03-07 03:58 - 2016-11-30 07:35
Size: 001130168
Attributes: ----A
Company Name: COMODO
Internal Name: 
Original Name: 
Product: COMODO Client - Security
Description: COMODO Client - Security
File Version: 8, 3, 0, 5195
Product Version: 8, 3, 0, 5195
Copyright: 2005-2016 COMODO. All rights reserved.
 
====== End of File: ======
 
"HKLM\System\CurrentControlSet\Services\NVU" => removed successfully
NVU => service removed successfully
"HKLM\System\CurrentControlSet\Services\aswbdisk" => removed successfully
aswbdisk => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZAM" => removed successfully
ZAM => service removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\Software\Classes\.scr\\Default => value restored successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 17:45:30 ====


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:53 PM

Posted 20 March 2018 - 11:03 AM

Brad:

Thank you very much for permission to address you by your first name. I also greatly appreciate your very kind comments. It means a lot to me, and to my colleagues, who volunteer their time, to receive such gracious comments. Many, unfortunately, never thank us. :(


Well first I want to say thank you for all your help thusfar, and any additional help to come. Second, whatever was in that fix, did something because my keyboard and mouse restored upon the following reboot. no reboots had any effect prior. Third, it Nice to meet you Phil. May absolutely call me by name, it is Brad. I apologize for being shorter earlier, i had to get creative in order to send even the smallest message. it took a combination of midi controllers and persistance, Again, Thank you for spending your time on me, a stranger and his own problems, its no small gift.


No need for apologies, Brad. When a person's computer "goes south", it is understandably VERY stressful.

.

:step1: In my previous post, Step :step1:, I recommended that you uninstall Avast with Revo Uninstaller Pro. You did not say whether you have done that? Having more than one anti-virus solution on your computer is going to cause all kinds of issues, and very negatively impact computer performance.

I would like to move on to some standard anti-malware scans to disinfect your computer, but first we need to uninstall Avast because having two anti-virus programs running could negatively impact the anti-malware scanning tools that I am proposing to use. I do not want to do any damage to your computer, and some of those scanner are quite powerful.

.

:step2: Sometimes, Avast does not uninstall cleanly, so before proceeding further, and only after you have uninstalled Avast, I would like you to please provide me with a fresh set of FRST scan logs so that I can search for remnants of Avast and remove any that I detect. Please copy and paste the contents of the new FRST scan logs ("FRST.txt" and "Addition.txt") into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#8 ninjarig

ninjarig
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 20 March 2018 - 12:21 PM

yes i did run the revo and uninstalled both avast products from the computer, prior to running the fix as per your list. 

 

Ran a fresh scan with FRST  the following is that log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by theri (administrator) on WINDOWS-302NSHC (19-03-2018 19:26:19)
Running from C:\Users\theri.WINDOWS-302NSHC\Downloads\FRST-OlderVersion
Loaded Profiles: theri (Available Profiles: theri & Brad)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\IntelCpHDCPSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Pro Tools First\MMERefresh.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
() C:\Program Files (x86)\Silhouette America\Silhouette Link\Resources\Resources\SPEC_LK\SilhouetteLinkServer.32.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\IntelCpHeciSvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxEM.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3893296 2016-05-17] (Dell Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [940976 2016-11-19] (Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Avid\Pro Tools First\MMERefresh.exe [117760 2017-10-16] (Avid Technology, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44032 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1163264 2015-03-30] (Ruiware LLC)
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [150016 2017-09-29] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{91827909-3ed3-4ac1-9746-2006816ac56e}: [DhcpNameServer] 10.49.34.1 10.49.34.2
Tcpip\..\Interfaces\{e1e45779-a10b-447c-8458-7502141595e5}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yahoo.com?fr=fp-comodo&type=33090001005_10.1.0.6476_i_hp
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
SearchScopes: HKU\S-1-5-21-3269376985-2225278655-3997078210-1003 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33090001005_10.1.0.6476_i_ds
SearchScopes: HKU\S-1-5-21-3269376985-2225278655-3997078210-1003 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33090001005_10.1.0.6476_i_ds
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\IEExt\ie_plugin.dll [2018-02-14] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\IEExt\ie_plugin.dll [2018-02-14] (AO Kaspersky Lab)
 
FireFox:
========
FF DefaultProfile: afq36rgh.default
FF ProfilePath: C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\Mozilla\Firefox\Profiles\afq36rgh.default [2018-03-19]
FF Extension: (Avast Passwords) - C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\Mozilla\Firefox\Profiles\afq36rgh.default\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2018-02-01]
FF ProfilePath: C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\KompoZer\Profiles\gb601llp.default [2018-03-07]
FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-02-14]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-11] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default [2018-03-19]
CHR Extension: (Slides) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-09]
CHR Extension: (Docs) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-09]
CHR Extension: (Google Drive) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-09]
CHR Extension: (YouTube) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-09]
CHR Extension: (Avast Passwords) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2018-03-09]
CHR Extension: (Sheets) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-09]
CHR Extension: (Google Docs Offline) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-09]
CHR Extension: (Kaspersky Protection) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2018-03-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-09]
CHR Extension: (Gmail) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-09]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S2 CLKMSVC10_3CD7F304; C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Common\NavFilter\KmSvc.exe [312088 2016-05-09] (CyberLink)
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [13824 2017-11-20] (Cybereason) [File not signed]
R2 DigiRefresh; C:\Program Files\Avid\Pro Tools First\MMERefresh.exe [117760 2017-10-16] (Avid Technology, Inc.) [File not signed]
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2223864 2017-01-06] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190216 2016-10-15] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [215328 2016-05-16] (Intel Corporation)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe [426416 2018-02-14] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [321024 2016-11-17] (Realtek Semiconductor)
S3 ScannerService.exe; C:\WINDOWS\ComodoAptAtScanner\cmdapt64.exe [1130168 2016-11-30] (COMODO)
R2 SilhouetteLink; C:\Program Files (x86)\Silhouette America\Silhouette Link\Resources\Resources\SPEC_LK\SilhouetteLinkServer.32.exe [897200 2016-12-06] ()
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [410032 2016-11-19] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (www.winchiphead.com)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 cmdcss; C:\WINDOWS\system32\drivers\cmdcss.sys [126568 2017-10-17] (COMODO)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
R2 DpmLiteDrv; C:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [79928 2017-01-06] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [75320 2017-01-06] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [358968 2017-01-06] (Intel Corporation)
R3 FocusriteUSB; C:\WINDOWS\System32\drivers\FocusriteUSB.sys [96424 2017-06-08] (Focusrite Audio Engineering Ltd.)
R3 FocusriteUSBAudio; C:\WINDOWS\system32\drivers\FocusriteUSBAudio.sys [54440 2017-06-08] (Focusrite Audio Engineering Ltd.)
R3 FocusriteUSBSwRoot; C:\WINDOWS\System32\drivers\FocusriteUSBSwRoot.sys [97960 2017-06-08] (Focusrite Audio Engineering Ltd.)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [63496 2017-01-12] (Intel Corporation)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [47928 2015-11-04] (Intel)
S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [84280 2016-05-16] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [135992 2015-11-04] (Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [71992 2015-11-09] (Intel)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-25] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [120008 2018-02-21] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29816 2016-10-14] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [207576 2018-02-14] (AO Kaspersky Lab)
R1 KLHK; C:\WINDOWS\System32\drivers\klhk.sys [594144 2018-02-14] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1055944 2018-02-21] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-02-21] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50672 2017-12-25] (AO Kaspersky Lab)
R3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [44768 2017-01-20] (AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [231312 2018-03-01] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2018-02-14] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [252600 2018-03-01] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [107656 2018-03-01] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [174664 2018-03-01] (AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [93888 2018-02-21] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [135904 2017-12-25] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-12-25] (AO Kaspersky Lab)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-19] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [436224 2016-12-15] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3149824 2016-11-14] (Realtek Semiconductor Corp.)
S3 usbaudio2; C:\WINDOWS\system32\DRIVERS\usbaudio2.sys [239616 2017-09-29] (Microsoft Corporation)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-03-31] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-02-15] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-19 18:16 - 2018-03-19 18:16 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3269376985-2225278655-3997078210-1003
2018-03-19 18:16 - 2018-03-19 18:16 - 000000000 ___HD C:\OneDriveTemp
2018-03-19 18:14 - 2018-03-19 18:14 - 000000000 __SHD C:\Users\theri.WINDOWS-302NSHC\Desktop\0K, this directory is for Ransomware detection (just leave it here)
2018-03-19 18:14 - 2018-03-19 18:14 - 000000000 ___HD C:\Users\theri.WINDOWS-302NSHC\Documents\Wuse198
2018-03-19 18:14 - 2018-03-19 18:14 - 000000000 ___HD C:\Users\theri.WINDOWS-302NSHC\Documents\Ajorganized155
2018-03-19 17:49 - 2018-03-19 17:49 - 000532286 ____N C:\Users\uua26fw\lying.senator.wonderful.dolores.xlsx
2018-03-19 17:49 - 2018-03-19 17:49 - 000509506 ____N C:\Users\Aksseej\importance-jewel-wool.xlsx
2018-03-19 17:49 - 2018-03-19 17:49 - 000231636 ____N C:\Users\Aksseej\excluderegard.mdb
2018-03-19 17:49 - 2018-03-19 17:49 - 000210876 ____N C:\Users\uua26fw\poured textile returned flowers.mdb
2018-03-19 17:49 - 2018-03-19 17:49 - 000072792 ____N C:\Users\uua26fw\combined islands elevate superior.xls
2018-03-19 17:49 - 2018-03-19 17:49 - 000065037 ____N C:\Users\Aksseej\probably enhance walking pursue.xls
2018-03-19 17:49 - 2018-03-19 17:49 - 000055778 ____N C:\Users\Aksseej\america_auto_alone_coast.pem
2018-03-19 17:49 - 2018-03-19 17:49 - 000050734 ____N C:\Users\uua26fw\belong helps vertical now.pem
2018-03-19 17:49 - 2018-03-19 17:49 - 000035292 ____N C:\Users\uua26fw\farther-past.txt
2018-03-19 17:49 - 2018-03-19 17:49 - 000020735 ____N C:\Users\uua26fw\succeed_applying_kate.sql
2018-03-19 17:49 - 2018-03-19 17:49 - 000013361 ____N C:\Users\Aksseej\starvewarfaregreenwich.sql
2018-03-19 17:49 - 2018-03-19 17:49 - 000012546 ____N C:\Users\Aksseej\judgment.assistant.dirty.txt
2018-03-19 17:49 - 2018-03-19 17:49 - 000000000 ___HD C:\Users\uua26fw
2018-03-19 17:49 - 2018-03-19 17:49 - 000000000 ___HD C:\Users\Aksseej
2018-03-19 17:49 - 2018-03-19 17:49 - 000000000 ____D C:\Acupdate240
2018-03-19 17:49 - 2018-03-19 17:49 - 000000000 ____D C:\__Qresources176
2018-03-19 15:55 - 2018-03-19 15:55 - 012052552 _____ (VS Revo Group ) C:\Users\theri.WINDOWS-302NSHC\Downloads\RevoUninProSetup.exe
2018-03-19 15:55 - 2018-03-19 15:55 - 000001124 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2018-03-19 15:55 - 2018-03-19 15:55 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\VS Revo Group
2018-03-19 15:55 - 2018-03-19 15:55 - 000000000 ____D C:\ProgramData\VS Revo Group
2018-03-19 15:55 - 2018-03-19 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2018-03-19 15:55 - 2018-03-19 15:55 - 000000000 ____D C:\Program Files\VS Revo Group
2018-03-19 15:55 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2018-03-19 15:54 - 2018-03-19 15:54 - 000000000 _____ C:\Users\theri.WINDOWS-302NSHC\defogger_reenable
2018-03-19 15:52 - 2018-03-19 15:53 - 000050477 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\Defogger.exe
2018-03-18 08:32 - 2018-03-18 08:32 - 042384886 _____ C:\Users\theri.WINDOWS-302NSHC\Desktop\outpatient.wav
2018-03-17 11:17 - 2018-03-17 11:17 - 000045954 _____ C:\Users\theri.WINDOWS-302NSHC\AppData\Local\recently-used.xbel
2018-03-16 23:29 - 2018-03-16 23:29 - 006626871 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\1590b drill template.xcf
2018-03-16 09:32 - 2018-03-16 09:32 - 000004090 _____ C:\WINDOWS\System32\Tasks\Cybereason RansomFree Keepalive
2018-03-16 09:32 - 2018-03-16 09:32 - 000003196 _____ C:\WINDOWS\System32\Tasks\Cybereason RansomFree Autostart
2018-03-16 09:32 - 2018-03-16 09:32 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\Cybereason
2018-03-16 09:32 - 2018-03-16 09:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cybereason RansomFree
2018-03-16 09:32 - 2018-03-16 09:32 - 000000000 ____D C:\ProgramData\Cybereason
2018-03-16 09:32 - 2018-03-16 09:32 - 000000000 ____D C:\Program Files (x86)\Cybereason
2018-03-16 09:15 - 2018-03-16 09:15 - 061819320 _____ (Malwarebytes ) C:\Users\theri.WINDOWS-302NSHC\Downloads\mbarw-setup-consumer-0.9.18.807.exe
2018-03-16 09:14 - 2018-03-16 09:14 - 004198400 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\CybereasonRansomFree.msi
2018-03-16 09:14 - 2018-03-16 09:14 - 000457680 _____ (Bleeping Computer, LLC) C:\Users\theri.WINDOWS-302NSHC\Downloads\ListCWall.exe
2018-03-16 08:55 - 2018-03-16 08:55 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Documents\tweaking.com_windows_repair_aio
2018-03-15 16:57 - 2018-03-15 16:57 - 000001288 _____ C:\Users\theri.WINDOWS-302NSHC\Desktop\Custom Shop.lnk
2018-03-15 16:56 - 2012-08-29 12:23 - 012708016 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_def.dll
2018-03-15 16:56 - 2012-08-29 12:23 - 012474544 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_core.dll
2018-03-15 16:56 - 2012-08-29 12:23 - 009917616 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_intel_thread.dll
2018-03-15 16:56 - 2012-08-29 12:23 - 000529072 _____ (Intel Corporation) C:\WINDOWS\system32\libiomp5md.dll
2018-03-15 16:56 - 2012-08-29 12:23 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\msvcp71.dll
2018-03-15 16:56 - 2012-08-29 12:23 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\msvcr71.dll
2018-03-15 16:55 - 2018-03-15 16:55 - 000000000 ____D C:\Program Files\VstPlugIns
2018-03-15 16:55 - 2018-03-15 16:55 - 000000000 ____D C:\Program Files\IK Multimedia
2018-03-15 12:11 - 2018-03-02 16:09 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-15 12:11 - 2018-03-02 16:09 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-13 19:03 - 2018-03-01 22:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-13 19:03 - 2018-03-01 22:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-13 19:03 - 2018-03-01 22:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-13 19:03 - 2018-03-01 22:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-13 19:03 - 2018-03-01 22:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-13 19:03 - 2018-03-01 22:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-13 19:03 - 2018-03-01 21:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-13 19:03 - 2018-03-01 21:56 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationREST.dll
2018-03-13 19:03 - 2018-03-01 15:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-13 19:03 - 2018-03-01 02:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-13 19:03 - 2018-03-01 02:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-13 19:03 - 2018-03-01 02:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-13 19:03 - 2018-03-01 02:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-13 19:03 - 2018-03-01 02:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-13 19:03 - 2018-03-01 02:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-13 19:03 - 2018-03-01 02:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-13 19:03 - 2018-03-01 02:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-13 19:03 - 2018-03-01 02:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-13 19:03 - 2018-03-01 02:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-13 19:03 - 2018-03-01 02:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-13 19:03 - 2018-03-01 02:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-13 19:03 - 2018-03-01 02:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-13 19:03 - 2018-03-01 02:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-13 19:03 - 2018-03-01 02:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-13 19:03 - 2018-03-01 02:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-13 19:03 - 2018-03-01 02:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-13 19:03 - 2018-03-01 02:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-13 19:03 - 2018-03-01 02:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-13 19:03 - 2018-03-01 02:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-13 19:03 - 2018-03-01 02:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-13 19:03 - 2018-03-01 02:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-13 19:03 - 2018-03-01 02:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-13 19:03 - 2018-03-01 02:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-13 19:03 - 2018-03-01 02:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-13 19:03 - 2018-03-01 02:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-13 19:03 - 2018-03-01 02:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-13 19:03 - 2018-03-01 02:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-13 19:03 - 2018-03-01 02:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-13 19:03 - 2018-03-01 02:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-13 19:03 - 2018-03-01 02:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-13 19:03 - 2018-03-01 02:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-13 19:03 - 2018-03-01 02:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-13 19:03 - 2018-03-01 02:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-13 19:03 - 2018-03-01 02:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-13 19:03 - 2018-03-01 02:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-13 19:03 - 2018-03-01 02:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-13 19:03 - 2018-03-01 02:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-13 19:03 - 2018-03-01 02:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-13 19:03 - 2018-03-01 02:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-13 19:03 - 2018-03-01 02:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-13 19:03 - 2018-03-01 02:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-13 19:03 - 2018-03-01 01:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-13 19:03 - 2018-03-01 01:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-13 19:03 - 2018-03-01 01:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-13 19:03 - 2018-03-01 01:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-13 19:03 - 2018-03-01 01:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-13 19:03 - 2018-03-01 01:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-13 19:03 - 2018-03-01 01:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-13 19:03 - 2018-03-01 01:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-13 19:03 - 2018-03-01 01:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-13 19:03 - 2018-03-01 01:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-13 19:03 - 2018-03-01 01:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-13 19:03 - 2018-03-01 01:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-13 19:03 - 2018-03-01 01:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-13 19:03 - 2018-03-01 01:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-13 19:03 - 2018-03-01 01:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-13 19:03 - 2018-03-01 01:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-13 19:03 - 2018-03-01 01:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-13 19:03 - 2018-03-01 01:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-13 19:03 - 2018-03-01 01:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-13 19:03 - 2018-03-01 01:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-13 19:03 - 2018-03-01 01:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-13 19:03 - 2018-03-01 01:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-13 19:03 - 2018-03-01 01:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-13 19:03 - 2018-03-01 01:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-13 19:03 - 2018-03-01 01:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-13 19:03 - 2018-03-01 01:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-13 19:03 - 2018-03-01 00:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-13 19:03 - 2018-03-01 00:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-13 19:03 - 2018-03-01 00:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-13 19:03 - 2018-03-01 00:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-13 19:03 - 2018-03-01 00:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-13 19:03 - 2018-03-01 00:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-13 19:03 - 2018-03-01 00:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-13 19:03 - 2018-03-01 00:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-13 19:03 - 2018-03-01 00:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-13 19:03 - 2018-03-01 00:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-13 19:03 - 2018-03-01 00:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-13 19:03 - 2018-03-01 00:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-13 19:03 - 2018-03-01 00:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-13 19:03 - 2018-03-01 00:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-13 19:03 - 2018-03-01 00:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-13 19:03 - 2018-03-01 00:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-13 19:03 - 2018-03-01 00:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-13 19:03 - 2018-03-01 00:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-13 19:03 - 2018-03-01 00:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-13 19:03 - 2018-03-01 00:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-13 19:03 - 2018-03-01 00:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-13 19:03 - 2018-03-01 00:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-13 19:03 - 2018-03-01 00:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-13 19:03 - 2018-03-01 00:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-13 19:03 - 2018-03-01 00:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-13 19:03 - 2018-03-01 00:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-13 19:03 - 2018-03-01 00:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-13 19:03 - 2018-03-01 00:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-13 19:03 - 2018-03-01 00:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-13 19:03 - 2018-03-01 00:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-13 19:03 - 2018-03-01 00:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-13 19:03 - 2018-03-01 00:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-13 19:03 - 2018-03-01 00:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-13 19:03 - 2018-03-01 00:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-13 19:03 - 2018-03-01 00:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-13 19:03 - 2018-03-01 00:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-13 19:03 - 2018-03-01 00:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-13 19:03 - 2018-03-01 00:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-13 19:03 - 2018-03-01 00:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-13 19:03 - 2018-03-01 00:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-13 19:03 - 2018-03-01 00:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-13 19:03 - 2018-03-01 00:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-13 19:03 - 2018-03-01 00:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-13 19:03 - 2018-03-01 00:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-13 19:03 - 2018-03-01 00:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-13 19:03 - 2018-03-01 00:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-13 19:03 - 2018-03-01 00:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-13 19:03 - 2018-03-01 00:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-13 19:03 - 2018-03-01 00:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-13 19:03 - 2018-03-01 00:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-13 19:03 - 2018-03-01 00:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-13 19:03 - 2018-03-01 00:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-13 19:03 - 2018-03-01 00:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-13 19:03 - 2018-03-01 00:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-13 19:03 - 2018-03-01 00:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-13 19:03 - 2018-03-01 00:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-13 19:03 - 2018-03-01 00:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-13 19:03 - 2018-03-01 00:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-13 19:03 - 2018-03-01 00:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-13 19:03 - 2018-03-01 00:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-13 19:03 - 2018-03-01 00:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-13 19:03 - 2018-03-01 00:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-13 19:03 - 2018-03-01 00:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-13 19:03 - 2018-03-01 00:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-13 19:03 - 2018-03-01 00:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-13 19:03 - 2018-03-01 00:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-13 19:03 - 2018-03-01 00:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-13 19:03 - 2018-03-01 00:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-13 19:03 - 2018-03-01 00:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-13 19:03 - 2018-03-01 00:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-13 19:03 - 2018-03-01 00:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-13 19:03 - 2018-03-01 00:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-13 19:03 - 2018-03-01 00:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-13 19:03 - 2018-02-21 21:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-13 19:03 - 2018-02-21 21:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-13 19:03 - 2018-02-21 21:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-13 19:03 - 2018-02-21 21:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-13 19:03 - 2018-02-21 21:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-13 19:03 - 2018-02-21 21:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-13 19:03 - 2018-02-21 21:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-13 19:03 - 2018-02-21 21:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-13 19:03 - 2018-02-21 21:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-13 19:03 - 2018-02-21 21:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-13 19:03 - 2018-02-21 21:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-13 19:03 - 2018-02-21 21:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-13 19:03 - 2018-02-21 21:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-13 19:03 - 2018-02-21 21:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-13 19:03 - 2018-02-21 21:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-13 19:03 - 2018-02-21 21:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-13 19:03 - 2018-02-21 20:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-13 19:03 - 2018-02-21 20:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-13 19:03 - 2018-02-21 20:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-13 19:03 - 2018-02-21 20:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-13 19:03 - 2018-02-21 20:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-13 19:03 - 2018-02-21 20:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-13 19:03 - 2018-02-21 20:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-13 19:03 - 2018-02-21 20:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-13 19:03 - 2018-02-21 19:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-13 19:03 - 2018-02-21 19:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-13 19:03 - 2018-02-21 19:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-13 19:03 - 2018-02-21 19:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-13 19:03 - 2018-02-21 19:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-13 19:03 - 2018-02-21 19:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-13 19:03 - 2018-02-21 19:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-13 19:03 - 2018-02-21 19:26 - 000441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2018-03-13 19:03 - 2018-02-21 19:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-13 19:03 - 2018-02-21 19:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-13 19:03 - 2018-02-21 19:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-13 09:25 - 2018-03-13 09:25 - 000002072 _____ C:\Users\theri.WINDOWS-302NSHC\Desktop\Rkill.txt
2018-03-13 09:24 - 2018-03-19 17:45 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Downloads\FRST-OlderVersion
2018-03-13 00:50 - 2018-03-13 00:50 - 000007803 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\13.rpp
2018-03-11 22:19 - 2018-03-11 22:19 - 000000555 _____ C:\Users\theri.WINDOWS-302NSHC\Desktop\JRT.txt
2018-03-11 22:02 - 2018-03-11 22:02 - 001001556 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\bodrot.xcf
2018-03-10 19:39 - 2018-03-10 19:39 - 000000000 ____D C:\ProgramData\Reason
2018-03-10 09:32 - 2018-03-10 09:32 - 000000000 ____D C:\Program Files\Reason
2018-03-10 08:13 - 2018-03-10 08:13 - 000474037 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\MI Audio Crunch Box (1).pdf
2018-03-10 00:50 - 2018-03-10 00:50 - 000000000 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\InstallVoodooShield.exe
2018-03-10 00:09 - 2018-03-10 00:09 - 008828672 _____ (Reason Software Company Inc.) C:\Users\theri.WINDOWS-302NSHC\Downloads\reason-core-security-setup.exe
2018-03-09 23:43 - 2018-03-09 23:43 - 000000871 _____ C:\Users\Public\Desktop\REAPER (x64).lnk
2018-03-09 21:46 - 2018-03-09 21:46 - 000002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk
2018-03-09 21:46 - 2018-03-09 21:46 - 000000000 ____D C:\Program Files (x86)\iLok License Manager
2018-03-09 21:25 - 2018-03-09 21:25 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Documents\MPC
2018-03-09 21:25 - 2018-03-09 21:25 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\MPC
2018-03-09 21:06 - 2018-03-09 21:07 - 011708816 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\reaper577_x64-install.exe
2018-03-09 20:31 - 2018-03-09 20:31 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\PACE Anti-Piracy
2018-03-09 20:31 - 2018-03-09 20:31 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\PACE Anti-Piracy
2018-03-09 20:31 - 2018-03-09 20:31 - 000000000 ____D C:\ProgramData\PACE Anti-Piracy
2018-03-09 20:29 - 2018-03-19 17:48 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-09 17:08 - 2018-03-09 17:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-09 17:08 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-09 17:07 - 2018-03-09 17:08 - 068724528 _____ (Malwarebytes ) C:\Users\theri.WINDOWS-302NSHC\Downloads\mb3-setup-1878.1878-3.4.4.2398.exe
2018-03-09 17:06 - 2018-03-09 17:06 - 000001146 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\AdwCleanerS2.txt
2018-03-09 16:27 - 2018-03-09 20:25 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-09 16:27 - 2018-03-09 20:25 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-09 16:27 - 2018-03-09 16:27 - 001129816 _____ (Google Inc.) C:\Users\theri.WINDOWS-302NSHC\Downloads\ChromeSetup.exe
2018-03-09 16:27 - 2018-03-09 16:27 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-09 16:26 - 2018-03-09 16:26 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\theri.WINDOWS-302NSHC\Downloads\rkill-unsigned.exe
2018-03-09 12:17 - 2018-03-09 12:17 - 000000000 ___HD C:\__Previews
2018-03-09 12:10 - 2018-03-09 12:10 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\EQATEC Analytics
2018-03-09 12:10 - 2018-03-09 12:10 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\Altium
2018-03-09 12:10 - 2018-03-09 12:10 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Altium
2018-03-09 12:05 - 2018-03-09 12:05 - 000001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\CircuitMaker.lnk
2018-03-09 12:05 - 2018-03-09 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altium
2018-03-09 12:04 - 2018-03-09 12:05 - 000000000 ____D C:\ProgramData\Altium
2018-03-09 12:03 - 2018-03-09 12:03 - 000000000 ____D C:\Program Files (x86)\Altium
2018-03-09 12:00 - 2018-03-09 12:00 - 009467296 _____ (Altium Limited) C:\Users\theri.WINDOWS-302NSHC\Downloads\CircuitMakerSetup(2).exe
2018-03-09 11:48 - 2018-03-09 12:03 - 000000000 ____D C:\Users\Public\Documents\Altium
2018-03-09 11:48 - 2018-03-09 11:48 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\Altium2004
2018-03-09 11:48 - 2018-03-09 11:48 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\AltiumSecurityService
2018-03-09 11:48 - 2018-03-09 11:48 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Altium2004
2018-03-09 11:48 - 2018-03-09 11:48 - 000000000 ____D C:\ProgramData\Altium2004
2018-03-09 11:47 - 2018-03-09 11:47 - 009467296 _____ (Altium Limited) C:\Users\theri.WINDOWS-302NSHC\Downloads\CircuitMakerSetup(1).exe
2018-03-09 11:42 - 2018-03-09 11:43 - 009467296 _____ (Altium Limited) C:\Users\theri.WINDOWS-302NSHC\Downloads\CircuitMakerSetup.exe
2018-03-07 05:14 - 2018-03-08 18:46 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2018-03-07 05:09 - 2018-03-07 05:09 - 000000670 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\WindowsShell.Manifest111.txt
2018-03-07 04:50 - 2018-03-07 10:27 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\WinPatrol
2018-03-07 04:50 - 2018-03-07 04:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2018-03-07 04:50 - 2018-03-07 04:50 - 000000000 ____D C:\ProgramData\InstallMate
2018-03-07 04:50 - 2018-03-07 04:50 - 000000000 ____D C:\Program Files (x86)\Ruiware
2018-03-07 04:31 - 2018-03-07 04:31 - 001790024 _____ (Malwarebytes) C:\Users\theri.WINDOWS-302NSHC\Downloads\JRT.exe
2018-03-07 04:30 - 2018-03-19 18:49 - 000382062 _____ C:\WINDOWS\ntbtlog.txt
2018-03-07 03:58 - 2018-03-07 06:51 - 000000000 ____D C:\WINDOWS\ComodoAptAtScanner
2018-03-07 03:30 - 2018-03-07 03:30 - 000001298 _____ C:\Users\theri.WINDOWS-302NSHC\Desktop\startup.txt
2018-03-07 03:28 - 2018-03-07 03:28 - 000006288 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\cc_20180307_022837.reg
2018-03-07 03:19 - 2018-03-07 03:19 - 000004622 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\startup.txt
2018-03-07 03:16 - 2018-03-07 03:16 - 000137700 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\cc_20180307_021616.reg
2018-03-07 03:14 - 2018-03-07 03:14 - 009452370 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\ccsetup537.zip
2018-03-07 03:14 - 2018-03-07 03:14 - 000483809 _____ (Lars Hederer ) C:\Users\theri.WINDOWS-302NSHC\Downloads\ntregopt-setup.exe
2018-03-07 03:13 - 2018-03-07 03:13 - 036948693 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\tweaking.com_windows_repair_aio.zip
2018-03-07 03:13 - 2018-03-07 03:13 - 003871695 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\tweaking.com_simple_system_tweaker_portable.zip
2018-03-07 02:50 - 2018-03-07 02:50 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\.traverso
2018-03-07 02:47 - 2018-03-07 02:47 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\KompoZer
2018-03-07 02:07 - 2018-03-07 02:07 - 031973879 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\lmms-1.1.3-win64.exe
2018-03-06 11:52 - 2018-03-06 11:54 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\webkit
2018-03-06 05:28 - 2018-03-09 20:45 - 000000000 ____D C:\Program Files (x86)\SoundToys
2018-03-06 05:12 - 2018-03-06 05:12 - 000000000 ___RD C:\Users\theri.WINDOWS-302NSHC\Downloads\325289AEDD75.TorrentSearchPRO_qtx9tqphctw9r!App
2018-03-04 22:12 - 2018-03-04 22:19 - 000007593 _____ C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Resmon.ResmonCfg
2018-03-04 01:43 - 2018-03-04 01:43 - 000000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2018-03-04 00:59 - 2018-03-04 01:00 - 309750200 _____ (Emsisoft Ltd. ) C:\Users\theri.WINDOWS-302NSHC\Documents\EmsisoftAntiMalwareSetup_bc.exe
2018-03-04 00:59 - 2018-03-04 00:59 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\theri.WINDOWS-302NSHC\Downloads\iExplore.exe
2018-03-02 05:07 - 2018-03-02 05:07 - 000000829 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\Pictures - Shortcut.lnk
2018-03-01 16:10 - 2018-03-01 20:18 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Desktop\New folder
2018-03-01 15:52 - 2018-03-01 15:52 - 001393630 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\13-180301_1452.wav
2018-03-01 15:52 - 2018-03-01 15:52 - 000013566 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\13-180301_1452.wav.reapeaks
2018-03-01 15:45 - 2018-03-01 15:46 - 005803486 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\13-180301_1445.wav
2018-03-01 15:45 - 2018-03-01 15:46 - 000056366 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\13-180301_1445.wav.reapeaks
2018-03-01 15:40 - 2018-03-01 15:41 - 010446814 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\13-180301_1440.wav
2018-03-01 15:40 - 2018-03-01 15:41 - 000101430 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\13-180301_1440.wav.reapeaks
2018-03-01 15:35 - 2018-03-01 15:36 - 002734558 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\13-180301_1435.wav
2018-03-01 15:35 - 2018-03-01 15:36 - 000026582 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\13-180301_1435.wav.reapeaks
2018-03-01 15:29 - 2018-03-01 15:30 - 002315230 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\12-180301_1429.wav
2018-03-01 15:29 - 2018-03-01 15:30 - 000022510 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\12-180301_1429.wav.reapeaks
2018-03-01 03:13 - 2018-03-01 03:13 - 000252600 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2018-03-01 03:12 - 2018-03-01 18:34 - 000174664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2018-03-01 03:12 - 2018-03-01 03:12 - 000231312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2018-03-01 03:12 - 2018-03-01 03:12 - 000107656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2018-02-27 08:05 - 2018-02-27 08:05 - 000008343 _____ C:\Users\theri.WINDOWS-302NSHC\Desktop\omg_bom.html
2018-02-27 07:38 - 2018-02-27 07:38 - 000023364 _____ C:\Users\theri.WINDOWS-302NSHC\Desktop\omg_pcb.svg
2018-02-25 11:53 - 2018-02-25 11:53 - 000004108 _____ C:\Users\theri.WINDOWS-302NSHC\Desktop\PWM_bom.html
2018-02-24 01:19 - 2018-02-24 01:20 - 000000000 ____D C:\EAGLE 8.6.3
2018-02-23 11:11 - 2018-02-23 11:10 - 000023443 _____ C:\Users\theri.WINDOWS-302NSHC\Desktop\omg.svg
2018-02-18 22:48 - 2018-02-18 22:48 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\PGP
2018-02-18 05:12 - 2018-03-05 06:19 - 000000000 ____D C:\Program Files (x86)\Pad2Pad
2018-02-18 03:45 - 2018-03-09 21:01 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Downloads\plugins
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-19 19:26 - 2018-02-15 17:46 - 000061846 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-03-19 19:26 - 2018-02-04 19:48 - 000000000 ____D C:\FRST
2018-03-19 19:22 - 2017-12-16 03:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-19 18:16 - 2017-12-16 04:28 - 000002417 _____ C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-19 18:16 - 2017-12-16 04:28 - 000000000 ___RD C:\Users\theri.WINDOWS-302NSHC\OneDrive
2018-03-19 18:15 - 2018-01-29 18:22 - 000000000 ___RD C:\Users\theri.WINDOWS-302NSHC\iCloudDrive
2018-03-19 18:14 - 2018-02-14 18:42 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-03-19 18:14 - 2017-12-13 21:02 - 000000000 __SHD C:\Users\theri\IntelGraphicsProfiles
2018-03-19 17:53 - 2017-12-16 03:26 - 001978928 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-19 17:48 - 2017-12-16 03:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-19 17:48 - 2017-06-18 15:35 - 000190664 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_3CD7F304.sys
2018-03-19 17:47 - 2017-12-13 21:11 - 000000000 ____D C:\ProgramData\AVAST Software
2018-03-19 17:46 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-19 17:45 - 2017-12-16 03:15 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC
2018-03-19 16:52 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-19 16:52 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-19 16:52 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-19 16:47 - 2018-02-15 15:26 - 000000000 ____D C:\Program Files (x86)\Comodo
2018-03-19 15:49 - 2018-01-01 05:17 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\LocalLow\Mozilla
2018-03-19 15:48 - 2017-12-28 15:37 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{36BB3BB9-FBED-4F53-A6CA-CC78B9037C64}
2018-03-18 20:33 - 2017-12-16 03:15 - 000000000 ____D C:\Users\Brad
2018-03-18 09:01 - 2018-02-15 23:49 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\CrashDumps
2018-03-18 07:59 - 2017-12-17 10:08 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Documents\REAPER Media
2018-03-18 07:42 - 2017-12-17 10:05 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\REAPER
2018-03-17 14:39 - 2018-01-28 20:19 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\.gimp-2.8
2018-03-16 23:29 - 2018-01-28 20:22 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\gtk-2.0
2018-03-16 20:01 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-16 11:35 - 2018-01-11 11:56 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-16 09:54 - 2018-02-04 19:48 - 000083805 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\FRST.txt
2018-03-15 17:15 - 2018-02-03 19:44 - 000000048 _____ C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\msregsvv.dll
2018-03-15 17:15 - 2018-02-03 19:44 - 000000048 _____ C:\ProgramData\autobk.inc
2018-03-15 16:57 - 2018-02-03 19:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2018-03-15 16:56 - 2018-02-03 19:30 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Documents\IK Multimedia
2018-03-15 16:56 - 2018-02-03 19:30 - 000000000 ____D C:\Program Files (x86)\IK Multimedia
2018-03-15 16:42 - 2018-02-01 16:48 - 000000000 ____D C:\ProgramData\VIP
2018-03-15 16:40 - 2018-02-03 19:45 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\IK Multimedia
2018-03-15 12:15 - 2017-12-16 04:25 - 000000000 ___RD C:\Users\theri.WINDOWS-302NSHC\3D Objects
2018-03-15 12:15 - 2017-06-18 15:13 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-15 12:11 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-15 12:10 - 2018-02-14 18:53 - 000290032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-15 12:08 - 2017-12-16 12:04 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-03-15 12:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-15 12:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-15 12:07 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-15 12:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-14 18:23 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-13 19:12 - 2017-12-14 01:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-13 19:10 - 2017-12-16 12:31 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-13 19:10 - 2017-12-16 12:30 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-13 19:05 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-13 19:05 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-13 19:04 - 2017-09-29 08:40 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2018-03-13 09:24 - 2018-02-04 19:48 - 002402816 _____ (Farbar) C:\Users\theri.WINDOWS-302NSHC\Downloads\FRST64.exe
2018-03-13 03:20 - 2017-12-16 04:25 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Packages
2018-03-11 23:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-11 19:10 - 2017-12-26 05:32 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\ElevatedDiagnostics
2018-03-11 12:54 - 2018-02-15 17:46 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-03-10 00:16 - 2018-01-19 12:31 - 000000000 ____D C:\EAGLE 8.5.2
2018-03-10 00:15 - 2017-12-14 05:11 - 000000000 ____D C:\EAGLE 8.5.0
2018-03-10 00:10 - 2018-02-15 17:46 - 000213053 _____ C:\WINDOWS\ZAM.krnl.trace
2018-03-09 23:43 - 2017-12-17 10:04 - 000000000 ____D C:\Program Files\REAPER (x64)
2018-03-09 21:46 - 2018-02-06 22:04 - 000033544 _____ C:\WINDOWS\system32\Drivers\iLokDrvr.sys
2018-03-09 21:46 - 2017-06-18 15:25 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-03-09 21:26 - 2017-12-16 12:19 - 000000000 ____D C:\REAPER
2018-03-09 20:47 - 2018-02-15 06:18 - 000000000 ____D C:\Program Files (x86)\Melodyne plugin
2018-03-09 20:25 - 2017-12-16 03:26 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2018-03-09 20:25 - 2017-12-16 03:26 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3269376985-2225278655-3997078210-1005
2018-03-09 20:25 - 2017-12-16 03:26 - 000002770 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2018-03-09 20:25 - 2017-12-16 03:26 - 000002528 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2018-03-09 20:25 - 2017-12-16 03:26 - 000002528 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2018-03-09 17:08 - 2018-02-02 03:49 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-09 16:27 - 2017-12-16 11:55 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google
2018-03-09 16:27 - 2017-12-13 22:13 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-09 12:15 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-03-09 11:23 - 2018-02-15 15:26 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Comodo
2018-03-07 05:14 - 2018-02-15 18:18 - 000000000 ____D C:\AdwCleaner
2018-03-07 05:01 - 2018-02-03 22:07 - 000000000 ____D C:\WINDOWS\nvidia
2018-03-07 04:26 - 2018-02-15 17:32 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Desktop\rkill
2018-03-06 15:04 - 2017-12-16 11:54 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-03-05 17:59 - 2017-12-22 06:25 - 000064037 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\THE1-001.mp3.RPP
2018-03-05 06:56 - 2018-02-02 11:40 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-03-05 06:54 - 2017-12-16 04:43 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Local\PlaceholderTileLogoFolder
2018-03-04 08:58 - 2018-02-15 17:18 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\Comodo
2018-03-04 08:58 - 2018-02-15 15:23 - 000000000 ____D C:\ProgramData\Comodo
2018-03-04 02:08 - 2018-02-14 18:42 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-03-04 02:05 - 2017-06-18 15:40 - 000000000 ____D C:\Program Files\NewBlue
2018-03-02 03:52 - 2018-02-04 13:33 - 448786620 _____ C:\Users\theri.WINDOWS-302NSHC\Downloads\SampleTank_Custom_Shop_3.7.1.zip
2018-03-02 03:51 - 2018-01-03 06:52 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Downloads\Pirates.of.the.Caribbean.Dead.Men.Tell.No.Tales.2017.HDRip.XviD.AC3-EVO
2018-03-01 16:10 - 2017-12-22 06:25 - 000064085 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\THE1-001.mp3.RPP-bak
2018-03-01 10:54 - 2018-01-16 21:33 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\vlc
2018-02-28 00:27 - 2017-12-31 07:49 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\Eagle
2018-02-23 22:17 - 2018-01-03 06:50 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\deluge
2018-02-23 11:04 - 2018-01-21 22:17 - 000000000 ____D C:\Users\theri.WINDOWS-302NSHC\Downloads\ToneBoosters All Plugins Bundle v3.0.4 x86.x64 VST WIN OSX Incl. KeyGen-CHAOS [deepstatus][h33t][1337x][flashtorrents]
2018-02-21 06:37 - 2018-02-14 18:42 - 001055944 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2018-02-21 06:37 - 2017-12-25 09:31 - 000120008 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupflt.sys
2018-02-21 06:37 - 2016-12-20 18:51 - 000093888 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwfp.sys
2018-02-21 06:37 - 2016-10-12 13:29 - 000057032 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys
2018-02-18 03:03 - 2018-02-16 11:58 - 000006140 _____ C:\Users\theri.WINDOWS-302NSHC\Documents\EGERGFF.rpp
 
==================== Files in the root of some directories =======
 
2018-01-22 03:39 - 2018-01-22 03:39 - 000000008 _____ () C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\com.silhouettesoftware.id
2018-02-03 19:44 - 2018-03-15 17:15 - 000000048 _____ () C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\msregsvv.dll
2018-03-17 11:17 - 2018-03-17 11:17 - 000045954 _____ () C:\Users\theri.WINDOWS-302NSHC\AppData\Local\recently-used.xbel
2018-03-04 22:12 - 2018-03-04 22:19 - 000007593 _____ () C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-16 14:14
 
==================== End of FRST.txt ============================
 
 
Thank you again, Phil.
 
its tragic that anyone could be ungracious for all you guys do here...


#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:53 PM

Posted 20 March 2018 - 12:26 PM

Brad:

 

Thank you for copying and pasting the contents of the "FRST.txt" scan log file. Would you also copy and paste the contents of the "Addition.txt" file into your next reply?  It will be in the same folder with FRST64.exe and the "FRST.txt" file.  I need both scan log files to fully analyze your computer for AVAST remnants.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#10 ninjarig

ninjarig
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 20 March 2018 - 07:37 PM

whoops. sorry about that. here you go...:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by theri (20-03-2018 15:47:11)
Running from C:\Users\theri.WINDOWS-302NSHC\Downloads\FRST-OlderVersion
Windows 10 Home Version 1709 16299.309 (X64) (2017-12-16 08:29:19)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3269376985-2225278655-3997078210-500 - Administrator - Disabled)
Brad (S-1-5-21-3269376985-2225278655-3997078210-1005 - Administrator - Enabled) => C:\Users\Brad
DefaultAccount (S-1-5-21-3269376985-2225278655-3997078210-503 - Limited - Disabled)
Guest (S-1-5-21-3269376985-2225278655-3997078210-501 - Limited - Disabled)
theri (S-1-5-21-3269376985-2225278655-3997078210-1003 - Administrator - Enabled) => C:\Users\theri.WINDOWS-302NSHC
WDAGUtilityAccount (S-1-5-21-3269376985-2225278655-3997078210-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Free (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Free (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AIR Xpand!2 (HKLM\...\{69A89482-FEC4-4E34-97F9-46BB287D0953}) (Version: 12.0.0.615 - AIR Music Technology)
Akai Professional MPK Mini MkII Editor (HKLM-x32\...\MPKminiMkIIEditor) (Version:  - )
AmpliTube 4 version 4.0.2 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.0.2 - IK Multimedia)
Antares Autotune Evo VST RTAS v6.0.9 (HKLM-x32\...\Antares Autotune Evo VST RTAS_is1) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Avid Effects (HKLM\...\{F53B2C5A-9739-425A-B74C-E8D94DF2EFB5}) (Version: 12.8.2.105 - Avid Technology, Inc.)
Avid Pro Tools First (HKLM\...\{DE690717-9113-4E02-AD09-213B8E870694}) (Version: 12.8.2.105 - Avid Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Celemony Melodyne Plugin VST RTAS v1.0 (HKLM-x32\...\Celemony Melodyne Plugin_is1) (Version:  - )
CircuitMaker (HKLM-x32\...\CircuitMaker {1A42B17A-0827-4F5D-907C-7319C2D4427F}) (Version: 1.3.0.181 - Altium Limited)
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
Cybereason RansomFree 2.4.2.0 (HKLM-x32\...\{2A15E1FB-A1F5-4F11-B033-D8DB1E37C1E9}) (Version: 2.4.2.0 - Cybereason Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version:  - )
DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 1.1.6664.10 - PC-Doctor, Inc.) Hidden
EAGLE 8.6.3 (HKLM\...\{AUTODESK-EAGLE-8-6-3}_is1) (Version: 8.6.3 - Autodesk, Inc.)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Focusrite USB 4.36.0.484 (HKLM\...\Focusrite USB_is1) (Version: 4.36.0.484 - Focusrite Audio Engineering Ltd.)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.146 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
HL-L2320D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Hybrid (HKLM-x32\...\{a131ab43-5f9e-4241-87bf-e705d4045ac7}) (Version: 3.0.7.19000 - AIR Music Tech GmbH)
Hybrid AAX32 (HKLM-x32\...\{63FA7BA2-C720-4506-9379-43BFA5BC3A98}) (Version: 3.0.7.19000 - AIR Music Tech GmbH) Hidden
Hybrid AAX64 (HKLM\...\{C2CB3E60-B541-418D-A535-D3D73A644EC5}) (Version: 3.0.7.19000 - AIR Music Tech GmbH) Hidden
Hybrid Content (HKLM-x32\...\{77129154-5C4A-45D0-AFEF-5D9C2D307246}) (Version: 3.0.7.19000 - AIR Music Tech GmbH) Hidden
Hybrid VST32 (HKLM-x32\...\{592BA348-DA75-42DE-91C1-54FD5D62ABE8}) (Version: 3.0.7.19000 - AIR Music Tech GmbH) Hidden
Hybrid VST64 (HKLM\...\{EB4543A3-A9D8-4354-94BE-22400A619F7A}) (Version: 3.0.7.19000 - AIR Music Tech GmbH) Hidden
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
JamManagerXT version 2.3.5 (HKLM-x32\...\{777248DB-00AD-4567-9382-E991118BC6CC}_is1) (Version: 2.3.5 - Harman International, Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Kaspersky Free (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Free (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
License Support (HKLM\...\{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.) Hidden
License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
MAGIX Speed burnR (MSI) (HKLM\...\{FD275CD3-BF31-48EA-8ED2-162508C3C93A}) (Version: 7.0.1.27 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{FD275CD3-BF31-48EA-8ED2-162508C3C93A}) (Version: 7.0.1.27 - MAGIX AG)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.8942.2 - Waves Audio Ltd.) Hidden
Melodics version 2.0.1125.0 (HKLM\...\Melodics_is1) (Version: 2.0.1125.0 - )
Microsoft OneDrive (HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Midnight 1.7 (HKLM\...\Midnight_is1) (Version: 1.7 - Focusrite)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 en-US)) (Version: 52.6.0 - Mozilla)
MPC Essentials 1.8.2 (HKLM\...\com.akaipro.mpc.essentials_is1) (Version: 1.8.2 - Akai Professional)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
PACE License Support Win64 (HKLM\...\{3336574B-08DD-41ba-B388-6BAB1322CF85}) (Version: 4.1.0.2095 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{3336574B-08DD-41ba-B388-6BAB1322CF85}) (Version: 4.1.0.2095 - PACE Anti-Piracy, Inc.)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.37 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7989 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11224 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Revo Uninstaller Pro 3.2.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.0 - VS Revo Group, Ltd.)
Samplitude Music Studio 2014 (HKLM\...\{28B32C66-B399-491D-B648-96D0654DE07F}) (Version: 20.0.1.14 - MAGIX AG) Hidden
Samplitude Music Studio 2014 (HKLM-x32\...\MX.{28B32C66-B399-491D-B648-96D0654DE07F}) (Version: 20.0.1.14 - MAGIX AG)
Samplitude Music Studio 2014 (Introductory videos) (HKLM\...\{5FF37514-F9A9-46F1-ABBE-CA24FBBBA97E}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Samplitude Music Studio 2014 (Introductory videos) (HKLM-x32\...\MX.{5FF37514-F9A9-46F1-ABBE-CA24FBBBA97E}) (Version: 1.0.0.0 - MAGIX AG)
Silhouette Link (HKLM-x32\...\{C2136C80-F9D4-4096-86D4-C641BB36DFF3}) (Version: 1.0.096 - Silhouette America)
Silhouette Studio (HKLM-x32\...\{79D7838B-A4CF-4BB8-A7C2-AD797A09CF1F}) (Version: 4.1.206 - Silhouette America)
SONiVOX Wobble 2 (HKLM-x32\...\SONiVOX Wobble 2_is1) (Version:  - )
VIP 3.0.0.262 (HKLM-x32\...\{B3FC246F-87F6-4476-9E79-F14FB5A1F773}_is1) (Version:  - inMusic Brands)
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN)
Vocalist Live Librarian 1.2 (HKLM-x32\...\{3B5AFE4C-35D6-42C7-B855-C66CB272CDC3}_is1) (Version: 1.2 - Harman International, Inc.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - Ruiware)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3269376985-2225278655-3997078210-1003_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-02-14] (AO Kaspersky Lab)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-02-14] (AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-02-14] (AO Kaspersky Lab)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxDTCM.dll [2017-11-07] (Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-02-14] (AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07FE226B-E807-422E-A352-81CD21CA87B7} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {284DF695-10D3-4F4F-A299-B7AD6FCA297F} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-11-20] (Cybereason)
Task: {2B506C5B-1D59-4ACB-8850-2DAB0F581CAF} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-11-20] (Cybereason)
Task: {47C40749-84FC-4EFF-9511-29EE84CE2690} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel® Corporation)
Task: {703E4BEE-9896-40D3-85B8-6B1E739000F2} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2016-04-27] (CyberLink)
Task: {7564B317-08A6-4CD0-BEDD-584902C4DAAF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {E3609DA0-05C9-406E-A20F-84E88E8A2481} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-09] (Google Inc.)
Task: {FBD838DE-C1BC-4C30-86B4-3286C253F745} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-09] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-06 06:06 - 2016-12-06 06:06 - 000897200 _____ () C:\Program Files (x86)\Silhouette America\Silhouette Link\Resources\Resources\SPEC_LK\SilhouetteLinkServer.32.exe
2018-03-09 17:08 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-13 19:03 - 2018-02-21 19:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 19:03 - 2018-02-21 19:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-22 04:15 - 2018-01-22 04:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-01-22 04:15 - 2018-01-22 04:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-03-15 22:41 - 2018-03-15 22:41 - 000173568 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-09 10:20 - 2018-03-09 10:20 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-02 18:22 - 2018-03-02 18:24 - 000477696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-03-02 18:22 - 2018-03-02 18:24 - 059575808 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-12-16 07:50 - 2017-12-16 07:51 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-02-16 02:45 - 2018-02-16 02:46 - 000010240 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-03-02 18:22 - 2018-03-02 18:23 - 003741184 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-12-16 07:50 - 2017-12-16 07:51 - 002270720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-03-02 18:22 - 2018-03-02 18:24 - 015986688 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-03-02 18:22 - 2018-03-02 18:23 - 003592704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-03-02 18:21 - 2018-03-02 18:22 - 003231232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-03-02 18:22 - 2018-03-02 18:24 - 001369088 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-02-05 11:51 - 2018-02-05 11:51 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-02 18:22 - 2018-03-02 18:22 - 000094208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-02-16 02:45 - 2018-02-16 02:46 - 000043520 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-03-02 18:22 - 2018-03-02 18:24 - 000628736 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-03-02 18:22 - 2018-03-02 18:24 - 000152064 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\SKU.dll
2018-03-02 18:22 - 2018-03-02 18:23 - 000121856 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\ExploreModel.dll
2018-03-02 18:22 - 2018-03-02 18:23 - 000022528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Lumia.ViewerPluginProxy.dll
2018-03-09 16:27 - 2018-03-06 03:12 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.146\libglesv2.dll
2018-03-09 16:27 - 2018-03-06 03:12 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.146\libegl.dll
2017-12-16 00:37 - 2017-12-16 00:37 - 001921208 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.9126.20561.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-02-14 18:42 - 2018-02-14 18:42 - 000836968 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\kpcengine.2.3.dll
2016-05-16 21:50 - 2016-05-16 21:50 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-12-08 02:49 - 2017-12-08 02:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-06-18 15:28 - 2014-12-08 02:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 15:28 - 2014-12-08 15:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 16:03 - 2018-03-11 22:18 - 000000832 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "vdcss"
HKLM\...\StartupApproved\Run32: => "InstallShieldSetup"
HKU\S-1-5-21-3269376985-2225278655-3997078210-1003\...\StartupApproved\Run: => "Speech Recognition"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{5F5118A8-2AFA-4965-A5E0-795EB75B6B8C}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
FirewallRules: [UDP Query User{1619B740-FC8D-4809-BA4B-5822919D9BE0}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
FirewallRules: [TCP Query User{69F9C0A4-0389-44E6-A160-4A6C67AD3D43}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E2AE45A2-E20B-4157-8FB3-9D675BF6CF44}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{85E2E77C-F759-4CBD-8107-F4CBEE6E39E5}C:\program files (x86)\altium\cm\dxp.exe] => (Allow) C:\program files (x86)\altium\cm\dxp.exe
FirewallRules: [UDP Query User{29CCB2D8-AB7E-47BF-A3D0-CCD7D8DFFDA4}C:\program files (x86)\altium\cm\dxp.exe] => (Allow) C:\program files (x86)\altium\cm\dxp.exe
FirewallRules: [{BB18A534-E6EE-4C1C-A901-91F55F675C41}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{868ED2A8-BB87-49A7-9C41-E7D0F18026FA}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
FirewallRules: [UDP Query User{C543729B-2A12-451A-913E-1BB30363910B}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
 
==================== Restore Points =========================
 
04-03-2018 01:15:13 Removed COMODO Secure Shopping
07-03-2018 02:43:13 JRT Pre-Junkware Removal
10-03-2018 00:11:20 Removed TeighaX 3.09
11-03-2018 22:15:09 JRT Pre-Junkware Removal
16-03-2018 09:16:28 Installed Cybereason RansomFree 2.4.2.0
19-03-2018 16:43:59 Removed COMODO Secure Shopping
19-03-2018 17:45:07 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/19/2018 06:49:00 PM) (Source: SpeechRuntime) (EventID: 1) (User: )
Description: Audio Orchestrator could not restart Voice Activation - Error 0x80070003
 
Error: (03/19/2018 06:49:00 PM) (Source: SpeechRuntime) (EventID: 1) (User: )
Description: Audio Orchestrator could not start Voice Activation - Error 0x80070003
 
Error: (03/19/2018 06:48:01 PM) (Source: SpeechRuntime) (EventID: 1) (User: )
Description: Audio Orchestrator could not restart Voice Activation - Error 0x80070003
 
Error: (03/19/2018 06:48:01 PM) (Source: SpeechRuntime) (EventID: 1) (User: )
Description: Audio Orchestrator could not start Voice Activation - Error 0x80070003
 
Error: (03/19/2018 05:50:51 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.
 
Error: (03/19/2018 05:45:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (03/19/2018 05:45:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (03/19/2018 05:45:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswVmm.
 
System Error:
The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (03/20/2018 01:03:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/20/2018 12:11:50 PM) (Source: DCOM) (EventID: 10016) (User: WINDOWS-302NSHC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user WINDOWS-302NSHC\theri SID (S-1-5-21-3269376985-2225278655-3997078210-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/20/2018 08:44:36 AM) (Source: DCOM) (EventID: 10016) (User: WINDOWS-302NSHC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user WINDOWS-302NSHC\theri SID (S-1-5-21-3269376985-2225278655-3997078210-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/20/2018 08:44:36 AM) (Source: DCOM) (EventID: 10016) (User: WINDOWS-302NSHC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user WINDOWS-302NSHC\theri SID (S-1-5-21-3269376985-2225278655-3997078210-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/20/2018 06:29:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/20/2018 04:32:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/20/2018 01:33:31 AM) (Source: DCOM) (EventID: 10016) (User: WINDOWS-302NSHC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user WINDOWS-302NSHC\theri SID (S-1-5-21-3269376985-2225278655-3997078210-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/20/2018 01:31:04 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
 
 
CodeIntegrity:
===================================
 
Date: 2018-03-20 15:44:23.078
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.
 
Date: 2018-03-20 15:36:56.432
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-20 15:36:56.428
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-20 15:33:47.451
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-20 15:33:47.448
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-20 15:31:23.465
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-20 15:31:23.459
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-20 15:23:14.974
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 30%
Total physical RAM: 16253.23 MB
Available physical RAM: 11364.95 MB
Total Virtual: 17277.23 MB
Available Virtual: 12169.05 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:930.46 GB) (Free:758.53 GB) NTFS
Drive d: (My Passport) (Fixed) (Total:931.48 GB) (Free:879.37 GB) NTFS
 
\\?\Volume{74b5ec3c-e489-4cdc-9d7f-6a3f5ff8322a}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32
\\?\Volume{fc523e6d-ec3f-4b35-93e4-a6ef0b2312b9}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AADD5618)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:53 PM

Posted 21 March 2018 - 01:15 PM

Brad:

Thank you for the fresh set of FRST logs, and again, for your kind words. They are much appreciated.

.

:step1: Please run a FRST fix for me. I am seeing some Avast Password brower extensions. If you want to keep those extensions, please remove the two lines from the FRST "fixlist" script.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.

Start::
CreateRestorePoint:
CloseProcesses:
FF Extension: (Avast Passwords) - C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\Mozilla\Firefox\Profiles\afq36rgh.default\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2018-02-01]
CHR Extension: (Avast Passwords) - C:\Users\theri.WINDOWS-302NSHC\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2018-03-09]
2018-03-19 17:47 - 2017-12-13 21:11 - 000000000 ____D C:\ProgramData\AVAST Software
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#12 ninjarig

ninjarig
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 21 March 2018 - 02:53 PM

hello phil, sorry about the delay, snow slows everything down where i am. (although im sure it would be laughable to someone in Nova Scotia, LOL)

 

ran the fix, here is its log.

 

 

  Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018

Ran by theri (21-03-2018 14:35:09) Run:2
Running from C:\Users\theri.WINDOWS-302NSHC\Downloads\FRST-OlderVersion
Loaded Profiles: theri (Available Profiles: theri & Brad)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
2018-03-19 17:47 - 2017-12-13 21:11 - 000000000 ____D C:\ProgramData\AVAST Software
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\AVAST Software => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AvastUI.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe" => not found
 
 
The system needed a reboot.
 
==== End of Fixlog 14:36:52 ====
 
 
 
 
i am contiunally in gratitude my new friend...

AND an RCMP vet as well. you continue to earn my respect sir....



#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:53 PM

Posted 22 March 2018 - 06:20 AM

Brad:
 
Thank you for your post and no need to address me as "sir."  It was my privilege and honor to have served in the RCMP for 35 years, and the pension is very nice. :)
 

... snow slows everything down where i am. (although im sure it would be laughable to someone in Nova Scotia, LOL)

 
You are evidently not very familiar with Nova Scotia weather! :)  We are being hit by a "Nor-easter" today, which is forecast to bring 4" to 6" of snow, rain, and ice pellets!  Schools are cancelled here today.  Fortunately, Port Hood is on the western coast of Cape Breton Island, down close to the mainland, so we are forecast to get off easy, with mostly just rain and some snow.
 
OK, let's move on to some standard anti-malware scans and see what else might be lurking in your computer.
 
.
 
:step1: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected. There will be no log, if no threats were detected.
Don't forget to re-enable your antivirus when finished!

.

:step2: Please run a Malwarebytes Anti-Malware scan for me. I see that you have it installed on your computer. Please select the options that I have indicated, run the scan, and post the results, as I have instructed below:
  • Please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
The Scan log is available through Reports (double-click the appropriate scan log) or you can just double-click the "Last Scan" entry on the Dashboard. Click "Export"., and then select "Copy to Clipboard". Next, please paste the contents of the log into your next reply.

.

:step3: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.
  • Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin its scan ... please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, then make sure that you uncheck it before running the "Clean" process.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • After the scan has finished ...
  • Uncheck any PUP and adware applications that you want to keep.


If you are unsure about one or more of the detected programs, then please copy and paste the scan log, with your questions, and I will provide you with advice about those files.
The Scan logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Do not follow the remaining "Clean" instructions until directed to do so by me, if you have any questions about one or more of the detections.
If you have no questions about any of the detections, then please proceed to the "Clean" steps below.

  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Please copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
.

Thank you and have a great day.

Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#14 ninjarig

ninjarig
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 24 March 2018 - 12:02 AM

Good day to you Phil.  Ive actually travelled quite extensively behind "the maple curtain" (lol) What i should have specified was exactly how very little snow it took to slow things down where i am. ESPECIALLY, when stacked against a Nova Scotian Noreaster.

 

here are the logs you requested...

 

 

 

C:\Users\theri.WINDOWS-302NSHC\Downloads\reason-core-security-setup.exe a variant of MSIL/ByteFence.A potentially unwanted application cleaned by deleting
C:\Users\theri.WINDOWS-302NSHC\Downloads\deluge\done\IK Multimedia T-RackS 5.0.0 NO INSTALL 09.11.2017\SymLink Installer.cmd BAT/HostsChanger.A potentially unsafe application cleaned by deleting
C:\Users\theri.WINDOWS-302NSHC\Downloads\deluge\done\IK Multimedia T-RackS CS Complete v4.7.1-R2R [oddsox]\IK.Multimedia.T-RackS.CS.Complete.v4.7.1.Incl.Keygen-R2R\r2r-2740.rar Win32/Keygen.ML potentially unsafe application deleted
D:\STUDIO\T-Racks Delux-Sonnox Oxford-Namd Blue Tube.zip.zip a variantof Generik.CQKCWJE trojan deleted
 
 
 
------------------------------------------------------------------------------------------------------
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/23/18
Scan Time: 2:26 AM
Log File: 7123f8bc-2e6b-11e8-8ddd-000000000000.json
Administrator: Yes
 
-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4456
License: Free
 
-System Information-
OS: Windows 10 (Build 16299.309)
CPU: x64
File System: NTFS
User: WINDOWS-302NSHC\theri
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 383263
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 9 min, 51 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
-------------------------------------------------------------------------------------
 
 
-----------------------------------------# AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 23 14:52:29 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-03-22.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\Users\theri.WINDOWS-302NSHC\AppData\Roaming\MPC
PUP.Optional.Legacy, C:\Users\theri.WINDOWS-302NSHC\Documents\MPC
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [1219 B] - [2018/2/16 0:31:22]
C:/AdwCleaner/AdwCleaner[C1].txt - [1465 B] - [2018/3/5 11:56:44]
C:/AdwCleaner/AdwCleaner[C2].txt - [1619 B] - [2018/3/7 10:14:1]
C:/AdwCleaner/AdwCleaner[S0].txt - [1058 B] - [2018/2/15 23:20:41]
C:/AdwCleaner/AdwCleaner[S1].txt - [1080 B] - [2018/3/5 11:22:54]
C:/AdwCleaner/AdwCleaner[S2].txt - [1249 B] - [2018/3/7 9:51:33]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########----


#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:53 PM

Posted 24 March 2018 - 12:45 PM

Brad:

 

Thank you for your post.

 

How is your computer working now?  I am not seeing any active malware.  If there are still issues, please describe them in as much detail as possible, including any possible error messages or codes.

 

Thank you and have a great weekend.

 

Regards,

-Phil

 

 


Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users