Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Gmail Bugs Allow Changing From: Field and Spoofing Recipient's Address

Featured Deal: Get 98% off The Ultimate Java Programming Bundle: Lifetime Access Bundle

Photo

Virus that keeps redirecting my searches

Started by Bornforexile , Mar 18 2018 12:57 PM

  • This topic is locked This topic is locked
7 replies to this topic

#1 Bornforexile

Bornforexile

  • Members
  • 11 posts
  • OFFLINE
    •  
  • Local time:09:43 PM

Posted 18 March 2018 - 12:57 PM

I am not new to computers or virus, malware, and spyware removal but there is one persistent piece of...something that i cannot remove.  I have malwarebytes, iobit malware, Hitman Pro,, Junkware Removal, Avast and like one or two other removal tools.  I have run them all cleared about 400 spyware/malware that i was stupid and ended up getting.  Now when i run them, they MIGHT find one PuP or nothing. I have run malwarebytes 2-3 times today alone and it hasn't found anything, i have run hitman and now malware adware cleaner and they have found nothing, but about 50-75% of the time, when i do a search via my address bar, or go to google.com and do a search on the main screen it does a quick redirect "extensions.citypage.today" and redirects to a bing search page.  To the best of my knowledge, i have removed all extensions from all browsers on my computer, removed anything past the file extension for the shortcuts and run MANY virus, adware, malware and spyware things. I am at a total loss now.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by James (administrator) on ATKINSON (18-03-2018 13:35:03)
Running from C:\Users\James\Downloads
Loaded Profiles: James (Available Profiles: James)
Platform: Windows 10 Pro Version 1709 16299.248 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\vskgborsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2e329e8610bbb375\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2e329e8610bbb375\IntelCpHDCPSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2e329e8610bbb375\IntelCpHeciSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2e329e8610bbb375\igfxEM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Discord Inc.) C:\Users\James\AppData\Local\Discord\app-0.0.300\Discord.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Discord Inc.) C:\Users\James\AppData\Local\Discord\app-0.0.300\Discord.exe
(Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe
(Discord Inc.) C:\Users\James\AppData\Local\Discord\app-0.0.300\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Elgato Systems GmbH) C:\Program Files\Elgato\StreamDeck\StreamDeck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Elgato\SoundCapture\SoundCapture.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Elgato\StreamDeck\QtWebEngineProcess.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
() C:\Users\James\AppData\Local\avarnbi\avarnbi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.245_none_16ec1d963212a637\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Users\James\AppData\Local\avarnbi\cwmidzk.exe
() C:\Users\James\AppData\Local\avarnbi\cwmidzk.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\James\AppData\Local\avarnbi\cwmidzk.exe
() C:\Users\James\AppData\Local\avarnbi\cwmidzk.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2018-03-14] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-11-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-06] (AVAST Software)
HKLM\...\Run: [Stream Deck] => C:\Program Files\Elgato\StreamDeck\StreamDeck.exe [5551976 2018-03-06] (Elgato Systems GmbH)
HKLM\...\Run: [Elgato Sound Capture] => C:\Program Files\Elgato\SoundCapture\SoundCapture.exe [1234944 2018-01-18] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [FireStormStartUpAutoRun] => C:\Program Files (x86)\ZotacFireStorm\FireStorm.exe [32494592 2016-10-12] (PC Partner Co.Ltd)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409936 2018-02-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-06-15] (Autodesk, Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5484304 2018-01-30] (IObit)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596664 2017-08-30] (Razer Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2940490528-2556188224-4051809522-1001\...\Run: [Discord] => C:\Users\James\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-2940490528-2556188224-4051809522-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
HKU\S-1-5-21-2940490528-2556188224-4051809522-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2940490528-2556188224-4051809522-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-2940490528-2556188224-4051809522-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1206600 2018-02-18] ()
HKU\S-1-5-21-2940490528-2556188224-4051809522-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 207.91.5.20
Tcpip\..\Interfaces\{0c555957-f1c9-4c9e-8db8-f230046b955d}: [DhcpNameServer] 192.168.254.254 207.91.5.20
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2940490528-2556188224-4051809522-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-18] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-18] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
 
FireFox:
========
FF DefaultProfile: 9cikxl13.default
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\9cikxl13.default [2018-03-18]
FF NetworkProxy: Mozilla\Firefox\Profiles\9cikxl13.default -> type", 0
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-02-14] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-02-14] (Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\secure_cert.js [2018-03-13]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Backup Default [2018-03-13]
CHR Extension: (Slides) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-11]
CHR Extension: (Docs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-11]
CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-27]
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-27]
CHR Extension: (Adobe Acrobat) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-01-26]
CHR Extension: (Sheets) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-11]
CHR Extension: (Google Docs Offline) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-27]
CHR Extension: (AdBlock) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-27]
CHR Extension: (Chrome Media Router) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-06]
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default [2018-03-18]
CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-13]
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-13]
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-13]
CHR Extension: (Chrome Media Router) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\kgbsa <==== ATTENTION (Rootkit!)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1353208 2017-06-15] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-02-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-05-08] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-06] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-06] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-03-08] ()
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-08] (EasyAntiCheat Ltd)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrv.exe [2127632 2018-01-29] (IObit)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206096 2018-01-25] (IObit)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21296 2017-11-10] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-09-15] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 mi-raysat_3dsmax2017_64; C:\Program Files\Autodesk\3ds Max 2017\raysat_3dsmax2017_64server.exe [86016 2011-09-15] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32384 2016-10-03] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2159424 2018-03-05] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3028808 2018-03-05] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1452360 2018-02-18] (Overwolf LTD)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-21] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [142432 2017-11-09] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-28] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-28] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] ()
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196648 2018-03-06] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-06] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-06] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-06] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-06] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [215320 2018-03-06] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-03-06] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146656 2018-03-06] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110328 2018-03-06] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-03-06] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-03-06] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-03-06] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-03-06] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-03-06] (AVAST Software)
S3 BEDaisy; C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [1832880 2018-03-17] ()
R3 CY3014.X64; C:\WINDOWS\system32\DRIVERS\CY3014.X64.SYS [3599568 2018-02-14] ()
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [555592 2018-03-14] (Intel Corporation)
R3 ElgatoVAD; C:\WINDOWS\system32\DRIVERS\ElgatoVAD.sys [39208 2017-07-11] (Elgato Systems GmbH)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
S3 EuMusDesignVirtualAudioCableWdm_lcs; C:\WINDOWS\system32\DRIVERS\vaclcskd.sys [66016 2010-04-08] (Eugene V. Muzychenko)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-03-14] (REALiX™)
R1 IMFCameraProtect; C:\WINDOWS\system32\drivers\IMFCameraProtect.sys [44096 2017-04-06] (IObit.com)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [39288 2017-03-08] (IObit.com)
R3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_amd64\IMFFilter.sys [40440 2017-02-17] (IObit)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [34080 2017-06-23] (IObit.com)
R1 IMFMBRProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFMBRProtect.sys [39368 2018-01-02] (IObit.com)
R1 IMFSafeBox; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFSafeBox.sys [58544 2018-01-28] (IObit.com)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [40328 2018-01-10] (IObit.com)
R3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45192 2017-10-19] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-10-19] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2017-10-19] (Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-13] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-18] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-18] (Malwarebytes)
R1 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-13] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-16] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5601d21ccd639df9\nvlddmkm.sys [17486096 2018-01-05] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31024 2018-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58680 2018-01-10] (NVIDIA Corporation)
R3 Phosgene; C:\WINDOWS\system32\DRIVERS\Phosgene.sys [34136 2015-09-02] (Adoriasoft LLC)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\regfilter.sys [52728 2018-01-25] (IObit.com)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
S3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
R3 Trufos; C:\WINDOWS\System32\DRIVERS\TRUFOS.sys [520032 2016-12-05] (BitDefender S.R.L.)
S3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2017-02-02] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-01-28] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2018-01-28] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-28] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [37344 2017-04-25] (Wellbia.com Co., Ltd.)
R3 hlorvy; system32\drivers\oruybe.sys [X]
S4 vugmtxr; System32\drivers\wmbexrpd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-18 13:28 - 2018-03-18 13:28 - 000000000 ____D C:\Users\James\AppData\Local\exsobgp
2018-03-18 13:27 - 2018-03-18 13:28 - 008222496 _____ (Malwarebytes) C:\Users\James\Downloads\AdwCleaner (1).exe
2018-03-18 13:26 - 2018-03-18 13:26 - 000045960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-18 13:25 - 2018-03-18 13:25 - 000142672 ____N C:\WINDOWS\system32\Drivers\wehbehko.sys
2018-03-18 13:20 - 2018-03-18 13:21 - 008222496 _____ (Malwarebytes) C:\Users\James\Downloads\AdwCleaner.exe
2018-03-18 13:14 - 2018-03-18 13:14 - 000000222 _____ C:\Users\James\Desktop\Warhammer Vermintide 2.url
2018-03-18 13:11 - 2018-03-18 13:37 - 000029839 _____ C:\Users\James\Downloads\FRST.txt
2018-03-18 13:11 - 2018-03-18 13:12 - 000092020 _____ C:\Users\James\Downloads\Addition.txt
2018-03-18 13:11 - 2018-03-18 13:11 - 000000000 ___DC C:\FRST
2018-03-18 13:10 - 2018-03-18 13:10 - 002403328 _____ (Farbar) C:\Users\James\Downloads\FRST64.exe
2018-03-18 13:02 - 2018-03-18 13:02 - 000078300 _____ C:\Users\James\Downloads\it328_project_management_documents.xlsx
2018-03-18 12:57 - 2018-03-18 12:57 - 000031687 _____ C:\Users\James\Downloads\Report Card for James Atkinson.pdf
2018-03-17 09:59 - 2018-03-17 09:59 - 001291706 _____ C:\Users\James\Downloads\ThirdPerson_FBX.zip
2018-03-17 09:59 - 2018-03-17 09:59 - 000000000 ____D C:\Users\James\Downloads\ThirdPerson_FBX_v48
2018-03-17 00:48 - 2018-03-17 00:48 - 000001691 _____ C:\Users\James\Desktop\EasyAntiCheat_Setup.exe - Shortcut.lnk
2018-03-16 23:46 - 2018-03-16 23:46 - 000000000 ____D C:\Users\James\AppData\Local\pcsmwkt
2018-03-16 20:45 - 2018-03-16 20:45 - 000000000 ____D C:\Users\James\AppData\Local\lsdhvcu
2018-03-16 20:42 - 2018-03-16 20:42 - 000001956 _____ C:\WINDOWS\system32\.crusader
2018-03-16 20:36 - 2018-03-17 23:44 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-03-16 20:36 - 2018-03-16 20:42 - 000000000 ____D C:\ProgramData\HitmanPro
2018-03-16 20:36 - 2018-03-16 20:36 - 000001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-03-16 20:36 - 2018-03-16 20:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-03-16 20:36 - 2018-03-16 20:36 - 000000000 ____D C:\Program Files\HitmanPro
2018-03-16 20:32 - 2018-03-16 20:32 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-16 20:32 - 2018-03-16 20:32 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-16 20:32 - 2018-03-16 20:32 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-16 20:24 - 2018-03-16 20:25 - 000000246 _____ C:\Users\James\Desktop\New Text Document.txt
2018-03-16 18:17 - 2018-03-16 18:17 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2018-03-16 16:22 - 2018-03-16 16:22 - 000001173 _____ C:\Users\Public\Desktop\Sound Capture.lnk
2018-03-16 16:22 - 2018-03-16 16:22 - 000001165 _____ C:\Users\Public\Desktop\Game Capture HD.lnk
2018-03-16 16:22 - 2018-03-16 16:22 - 000000000 ____D C:\Program Files (x86)\Elgato
2018-03-16 16:21 - 2018-03-16 16:22 - 184000512 _____ C:\Users\James\Downloads\GameCaptureSetup_3.70.8.3008_x64 (1).msi
2018-03-16 09:18 - 2018-03-16 09:18 - 000171158 _____ C:\Users\James\Documents\cc_20180316_091833.reg
2018-03-16 09:11 - 2018-03-16 09:11 - 000000000 ____D C:\Users\James\AppData\Local\exewuma
2018-03-15 17:11 - 2018-03-15 17:11 - 000000000 ____D C:\Users\James\AppData\Local\wmilxuz
2018-03-15 16:04 - 2018-03-15 16:04 - 015333512 _____ (Piriform Ltd) C:\Users\James\Downloads\ccsetup541.exe
2018-03-15 16:02 - 2018-03-15 16:02 - 000000000 ____D C:\Users\James\AppData\Local\nvskzcb
2018-03-15 15:59 - 2018-03-15 15:59 - 026194416 _____ (Razer USA Ltd) C:\Users\James\Downloads\Razer_Synapse_Installer_v2.21.00.830 (3).exe
2018-03-15 15:47 - 2018-03-17 23:54 - 000000000 ____D C:\ProgramData\ProductData
2018-03-15 15:37 - 2018-03-15 15:37 - 000001202 _____ C:\Users\James\Desktop\JRT.txt
2018-03-15 15:29 - 2018-03-15 15:29 - 001790024 _____ (Malwarebytes) C:\Users\James\Downloads\JRT.exe
2018-03-15 15:26 - 2018-03-15 15:26 - 000000000 ____D C:\Users\James\AppData\Local\rtczhwi
2018-03-15 15:25 - 2018-03-15 17:10 - 000000000 ____D C:\Program Files (x86)\Razer
2018-03-15 15:25 - 2018-03-15 15:25 - 000000000 ____D C:\ProgramData\Razer
2018-03-15 14:23 - 2018-03-16 18:03 - 000000000 ____D C:\Users\James\Desktop\aoc
2018-03-14 13:49 - 2018-03-14 13:49 - 000000000 ____D C:\Users\James\AppData\Local\upkxdma
2018-03-14 13:45 - 2018-03-15 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2018-03-14 13:31 - 2018-03-14 13:31 - 000000000 ____D C:\Users\James\AppData\Local\nvostwd
2018-03-14 13:28 - 2018-03-14 13:28 - 000000571 _____ C:\Users\James\Downloads\DeviceDiagnostic.diagcab
2018-03-14 09:48 - 2018-03-14 09:48 - 000000000 ____D C:\Users\James\AppData\Local\raikhvx
2018-03-14 09:46 - 2018-03-14 09:46 - 000000000 ____D C:\Users\James\AppData\Local\iabozdl
2018-03-14 09:45 - 2018-03-14 09:46 - 026194416 _____ (Razer USA Ltd) C:\Users\James\Downloads\Razer_Synapse_Installer_v2.21.00.830 (2).exe
2018-03-14 09:12 - 2018-03-14 09:12 - 000000000 ____D C:\Users\James\Desktop\Streamlab
2018-03-14 09:11 - 2018-03-14 09:11 - 000001443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2018-03-14 09:11 - 2018-03-14 09:11 - 000001431 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2018-03-14 09:11 - 2018-03-14 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2018-03-14 09:08 - 2018-03-14 09:08 - 072520704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2018-03-14 09:08 - 2018-03-14 09:08 - 013831786 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2018-03-14 09:08 - 2018-03-14 09:08 - 007172904 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 007096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 006264632 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 005346992 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 003677152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2018-03-14 09:08 - 2018-03-14 09:08 - 003299816 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 003135776 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 003122648 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 002922976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 002444680 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 002190976 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 001965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 001959592 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 001780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 001591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 001544248 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 001508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 001382232 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 001372384 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 001348160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 001337632 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 001259720 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 001159176 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 001016920 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000984904 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000965016 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000877424 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000873456 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000868168 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000866632 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000852128 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000737960 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000708304 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000691672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000680544 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000604792 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000526272 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000504296 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000447712 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000445392 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000416496 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000406448 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000387304 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000381400 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000378376 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000366112 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000362048 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000360336 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000327448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000321704 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000310416 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000253856 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000252864 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000231912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000221960 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000209528 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000203832 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000190928 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000190928 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000179592 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000158688 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000154352 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000134192 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000118584 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000105304 _____ C:\WINDOWS\system32\audioLibVc.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000100336 _____ (Intel Corporation) C:\WINDOWS\system32\NicInstD.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000090912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000088648 _____ (Intel Corporation) C:\WINDOWS\system32\e1dmsg.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000088336 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000088312 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000084608 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000083616 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000075536 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2018-03-14 09:08 - 2018-03-14 09:08 - 000003130 _____ C:\WINDOWS\system32\e1d65x64.din
2018-03-14 09:08 - 2018-03-14 09:08 - 000000000 ____D C:\WINDOWS\system32\DAX3
2018-03-14 09:07 - 2018-03-14 09:08 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-03-14 09:07 - 2018-03-14 09:07 - 000808944 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcDAud.sys
2018-03-14 09:06 - 2018-03-14 09:06 - 010919784 _____ C:\WINDOWS\SysWOW64\LogiDPP.dll
2018-03-14 09:06 - 2018-03-14 09:06 - 010919784 _____ C:\WINDOWS\system32\LogiDPP.dll
2018-03-14 09:06 - 2018-03-14 09:06 - 004758176 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvuvc64.sys
2018-03-14 09:06 - 2018-03-14 09:06 - 000768288 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUI64.dll
2018-03-14 09:06 - 2018-03-14 09:06 - 000560416 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUIRC64.dll
2018-03-14 09:06 - 2018-03-14 09:06 - 000542568 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2.dll
2018-03-14 09:06 - 2018-03-14 09:06 - 000538472 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2RC.dll
2018-03-14 09:06 - 2018-03-14 09:06 - 000336232 _____ C:\WINDOWS\SysWOW64\DevManagerCore.dll
2018-03-14 09:06 - 2018-03-14 09:06 - 000336232 _____ C:\WINDOWS\system32\DevManagerCore.dll
2018-03-14 09:06 - 2018-03-14 09:06 - 000305000 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\lvcodec2.dll
2018-03-14 09:06 - 2018-03-14 09:06 - 000266828 _____ C:\WINDOWS\system32\Drivers\LVAFT.cfg
2018-03-14 09:06 - 2018-03-14 09:06 - 000262432 _____ (Logitech Inc.) C:\WINDOWS\system32\lvco1380853.dll
2018-03-14 09:06 - 2018-03-14 09:06 - 000175392 _____ (Logitech Inc.) C:\WINDOWS\system32\lvcod64.dll
2018-03-14 09:06 - 2018-03-14 09:06 - 000103272 _____ C:\WINDOWS\SysWOW64\LogiDPPApp.exe
2018-03-14 09:06 - 2018-03-14 09:06 - 000103272 _____ C:\WINDOWS\system32\LogiDPPApp.exe
2018-03-14 09:06 - 2018-03-14 09:06 - 000029494 _____ C:\WINDOWS\system32\lvcoin64.ini
2018-03-14 09:06 - 2018-03-14 09:06 - 000000000 ____D C:\Program Files\Common Files\logishrd
2018-03-14 09:05 - 2018-03-14 13:26 - 000002355 _____ C:\Users\Public\Desktop\Driver Booster 5.lnk
2018-03-14 09:05 - 2018-03-14 09:05 - 000027552 _____ (REALiX™) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2018-03-14 09:05 - 2018-03-14 09:05 - 000000000 ____D C:\WINDOWS\IObit
2018-03-14 09:05 - 2018-03-14 09:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
2018-03-14 01:26 - 2018-03-18 13:24 - 000000000 ____D C:\Users\James\AppData\Roaming\IObit
2018-03-14 01:26 - 2018-03-14 09:05 - 000000000 ____D C:\Users\James\AppData\LocalLow\IObit
2018-03-14 01:26 - 2018-03-14 01:26 - 000001250 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2018-03-14 01:26 - 2018-03-14 01:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2018-03-14 01:26 - 2018-03-14 01:26 - 000000000 ____D C:\ProgramData\BDLogging
2018-03-14 01:26 - 2017-04-06 10:23 - 000044096 _____ (IObit.com) C:\WINDOWS\system32\Drivers\IMFCameraProtect.sys
2018-03-14 01:26 - 2016-12-05 15:32 - 000520032 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2018-03-14 01:25 - 2018-03-14 09:11 - 000000000 ____D C:\ProgramData\IObit
2018-03-14 01:25 - 2018-03-14 09:11 - 000000000 ____D C:\Program Files (x86)\IObit
2018-03-14 01:25 - 2018-03-14 01:25 - 040337336 _____ (IObit ) C:\Users\James\Downloads\IObit-Malware-Fighter-Setup-beta.exe
2018-03-14 01:25 - 2018-03-14 01:25 - 000000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2018-03-14 01:19 - 2018-03-14 01:19 - 000000000 ____D C:\Users\James\AppData\Local\psibtwd
2018-03-14 01:00 - 2018-03-14 01:00 - 026190216 _____ (Razer USA Ltd) C:\Users\James\Downloads\Razer_Synapse_Installer_v2.21.18.115.exe
2018-03-14 00:58 - 2018-03-14 00:58 - 026194416 _____ (Razer USA Ltd) C:\Users\James\Downloads\Razer_Synapse_Installer_v2.21.00.830 (1).exe
2018-03-14 00:54 - 2018-03-14 00:54 - 004197032 _____ C:\Users\James\Downloads\RazerSynapseInstaller_DT_V1.0.67.89 (1).exe
2018-03-14 00:07 - 2018-03-14 00:07 - 000000000 ____D C:\Users\James\AppData\Roaming\Synapse3
2018-03-14 00:04 - 2018-03-14 00:04 - 004197032 _____ C:\Users\James\Downloads\RazerSynapseInstaller_DT_V1.0.67.89.exe
2018-03-13 23:52 - 2018-03-13 23:52 - 026194416 _____ (Razer USA Ltd) C:\Users\James\Downloads\Razer_Synapse_Installer_v2.21.00.830.exe
2018-03-13 23:32 - 2018-03-13 23:32 - 000000000 ____D C:\Users\James\AppData\Local\remtunl
2018-03-13 23:12 - 2018-03-13 23:13 - 184000512 _____ C:\Users\James\Downloads\GameCaptureSetup_3.70.8.3008_x64.msi
2018-03-13 22:38 - 2018-03-13 22:38 - 000221662 _____ C:\Users\James\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2018-03-13 22:31 - 2018-03-13 22:31 - 000022572 _____ C:\Users\James\Downloads\WhoLockMe200.zip
2018-03-13 22:31 - 2009-02-16 03:04 - 000036864 _____ (Bitmind / Pygmy Productions) C:\Users\James\Downloads\WhoLockMe.dll
2018-03-13 22:31 - 2009-02-16 03:02 - 000043008 _____ (Bitmind / Pygmy Productions ) C:\Users\James\Downloads\WhoLockMe.exe
2018-03-13 22:31 - 2009-02-16 03:01 - 000000393 _____ C:\Users\James\Downloads\Install.txt
2018-03-13 22:31 - 2002-06-28 11:06 - 000000030 _____ C:\Users\James\Downloads\Uninstall.bat
2018-03-13 22:31 - 2002-06-28 11:06 - 000000027 _____ C:\Users\James\Downloads\Install.bat
2018-03-13 22:24 - 2018-03-13 23:30 - 000000000 ____D C:\Users\James\AppData\Local\DELETE MEEEEEEE
2018-03-13 22:21 - 2018-03-13 22:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Program Uninstaller
2018-03-13 22:21 - 2018-03-13 22:28 - 000000000 ____D C:\Users\James\AppData\Roaming\Wise Uninstaller
2018-03-13 22:21 - 2018-03-13 22:21 - 003310600 _____ (WiseCleaner.com ) C:\Users\James\Downloads\WPUSetup.exe
2018-03-13 22:21 - 2018-03-13 22:21 - 000000000 ____D C:\Program Files (x86)\Wise
2018-03-13 22:12 - 2018-03-13 22:12 - 000000000 ____D C:\Users\James\AppData\Local\lshzkru
2018-03-13 22:05 - 2018-03-13 22:05 - 000000000 ____D C:\Users\James\AppData\Local\coktuix
2018-03-13 22:01 - 2018-03-13 22:01 - 000000000 ____D C:\Users\James\AppData\Local\cwebnuz
2018-03-13 21:54 - 2018-03-13 21:54 - 000000000 ____D C:\Users\James\AppData\Local\upkalcv
2018-03-13 21:51 - 2018-03-13 21:51 - 000000000 ____D C:\Users\James\AppData\Local\csihnmx
2018-03-13 21:43 - 2018-03-13 21:43 - 000000000 ____D C:\Users\James\AppData\Local\lsdenao
2018-03-13 21:35 - 2018-03-13 21:35 - 000000000 ____D C:\Users\James\AppData\Local\exhbavt
2018-03-13 21:17 - 2018-03-13 21:17 - 000000000 ____D C:\Users\James\AppData\Local\svhxwku
2018-03-13 21:01 - 2018-03-13 21:01 - 000000000 ____D C:\Users\James\AppData\Local\remhnot
2018-03-13 20:56 - 2018-03-13 20:56 - 000000000 ____D C:\Users\James\AppData\Local\seitnzw
2018-03-13 20:52 - 2018-03-13 20:52 - 000000000 ____D C:\Users\James\AppData\Local\vdnhort
2018-03-13 20:41 - 2018-03-13 20:41 - 000000000 ____D C:\Users\James\AppData\Local\sbadtuc
2018-03-13 20:37 - 2018-03-13 20:37 - 000167034 _____ C:\Users\James\Desktop\fileassassin-setup-1.06.exe
2018-03-13 20:37 - 2018-03-13 20:37 - 000001128 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2018-03-13 20:37 - 2018-03-13 20:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2018-03-13 20:37 - 2018-03-13 20:37 - 000000000 ____D C:\Program Files (x86)\FileASSASSIN
2018-03-13 20:33 - 2018-03-13 20:33 - 000000000 ____D C:\Users\James\AppData\Local\tinhblr
2018-03-13 20:28 - 2018-03-16 16:15 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-13 20:27 - 2018-03-18 13:25 - 000000000 ___DC C:\AdwCleaner
2018-03-13 20:26 - 2018-03-13 20:26 - 000000000 ____D C:\Users\James\AppData\Local\dtkzcwb
2018-03-13 20:17 - 2018-03-13 20:17 - 000000000 ____D C:\Users\James\AppData\Local\csivgzp
2018-03-13 20:15 - 2018-03-13 20:15 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-13 20:15 - 2018-03-13 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-13 20:15 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-13 20:14 - 2018-03-13 20:14 - 000000000 ____D C:\Users\James\AppData\Local\rtizhno
2018-03-13 20:00 - 2018-03-13 20:00 - 000000000 ____D C:\Users\James\AppData\Local\snalmcu
2018-03-13 19:59 - 2018-03-18 13:26 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-13 19:59 - 2018-03-13 21:53 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-13 19:59 - 2018-03-13 21:53 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-13 19:51 - 2018-03-13 19:51 - 000000000 ____D C:\Users\James\AppData\Local\reauixb
2018-03-13 19:50 - 2018-03-13 19:50 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7FA755DF.sys
2018-03-13 19:47 - 2018-03-13 19:47 - 000000000 ____D C:\Users\James\AppData\Local\useclig
2018-03-13 19:42 - 2018-03-13 19:42 - 000000000 ____D C:\Users\James\AppData\Local\avktrwg
2018-03-13 19:41 - 2018-03-13 22:04 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-03-13 19:40 - 2018-03-13 19:40 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\13FE4E4B.sys
2018-03-13 19:40 - 2018-03-13 19:40 - 000000000 ____D C:\WINDOWS\pss
2018-03-13 19:37 - 2018-03-13 19:37 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\501C4C5E.sys
2018-03-13 19:36 - 2018-03-13 19:36 - 000000000 ____D C:\Users\James\AppData\Local\mbopakd
2018-03-13 19:35 - 2018-03-13 19:35 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0E464A67.sys
2018-03-13 19:33 - 2018-03-13 19:33 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\737B494E.sys
2018-03-13 19:29 - 2018-03-13 19:29 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5F7745AF.sys
2018-03-13 19:26 - 2018-03-13 19:26 - 000000000 ____D C:\Users\James\AppData\Local\iabotxw
2018-03-13 19:25 - 2018-03-13 19:25 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\165C430E.sys
2018-03-13 19:12 - 2018-03-13 19:13 - 000061324 ____C C:\TDSSKiller.3.1.0.16_13.03.2018_19.12.20_log.txt
2018-03-13 18:38 - 2018-03-13 18:38 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5E901E86.sys
2018-03-13 18:38 - 2018-03-13 18:38 - 000000000 ____D C:\Users\James\AppData\Local\csahxpz
2018-03-13 18:22 - 2018-03-13 18:22 - 000000000 ____D C:\Users\James\AppData\Local\spckeio
2018-03-13 18:21 - 2018-03-13 18:21 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4C431212.sys
2018-03-13 18:08 - 2018-03-13 18:08 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5B200833.sys
2018-03-13 17:46 - 2018-03-13 17:46 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\545876BC.sys
2018-03-13 17:46 - 2018-03-13 17:46 - 000000000 ____D C:\Users\James\AppData\Local\avkcglo
2018-03-13 17:45 - 2018-03-13 20:32 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-03-13 17:42 - 2018-03-15 11:30 - 000000000 ____D C:\Users\James\AppData\Local\sbditrw
2018-03-13 17:39 - 2018-03-18 13:34 - 000000000 ____D C:\Users\James\AppData\Local\avarnbi
2018-03-13 17:39 - 2018-03-13 17:39 - 000000000 ____D C:\Users\James\AppData\Local\snidmcw
2018-03-13 17:38 - 2018-03-18 13:25 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\vskgborsvc.exe
2018-03-13 17:38 - 2018-03-13 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\avdmtru
2018-03-13 17:38 - 2018-03-13 17:38 - 000000000 ____D C:\WINDOWS\system32\avdmtru
2018-03-13 17:38 - 2018-03-13 17:38 - 000000000 ____D C:\Users\James\AppData\Roaming\et
2018-03-13 17:34 - 2018-03-13 17:34 - 000003970 _____ C:\WINDOWS\System32\Tasks\injectors invades
2018-03-13 17:34 - 2018-03-13 17:34 - 000003936 _____ C:\WINDOWS\System32\Tasks\sparklers
2018-03-13 17:34 - 2018-03-13 17:34 - 000003846 _____ C:\WINDOWS\System32\Tasks\gainjectors invadesinjectors invades
2018-03-13 17:34 - 2018-03-13 17:34 - 000003796 _____ C:\WINDOWS\System32\Tasks\gasparklerssparklers
2018-03-13 17:34 - 2018-03-13 17:34 - 000000012 _____ C:\WINDOWS\b44418343
2018-03-13 06:18 - 2018-03-13 06:18 - 000041223 _____ C:\WINDOWS\uninstaller.dat
2018-03-13 06:18 - 2018-03-13 06:18 - 000014040 _____ C:\WINDOWS\system32\Drivers\2477cb13558fac6fbeb75bee702d6a38.sys
2018-03-12 09:55 - 2018-03-12 09:55 - 000000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6
2018-03-12 09:55 - 2018-03-12 09:55 - 000000000 ____D C:\Users\James\AppData\Local\Package Cache
2018-03-11 22:06 - 2018-03-11 22:06 - 000000000 ____D C:\Users\James\.idlerc
2018-03-11 22:06 - 2018-03-11 22:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2018-03-11 22:05 - 2018-03-11 22:08 - 000000000 ___DC C:\Python27
2018-03-10 12:53 - 2018-03-10 21:28 - 000000000 ____D C:\Users\James\Desktop\Sea Pics
2018-03-09 20:23 - 2018-03-09 20:23 - 000000000 ____D C:\Users\James\Documents\Holotech
2018-03-09 20:22 - 2018-03-09 20:22 - 000002817 _____ C:\WINDOWS\unins000.dat
2018-03-09 20:22 - 2018-03-09 20:21 - 001193161 _____ C:\WINDOWS\unins000.exe
2018-03-09 20:22 - 2015-09-02 08:28 - 000034136 _____ (Adoriasoft LLC) C:\WINDOWS\system32\Drivers\Phosgene.sys
2018-03-09 19:40 - 2018-03-09 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2018-03-09 19:36 - 2018-03-09 19:36 - 000000000 ____D C:\Program Files (x86)\directx
2018-03-09 19:22 - 2018-03-09 19:22 - 000000222 _____ C:\Users\James\Desktop\FaceRig.url
2018-03-08 18:06 - 2018-03-08 18:06 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-03-07 20:15 - 2018-03-17 11:34 - 000000000 ____D C:\Users\James\Desktop\Twitch Pics
2018-03-07 15:44 - 2018-03-16 16:24 - 000000000 ____D C:\Users\James\AppData\Roaming\Elgato
2018-03-07 15:44 - 2018-03-16 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato
2018-03-07 15:44 - 2018-03-16 16:22 - 000000000 ____D C:\Program Files\Elgato
2018-03-07 15:44 - 2018-03-07 15:44 - 000001145 _____ C:\Users\Public\Desktop\Stream Deck.lnk
2018-03-07 15:44 - 2018-03-07 15:44 - 000000000 ____D C:\ProgramData\Elgato
2018-03-07 15:44 - 2018-03-07 15:44 - 000000000 ____D C:\Program Files (x86)\OBS Studio - FTL
2018-03-07 15:26 - 2018-03-13 22:25 - 000000000 ____D C:\Users\James\AppData\Local\xulrunner
2018-03-07 08:35 - 2018-03-06 00:05 - 000380768 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-03-05 18:07 - 2018-03-05 18:07 - 000000000 ____D C:\Users\James\AppData\LocalLow\Zoink Games
2018-03-05 18:06 - 2018-03-05 18:06 - 000001159 _____ C:\Users\Public\Desktop\Fe.lnk
2018-03-05 18:06 - 2018-03-05 18:06 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2018-03-05 18:06 - 2018-03-05 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fe
2018-03-05 18:06 - 2018-03-05 18:06 - 000000000 ____D C:\ProgramData\Electronic Arts
2018-03-05 18:02 - 2018-03-05 18:02 - 000000000 ____D C:\Program Files (x86)\Origin Games
2018-03-05 18:01 - 2018-03-12 18:51 - 000000000 ____D C:\Program Files (x86)\Origin
2018-03-05 18:01 - 2018-03-08 01:47 - 000000000 ____D C:\Users\James\AppData\Roaming\Origin
2018-03-05 18:01 - 2018-03-05 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2018-03-05 18:00 - 2018-03-08 01:47 - 000000000 ____D C:\ProgramData\Origin
2018-03-05 18:00 - 2018-03-05 18:02 - 000000000 ____D C:\Users\James\AppData\Local\Origin
2018-03-05 18:00 - 2018-03-05 18:00 - 000000000 ____D C:\Users\James\.Origin
2018-03-04 12:47 - 2018-03-04 12:47 - 000001032 _____ C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe Connect.lnk
2018-03-03 12:08 - 2018-03-03 12:09 - 000000000 ___DC C:\DeepBot - Twitch Streamer Assistant
2018-03-03 12:08 - 2018-03-03 12:08 - 000000827 _____ C:\Users\Public\Desktop\DeepBot.lnk
2018-03-03 12:08 - 2018-03-03 12:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepBot
2018-03-03 12:07 - 2018-03-03 12:08 - 000000000 ____D C:\Users\James\AppData\Roaming\DeepBot.tv
2018-03-01 09:44 - 2018-03-01 09:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch Test
2018-02-25 13:22 - 2018-02-25 13:22 - 000001453 _____ C:\Users\James\AppData\Local\recently-used.xbel
2018-02-25 13:14 - 2018-02-25 13:22 - 000000000 ____D C:\Users\James\AppData\Local\gtk-2.0
2018-02-25 13:08 - 2018-02-25 13:44 - 000000000 ____D C:\Users\James\.gimp-2.8
2018-02-25 13:08 - 2018-02-25 13:08 - 000000000 ____D C:\Users\James\AppData\Local\gegl-0.2
2018-02-25 13:08 - 2018-02-25 13:08 - 000000000 ____D C:\Users\James\AppData\Local\fontconfig
2018-02-25 13:06 - 2018-02-25 13:06 - 000000939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2018-02-25 13:06 - 2018-02-25 13:06 - 000000000 ____D C:\Program Files\GIMP 2
2018-02-23 15:24 - 2018-02-23 15:24 - 000000000 ____D C:\Users\James\AppData\LocalLow\Gamers4Gamers Team
2018-02-23 14:30 - 2018-02-23 14:30 - 000000222 _____ C:\Users\James\Desktop\Escape The Pacific.url
2018-02-22 23:38 - 2018-02-22 23:38 - 000000000 ____D C:\Users\James\AppData\Roaming\MonoDevelop-Unity-5.0
2018-02-22 23:38 - 2018-02-22 23:38 - 000000000 ____D C:\Users\James\AppData\Local\MonoDevelop-Unity-5.0
2018-02-22 23:16 - 2018-02-25 14:03 - 000000000 ____D C:\Users\James\Documents\TestProject
2018-02-22 17:34 - 2018-02-22 17:34 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-02-22 13:11 - 2018-02-22 23:16 - 000000000 ____D C:\Users\James\AppData\LocalLow\DefaultCompany
2018-02-21 11:30 - 2018-02-20 10:28 - 000000232 ___SH C:\Users\Public\Libraries.ini
2018-02-21 09:53 - 2018-02-21 09:54 - 000000000 ____D C:\Users\James\AppData\Roaming\Notepad++
2018-02-21 09:53 - 2018-02-21 09:53 - 000001092 _____ C:\Users\Public\Desktop\Notepad++.lnk
2018-02-21 09:53 - 2018-02-21 09:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2018-02-21 09:53 - 2018-02-21 09:53 - 000000000 ____D C:\Program Files (x86)\Notepad++
2018-02-21 09:33 - 2018-02-21 09:53 - 000000000 ____D C:\Program Files\Notepad++
2018-02-21 09:33 - 2018-02-21 09:51 - 000000000 ____D C:\Users\James\AppData\Local\Notepad++
2018-02-19 00:42 - 2018-02-19 00:42 - 000001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2018.lnk
2018-02-18 23:43 - 2018-03-18 13:24 - 000000000 ____D C:\Users\James\AppData\Roaming\slobs-client
2018-02-18 23:43 - 2018-02-18 23:43 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streamlabs OBS.lnk
2018-02-18 23:43 - 2018-02-18 23:43 - 000001964 _____ C:\Users\Public\Desktop\Streamlabs OBS.lnk
2018-02-18 23:43 - 2018-02-18 23:43 - 000000000 ____D C:\ProgramData\Streamlabs OBS
2018-02-18 23:42 - 2018-03-16 16:10 - 000000000 ____D C:\Program Files\Streamlabs OBS
2018-02-17 21:53 - 2018-02-19 00:20 - 000000000 ____D C:\Users\James\AppData\Roaming\streamlabels
2018-02-17 21:53 - 2018-02-17 21:53 - 000002437 _____ C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamLabels.lnk
2018-02-17 03:11 - 2018-03-17 21:51 - 000099840 ___SH C:\Users\James\Desktop\Thumbs.db
2018-02-16 16:04 - 2018-02-16 17:10 - 000000000 ____D C:\Users\James\Documents\Shared
2018-02-16 15:52 - 2018-02-16 16:04 - 000000000 ___DC C:\Shared
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-18 13:35 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-18 13:35 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-18 13:32 - 2017-02-10 22:49 - 000000000 ____D C:\Users\James\AppData\Local\CrashDumps
2018-03-18 13:31 - 2017-12-21 21:30 - 001927538 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-18 13:27 - 2018-01-07 16:31 - 000000000 ____D C:\ProgramData\Logishrd
2018-03-18 13:27 - 2017-04-29 17:31 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-18 13:26 - 2017-06-08 22:15 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-18 13:26 - 2017-01-27 21:21 - 000000000 __SHD C:\Users\James\IntelGraphicsProfiles
2018-03-18 13:25 - 2017-12-21 21:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-18 13:25 - 2017-09-29 04:45 - 023592960 _____ C:\WINDOWS\system32\config\HARDWARE
2018-03-18 13:25 - 2017-09-29 04:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-18 13:24 - 2017-01-27 19:59 - 000000000 ____D C:\Users\James\AppData\Local\Battle.net
2018-03-18 12:21 - 2017-01-27 16:24 - 000000000 ____D C:\Users\James\AppData\Local\Adobe
2018-03-18 12:15 - 2017-03-20 19:23 - 000000000 ____D C:\Users\James\AppData\Roaming\vlc
2018-03-18 11:58 - 2017-12-21 21:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-18 08:44 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-03-17 20:56 - 2018-01-01 16:07 - 000000000 ____D C:\Users\James\AppData\Local\PlaceholderTileLogoFolder
2018-03-17 20:36 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-17 20:31 - 2017-12-21 21:22 - 000000000 ____D C:\Users\James\AppData\Local\Packages
2018-03-17 19:23 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-17 12:16 - 2017-04-28 18:14 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
2018-03-17 11:43 - 2017-01-27 19:59 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-03-17 09:58 - 2017-03-12 15:09 - 000000000 ____D C:\Users\James\Documents\Unreal Projects
2018-03-16 23:32 - 2017-08-13 12:52 - 000002307 _____ C:\Users\James\Desktop\Innkeeper.lnk
2018-03-16 23:32 - 2017-08-13 12:52 - 000000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Innkeeper
2018-03-16 23:32 - 2017-08-13 12:52 - 000000000 ____D C:\Users\James\AppData\Local\Innkeeper
2018-03-16 23:32 - 2017-01-27 23:57 - 000000000 ____D C:\Users\James\AppData\Local\SquirrelTemp
2018-03-16 21:23 - 2017-01-28 11:40 - 000000000 ____D C:\Program Files (x86)\Overwatch
2018-03-16 20:43 - 2017-12-21 21:20 - 000433520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-16 20:42 - 2017-03-20 19:36 - 000000000 ____D C:\Users\James\AppData\Local\61023390585382fd6c7a1fc4e14e4af9
2018-03-16 20:34 - 2018-01-21 22:02 - 000000000 ____D C:\Users\James\AppData\LocalLow\Mozilla
2018-03-16 20:34 - 2018-01-21 22:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-16 20:32 - 2017-12-21 21:26 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-16 20:32 - 2017-12-21 21:26 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-16 20:24 - 2017-01-29 13:01 - 000000000 ____D C:\Users\James\AppData\Roaming\obs-studio
2018-03-16 16:22 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-15 15:50 - 2018-01-22 23:08 - 000000000 ____D C:\Program Files (x86)\GtkSharp
2018-03-15 15:19 - 2017-01-27 21:20 - 000000000 ____D C:\Users\James\AppData\Local\Razer
2018-03-14 13:25 - 2016-09-06 18:59 - 000206496 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2018-03-14 09:08 - 2017-06-08 22:14 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-03-14 09:08 - 2017-06-08 22:14 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-03-14 09:08 - 2017-01-28 08:21 - 000555592 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\e1d65x64.sys
2018-03-14 09:08 - 2017-01-28 08:20 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2018-03-14 09:08 - 2017-01-28 08:19 - 005995944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2018-03-14 09:08 - 2017-01-28 08:19 - 003561920 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2018-03-14 09:08 - 2017-01-28 08:19 - 003509192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2018-03-14 09:08 - 2017-01-28 08:19 - 003410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2018-03-14 09:08 - 2017-01-28 08:19 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2018-03-14 09:08 - 2017-01-28 08:19 - 000023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2018-03-14 09:06 - 2017-01-27 16:22 - 000905736 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorA.sys
2018-03-14 02:02 - 2017-01-27 22:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-03-13 22:40 - 2017-01-27 22:32 - 000000000 ____D C:\Users\James\AppData\Local\ElevatedDiagnostics
2018-03-13 22:32 - 2017-05-24 06:52 - 000007601 _____ C:\Users\James\AppData\Local\resmon.resmoncfg
2018-03-13 21:41 - 2017-12-21 21:21 - 000000000 ____D C:\Users\James
2018-03-13 20:15 - 2017-03-20 19:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-13 18:46 - 2017-03-05 16:29 - 000000000 ___RD C:\Users\James\Creative Cloud Files
2018-03-13 10:31 - 2018-02-05 13:14 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-03-13 10:31 - 2018-02-02 13:53 - 000002714 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-ATKINSON-James
2018-03-13 10:31 - 2017-12-21 21:26 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-03-13 09:48 - 2017-02-02 15:30 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-13 09:47 - 2017-10-13 19:20 - 000000877 _____ C:\Users\Public\Desktop\Battlestate Games Launcher.lnk
2018-03-13 09:47 - 2017-10-13 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlestate Games
2018-03-08 18:06 - 2017-02-23 19:01 - 000000000 ____D C:\Users\James\AppData\Roaming\EasyAntiCheat
2018-03-08 02:24 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-08 02:05 - 2017-01-27 23:57 - 000000000 ____D C:\Users\James\AppData\Roaming\discord
2018-03-07 08:36 - 2018-02-05 11:11 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-03-07 08:36 - 2018-02-05 11:11 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-03-07 08:36 - 2018-02-05 11:11 - 000001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-03-07 08:36 - 2017-06-06 12:40 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-03-06 17:44 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-06 17:37 - 2017-06-29 18:16 - 000000294 _____ C:\WINDOWS\Tasks\{61023390-5853-82FD-6C7A-1FC4E14E4AF9}.job
2018-03-06 17:36 - 2018-01-26 18:46 - 000003542 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-03-06 17:36 - 2017-12-21 21:26 - 000003824 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-03-06 17:36 - 2017-12-21 21:26 - 000003458 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-06 17:36 - 2017-12-21 21:26 - 000003356 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3C2489C4-3B20-4018-ADC8-DC4302210AA7}
2018-03-06 17:36 - 2017-12-21 21:26 - 000003304 _____ C:\WINDOWS\System32\Tasks\Overwolf Updater Task
2018-03-06 17:36 - 2017-12-21 21:26 - 000003236 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-06 17:36 - 2017-12-21 21:26 - 000003178 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2018-03-06 17:36 - 2017-12-21 21:26 - 000003152 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-03-06 17:36 - 2017-12-21 21:26 - 000003044 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-06 17:36 - 2017-12-21 21:26 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-06 17:36 - 2017-12-21 21:26 - 000002974 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-06 17:36 - 2017-12-21 21:26 - 000002920 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2940490528-2556188224-4051809522-1001
2018-03-06 17:36 - 2017-12-21 21:26 - 000002898 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-06 17:36 - 2017-12-21 21:26 - 000002846 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-06 17:36 - 2017-12-21 21:26 - 000002820 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-ATKINSON-James
2018-03-06 17:36 - 2017-12-21 21:26 - 000002804 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-06 17:36 - 2017-12-21 21:26 - 000002766 _____ C:\WINDOWS\System32\Tasks\{61023390-5853-82FD-6C7A-1FC4E14E4AF9}
2018-03-06 17:36 - 2017-12-21 21:26 - 000002712 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2018-03-06 17:36 - 2017-12-21 21:26 - 000002594 _____ C:\WINDOWS\System32\Tasks\SamsungMagician
2018-03-06 17:36 - 2017-12-21 21:26 - 000002572 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2018-03-06 17:36 - 2017-12-21 21:26 - 000002316 _____ C:\WINDOWS\System32\Tasks\{3ACAFE6F-850C-41DF-9B33-088704E3CFD7}
2018-03-06 00:05 - 2018-02-05 11:11 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-06 00:05 - 2018-02-05 11:11 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-06 00:05 - 2018-02-05 11:11 - 000380528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-06 00:05 - 2018-02-05 11:11 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-03-06 00:05 - 2018-02-05 11:11 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-03-06 00:05 - 2018-02-05 11:11 - 000215320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-03-06 00:05 - 2018-02-05 11:11 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-03-06 00:05 - 2018-02-05 11:11 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-03-06 00:05 - 2018-02-05 11:11 - 000196648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-06 00:05 - 2018-02-05 11:11 - 000146656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-06 00:05 - 2018-02-05 11:11 - 000110328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-03-06 00:05 - 2018-02-05 11:11 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-06 00:05 - 2018-02-05 11:11 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-03-06 00:05 - 2018-02-05 11:11 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-06 00:03 - 2018-01-21 22:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-04 14:31 - 2018-02-10 23:27 - 000000000 ____D C:\Users\James\Documents\Visual Studio 2017
2018-03-04 12:47 - 2017-01-28 08:00 - 000000000 ____D C:\Users\James\AppData\Roaming\Adobe
2018-03-04 01:28 - 2017-01-28 08:17 - 000000000 ____D C:\Users\James\AppData\Local\Comms
2018-02-26 23:37 - 2018-01-21 22:02 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-26 18:03 - 2018-01-26 18:46 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-25 13:14 - 2017-04-30 12:56 - 000000000 ____D C:\Users\James\.thumbnails
2018-02-22 23:16 - 2018-01-22 23:32 - 000000000 ____D C:\ProgramData\Unity
2018-02-22 13:11 - 2018-01-22 23:32 - 000000000 ____D C:\Users\James\AppData\Roaming\Unity
2018-02-22 13:11 - 2018-01-22 23:32 - 000000000 ____D C:\Users\James\AppData\LocalLow\Unity
2018-02-21 13:51 - 2018-02-15 17:22 - 000000000 ____D C:\Users\James\AppData\Roaming\CC
2018-02-21 11:26 - 2017-03-05 16:41 - 000000000 ____D C:\Users\James\AppData\Local\UnrealEngine
2018-02-19 21:14 - 2018-01-21 22:02 - 000000000 ____D C:\Users\James\AppData\Local\Mozilla
2018-02-19 19:39 - 2017-08-18 07:38 - 000000000 ____D C:\Program Files (x86)\Overwolf
2018-02-19 01:16 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\rescache
2018-02-19 00:42 - 2017-03-05 16:27 - 000000000 ____D C:\Program Files\Adobe
2018-02-19 00:39 - 2017-05-19 19:31 - 000000000 __RHD C:\Users\James\chaosbubba63@gmail.com Creative Cloud Files
2018-02-19 00:38 - 2017-12-17 22:34 - 000001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2018-02-19 00:38 - 2017-12-17 22:34 - 000001290 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2018-02-19 00:37 - 2017-09-29 09:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-02-19 00:31 - 2017-12-21 21:27 - 000000000 ___RD C:\Users\James\3D Objects
2018-02-19 00:31 - 2017-01-28 08:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-19 00:30 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-02-19 00:30 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-02-19 00:30 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-02-19 00:30 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-02-19 00:30 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-02-19 00:29 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-02-19 00:24 - 2017-01-27 16:24 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-02-17 21:02 - 2017-02-18 10:08 - 000000000 ____D C:\Users\James\Desktop\Pics
2018-02-16 08:22 - 2017-09-29 09:46 - 000000000 ___RD C:\WINDOWS\PrintDialog
 
==================== Files in the root of some directories =======
 
2017-03-05 16:29 - 2017-06-25 20:37 - 000000033 _____ () C:\Users\James\AppData\Roaming\AdobeWLCMCache.dat
2017-01-31 18:19 - 2017-05-22 15:44 - 000003973 _____ () C:\Users\James\AppData\Roaming\VoiceMeeterDefault.xml
2017-06-30 01:16 - 2017-12-19 01:16 - 000000436 _____ () C:\Users\James\AppData\Roaming\WB.CFG
2017-06-11 12:39 - 2017-08-28 21:04 - 000001456 _____ () C:\Users\James\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-12-18 10:16 - 2017-12-19 01:16 - 000000052 _____ () C:\Users\James\AppData\Local\fdb94zxvtr
2017-12-13 09:16 - 2017-12-13 09:16 - 000000052 _____ () C:\Users\James\AppData\Local\NHBvvvvvvv
2018-02-25 13:22 - 2018-02-25 13:22 - 000001453 _____ () C:\Users\James\AppData\Local\recently-used.xbel
2017-05-24 06:52 - 2018-03-13 22:32 - 000007601 _____ () C:\Users\James\AppData\Local\resmon.resmoncfg
2017-02-17 17:18 - 2016-11-23 09:37 - 000000570 _____ () C:\Users\James\AppData\Local\TroubleshooterConfig.json
 
Files to move or delete:
====================
C:\Windows\Tasks\{61023390-5853-82FD-6C7A-1FC4E14E4AF9}.job
 
 
Some files in TEMP:
====================
2018-03-14 19:36 - 2018-03-17 19:55 - 000000000 _____ () C:\Users\James\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2018-03-15 16:46 - 2018-03-17 19:55 - 000000017 _____ () C:\Users\James\AppData\Local\Temp\a2831f811ebd7aeaf562391d8c4fa776.dll
2018-03-14 19:37 - 2018-03-14 19:37 - 000000017 _____ () C:\Users\James\AppData\Local\Temp\f9ac2b58a2d2a15ad95395819d560aaf.dll
2018-03-13 19:57 - 2018-03-13 19:56 - 069445584 _____ (Malwarebytes                                                ) C:\Users\James\AppData\Local\Temp\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4326.exe
2018-03-14 00:54 - 2018-03-14 00:54 - 000018256 _____ (Razer Inc.) C:\Users\James\AppData\Local\Temp\RazerInstallerCleaner.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\wehbehko.sys -> Access Denied <======= ATTENTION
 
LastRegBack: 2018-03-16 09:29
 
==================== End of FRST.txt ============================
 
The attatched file is a quick video of the redirect. It doesn't just happen when i search what i did, it is all searches

BC AdBot (Login to Remove)

 

#2 RayS

RayS

  • Malware Response Team
  • 2,433 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:USA
  • Local time:08:43 PM

Posted 18 March 2018 - 05:12 PM

Hello Bornforexile,

My name is Ray and I'll be assisting you with your issue. Please give me a day or two to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

Ray
 


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.

#3 Bornforexile

Bornforexile
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
    •  
  • Local time:09:43 PM

Posted 22 March 2018 - 06:41 PM

Are you still there ray? It's been longer than 2 days


#4 RayS

RayS

  • Malware Response Team
  • 2,433 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:USA
  • Local time:08:43 PM

Posted 23 March 2018 - 02:59 PM

Hello again Bornforexile, and welcome to Bleeping Computer.

Please call me "Ray". Do you have a short nickname I can use?

I will be helping you with your computer problem.

  • Please do not attach any log files to your replies unless specifically requested. Instead, please copy and paste the entire text of the logs into the body of your reply. Use separate consecutive posts if that's easier for you.
  • Please do not make any further changes to your computer (such as Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) and don't perform any actions without being advised to do so. If you are unsure, please stop and describe the current state of your PC and ask your question.
  • Always read my entire message before you begin to follow my instructions.
  • It may be helpful for you to print my instructions for easy reference.
  • Perform my instructions in the order as given.
  • Click More Reply Options and then Preview Post before you post a reply. Be sure your message addresses all the issues I raise.
  • Any fixes I provide are for this specific problem on this machine only.
  • Removing malware is hazardous. I will not knowingly advise actions that will damage your computer, but it is impossible to guarantee the safety of your system. It may even become necessary to re-format and re-install your operating system. Before we proceed, you should back up all your data -- preferably to a different computer or to off-line storage.

 

 

Overview
It will be necessary to perform the following procedures in the Recovery Environment (RE). 

  • Run the Farbar Recovery Scan Tool (FRST) tool with the script fix provided.
  • Scan with FRST again and send me the FRST.txt log.

 
 
 
Prepare the Farbar Recovery Scan Tool (FRST) and a script file on a USB thumb drive
Copy your existing FRST64.exe file onto a USB thumb drive. Then create fixlist.txt in the same directory on the USB thumb drive as follows:

  • Launch Notepad.
  • Copy and paste the text you see from inside the following code box into a new Notepad document.
CloseProcesses:
HKLM\SYSTEM\CurrentControlSet\Services\kgbsa <==== ATTENTION (Rootkit!)
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Hosts:
BHO-x32: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
FF HKLM-x32\...\Firefox\Extensions: .WSVCU@Wondershare.com. - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi => not found
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
R3 hlorvy; system32\drivers\oruybe.sys [X]
S4 vugmtxr; System32\drivers\wmbexrpd.sys [X]
File: C:\Users\James\AppData\Local\fdb94zxvtr
File: C:\Users\James\AppData\Local\NHBvvvvvvv
C:\Windows\Tasks\{61023390-5853-82FD-6C7A-1FC4E14E4AF9}.job
  • Click File, then Save As...
  • On the left pane, navigate to the same location on your USB thumb drive where FRST64.exe is.
  • Under the Save as type dropdown, select All Files.
  • In the File Name box, type fixlist.txt
  • Click Save.
  • If fixlist.txt already exists on the thumb drive, click Yes to replace it.

NOTICE: This script was written specifically for this user to be used on this particular machine. Running this script on another machine may cause damage to your operating system.



Enter Command Prompt in Recovery Environment (RE) and run script

  • Tap the Windows key. Then press and HOLD the "Shift" key and simultaneously click Power icon (in the lower left of the screen) and click Restart.
  • At the next screen choose Troubleshoot.
  • Next screen choose Advanced Options.
  • Next screen choose Command Prompt.
  • If it prompts you for a password type it now and press Enter. (If you do not have a password simply press Enter).
  • After the Command Prompt window loads, type notepad and press Enter.
  • From the notepad menu, press File > Open then navigate to your USB drive and choose all files.
  • Right-click FRST64 and click Run as administrator.
  • Click Fix.
  • The result of running the script will appear in a file called Fixlog.txt which will be created on your thumb drive in the same location as FRST64.exe.
  • Copy and paste Fixlog.txt into your reply.

 

 

Re-scan with Farbar Recovery Scan Tool

  • Navigate again to FRST64 and right-click it. Then click Run as administrator.
  • Click Scan.
  • When finished, it will produce a log called FRST.txt in the same directory where the tool was run from.
  • Please copy and paste FRST.txt into your next reply.

 

In your next reply...

  • Tell me your nickname.
  • Confirm that you have backed up your important data.
  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Copy and paste the entire contents of FRST.txt into the body of your message.
  • Tell me whether you encountered any problems in following these instructions (give full details).

 

Thank you for your patience,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.

#5 Bornforexile

Bornforexile
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
    •  
  • Local time:09:43 PM

Posted 23 March 2018 - 09:41 PM

I have no nicknames, but you can call me James.

I have backed up all my stuff

Fixlog:

0x46697820726573756C74206F6620466172626172205265636F76657279205363616E20546F6F6C2028783634292056657273696F6E3A2031342E30332E323031380D0A52616E2062792053595354454D202832332D30332D323031382032323A33313A3236292052756E3A310D0A52756E6E696E672066726F6D20453A5C0D0A426F6F74204D6F64653A205265636F766572790D0A3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D0D0A0D0A6669786C69737420636F6E74656E743A0D0A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A0D0A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A0D0A0D0A
==== End of Fixlog 22:31:26 ====
 
FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by SYSTEM on MININT-P9CMNCJ (23-03-2018 22:31:57)
Running from E:\
Platform: Windows 10 Pro Version 1709 16299.248 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2018-03-14] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-11-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-05] (AVAST Software)
HKLM\...\Run: [Stream Deck] => C:\Program Files\Elgato\StreamDeck\StreamDeck.exe [5551976 2018-03-06] (Elgato Systems GmbH)
HKLM\...\Run: [Elgato Sound Capture] => C:\Program Files\Elgato\SoundCapture\SoundCapture.exe [1234944 2018-01-18] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [FireStormStartUpAutoRun] => C:\Program Files (x86)\ZotacFireStorm\FireStorm.exe [32494592 2016-10-12] (PC Partner Co.Ltd)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409936 2018-02-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-06-15] (Autodesk, Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5484304 2018-01-30] (IObit)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596664 2017-08-30] (Razer Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\James\...\Run: [Discord] => C:\Users\James\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\James\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
HKU\James\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3198752 2018-03-22] (Valve Corporation)
HKU\James\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\James\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1206600 2018-02-18] ()
HKU\James\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
HKU\James\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-19] (Google Inc.)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"HKLM\System\ControlSet001\Services\kgbsa" => removed successfully
C:\Windows\System32\drivers\wehaehkn.sys => moved successfully
C:\Users\James\AppData\Local\avarnbi\avarnbi.exe => moved successfully
C:\Users\James\AppData\Local\avarnbi\cwmidzk.exe => moved successfully
C:\Users\James\AppData\Local\wmcagent\wmcagent.exe => moved successfully
C:\Users\James\AppData\Local\wmcagent\wow_helper.exe => moved successfully
S2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1353208 2017-06-15] (Autodesk Inc.)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-02-14] (Adobe Systems Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-05-07] ()
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-23] ()
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-05] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-05] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-03-08] ()
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-08] (EasyAntiCheat Ltd)
S4 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrv.exe [2127632 2018-01-29] (IObit)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206096 2018-01-25] (IObit)
S2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21296 2017-11-10] (Microsoft Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-09-14] (Intel Corporation)
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 mi-raysat_3dsmax2017_64; C:\Program Files\Autodesk\3ds Max 2017\raysat_3dsmax2017_64server.exe [86016 2011-09-14] ()
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32384 2016-10-03] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2159424 2018-03-05] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3028808 2018-03-05] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1452360 2018-02-18] (Overwolf LTD)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-21] (Microsoft Corporation)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [142432 2017-11-09] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-28] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-28] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] ()
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196648 2018-03-05] (AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-05] (AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-05] (AVAST Software)
S0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-05] (AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-05] (AVAST Software)
S1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [215320 2018-03-05] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-03-05] (AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146656 2018-03-05] (AVAST Software)
S1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-03-05] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-03-05] (AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-03-05] (AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-03-05] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-03-05] (AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-03-05] (AVAST Software)
S3 BEDaisy; C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [1832880 2018-03-19] ()
S3 CY3014.X64; C:\Windows\system32\DRIVERS\CY3014.X64.SYS [3599568 2018-02-14] ()
S3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [555592 2018-03-14] (Intel Corporation)
S3 ElgatoVAD; C:\Windows\system32\DRIVERS\ElgatoVAD.sys [39208 2017-07-11] (Elgato Systems GmbH)
S1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
S3 EuMusDesignVirtualAudioCableWdm_lcs; C:\Windows\system32\DRIVERS\vaclcskd.sys [66016 2010-04-08] (Eugene V. Muzychenko)
S1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-03-14] (REALiX™)
S1 IMFCameraProtect; C:\WINDOWS\system32\drivers\IMFCameraProtect.sys [44096 2017-04-06] (IObit.com)
S3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [39288 2017-03-08] (IObit.com)
S3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_amd64\IMFFilter.sys [40440 2017-02-17] (IObit)
S3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [34080 2017-06-23] (IObit.com)
S1 IMFMBRProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFMBRProtect.sys [39368 2018-01-02] (IObit.com)
S1 IMFSafeBox; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFSafeBox.sys [58544 2018-01-28] (IObit.com)
S3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-06-06] (IObit.com)
S3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [40328 2018-01-10] (IObit.com)
S3 ladfGSS; C:\Windows\system32\drivers\ladfGSS.sys [45192 2017-10-19] (Logitech Inc.)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2017-10-19] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2017-10-19] (Logitech Inc.)
S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193248 2018-03-23] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [109800 2018-03-23] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [45960 2018-03-23] (Malwarebytes)
S1 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-23] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [101600 2018-03-18] (Malwarebytes)
S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_95d88c9d04436846\nvlddmkm.sys [17526688 2018-03-16] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31024 2018-01-10] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [58816 2018-03-15] (NVIDIA Corporation)
S3 Phosgene; C:\Windows\system32\DRIVERS\Phosgene.sys [34136 2015-09-02] (Adoriasoft LLC)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\regfilter.sys [52728 2018-01-24] (IObit.com)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
S3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [520032 2016-12-05] (BitDefender S.R.L.)
S3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2017-02-02] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2018-01-28] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [288848 2018-01-28] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-28] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [37344 2017-04-25] (Wellbia.com Co., Ltd.)
S4 vugmtxr; System32\drivers\wmbexrpd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-23 18:28 - 2018-03-23 18:28 - 000000000 ____D C:\Users\James\AppData\Local\csnazwv
2018-03-23 18:27 - 2018-03-23 18:27 - 000045960 ____N (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2018-03-23 18:24 - 2018-03-23 18:24 - 000000000 ____D C:\Users\James\AppData\Local\avcrumh
2018-03-23 18:08 - 2018-03-23 18:08 - 000000000 ____D C:\Users\James\AppData\Local\psidrcl
2018-03-23 17:57 - 2018-03-23 17:57 - 000000000 ____D C:\Users\James\AppData\Local\dsdtbmw
2018-03-23 17:50 - 2018-03-23 17:50 - 002403328 _____ (Farbar) C:\Users\James\Downloads\FRST64 (1).exe
2018-03-22 19:36 - 2018-03-22 19:36 - 000001964 _____ C:\Users\Public\Desktop\Streamlabs OBS.lnk
2018-03-22 19:35 - 2018-03-22 19:36 - 000000000 ____D C:\Program Files\Streamlabs OBS
2018-03-22 19:35 - 2018-03-22 19:35 - 000000000 ____D C:\ProgramData\Streamlabs OBS
2018-03-22 19:06 - 2018-03-22 19:06 - 000000000 ____D C:\Users\James\AppData\Local\svsbprh
2018-03-22 16:01 - 2018-03-15 14:42 - 000137664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-03-22 16:00 - 2018-03-22 16:01 - 000000000 ____D C:\Windows\LastGood
2018-03-22 15:57 - 2018-03-16 10:12 - 000997280 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2018-03-22 15:57 - 2018-03-16 10:12 - 000949176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-03-22 15:57 - 2018-03-16 10:12 - 000625592 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll
2018-03-22 15:57 - 2018-03-16 10:12 - 000515672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-03-22 15:57 - 2018-03-16 10:11 - 040278616 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2018-03-22 15:57 - 2018-03-16 10:11 - 035189336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-03-22 15:57 - 2018-03-16 10:11 - 004318464 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2018-03-22 15:57 - 2018-03-16 10:11 - 003719200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-03-22 15:57 - 2018-03-16 10:11 - 001985280 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6439124.dll
2018-03-22 15:57 - 2018-03-16 10:11 - 001684000 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6439124.dll
2018-03-22 15:57 - 2018-03-16 10:11 - 001138432 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2018-03-22 15:57 - 2018-03-16 10:11 - 000748960 _____ (NVIDIA Corporation) C:\Windows\System32\nvDecMFTMjpeg.dll
2018-03-22 15:57 - 2018-03-16 10:11 - 000608344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2018-03-22 15:57 - 2018-03-16 10:01 - 019854816 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2018-03-22 15:57 - 2018-03-16 10:01 - 016496072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-03-22 15:57 - 2018-03-16 10:01 - 013571008 _____ (NVIDIA Corporation) C:\Windows\System32\nvptxJitCompiler.dll
2018-03-22 15:57 - 2018-03-16 10:01 - 011131872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-03-22 15:57 - 2018-03-16 10:01 - 001355408 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncMFThevc.dll
2018-03-22 15:57 - 2018-03-16 10:01 - 001067368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2018-03-22 15:57 - 2018-03-16 10:01 - 000902096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-03-22 15:57 - 2018-03-16 10:01 - 000811992 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2018-03-22 15:57 - 2018-03-16 10:01 - 000650232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-03-22 15:57 - 2018-03-16 10:01 - 000633224 _____ (NVIDIA Corporation) C:\Windows\System32\nvmcumd.dll
2018-03-22 15:57 - 2018-03-16 10:00 - 011000296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-03-22 15:57 - 2018-03-16 10:00 - 001061168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2018-03-22 15:50 - 2018-03-22 15:53 - 464777024 _____ (NVIDIA Corporation) C:\Users\James\Downloads\391.24-desktop-win10-64bit-international-whql.exe
2018-03-22 15:31 - 2018-03-22 15:31 - 218632070 _____ C:\Users\James\AppData\Roaming\slobs-client.zip
2018-03-22 15:11 - 2018-03-22 15:12 - 236081968 _____ (General Workings, Inc.) C:\Users\James\Downloads\Streamlabs+OBS+Setup+0.8.15.exe
2018-03-22 00:07 - 2018-03-23 22:31 - 000000000 ____D C:\Users\James\AppData\Local\wmcagent
2018-03-19 12:48 - 2018-03-19 12:48 - 000000000 ____D C:\Users\James\AppData\Local\usegnhm
2018-03-19 12:34 - 2018-03-19 12:34 - 000000000 ____D C:\Users\James\AppData\Local\atdzenp
2018-03-18 11:21 - 2018-03-23 18:26 - 000109800 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2018-03-18 11:19 - 2018-03-18 11:19 - 000000000 ____D C:\Users\James\AppData\Local\exmtgcr
2018-03-18 09:28 - 2018-03-18 09:28 - 000000000 ____D C:\Users\James\AppData\Local\exsobgp
2018-03-18 09:27 - 2018-03-18 09:28 - 008222496 _____ (Malwarebytes) C:\Users\James\Downloads\AdwCleaner (1).exe
2018-03-18 09:20 - 2018-03-18 09:21 - 008222496 _____ (Malwarebytes) C:\Users\James\Downloads\AdwCleaner.exe
2018-03-18 09:11 - 2018-03-23 22:31 - 000000000 ___DC C:\FRST
2018-03-18 09:11 - 2018-03-23 17:53 - 000089402 _____ C:\Users\James\Downloads\Addition.txt
2018-03-18 09:11 - 2018-03-23 17:53 - 000087609 _____ C:\Users\James\Downloads\FRST.txt
2018-03-18 09:10 - 2018-03-18 09:10 - 002403328 _____ (Farbar) C:\Users\James\Downloads\FRST64.exe
2018-03-18 09:02 - 2018-03-18 09:02 - 000078300 _____ C:\Users\James\Downloads\it328_project_management_documents.xlsx
2018-03-18 08:57 - 2018-03-18 08:57 - 000031687 _____ C:\Users\James\Downloads\Report Card for James Atkinson.pdf
2018-03-17 05:59 - 2018-03-17 05:59 - 001291706 _____ C:\Users\James\Downloads\ThirdPerson_FBX.zip
2018-03-17 05:59 - 2018-03-17 05:59 - 000000000 ____D C:\Users\James\Downloads\ThirdPerson_FBX_v48
2018-03-16 20:48 - 2018-03-16 20:48 - 000001691 _____ C:\Users\James\Desktop\EasyAntiCheat_Setup.exe - Shortcut.lnk
2018-03-16 19:46 - 2018-03-16 19:46 - 000000000 ____D C:\Users\James\AppData\Local\pcsmwkt
2018-03-16 16:45 - 2018-03-16 16:45 - 000000000 ____D C:\Users\James\AppData\Local\lsdhvcu
2018-03-16 16:42 - 2018-03-16 16:42 - 000001956 _____ C:\Windows\System32\.crusader
2018-03-16 16:36 - 2018-03-21 05:20 - 000055232 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2018-03-16 16:36 - 2018-03-16 16:42 - 000000000 ____D C:\ProgramData\HitmanPro
2018-03-16 16:36 - 2018-03-16 16:36 - 000001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-03-16 16:36 - 2018-03-16 16:36 - 000000000 ____D C:\Program Files\HitmanPro
2018-03-16 16:32 - 2018-03-21 15:38 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-16 16:32 - 2018-03-16 16:32 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-16 16:24 - 2018-03-16 16:25 - 000000246 _____ C:\Users\James\Desktop\New Text Document.txt
2018-03-16 14:17 - 2018-03-16 14:17 - 000018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2018-03-16 12:22 - 2018-03-16 12:22 - 000001173 _____ C:\Users\Public\Desktop\Sound Capture.lnk
2018-03-16 12:22 - 2018-03-16 12:22 - 000001165 _____ C:\Users\Public\Desktop\Game Capture HD.lnk
2018-03-16 12:22 - 2018-03-16 12:22 - 000000000 ____D C:\Program Files (x86)\Elgato
2018-03-16 12:21 - 2018-03-16 12:22 - 184000512 _____ C:\Users\James\Downloads\GameCaptureSetup_3.70.8.3008_x64 (1).msi
2018-03-16 05:18 - 2018-03-16 05:18 - 000171158 _____ C:\Users\James\Documents\cc_20180316_091833.reg
2018-03-16 05:11 - 2018-03-16 05:11 - 000000000 ____D C:\Users\James\AppData\Local\exewuma
2018-03-15 13:11 - 2018-03-15 13:11 - 000000000 ____D C:\Users\James\AppData\Local\wmilxuz
2018-03-15 12:04 - 2018-03-15 12:04 - 015333512 _____ (Piriform Ltd) C:\Users\James\Downloads\ccsetup541.exe
2018-03-15 12:02 - 2018-03-15 12:02 - 000000000 ____D C:\Users\James\AppData\Local\nvskzcb
2018-03-15 11:59 - 2018-03-15 11:59 - 026194416 _____ (Razer USA Ltd) C:\Users\James\Downloads\Razer_Synapse_Installer_v2.21.00.830 (3).exe
2018-03-15 11:47 - 2018-03-22 12:48 - 000000000 ____D C:\ProgramData\ProductData
2018-03-15 11:29 - 2018-03-15 11:29 - 001790024 _____ (Malwarebytes) C:\Users\James\Downloads\JRT.exe
2018-03-15 11:26 - 2018-03-15 11:26 - 000000000 ____D C:\Users\James\AppData\Local\rtczhwi
2018-03-15 11:25 - 2018-03-15 13:10 - 000000000 ____D C:\Program Files (x86)\Razer
2018-03-15 11:25 - 2018-03-15 11:25 - 000000000 ____D C:\ProgramData\Razer
2018-03-15 10:23 - 2018-03-22 08:15 - 000000000 ____D C:\Users\James\Desktop\aoc
2018-03-14 09:49 - 2018-03-14 09:49 - 000000000 ____D C:\Users\James\AppData\Local\upkxdma
2018-03-14 09:31 - 2018-03-14 09:31 - 000000000 ____D C:\Users\James\AppData\Local\nvostwd
2018-03-14 09:28 - 2018-03-14 09:28 - 000000571 _____ C:\Users\James\Downloads\DeviceDiagnostic.diagcab
2018-03-14 05:48 - 2018-03-14 05:48 - 000000000 ____D C:\Users\James\AppData\Local\raikhvx
2018-03-14 05:46 - 2018-03-14 05:46 - 000000000 ____D C:\Users\James\AppData\Local\iabozdl
2018-03-14 05:45 - 2018-03-14 05:46 - 026194416 _____ (Razer USA Ltd) C:\Users\James\Downloads\Razer_Synapse_Installer_v2.21.00.830 (2).exe
2018-03-14 05:12 - 2018-03-14 05:12 - 000000000 ____D C:\Users\James\Desktop\Streamlab
2018-03-14 05:11 - 2018-03-14 05:11 - 000001431 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2018-03-14 05:08 - 2018-03-14 05:08 - 072520704 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2018-03-14 05:08 - 2018-03-14 05:08 - 013831786 _____ C:\Windows\System32\Drivers\RTAIODAT.DAT
2018-03-14 05:08 - 2018-03-14 05:08 - 007172904 _____ (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 007096184 _____ (Dolby Laboratories) C:\Windows\System32\DDPP64A.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 006264632 _____ (Dolby Laboratories) C:\Windows\System32\DDPP64AF3.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 005346992 _____ (Dolby Laboratories) C:\Windows\System32\DolbyDAX2APOv211.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 003677152 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2018-03-14 05:08 - 2018-03-14 05:08 - 003299816 _____ (Yamaha Corporation) C:\Windows\System32\YamahaAE2.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 003205120 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 003135776 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 003122648 _____ (DTS, Inc.) C:\Windows\System32\sltech64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 002922976 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 002444680 _____ (Dolby Laboratories) C:\Windows\System32\DolbyDAX2APOv201.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 002190976 _____ (Yamaha Corporation) C:\Windows\System32\YamahaAE.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 001965808 _____ (Dolby Laboratories) C:\Windows\System32\DDPD64A.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 001959592 _____ (Dolby Laboratories) C:\Windows\System32\DDPD64AF3.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 001780616 _____ (DTS) C:\Windows\System32\DTSS2SpeakerDLL64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 001591056 _____ (DTS) C:\Windows\System32\DTSS2HeadphoneDLL64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 001544248 _____ (Dolby Laboratories) C:\Windows\System32\DAX3APOProp.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 001508928 _____ (DTS) C:\Windows\System32\DTSBoostDLL64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 001435136 _____ (Synopsys, Inc.) C:\Windows\System32\SRRPTR64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 001382232 _____ (TOSHIBA Corporation) C:\Windows\System32\tosade.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 001372384 _____ (Dolby Laboratories) C:\Windows\System32\DAX3APOv251.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 001348160 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 001337632 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\System32\tossaeapo64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 001259720 _____ (Dolby Laboratories) C:\Windows\System32\DolbyDAX2APOvlldp.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 001159176 _____ (Dolby Laboratories) C:\Windows\System32\DolbyDAX2APOProp.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 001016920 _____ (Sound Research, Corp.) C:\Windows\System32\SEHDHF64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000984904 _____ (DTS, Inc.) C:\Windows\System32\sl3apo64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000965016 _____ (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000877424 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000873456 _____ (TOSHIBA Corporation) C:\Windows\System32\tadefxapo264.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000868168 _____ (Sound Research, Corp.) C:\Windows\System32\SECOMN64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000866632 _____ (Sound Research, Corp.) C:\Windows\System32\SEHDRA64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000852128 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\System32\tosasfapo64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000743960 _____ (DTS) C:\Windows\System32\DTSBassEnhancementDLL64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000737960 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000727432 _____ (DTS) C:\Windows\System32\DTSSymmetryDLL64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000708304 _____ (DTS) C:\Windows\System32\DTSVoiceClarityDLL64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000691672 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtDataProc64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000680544 _____ (ICEpower a/s) C:\Windows\System32\ICEsoundAPO64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000604792 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\System32\tossaemaxapo64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000532376 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000526272 _____ (Sound Research, Corp.) C:\Windows\System32\SEAPO64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000504296 _____ (DTS) C:\Windows\System32\DTSNeoPCDLL64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000467152 _____ (Synopsys, Inc.) C:\Windows\System32\SRAPO64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000447712 _____ (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\System32\toseaeapo64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000445392 _____ (DTS) C:\Windows\System32\DTSLimiterDLL64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000441264 _____ (DTS) C:\Windows\System32\DTSGainCompensatorDLL64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000416496 _____ (Harman) C:\Windows\System32\HMUI.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000406448 _____ (Dolby Laboratories) C:\Windows\System32\HiFiDAX2APIPCLL.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000387304 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000381400 _____ (Synopsys, Inc.) C:\Windows\System32\SRCOM64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000378376 _____ (Dolby Laboratories) C:\Windows\System32\HiFiDAX2API.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000366112 _____ (Windows ® Win 7 DDK provider) C:\Windows\System32\HMAPO.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000362048 _____ (Dolby Laboratories) C:\Windows\System32\DDPO64AF3.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000360336 _____ (Harman) C:\Windows\System32\HMClariFi.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000343704 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000341144 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000341144 _____ (Synopsys, Inc.) C:\Windows\System32\SRCOM.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000327448 _____ (Dolby Laboratories) C:\Windows\System32\DDPO64A.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000321704 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000310416 _____ (Dolby Laboratories) C:\Windows\System32\DDPA64F3.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000272712 _____ (Dolby Laboratories) C:\Windows\System32\DDPA64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000258856 _____ (TODO: <Company name>) C:\Windows\System32\slprp64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000253896 _____ (DTS) C:\Windows\System32\DTSGFXAPO64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000253856 _____ (DTS) C:\Windows\System32\DTSLFXAPO64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000252864 _____ (DTS) C:\Windows\System32\DTSGFXAPONS64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000231912 _____ (Synopsys, Inc.) C:\Windows\System32\SFNHK64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000221960 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000214824 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000209528 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000203832 _____ (Harman) C:\Windows\System32\HMHVS.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000190928 _____ (Harman) C:\Windows\System32\HMEQ_Voice.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000190928 _____ (Harman) C:\Windows\System32\HMEQ.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000179592 _____ (Harman) C:\Windows\System32\HMLimiter.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000158688 _____ (TOSHIBA Corporation) C:\Windows\System32\tadefxapo.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000154352 _____ (Harman) C:\Windows\System32\HarmanAudioInterface.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000151784 _____ (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000134192 _____ (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000122312 _____ (Real Sound Lab SIA) C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000118584 _____ C:\Windows\System32\AcpiServiceVnA64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000110976 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000105304 _____ C:\Windows\System32\audioLibVc.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000100336 _____ (Intel Corporation) C:\Windows\System32\NicInstD.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000090912 _____ (Synopsys, Inc.) C:\Windows\System32\SFCOM64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000088648 _____ (Intel Corporation) C:\Windows\System32\e1dmsg.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000088336 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000088312 _____ (Synopsys, Inc.) C:\Windows\System32\SFAPO64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000084608 _____ (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000083616 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000075536 _____ (TOSHIBA CORPORATION.) C:\Windows\System32\tepeqapo64.dll
2018-03-14 05:08 - 2018-03-14 05:08 - 000003130 _____ C:\Windows\System32\e1d65x64.din
2018-03-14 05:08 - 2018-03-14 05:08 - 000000000 ____D C:\Windows\System32\DAX3
2018-03-14 05:07 - 2018-03-14 05:08 - 000000000 ____D C:\Windows\LastGood.Tmp
2018-03-14 05:07 - 2018-03-14 05:07 - 000808944 _____ (Intel® Corporation) C:\Windows\System32\Drivers\IntcDAud.sys
2018-03-14 05:06 - 2018-03-14 05:06 - 010919784 _____ C:\Windows\SysWOW64\LogiDPP.dll
2018-03-14 05:06 - 2018-03-14 05:06 - 010919784 _____ C:\Windows\System32\LogiDPP.dll
2018-03-14 05:06 - 2018-03-14 05:06 - 004758176 _____ (Logitech Inc.) C:\Windows\System32\Drivers\lvuvc64.sys
2018-03-14 05:06 - 2018-03-14 05:06 - 000768288 _____ (Logitech Inc.) C:\Windows\System32\LVUI64.dll
2018-03-14 05:06 - 2018-03-14 05:06 - 000560416 _____ (Logitech Inc.) C:\Windows\System32\LVUIRC64.dll
2018-03-14 05:06 - 2018-03-14 05:06 - 000542568 _____ (Logitech Inc.) C:\Windows\SysWOW64\LVUI2.dll
2018-03-14 05:06 - 2018-03-14 05:06 - 000538472 _____ (Logitech Inc.) C:\Windows\SysWOW64\LVUI2RC.dll
2018-03-14 05:06 - 2018-03-14 05:06 - 000336232 _____ C:\Windows\SysWOW64\DevManagerCore.dll
2018-03-14 05:06 - 2018-03-14 05:06 - 000336232 _____ C:\Windows\System32\DevManagerCore.dll
2018-03-14 05:06 - 2018-03-14 05:06 - 000305000 _____ (Logitech Inc.) C:\Windows\SysWOW64\lvcodec2.dll
2018-03-14 05:06 - 2018-03-14 05:06 - 000266828 _____ C:\Windows\System32\Drivers\LVAFT.cfg
2018-03-14 05:06 - 2018-03-14 05:06 - 000262432 _____ (Logitech Inc.) C:\Windows\System32\lvco1380853.dll
2018-03-14 05:06 - 2018-03-14 05:06 - 000175392 _____ (Logitech Inc.) C:\Windows\System32\lvcod64.dll
2018-03-14 05:06 - 2018-03-14 05:06 - 000103272 _____ C:\Windows\SysWOW64\LogiDPPApp.exe
2018-03-14 05:06 - 2018-03-14 05:06 - 000103272 _____ C:\Windows\System32\LogiDPPApp.exe
2018-03-14 05:06 - 2018-03-14 05:06 - 000029494 _____ C:\Windows\System32\lvcoin64.ini
2018-03-14 05:06 - 2018-03-14 05:06 - 000000000 ____D C:\Program Files\Common Files\logishrd
2018-03-14 05:05 - 2018-03-14 09:26 - 000002355 _____ C:\Users\Public\Desktop\Driver Booster 5.lnk
2018-03-14 05:05 - 2018-03-14 05:05 - 000027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2018-03-14 05:05 - 2018-03-14 05:05 - 000000000 ____D C:\Windows\IObit
2018-03-13 21:26 - 2018-03-18 10:17 - 000000000 ____D C:\Users\James\AppData\LocalLow\IObit
2018-03-13 21:26 - 2018-03-18 09:24 - 000000000 ____D C:\Users\James\AppData\Roaming\IObit
2018-03-13 21:26 - 2018-03-13 21:26 - 000001250 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2018-03-13 21:26 - 2018-03-13 21:26 - 000000000 ____D C:\ProgramData\BDLogging
2018-03-13 21:26 - 2017-04-06 06:23 - 000044096 _____ (IObit.com) C:\Windows\System32\Drivers\IMFCameraProtect.sys
2018-03-13 21:26 - 2016-12-05 11:32 - 000520032 _____ (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2018-03-13 21:25 - 2018-03-14 05:11 - 000000000 ____D C:\ProgramData\IObit
2018-03-13 21:25 - 2018-03-14 05:11 - 000000000 ____D C:\Program Files (x86)\IObit
2018-03-13 21:25 - 2018-03-13 21:25 - 040337336 _____ (IObit ) C:\Users\James\Downloads\IObit-Malware-Fighter-Setup-beta.exe
2018-03-13 21:25 - 2018-03-13 21:25 - 000000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2018-03-13 21:19 - 2018-03-13 21:19 - 000000000 ____D C:\Users\James\AppData\Local\psibtwd
2018-03-13 21:00 - 2018-03-13 21:00 - 026190216 _____ (Razer USA Ltd) C:\Users\James\Downloads\Razer_Synapse_Installer_v2.21.18.115.exe
2018-03-13 20:58 - 2018-03-13 20:58 - 026194416 _____ (Razer USA Ltd) C:\Users\James\Downloads\Razer_Synapse_Installer_v2.21.00.830 (1).exe
2018-03-13 20:54 - 2018-03-13 20:54 - 004197032 _____ C:\Users\James\Downloads\RazerSynapseInstaller_DT_V1.0.67.89 (1).exe
2018-03-13 20:07 - 2018-03-13 20:07 - 000000000 ____D C:\Users\James\AppData\Roaming\Synapse3
2018-03-13 20:04 - 2018-03-13 20:04 - 004197032 _____ C:\Users\James\Downloads\RazerSynapseInstaller_DT_V1.0.67.89.exe
2018-03-13 19:52 - 2018-03-13 19:52 - 026194416 _____ (Razer USA Ltd) C:\Users\James\Downloads\Razer_Synapse_Installer_v2.21.00.830.exe
2018-03-13 19:32 - 2018-03-13 19:32 - 000000000 ____D C:\Users\James\AppData\Local\remtunl
2018-03-13 19:12 - 2018-03-13 19:13 - 184000512 _____ C:\Users\James\Downloads\GameCaptureSetup_3.70.8.3008_x64.msi
2018-03-13 18:38 - 2018-03-13 18:38 - 000221662 _____ C:\Users\James\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2018-03-13 18:31 - 2018-03-13 18:31 - 000022572 _____ C:\Users\James\Downloads\WhoLockMe200.zip
2018-03-13 18:31 - 2009-02-15 23:04 - 000036864 _____ (Bitmind / Pygmy Productions) C:\Users\James\Downloads\WhoLockMe.dll
2018-03-13 18:31 - 2009-02-15 23:02 - 000043008 _____ (Bitmind / Pygmy Productions ) C:\Users\James\Downloads\WhoLockMe.exe
2018-03-13 18:31 - 2009-02-15 23:01 - 000000393 _____ C:\Users\James\Downloads\Install.txt
2018-03-13 18:31 - 2002-06-28 07:06 - 000000030 _____ C:\Users\James\Downloads\Uninstall.bat
2018-03-13 18:31 - 2002-06-28 07:06 - 000000027 _____ C:\Users\James\Downloads\Install.bat
2018-03-13 18:24 - 2018-03-13 19:30 - 000000000 ____D C:\Users\James\AppData\Local\DELETE MEEEEEEE
2018-03-13 18:21 - 2018-03-13 18:28 - 000000000 ____D C:\Users\James\AppData\Roaming\Wise Uninstaller
2018-03-13 18:21 - 2018-03-13 18:21 - 003310600 _____ (WiseCleaner.com ) C:\Users\James\Downloads\WPUSetup.exe
2018-03-13 18:21 - 2018-03-13 18:21 - 000000000 ____D C:\Program Files (x86)\Wise
2018-03-13 18:12 - 2018-03-13 18:12 - 000000000 ____D C:\Users\James\AppData\Local\lshzkru
2018-03-13 18:05 - 2018-03-13 18:05 - 000000000 ____D C:\Users\James\AppData\Local\coktuix
2018-03-13 18:01 - 2018-03-13 18:01 - 000000000 ____D C:\Users\James\AppData\Local\cwebnuz
2018-03-13 17:54 - 2018-03-13 17:54 - 000000000 ____D C:\Users\James\AppData\Local\upkalcv
2018-03-13 17:51 - 2018-03-13 17:51 - 000000000 ____D C:\Users\James\AppData\Local\csihnmx
2018-03-13 17:43 - 2018-03-13 17:43 - 000000000 ____D C:\Users\James\AppData\Local\lsdenao
2018-03-13 17:35 - 2018-03-13 17:35 - 000000000 ____D C:\Users\James\AppData\Local\exhbavt
2018-03-13 17:17 - 2018-03-13 17:17 - 000000000 ____D C:\Users\James\AppData\Local\svhxwku
2018-03-13 17:01 - 2018-03-13 17:01 - 000000000 ____D C:\Users\James\AppData\Local\remhnot
2018-03-13 16:56 - 2018-03-13 16:56 - 000000000 ____D C:\Users\James\AppData\Local\seitnzw
2018-03-13 16:52 - 2018-03-13 16:52 - 000000000 ____D C:\Users\James\AppData\Local\vdnhort
2018-03-13 16:41 - 2018-03-13 16:41 - 000000000 ____D C:\Users\James\AppData\Local\sbadtuc
2018-03-13 16:37 - 2018-03-13 16:37 - 000167034 _____ C:\Users\James\Desktop\fileassassin-setup-1.06.exe
2018-03-13 16:37 - 2018-03-13 16:37 - 000001128 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2018-03-13 16:37 - 2018-03-13 16:37 - 000000000 ____D C:\Program Files (x86)\FileASSASSIN
2018-03-13 16:33 - 2018-03-13 16:33 - 000000000 ____D C:\Users\James\AppData\Local\tinhblr
2018-03-13 16:28 - 2018-03-18 11:21 - 000101600 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2018-03-13 16:27 - 2018-03-18 09:25 - 000000000 ___DC C:\AdwCleaner
2018-03-13 16:26 - 2018-03-13 16:26 - 000000000 ____D C:\Users\James\AppData\Local\dtkzcwb
2018-03-13 16:17 - 2018-03-13 16:17 - 000000000 ____D C:\Users\James\AppData\Local\csivgzp
2018-03-13 16:15 - 2018-03-13 16:15 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-13 16:15 - 2018-01-18 05:03 - 000076200 _____ C:\Windows\System32\Drivers\mbae64.sys
2018-03-13 16:14 - 2018-03-13 16:14 - 000000000 ____D C:\Users\James\AppData\Local\rtizhno
2018-03-13 16:00 - 2018-03-13 16:00 - 000000000 ____D C:\Users\James\AppData\Local\snalmcu
2018-03-13 15:59 - 2018-03-23 18:16 - 000193248 _____ (Malwarebytes) C:\Windows\System32\Drivers\MbamChameleon.sys
2018-03-13 15:59 - 2018-03-23 18:06 - 000253664 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2018-03-13 15:51 - 2018-03-13 15:51 - 000000000 ____D C:\Users\James\AppData\Local\reauixb
2018-03-13 15:50 - 2018-03-13 15:50 - 000250816 _____ (Malwarebytes) C:\Windows\System32\Drivers\7FA755DF.sys
2018-03-13 15:47 - 2018-03-13 15:47 - 000000000 ____D C:\Users\James\AppData\Local\useclig
2018-03-13 15:42 - 2018-03-13 15:42 - 000000000 ____D C:\Users\James\AppData\Local\avktrwg
2018-03-13 15:41 - 2018-03-23 18:23 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2018-03-13 15:40 - 2018-03-13 15:40 - 000250816 _____ (Malwarebytes) C:\Windows\System32\Drivers\13FE4E4B.sys
2018-03-13 15:40 - 2018-03-13 15:40 - 000000000 ____D C:\Windows\pss
2018-03-13 15:37 - 2018-03-13 15:37 - 000250816 _____ (Malwarebytes) C:\Windows\System32\Drivers\501C4C5E.sys
2018-03-13 15:36 - 2018-03-13 15:36 - 000000000 ____D C:\Users\James\AppData\Local\mbopakd
2018-03-13 15:35 - 2018-03-13 15:35 - 000250816 _____ (Malwarebytes) C:\Windows\System32\Drivers\0E464A67.sys
2018-03-13 15:33 - 2018-03-13 15:33 - 000250816 _____ (Malwarebytes) C:\Windows\System32\Drivers\737B494E.sys
2018-03-13 15:29 - 2018-03-13 15:29 - 000250816 _____ (Malwarebytes) C:\Windows\System32\Drivers\5F7745AF.sys
2018-03-13 15:26 - 2018-03-13 15:26 - 000000000 ____D C:\Users\James\AppData\Local\iabotxw
2018-03-13 15:25 - 2018-03-13 15:25 - 000250816 _____ (Malwarebytes) C:\Windows\System32\Drivers\165C430E.sys
2018-03-13 15:12 - 2018-03-13 15:13 - 000061324 ____C C:\TDSSKiller.3.1.0.16_13.03.2018_19.12.20_log.txt
2018-03-13 14:38 - 2018-03-13 14:38 - 000250816 _____ (Malwarebytes) C:\Windows\System32\Drivers\5E901E86.sys
2018-03-13 14:38 - 2018-03-13 14:38 - 000000000 ____D C:\Users\James\AppData\Local\csahxpz
2018-03-13 14:22 - 2018-03-13 14:22 - 000000000 ____D C:\Users\James\AppData\Local\spckeio
2018-03-13 14:21 - 2018-03-13 14:21 - 000250816 _____ (Malwarebytes) C:\Windows\System32\Drivers\4C431212.sys
2018-03-13 14:08 - 2018-03-13 14:08 - 000250816 _____ (Malwarebytes) C:\Windows\System32\Drivers\5B200833.sys
2018-03-13 13:46 - 2018-03-13 13:46 - 000250816 _____ (Malwarebytes) C:\Windows\System32\Drivers\545876BC.sys
2018-03-13 13:46 - 2018-03-13 13:46 - 000000000 ____D C:\Users\James\AppData\Local\avkcglo
2018-03-13 13:45 - 2018-03-13 16:32 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-03-13 13:42 - 2018-03-15 07:30 - 000000000 ____D C:\Users\James\AppData\Local\sbditrw
2018-03-13 13:39 - 2018-03-23 22:31 - 000000000 ____D C:\Users\James\AppData\Local\avarnbi
2018-03-13 13:39 - 2018-03-13 13:39 - 000000000 ____D C:\Users\James\AppData\Local\snidmcw
2018-03-13 13:38 - 2018-03-23 18:26 - 002888704 _____ C:\Windows\System32\vskgborsvc.exe
2018-03-13 13:38 - 2018-03-13 13:38 - 000000000 ____D C:\Windows\SysWOW64\avdmtru
2018-03-13 13:38 - 2018-03-13 13:38 - 000000000 ____D C:\Windows\System32\avdmtru
2018-03-13 13:38 - 2018-03-13 13:38 - 000000000 ____D C:\Users\James\AppData\Roaming\et
2018-03-13 13:34 - 2018-03-13 13:34 - 000003970 _____ C:\Windows\System32\Tasks\injectors invades
2018-03-13 13:34 - 2018-03-13 13:34 - 000003936 _____ C:\Windows\System32\Tasks\sparklers
2018-03-13 13:34 - 2018-03-13 13:34 - 000003846 _____ C:\Windows\System32\Tasks\gainjectors invadesinjectors invades
2018-03-13 13:34 - 2018-03-13 13:34 - 000003796 _____ C:\Windows\System32\Tasks\gasparklerssparklers
2018-03-13 13:34 - 2018-03-13 13:34 - 000000012 _____ C:\Windows\b44418343
2018-03-13 02:18 - 2018-03-13 02:18 - 000041223 _____ C:\Windows\uninstaller.dat
2018-03-13 02:18 - 2018-03-13 02:18 - 000014040 _____ C:\Windows\System32\Drivers\2477cb13558fac6fbeb75bee702d6a38.sys
2018-03-12 05:55 - 2018-03-12 05:55 - 000000000 ____D C:\Users\James\AppData\Local\Package Cache
2018-03-11 18:06 - 2018-03-11 18:06 - 000000000 ____D C:\Users\James\.idlerc
2018-03-11 18:05 - 2018-03-11 18:08 - 000000000 ___DC C:\Python27
2018-03-10 08:53 - 2018-03-20 12:06 - 000000000 ____D C:\Users\James\Desktop\Sea Pics
2018-03-09 16:23 - 2018-03-09 16:23 - 000000000 ____D C:\Users\James\Documents\Holotech
2018-03-09 16:22 - 2018-03-09 16:22 - 000002817 _____ C:\Windows\unins000.dat
2018-03-09 16:22 - 2018-03-09 16:21 - 001193161 _____ C:\Windows\unins000.exe
2018-03-09 16:22 - 2015-09-02 04:28 - 000034136 _____ (Adoriasoft LLC) C:\Windows\System32\Drivers\Phosgene.sys
2018-03-09 15:36 - 2018-03-09 15:36 - 000000000 ____D C:\Program Files (x86)\directx
2018-03-09 15:22 - 2018-03-09 15:22 - 000000222 _____ C:\Users\James\Desktop\FaceRig.url
2018-03-08 14:06 - 2018-03-08 14:06 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-03-07 16:15 - 2018-03-17 07:34 - 000000000 ____D C:\Users\James\Desktop\Twitch Pics
2018-03-07 11:44 - 2018-03-16 12:24 - 000000000 ____D C:\Users\James\AppData\Roaming\Elgato
2018-03-07 11:44 - 2018-03-16 12:22 - 000000000 ____D C:\Program Files\Elgato
2018-03-07 11:44 - 2018-03-07 11:44 - 000001145 _____ C:\Users\Public\Desktop\Stream Deck.lnk
2018-03-07 11:44 - 2018-03-07 11:44 - 000000000 ____D C:\ProgramData\Elgato
2018-03-07 11:44 - 2018-03-07 11:44 - 000000000 ____D C:\Program Files (x86)\OBS Studio - FTL
2018-03-07 11:26 - 2018-03-13 18:25 - 000000000 ____D C:\Users\James\AppData\Local\xulrunner
2018-03-07 04:35 - 2018-03-05 20:05 - 000380768 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2018-03-05 14:07 - 2018-03-05 14:07 - 000000000 ____D C:\Users\James\AppData\LocalLow\Zoink Games
2018-03-05 14:06 - 2018-03-05 14:06 - 000001159 _____ C:\Users\Public\Desktop\Fe.lnk
2018-03-05 14:06 - 2018-03-05 14:06 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2018-03-05 14:06 - 2018-03-05 14:06 - 000000000 ____D C:\ProgramData\Electronic Arts
2018-03-05 14:02 - 2018-03-05 14:02 - 000000000 ____D C:\Program Files (x86)\Origin Games
2018-03-05 14:01 - 2018-03-12 14:51 - 000000000 ____D C:\Program Files (x86)\Origin
2018-03-05 14:01 - 2018-03-07 21:47 - 000000000 ____D C:\Users\James\AppData\Roaming\Origin
2018-03-05 14:00 - 2018-03-07 21:47 - 000000000 ____D C:\ProgramData\Origin
2018-03-05 14:00 - 2018-03-05 14:02 - 000000000 ____D C:\Users\James\AppData\Local\Origin
2018-03-05 14:00 - 2018-03-05 14:00 - 000000000 ____D C:\Users\James\.Origin
2018-03-03 08:08 - 2018-03-03 08:09 - 000000000 ___DC C:\DeepBot - Twitch Streamer Assistant
2018-03-03 08:08 - 2018-03-03 08:08 - 000000827 _____ C:\Users\Public\Desktop\DeepBot.lnk
2018-03-03 08:07 - 2018-03-03 08:08 - 000000000 ____D C:\Users\James\AppData\Roaming\DeepBot.tv
2018-02-25 09:22 - 2018-02-25 09:22 - 000001453 _____ C:\Users\James\AppData\Local\recently-used.xbel
2018-02-25 09:14 - 2018-02-25 09:22 - 000000000 ____D C:\Users\James\AppData\Local\gtk-2.0
2018-02-25 09:08 - 2018-02-25 09:44 - 000000000 ____D C:\Users\James\.gimp-2.8
2018-02-25 09:08 - 2018-02-25 09:08 - 000000000 ____D C:\Users\James\AppData\Local\gegl-0.2
2018-02-25 09:08 - 2018-02-25 09:08 - 000000000 ____D C:\Users\James\AppData\Local\fontconfig
2018-02-25 09:06 - 2018-02-25 09:06 - 000000000 ____D C:\Program Files\GIMP 2
2018-02-23 11:24 - 2018-02-23 11:24 - 000000000 ____D C:\Users\James\AppData\LocalLow\Gamers4Gamers Team
2018-02-23 10:30 - 2018-02-23 10:30 - 000000222 _____ C:\Users\James\Desktop\Escape The Pacific.url
2018-02-22 19:38 - 2018-02-22 19:38 - 000000000 ____D C:\Users\James\AppData\Roaming\MonoDevelop-Unity-5.0
2018-02-22 19:38 - 2018-02-22 19:38 - 000000000 ____D C:\Users\James\AppData\Local\MonoDevelop-Unity-5.0
2018-02-22 19:16 - 2018-02-25 10:03 - 000000000 ____D C:\Users\James\Documents\TestProject
2018-02-22 13:34 - 2018-02-22 13:34 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-02-22 09:11 - 2018-02-22 19:16 - 000000000 ____D C:\Users\James\AppData\LocalLow\DefaultCompany
2018-02-21 07:30 - 2018-02-20 06:28 - 000000232 ___SH C:\Users\Public\Libraries.ini
2018-02-21 05:53 - 2018-02-21 05:54 - 000000000 ____D C:\Users\James\AppData\Roaming\Notepad++
2018-02-21 05:53 - 2018-02-21 05:53 - 000001092 _____ C:\Users\Public\Desktop\Notepad++.lnk
2018-02-21 05:53 - 2018-02-21 05:53 - 000000000 ____D C:\Program Files (x86)\Notepad++
2018-02-21 05:33 - 2018-02-21 05:53 - 000000000 ____D C:\Program Files\Notepad++
2018-02-21 05:33 - 2018-02-21 05:51 - 000000000 ____D C:\Users\James\AppData\Local\Notepad++
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-23 18:29 - 2017-12-21 17:26 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-23 18:29 - 2017-09-29 00:45 - 023855104 _____ C:\Windows\System32\config\HARDWARE
2018-03-23 18:29 - 2017-09-29 00:45 - 000524288 _____ C:\Windows\System32\config\BBI
2018-03-23 18:29 - 2017-06-08 18:15 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-23 18:29 - 2017-04-29 13:31 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-23 18:27 - 2017-01-27 17:21 - 000000000 __SHD C:\Users\James\IntelGraphicsProfiles
2018-03-23 18:13 - 2017-12-21 04:59 - 000000000 ___DC C:\Windows\Panther
2018-03-23 18:06 - 2017-12-21 17:21 - 000000000 ____D C:\users\James
2018-03-23 18:05 - 2017-12-21 17:20 - 000000000 ____D C:\Windows\System32\SleepStudy
2018-03-23 18:02 - 2017-12-21 17:30 - 002035838 _____ C:\Windows\System32\PerfStringBackup.INI
2018-03-23 17:56 - 2018-01-07 12:31 - 000000000 ____D C:\ProgramData\Logishrd
2018-03-23 17:55 - 2018-02-18 19:43 - 000000000 ____D C:\Users\James\AppData\Roaming\slobs-client
2018-03-23 17:54 - 2018-02-16 23:11 - 000109056 ___SH C:\Users\James\Desktop\Thumbs.db
2018-03-23 01:13 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-03-23 01:10 - 2017-09-29 05:37 - 000000000 ____D C:\Windows\CbsTemp
2018-03-22 22:12 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-22 22:12 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\AppReadiness
2018-03-22 19:10 - 2017-02-10 18:49 - 000000000 ____D C:\Users\James\AppData\Local\CrashDumps
2018-03-22 16:02 - 2017-12-20 04:11 - 000000000 ___DC C:\Temp
2018-03-22 16:02 - 2017-09-29 05:44 - 000000000 ____D C:\Windows\INF
2018-03-22 16:02 - 2017-06-08 18:15 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-03-22 16:01 - 2017-10-10 14:07 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-03-22 16:01 - 2017-09-08 13:12 - 000000000 ____D C:\Users\James\AppData\Local\NVIDIA
2018-03-22 15:59 - 2017-02-02 11:30 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-20 15:57 - 2017-01-27 15:59 - 000000000 ____D C:\Users\James\AppData\Local\Battle.net
2018-03-20 15:41 - 2017-01-28 07:40 - 000000000 ____D C:\Program Files (x86)\Overwatch
2018-03-20 15:07 - 2017-01-27 15:59 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-03-19 14:36 - 2017-04-28 14:14 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
2018-03-19 12:42 - 2017-03-20 15:23 - 000000000 ____D C:\Users\James\AppData\Roaming\vlc
2018-03-18 11:17 - 2018-01-21 18:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-18 10:26 - 2018-01-21 18:02 - 000000000 ____D C:\Users\James\AppData\LocalLow\Mozilla
2018-03-18 10:17 - 2018-01-21 18:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-18 08:21 - 2017-01-27 12:24 - 000000000 ____D C:\Users\James\AppData\Local\Adobe
2018-03-18 04:44 - 2017-03-18 13:03 - 000000000 ____D C:\Windows\System32\Tasks_Migrated
2018-03-17 16:56 - 2018-01-01 12:07 - 000000000 ____D C:\Users\James\AppData\Local\PlaceholderTileLogoFolder
2018-03-17 16:31 - 2017-12-21 17:22 - 000000000 ____D C:\Users\James\AppData\Local\Packages
2018-03-17 05:58 - 2017-03-12 11:09 - 000000000 ____D C:\Users\James\Documents\Unreal Projects
2018-03-16 19:32 - 2017-08-13 08:52 - 000002307 _____ C:\Users\James\Desktop\Innkeeper.lnk
2018-03-16 19:32 - 2017-08-13 08:52 - 000000000 ____D C:\Users\James\AppData\Local\Innkeeper
2018-03-16 19:32 - 2017-01-27 19:57 - 000000000 ____D C:\Users\James\AppData\Local\SquirrelTemp
2018-03-16 16:43 - 2017-12-21 17:20 - 000433520 _____ C:\Windows\System32\FNTCACHE.DAT
2018-03-16 16:42 - 2017-03-20 15:36 - 000000000 ____D C:\Users\James\AppData\Local\61023390585382fd6c7a1fc4e14e4af9
2018-03-16 16:32 - 2017-12-21 17:26 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-16 16:32 - 2017-12-21 17:26 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-16 16:24 - 2017-01-29 09:01 - 000000000 ____D C:\Users\James\AppData\Roaming\obs-studio
2018-03-16 10:11 - 2017-11-09 01:38 - 001066072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-03-16 10:01 - 2018-01-15 14:53 - 001346128 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncMFTH264.dll
2018-03-16 10:01 - 2018-01-15 14:53 - 001153568 _____ (NVIDIA Corporation) C:\Windows\System32\nvfatbinaryLoader.dll
2018-03-16 10:00 - 2018-01-15 14:53 - 012966216 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2018-03-16 10:00 - 2017-11-09 01:25 - 004629824 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2018-03-16 10:00 - 2017-11-09 01:25 - 003937000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-03-15 16:57 - 2017-12-07 10:33 - 000058816 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvhci.sys
2018-03-15 16:57 - 2017-11-09 00:57 - 000048407 _____ C:\Windows\System32\nvinfo.pb
2018-03-15 15:14 - 2017-06-08 18:15 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-03-15 14:40 - 2017-06-08 18:15 - 005952640 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2018-03-15 14:40 - 2017-06-08 18:15 - 002589576 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2018-03-15 14:40 - 2017-06-08 18:15 - 001767816 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2018-03-15 14:40 - 2017-06-08 18:15 - 000634256 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2018-03-15 14:40 - 2017-06-08 18:15 - 000451040 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2018-03-15 14:40 - 2017-06-08 18:15 - 000123840 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2018-03-15 14:40 - 2017-06-08 18:15 - 000083072 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2018-03-15 14:39 - 2017-06-08 18:15 - 008099202 _____ C:\Windows\System32\nvcoproc.bin
2018-03-15 11:50 - 2018-01-22 19:08 - 000000000 ____D C:\Program Files (x86)\GtkSharp
2018-03-15 11:19 - 2017-01-27 17:20 - 000000000 ____D C:\Users\James\AppData\Local\Razer
2018-03-14 09:25 - 2016-09-06 14:59 - 000206496 _____ (Intel Corporation) C:\Windows\System32\Drivers\TeeDriverW8x64.sys
2018-03-14 05:08 - 2017-06-08 18:14 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-03-14 05:08 - 2017-06-08 18:14 - 000000000 ____D C:\Windows\System32\DAX2
2018-03-14 05:08 - 2017-01-28 04:21 - 000555592 _____ (Intel Corporation) C:\Windows\System32\Drivers\e1d65x64.sys
2018-03-14 05:08 - 2017-01-28 04:20 - 000000000 ____D C:\Windows\System32\RTCOM
2018-03-14 05:08 - 2017-01-28 04:19 - 005995944 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2018-03-14 05:08 - 2017-01-28 04:19 - 003561920 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RltkAPO64.dll
2018-03-14 05:08 - 2017-01-28 04:19 - 003509192 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2018-03-14 05:08 - 2017-01-28 04:19 - 003410832 _____ (DTS, Inc.) C:\Windows\System32\slcnt64.dll
2018-03-14 05:08 - 2017-01-28 04:19 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll
2018-03-14 05:08 - 2017-01-28 04:19 - 000023688 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll
2018-03-14 05:06 - 2017-01-27 12:22 - 000905736 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorA.sys
2018-03-13 19:30 - 2018-02-11 05:36 - 000000000 ___DC C:\avast! sandbox
2018-03-13 18:40 - 2017-01-27 18:32 - 000000000 ____D C:\Users\James\AppData\Local\ElevatedDiagnostics
2018-03-13 18:32 - 2017-05-24 02:52 - 000007601 _____ C:\Users\James\AppData\Local\resmon.resmoncfg
2018-03-13 16:15 - 2017-03-20 15:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-13 14:46 - 2017-03-05 12:29 - 000000000 ___RD C:\Users\James\Creative Cloud Files
2018-03-13 06:31 - 2018-02-05 09:14 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-03-13 06:31 - 2018-02-02 09:53 - 000002714 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-ATKINSON-James
2018-03-13 06:31 - 2017-12-21 17:26 - 000002220 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-03-13 05:47 - 2017-10-13 15:20 - 000000877 _____ C:\Users\Public\Desktop\Battlestate Games Launcher.lnk
2018-03-08 14:06 - 2017-02-23 15:01 - 000000000 ____D C:\Users\James\AppData\Roaming\EasyAntiCheat
2018-03-07 22:24 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\NDF
2018-03-07 22:05 - 2017-01-27 19:57 - 000000000 ____D C:\Users\James\AppData\Roaming\discord
2018-03-07 04:36 - 2018-02-05 07:11 - 000003990 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-03-07 04:36 - 2018-02-05 07:11 - 000001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-03-07 04:36 - 2017-06-06 08:40 - 000061304 _____ () C:\Windows\System32\Drivers\lpsport.sys
2018-03-06 13:44 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\LiveKernelReports
2018-03-06 13:36 - 2018-01-26 14:46 - 000003542 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-03-06 13:36 - 2017-12-21 17:26 - 000003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-03-06 13:36 - 2017-12-21 17:26 - 000003458 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-06 13:36 - 2017-12-21 17:26 - 000003356 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3C2489C4-3B20-4018-ADC8-DC4302210AA7}
2018-03-06 13:36 - 2017-12-21 17:26 - 000003304 _____ C:\Windows\System32\Tasks\Overwolf Updater Task
2018-03-06 13:36 - 2017-12-21 17:26 - 000003236 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-06 13:36 - 2017-12-21 17:26 - 000003178 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
2018-03-06 13:36 - 2017-12-21 17:26 - 000003152 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-03-06 13:36 - 2017-12-21 17:26 - 000003044 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-06 13:36 - 2017-12-21 17:26 - 000003016 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-06 13:36 - 2017-12-21 17:26 - 000002974 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-06 13:36 - 2017-12-21 17:26 - 000002920 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2940490528-2556188224-4051809522-1001
2018-03-06 13:36 - 2017-12-21 17:26 - 000002898 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-06 13:36 - 2017-12-21 17:26 - 000002846 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-06 13:36 - 2017-12-21 17:26 - 000002820 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ATKINSON-James
2018-03-06 13:36 - 2017-12-21 17:26 - 000002804 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-06 13:36 - 2017-12-21 17:26 - 000002766 _____ C:\Windows\System32\Tasks\{61023390-5853-82FD-6C7A-1FC4E14E4AF9}
2018-03-06 13:36 - 2017-12-21 17:26 - 000002712 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2018-03-06 13:36 - 2017-12-21 17:26 - 000002594 _____ C:\Windows\System32\Tasks\SamsungMagician
2018-03-06 13:36 - 2017-12-21 17:26 - 000002572 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2018-03-06 13:36 - 2017-12-21 17:26 - 000002316 _____ C:\Windows\System32\Tasks\{3ACAFE6F-850C-41DF-9B33-088704E3CFD7}
2018-03-05 20:05 - 2018-02-05 07:11 - 001026696 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2018-03-05 20:05 - 2018-02-05 07:11 - 000460520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2018-03-05 20:05 - 2018-02-05 07:11 - 000380528 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2018-03-05 20:05 - 2018-02-05 07:11 - 000343752 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbloga.sys
2018-03-05 20:05 - 2018-02-05 07:11 - 000227504 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsdrivera.sys
2018-03-05 20:05 - 2018-02-05 07:11 - 000215320 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHdsKe.sys
2018-03-05 20:05 - 2018-02-05 07:11 - 000205976 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2018-03-05 20:05 - 2018-02-05 07:11 - 000199440 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsha.sys
2018-03-05 20:05 - 2018-02-05 07:11 - 000196648 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArPot.sys
2018-03-05 20:05 - 2018-02-05 07:11 - 000146656 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2018-03-05 20:05 - 2018-02-05 07:11 - 000110328 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2018-03-05 20:05 - 2018-02-05 07:11 - 000084368 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2018-03-05 20:05 - 2018-02-05 07:11 - 000057680 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbuniva.sys
2018-03-05 20:05 - 2018-02-05 07:11 - 000046968 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2018-03-04 10:31 - 2018-02-10 19:27 - 000000000 ____D C:\Users\James\Documents\Visual Studio 2017
2018-03-04 08:47 - 2017-01-28 04:00 - 000000000 ____D C:\Users\James\AppData\Roaming\Adobe
2018-03-03 21:28 - 2017-01-28 04:17 - 000000000 ____D C:\Users\James\AppData\Local\Comms
2018-02-25 09:14 - 2017-04-30 08:56 - 000000000 ____D C:\Users\James\.thumbnails
2018-02-22 19:16 - 2018-01-22 19:32 - 000000000 ____D C:\ProgramData\Unity
2018-02-22 09:11 - 2018-01-22 19:32 - 000000000 ____D C:\Users\James\AppData\Roaming\Unity
2018-02-22 09:11 - 2018-01-22 19:32 - 000000000 ____D C:\Users\James\AppData\LocalLow\Unity
2018-02-21 09:51 - 2018-02-15 13:22 - 000000000 ____D C:\Users\James\AppData\Roaming\CC
2018-02-21 07:26 - 2017-03-05 12:41 - 000000000 ____D C:\Users\James\AppData\Local\UnrealEngine
 
Some files in TEMP:
====================
2018-03-22 15:58 - 2018-01-03 16:01 - 000373552 _____ (NVIDIA Corporation) C:\Users\James\AppData\Local\Temp\nvStInst.exe
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 5%
Total physical RAM: 16242.52 MB
Available physical RAM: 15285.93 MB
Total Virtual: 16242.52 MB
Available Virtual: 15342.39 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.49 GB) (Free:431.67 GB) NTFS
Drive e: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:447.83 GB) NTFS
Drive f: (ESD-ISO) (CDROM) (Total:3.05 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: (New Volume) (Fixed) (Total:223.44 GB) (Free:47.56 GB) NTFS
 
\\?\Volume{93c37c8d-e46d-11e7-8dbe-704d7b6bd4f0}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.07 GB) NTFS
\\?\Volume{eca8f461-a21e-4abe-86ca-07017b0815ee}\ () (Fixed) (Total:0.47 GB) (Free:0.08 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 5381FA26)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
LastRegBack: 2018-03-16 05:29
 
==================== End of FRST.txt ============================

 

 

Getting into the Windows RE is a bleep on my computer. NOTHING works aside from putting in a windows 10 installation disk and forcing a CD boot from the Bios


#6 RayS

RayS

  • Malware Response Team
  • 2,433 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:USA
  • Local time:08:43 PM

Posted 24 March 2018 - 04:10 PM

Hi James,

Thank you for supplying your first name.

For some reason, the FixList.txt file you created did not contain the script I provided. I'm providing a slightly modified script in an attached FixList.txt file. Please delete the existing FixList.txt file from your USB thumb drive and download the attached FixList.txt file to the same directory on your thumb drive where FRST64.exe is located.


Run Farbar Recovery Scan Tool (FRST) in FIX mode

  • Enter Command Prompt in Recovery Environment as you did before and use Notepad to navigate to your thumb drive.
  • Right-click FRST64 and click Run as administrator.
  • Click the Fix button in the Farbar Recovery Scan Tool window.
  • Wait until the program completes execution.
  • The tool will create a log called Fixlog.txt in the same directory on your thumb drive. Please post its contents into your reply.

NOTICE: This script was written specifically for this user to be used on this particular machine. Running this script on another machine may cause damage to your operating system.
 
 

Note: Restart your PC and perform the following steps in normal boot.


Re-scan with Farbar Recovery Scan Tool

  • Navigate again to FRST64.exe on your thumb drive and right-click it. Then click Run as administrator.
  • Under Optional Scan, be sure a checkmark is placed next to Addition.txt.
  • Click Scan.
  • When finished, it will produce two logs called FRST.txt and Addition.txt in the same directory where the tool was run from.
  • Please copy and paste FRST.txt and Addition.txt into your next reply.

 

 

In your next reply...

  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Copy and paste the entire contents of FRST.txt and Addition.txt into the body of your message.
  • Please tell me how your PC is running now.

Thank you,

Ray

[attachment=203367:FixList.txt]


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.

#7 RayS

RayS

  • Malware Response Team
  • 2,433 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:USA
  • Local time:08:43 PM

Posted 27 March 2018 - 09:33 AM

Hi James,

3 Day Bump

It has been 3 days since my last post.

  • Do you still need help with this? If not, please let me know as soon as possible. Other people are requesting my help.
  • If you will be away for an extended period, please let me know in advance.
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:03:43 AM

Posted 29 March 2018 - 02:54 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif

Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·