Malwarebytes scan. 81 of 83 threats removed. 2 remain

Bramp

Member
Malwarebytes scan. 81 of 83 threats removed. 2 remain

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-21-2018
# Duration: 00:00:07
# OS: Windows 10 Home
# Cleaned: 81
# Failed: 2


***** [ Services ] *****

Deleted MicroService

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Microleaves
Deleted C:\Users\bramp\AppData\Roaming\Microleaves
Deleted C:\Program Files (x86)\ShutdownTime
Deleted C:\ProgramData\44580252-5135-1
Deleted C:\ProgramData\44580252-0437-0
Deleted C:\Program Files (x86)\FastDataX
Deleted C:\Windows\Syswow64\SSL
Deleted C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}

***** [ Files ] *****

Deleted C:\Users\bramp\appdata\local\installationconfiguration.xml
Deleted C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\Tasks\Online Application V2G5.job
Deleted C:\Windows\System32\Tasks\Online Application V2G5
Deleted C:\Windows\Tasks\Online Application V2G4.job
Deleted C:\Windows\System32\Tasks\Online Application V2G4
Deleted C:\Windows\Tasks\Online Application V2G6.job
Deleted C:\Windows\System32\Tasks\Online Application V2G6
Deleted C:\Windows\System32\Tasks\FastDataX Task
Deleted C:\Windows\System32\Tasks\PPI Update
Deleted C:\Windows\Tasks\Online Application V2G2.job
Deleted C:\Windows\System32\Tasks\Online Application V2G2
Deleted C:\Windows\Tasks\Online Application V2G3.job
Deleted C:\Windows\System32\Tasks\Online Application V2G3
Deleted C:\Windows\Tasks\Online Application V2G1.job
Deleted C:\Windows\System32\Tasks\Online Application V2G1
Deleted C:\Windows\Tasks\Updater_Online_Application.job
Deleted C:\Windows\System32\Tasks\Updater_Online_Application

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted HKLM\Software\MICROSOFT\TechnologyDesktopnew
Deleted HKLM\SOFTWARE\MICROSOFT\Speedycar
Deleted HKLM\Software\Wow6432Node\Microleaves
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A36F15B8-2B98-42C0-8E7B-87AFEF3D636E}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A36F15B8-2B98-42C0-8E7B-87AFEF3D636E}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{892A835C-33BF-435B-8188-A5A86B4662C9}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{892A835C-33BF-435B-8188-A5A86B4662C9}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62325963-895E-4A4D-A899-D22428A1B370}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62325963-895E-4A4D-A899-D22428A1B370}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|ShutdownTime
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ShutdownTime_is1
Deleted HKCU\Software\Microsoft\BigTime
Deleted HKCU\Software\FastDataX
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD8A926F-B3DF-4430-AD29-FD07C2CC5FB5}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD8A926F-B3DF-4430-AD29-FD07C2CC5FB5}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FastDataX Task
Deleted HKLM\Software\Microsoft\DMunversion
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B341C4F-E1E4-4115-A3E1-86E8ED9F850F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B341C4F-E1E4-4115-A3E1-86E8ED9F850F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PPI Update
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE1D2BE8-CA18-4D59-AF05-BD0FFAB07BCA}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE1D2BE8-CA18-4D59-AF05-BD0FFAB07BCA}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCC3EE15-69DD-4B71-BF86-B15E70816351}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCC3EE15-69DD-4B71-BF86-B15E70816351}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4561ABB2-0CBA-4688-BB9F-19D1B1440798}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4561ABB2-0CBA-4688-BB9F-19D1B1440798}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10A15802-5D7D-4250-8356-92DB2E6A9C9A}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10A15802-5D7D-4250-8356-92DB2E6A9C9A}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application
Deleted HKCU\Software\MICROSOFT\wewewe
Deleted HKLM\Software\Wow6432Node\SrcAAAesom Browser Enhancer
Deleted HKLM\Software\SrcAAAesom Browser Enhancer
Deleted HKCU\Software\WajIEnhance
Deleted HKLM\Software\Wow6432Node\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Deleted HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Deleted HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted HKLM\Software\Microsoft\PrIncub
Deleted HKLM\Software\Microsoft\MPrForShutT
Deleted HKLM\Software\Microsoft\PrAmNP
Deleted HKLM\Software\Microsoft\NSaveA
Deleted HKLM\Software\Microsoft\APreSam

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Not Deleted Ask
Not Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [9455 octets] - [21/10/2018 20:04:12]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Bramp

Member
Ran the scan again and 1 more was removed with 1 remaining.. Mouse is not working.. I think there is virus on here still . Using the touchpad. Ok and now suddenly the mouse is working again .

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-21-2018
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 1
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask
Not Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [9455 octets] - [21/10/2018 20:04:12]
AdwCleaner[C00].txt - [8135 octets] - [21/10/2018 20:04:47]
AdwCleaner[S01].txt - [1411 octets] - [21/10/2018 20:12:58]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 

Bramp

Member
Ran this.. Cant run JUNKWARE REMOVAL TOOL, its no longer in business.
Are there any other scans I should do?
Windows defender originally found a Trojan!!


Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/21/18
Scan Time: 8:24 PM
Log File: 3f43e67e-d599-11e8-835c-74867a0dfa4d.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7459
License: Trial

-System Information-
OS: Windows 10 (Build 17134.345)
CPU: x64
File System: NTFS
User: DESKTOP-75HFSQL\bramp

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 275850
Threats Detected: 101
Threats Quarantined: 101
Time Elapsed: 2 min, 26 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
Adware.Tuto4PC, C:\Program Files (x86)\Multitimer\Multitimer.exe, Quarantined, [2781], [474048],1.0.7459

Module: 2
Adware.Tuto4PC, C:\Program Files (x86)\Multitimer\Multitimer.exe, Quarantined, [2781], [474048],1.0.7459
Adware.Wajam.Generic, C:\WINDOWS\XTNOKZYUBY.XTNO, Quarantined, [4874], [580236],1.0.7459

Registry Key: 24
Adware.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Multitimer_is1, Delete-on-Reboot, [2781], [474048],1.0.7459
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NWNiZWRiND, Delete-on-Reboot, [464], [556539],1.0.7459
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Delete-on-Reboot, [464], [-1],0.0.0
Adware.Tuto4PC, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\MICROSOFT\EWMON, Delete-on-Reboot, [2781], [411543],1.0.7459
Trojan.Agent, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amazon assistant 1.0, Delete-on-Reboot, [397], [533745],1.0.7459
Trojan.Agent, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amazon assistant 2.0, Delete-on-Reboot, [397], [533745],1.0.7459
Trojan.Agent, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\disk genius 2.02, Delete-on-Reboot, [397], [533746],1.0.7459
Trojan.Agent, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\farmer 1.0, Delete-on-Reboot, [397], [533747],1.0.7459
Trojan.Agent, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\pro 1.0, Delete-on-Reboot, [397], [533748],1.0.7459
Trojan.Agent, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\soundplay 3.0, Delete-on-Reboot, [397], [533749],1.0.7459
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\bestavicampaign563, Delete-on-Reboot, [426], [584322],1.0.7459
Adware.Wajam, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NWNiZWRiND, Delete-on-Reboot, [464], [533738],1.0.7459
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Delete-on-Reboot, [426], [518478],1.0.7459
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MPrForWeathI, Delete-on-Reboot, [2781], [572664],1.0.7459
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MTPreC_B, Delete-on-Reboot, [2781], [572665],1.0.7459
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MTPreC_Qn, Delete-on-Reboot, [2781], [572666],1.0.7459
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Delete-on-Reboot, [426], [518476],1.0.7459
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreAm, Delete-on-Reboot, [2781], [572667],1.0.7459
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreIc, Delete-on-Reboot, [2781], [572668],1.0.7459
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreJ, Delete-on-Reboot, [2781], [572669],1.0.7459
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreShM, Delete-on-Reboot, [2781], [572670],1.0.7459
Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MTYxNT, Delete-on-Reboot, [4874], [580236],1.0.7459
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\OWQzOThmNWQ5Nj, Delete-on-Reboot, [464], [480979],1.0.7459
Spyware.Socelars, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\{6D187CC8-35BD-47F6-8760-D406AA1927B1}, Delete-on-Reboot, [6273], [584328],1.0.7459

Registry Value: 8
Adware.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Multitimer, Delete-on-Reboot, [2781], [474048],1.0.7459
Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [464], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [464], [-1],0.0.0
Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [464], [-1],0.0.0
Adware.Tuto4PC, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\MICROSOFT\EWMON|PARTNER, Delete-on-Reboot, [2781], [411543],1.0.7459
Adware.Wajam, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NWNiZWRiND|DISPLAYNAME, Delete-on-Reboot, [464], [533738],1.0.7459
Adware.Wajam, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NWNiZWRiND|PUBLISHER, Delete-on-Reboot, [464], [533738],1.0.7459
Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MTYxNT|IMAGEPATH, Delete-on-Reboot, [4874], [580236],1.0.7459

Registry Data: 10
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replace-on-Reboot, [3162], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replace-on-Reboot, [3162], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{0d44a2fa-3617-49dd-b680-b33630629d6a}|NameServer, Replace-on-Reboot, [3162], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{246bd046-8f7e-4214-abda-1e2373d0dede}|NameServer, Replace-on-Reboot, [3162], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{246bd046-8f7e-4214-abda-1e2373d0dede}|DhcpNameServer, Replace-on-Reboot, [3162], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{264d5823-90d2-4603-bc01-125bbf1639fe}|NameServer, Replace-on-Reboot, [3162], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{788f174d-3046-455d-b68e-3098617fa0f2}|NameServer, Replace-on-Reboot, [3162], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{788f174d-3046-455d-b68e-3098617fa0f2}|DhcpNameServer, Replace-on-Reboot, [3162], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{87403074-c8a6-410e-ba56-a30956a05ae9}|NameServer, Replace-on-Reboot, [3162], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{cec8c91f-d8bd-4583-9de4-3724f624fbf0}|NameServer, Replace-on-Reboot, [3162], [-1],0.0.0

Data Stream: 0
(No malicious items detected)

Folder: 6
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\MULTITIMER, Delete-on-Reboot, [2781], [474048],1.0.7459
Adware.Tuto4PC, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\CFDX42UGOE, Delete-on-Reboot, [2781], [487472],1.0.7459
Adware.Tuto4PC, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\DQGFPGXWZ4, Delete-on-Reboot, [2781], [487472],1.0.7459
Adware.Wajam, C:\PROGRAM FILES\NWNiZWRiND, Delete-on-Reboot, [464], [556539],1.0.7459
PUP.Optional.BundleInstaller, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\89674062, Delete-on-Reboot, [415], [463480],1.0.7459
PUP.Optional.BundleInstaller, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\89674062, Delete-on-Reboot, [415], [463480],1.0.7459

File: 50
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\MULTITIMER\UNINS000.DAT, Delete-on-Reboot, [2781], [474048],1.0.7459
Adware.Tuto4PC, C:\Program Files (x86)\Multitimer\Multitimer.exe, Delete-on-Reboot, [2781], [474048],1.0.7459
Adware.Tuto4PC, C:\Program Files (x86)\Multitimer\unins000.exe, Delete-on-Reboot, [2781], [474048],1.0.7459
Adware.Tuto4PC, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\CFDX42UGOE\up.exe.config, Delete-on-Reboot, [2781], [487472],1.0.7459
Adware.Tuto4PC, C:\Users\bramp\AppData\Local\Temp\CFDX42UGOE\up.exe, Delete-on-Reboot, [2781], [487472],1.0.7459
Adware.Tuto4PC, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\DQGFPGXWZ4\up.exe.config, Delete-on-Reboot, [2781], [487472],1.0.7459
Adware.Tuto4PC, C:\Users\bramp\AppData\Local\Temp\DQGFPGXWZ4\up.exe, Delete-on-Reboot, [2781], [487472],1.0.7459
Adware.Linkury.Generic, C:\USERS\BRAMP\APPDATA\LOCAL\SHAM.DB, Delete-on-Reboot, [3739], [516191],1.0.7459
Adware.Wajam, C:\PROGRAM FILES\NWNiZWRiND\WBE_uninstall.dat, Delete-on-Reboot, [464], [556539],1.0.7459
Adware.Wajam, C:\Program Files\NWNiZWRiND\mozcrt19.dll, Delete-on-Reboot, [464], [556539],1.0.7459
Adware.Wajam, C:\Program Files\NWNiZWRiND\NDQ2NTI1Y.exe, Delete-on-Reboot, [464], [556539],1.0.7459
Adware.Wajam, C:\Program Files\NWNiZWRiND\NmZiZWFmMTc, Delete-on-Reboot, [464], [556539],1.0.7459
Adware.Wajam, C:\Program Files\NWNiZWRiND\nspr4.dll, Delete-on-Reboot, [464], [556539],1.0.7459
Adware.Wajam, C:\Program Files\NWNiZWRiND\nss3.dll, Delete-on-Reboot, [464], [556539],1.0.7459
Adware.Wajam, C:\Program Files\NWNiZWRiND\NTIyMzA1OW.exe, Delete-on-Reboot, [464], [556539],1.0.7459
Adware.Wajam, C:\Program Files\NWNiZWRiND\OTcyYTFiYjM0MT.exe, Delete-on-Reboot, [464], [556539],1.0.7459
Adware.Wajam, C:\Program Files\NWNiZWRiND\plc4.dll, Delete-on-Reboot, [464], [556539],1.0.7459
Adware.Wajam, C:\Program Files\NWNiZWRiND\plds4.dll, Delete-on-Reboot, [464], [556539],1.0.7459
Adware.Wajam, C:\Program Files\NWNiZWRiND\service.dat, Delete-on-Reboot, [464], [556539],1.0.7459
Adware.Wajam, C:\Program Files\NWNiZWRiND\service_64.dat, Delete-on-Reboot, [464], [556539],1.0.7459
Adware.Wajam, C:\Program Files\NWNiZWRiND\softokn3.dll, Delete-on-Reboot, [464], [556539],1.0.7459
Adware.Wajam, C:\Program Files\NWNiZWRiND\YzE2Zjg1NjQ0Mjg2Y.ico, Delete-on-Reboot, [464], [556539],1.0.7459
PUP.Optional.BundleInstaller, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\89674062\ic-0.2c9d8b3c3f102.exe, Delete-on-Reboot, [415], [463480],1.0.7459
PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.556fb167274c1c.exe, Delete-on-Reboot, [415], [463480],1.0.7459
PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.6392e473c033a.exe, Delete-on-Reboot, [415], [463480],1.0.7459
PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.6e8a1316b59204.exe, Delete-on-Reboot, [415], [463480],1.0.7459
PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.7b9a1977919e78.exe, Delete-on-Reboot, [415], [463480],1.0.7459
PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.8aabfeca79344.exe, Delete-on-Reboot, [415], [463480],1.0.7459
PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.a54c834a8f0eb.exe, Delete-on-Reboot, [415], [463480],1.0.7459
PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.cdb1100eeb1aa.exe, Delete-on-Reboot, [415], [463480],1.0.7459
PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.fa69ec4a2d418.exe, Delete-on-Reboot, [415], [463480],1.0.7459
PUP.Optional.BundleInstaller, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\89674062\ic-0.556fb167274c1c.exe, Delete-on-Reboot, [415], [463480],1.0.7459
PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.2c9d8b3c3f102.exe, Delete-on-Reboot, [415], [463480],1.0.7459
PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.6392e473c033a.exe, Delete-on-Reboot, [415], [463480],1.0.7459
PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.6e8a1316b59204.exe, Delete-on-Reboot, [415], [463480],1.0.7459
PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.7b9a1977919e78.exe, Delete-on-Reboot, [415], [463480],1.0.7459
PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.8aabfeca79344.exe, Delete-on-Reboot, [415], [463480],1.0.7459
PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.a54c834a8f0eb.exe, Delete-on-Reboot, [415], [463480],1.0.7459
PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.cdb1100eeb1aa.exe, Delete-on-Reboot, [415], [463480],1.0.7459
PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.fa69ec4a2d418.exe, Delete-on-Reboot, [415], [463480],1.0.7459
Adware.Wajam.Generic, C:\WINDOWS\XTNOKZYUBY.XTNO, Delete-on-Reboot, [4874], [580236],1.0.7459
Adware.Wajam, C:\WINDOWS\SYSTEM32\DRIVERS\OWQZOTHMNWQ5NJ, Delete-on-Reboot, [464], [480979],1.0.7459
Adware.Csdimonetize, C:\PROGRAM FILES (X86)\MUR\681850109.EXE, Delete-on-Reboot, [7812], [585499],1.0.7459
Adware.DNSUnlocker.ACMB2, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\IS-E1EMB.TMP\CXGZ.DLL, Delete-on-Reboot, [3162], [582788],1.0.7459
Adware.Tuto4PC, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\IS-IOUQ4.TMP\UNREALS.EXE, Delete-on-Reboot, [2781], [551717],1.0.7459
Adware.Csdimonetize, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\IS-IOUQ4.TMP\SETUP.EXE, Delete-on-Reboot, [7812], [585488],1.0.7459
Adware.Csdimonetize, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\IS-OS7BG.TMP\PMALAML.EXE, Delete-on-Reboot, [7812], [585499],1.0.7459
Adware.Tuto4PC, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\GIB3NMEPK0A.EXE, Delete-on-Reboot, [2781], [474076],1.0.7459
Adware.Csdimonetize, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\IS-CDJI9.TMP\PMALAML.EXE, Delete-on-Reboot, [7812], [585499],1.0.7459
Adware.Wajam, C:\WINDOWS\NTIYMZA1OW.EXE, Delete-on-Reboot, [464], [554644],1.0.7459

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Bramp

Member
windows defender says it found threats, wont say what it is, and will not remove it either.
 

Bramp

Member
HERE IS OLT file thank you for your assitance.


OTL logfile created on: 10/21/2018 9:02:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bramp\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.17134.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.87 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 51.04% Memory free
7.50 Gb Paging File | 4.63 Gb Available in Paging File | 61.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.97 Gb Total Space | 191.17 Gb Free Space | 85.74% Space Free | Partition Type: NTFS
Computer Name: DESKTOP-75HFSQL | User Name: bramp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Users\bramp\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe (AVAST Software)
PRC - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Users\bramp\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\fontdrvhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
PRC - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\AVAST Software\Avast\streamback.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (AvastWscReporter) -- C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (aswbIDSAgent) -- C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (AVAST Software)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (BcastDVRUserService) -- C:\Windows\SysNative\bcastdvruserservice.dll (Microsoft Corporation)
SRV:64bit: - (CoreMessagingRegistrar) -- C:\Windows\SysNative\CoreMessaging.dll (Microsoft Corporation)
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (UsoSvc) -- C:\Windows\SysNative\usocore.dll (Microsoft Corporation)
SRV:64bit: - (MBAMService) -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
SRV:64bit: - (NgcSvc) -- C:\Windows\SysNative\ngcsvc.dll (Microsoft Corporation)
SRV:64bit: - (DoSvc) -- C:\Windows\SysNative\dosvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (SharedRealitySvc) -- C:\Windows\SysNative\SharedRealitySvc.dll (Microsoft Corporation)
SRV:64bit: - (WaaSMedicSvc) -- C:\Windows\SysNative\WaaSMedicSvc.dll (Microsoft Corporation)
SRV:64bit: - (HvHost) -- C:\Windows\SysNative\hvhostsvc.dll (Microsoft Corporation)
SRV:64bit: - (diagnosticshub.standardcollector.service) -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (Microsoft Corporation)
SRV:64bit: - (TokenBroker) -- C:\Windows\SysNative\TokenBroker.dll (Microsoft Corporation)
SRV:64bit: - (SecurityHealthService) -- C:\Windows\SysNative\SecurityHealthService.exe (Microsoft Corporation)
SRV:64bit: - (PushToInstall) -- C:\Windows\SysNative\PushToInstall.dll (Microsoft Corporation)
SRV:64bit: - (WFDSConMgrSvc) -- C:\Windows\SysNative\WFDSConMgrSvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (wlpasvc) -- C:\Windows\SysNative\lpasvc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (MapsBroker) -- C:\Windows\SysNative\moshost.dll (Microsoft Corporation)
SRV:64bit: - (WpcMonSvc) -- C:\Windows\SysNative\WpcDesktopMonSvc.dll (Microsoft Corporation)
SRV:64bit: - (spectrum) -- C:\Windows\SysNative\Spectrum.exe (Microsoft Corporation)
SRV:64bit: - (wisvc) -- C:\Windows\SysNative\FlightSettings.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (PhoneSvc) -- C:\Windows\SysNative\PhoneService.dll (Microsoft Corporation)
SRV:64bit: - (StateRepository) -- C:\Windows\SysNative\Windows.StateRepository.dll (Microsoft Corporation)
SRV:64bit: - (FrameServer) -- C:\Windows\SysNative\FrameServer.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (DsSvc) -- C:\Windows\SysNative\dssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (camsvc) -- C:\Windows\SysNative\CapabilityAccessManager.dll (Microsoft Corporation)
SRV:64bit: - (DmEnrollmentSvc) -- C:\Windows\SysNative\Windows.Internal.Management.dll (Microsoft Corporation)
SRV:64bit: - (InstallService) -- C:\Windows\SysNative\InstallService.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (RetailDemo) -- C:\Windows\SysNative\RDXService.dll (Microsoft Corporation)
SRV:64bit: - (WalletService) -- C:\Windows\SysNative\WalletService.dll (Microsoft Corporation)
SRV:64bit: - (DevicePickerUserSvc) -- C:\Windows\SysNative\Windows.Devices.Picker.dll (Microsoft Corporation)
SRV:64bit: - (NaturalAuthentication) -- C:\Windows\SysNative\NaturalAuth.dll (Microsoft Corporation)
SRV:64bit: - (SmsRouter) -- C:\Windows\SysNative\SmsRouterSvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (diagsvc) -- C:\Windows\SysNative\DiagSvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (TieringEngineService) -- C:\Windows\SysNative\TieringEngineService.exe (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (SensorDataService) -- C:\Windows\SysNative\SensorDataService.exe (Microsoft Corporation)
SRV:64bit: - (PrintWorkflowUserSvc) -- C:\Windows\SysNative\PrintWorkflowService.dll (Microsoft Corporation)
SRV:64bit: - (RmSvc) -- C:\Windows\SysNative\RMapi.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (UserManager) -- C:\Windows\SysNative\usermgr.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NetSetupSvc) -- C:\Windows\SysNative\NetSetupSvc.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (WpnUserService_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PrintWorkflowUserSvc_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (DevicesFlowUserSvc_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (DevicePickerUserSvc_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (CDPUserSvc_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (BluetoothUserService_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (BcastDVRUserService_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (DevicesFlowUserSvc) -- C:\Windows\SysNative\DevicesFlowBroker.dll (Microsoft Corporation)
SRV:64bit: - (shpamsvc) -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
SRV:64bit: - (SensorService) -- C:\Windows\SysNative\SensorService.dll (Microsoft Corporation)
SRV:64bit: - (BTAGService) -- C:\Windows\SysNative\BTAGService.dll (Microsoft Corporation)
SRV:64bit: - (BthAvctpSvc) -- C:\Windows\SysNative\BthAvctpSvc.dll (Microsoft Corporation)
SRV:64bit: - (dmwappushservice) -- C:\Windows\SysNative\dmwappushsvc.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (UserDataSvc) -- C:\Windows\SysNative\UserDataService.dll (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc) -- C:\Windows\SysNative\Unistore.dll (Microsoft Corporation)
SRV:64bit: - (NgcCtnrSvc) -- C:\Windows\SysNative\NgcCtnrSvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (EntAppSvc) -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (WpnService) -- C:\Windows\SysNative\wpnservice.dll (Microsoft Corporation)
SRV:64bit: - (icssvc) -- C:\Windows\SysNative\tetheringservice.dll (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc) -- C:\Windows\SysNative\PimIndexMaintenance.dll (Microsoft Corporation)
SRV:64bit: - (TimeBrokerSvc) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (WpnUserService) -- C:\Windows\SysNative\WpnUserService.dll (Microsoft Corporation)
SRV:64bit: - (XboxGipSvc) -- C:\Windows\SysNative\xboxgipsvc.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\lfsvc.dll (Microsoft Corporation)
SRV:64bit: - (SEMgrSvc) -- C:\Windows\SysNative\SEMgrSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (LicenseManager) -- C:\Windows\SysNative\LicenseManagerSvc.dll (Microsoft Corporation)
SRV:64bit: - (DevQueryBroker) -- C:\Windows\SysNative\DevQueryBroker.dll (Microsoft Corporation)
SRV:64bit: - (XblGameSave) -- C:\Windows\SysNative\XblGameSave.dll (Microsoft Corporation)
SRV:64bit: - (embeddedmode) -- C:\Windows\SysNative\embeddedmodesvc.dll (Microsoft Corporation)
SRV:64bit: - (GraphicsPerfSvc) -- C:\Windows\SysNative\GraphicsPerfSvc.dll (Microsoft Corporation)
SRV:64bit: - (xbgm) -- C:\Windows\SysNative\xbgmsvc.exe (Microsoft Corporation)
SRV:64bit: - (WarpJITSvc) -- C:\Windows\SysNative\Windows.WARP.JITService.dll (Microsoft Corporation)
SRV:64bit: - (XblAuthManager) -- C:\Windows\SysNative\XblAuthManager.dll (Microsoft Corporation)
SRV:64bit: - (tzautoupdate) -- C:\Windows\SysNative\tzautoupdate.dll (Microsoft Corporation)
SRV:64bit: - (ClipSVC) -- C:\Windows\SysNative\ClipSVC.dll (Microsoft Corporation)
SRV:64bit: - (CDPSvc) -- C:\Windows\SysNative\cdpsvc.dll (Microsoft Corporation)
SRV:64bit: - (CDPUserSvc) -- C:\Windows\SysNative\cdpusersvc.dll (Microsoft Corporation)
SRV:64bit: - (AJRouter) -- C:\Windows\SysNative\AJRouter.dll (Microsoft Corporation)
SRV:64bit: - (XboxNetApiSvc) -- C:\Windows\SysNative\XboxNetApiSvc.dll (Microsoft Corporation)
SRV:64bit: - (VacSvc) -- C:\Windows\SysNative\vac.dll (Microsoft Corporation)
SRV:64bit: - (DusmSvc) -- C:\Windows\SysNative\dusmsvc.dll (Microsoft Corporation)
SRV:64bit: - (LxpSvc) -- C:\Windows\SysNative\LanguageOverlayServer.dll (Microsoft Corporation)
SRV:64bit: - (SgrmBroker) -- C:\Windows\SysNative\SgrmBroker.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService) -- C:\Windows\SysNative\MessagingService.dll (Microsoft Corporation)
SRV:64bit: - (BluetoothUserService) -- C:\Windows\SysNative\Microsoft.Bluetooth.UserService.dll (Microsoft Corporation)
SRV:64bit: - (IpxlatCfgSvc) -- C:\Windows\SysNative\ipxlatcfg.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvcext.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvcext.dll (Microsoft Corporation)
SRV:64bit: - (vmicvmsession) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc) -- C:\Windows\SysNative\APHostService.dll (Microsoft Corporation)
SRV:64bit: - (ssh-agent) -- C:\Windows\SysNative\OpenSSH\ssh-agent.exe ()
SRV:64bit: - (SynTPEnhService) -- C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (igfxCUIService1.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation)
SRV - (avastm) -- C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software)
SRV - (avast) -- C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software)
SRV - (WdNisSvc) -- C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\NisSrv.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MsMpEng.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (CoreMessagingRegistrar) -- C:\Windows\SysWOW64\CoreMessaging.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TokenBroker) -- C:\Windows\SysWOW64\TokenBroker.dll (Microsoft Corporation)
SRV - (wisvc) -- C:\Windows\SysWOW64\FlightSettings.dll (Microsoft Corporation)
SRV - (StateRepository) -- C:\Windows\SysWOW64\Windows.StateRepository.dll (Microsoft Corporation)
SRV - (DmEnrollmentSvc) -- C:\Windows\SysWOW64\Windows.Internal.Management.dll (Microsoft Corporation)
SRV - (InstallService) -- C:\Windows\SysWOW64\InstallService.dll (Microsoft Corporation)
SRV - (DevicePickerUserSvc) -- C:\Windows\SysWOW64\Windows.Devices.Picker.dll (Microsoft Corporation)
SRV - (PrintWorkflowUserSvc) -- C:\Windows\SysWOW64\PrintWorkflowService.dll (Microsoft Corporation)
SRV - (UnistoreSvc) -- C:\Windows\SysWOW64\Unistore.dll (Microsoft Corporation)
SRV - (tzautoupdate) -- C:\Windows\SysWOW64\tzautoupdate.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys (AVAST Software)
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys (AVAST Software)
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys (AVAST Software)
DRV:64bit: - (aswElam) -- C:\Windows\SysNative\drivers\aswElam.sys (AVAST Software)
DRV:64bit: - (aswArPot) -- C:\Windows\SysNative\drivers\aswArPot.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswHdsKe) -- C:\Windows\SysNative\drivers\aswHdsKe.sys (AVAST Software)
DRV:64bit: - (aswblog) -- C:\Windows\SysNative\drivers\aswbloga.sys (AVAST Software)
DRV:64bit: - (aswbidsdriver) -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys (AVAST Software)
DRV:64bit: - (aswbidsh) -- C:\Windows\SysNative\drivers\aswbidsha.sys (AVAST Software)
DRV:64bit: - (aswbuniv) -- C:\Windows\SysNative\drivers\aswbuniva.sys (AVAST Software)
DRV:64bit: - (MBAMProtection) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes)
DRV:64bit: - (MBAMFarflt) -- C:\Windows\SysNative\drivers\farflt.sys (Malwarebytes)
DRV:64bit: - (MBAMWebProtection) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes)
DRV:64bit: - (MBAMChameleon) -- C:\Windows\SysNative\drivers\MbamChameleon.sys (Malwarebytes)
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys (Malwarebytes)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\wd\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\wd\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\wd\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (hvservice) -- C:\Windows\SysNative\drivers\hvservice.sys (Microsoft Corporation)
DRV:64bit: - (ESProtectionDriver) -- C:\Windows\SysNative\drivers\mbae64.sys (Malwarebytes)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (scmbus) -- C:\Windows\SysNative\drivers\scmbus.sys (Microsoft Corporation)
DRV:64bit: - (Ucx01000) -- C:\Windows\SysNative\drivers\Ucx01000.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (vmgid) -- C:\Windows\SysNative\drivers\vmgid.sys (Microsoft Corporation)
DRV:64bit: - (CldFlt) -- C:\Windows\SysNative\drivers\cldflt.sys (Microsoft Corporation)
DRV:64bit: - (WinNat) -- C:\Windows\SysNative\drivers\winnat.sys (Microsoft Corporation)
DRV:64bit: - (wdiwifi) -- C:\Windows\SysNative\drivers\WdiWiFi.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storufs) -- C:\Windows\SysNative\drivers\storufs.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\Windows\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRT) -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys (Microsoft Corporation)
DRV:64bit: - (ReFSv1) -- C:\Windows\SysNative\drivers\refsv1.sys (Microsoft Corporation)
DRV:64bit: - (xboxgip) -- C:\Windows\SysNative\drivers\xboxgip.sys (Microsoft Corporation)
DRV:64bit: - (RTSUER) -- C:\Windows\SysNative\drivers\RtsUer.sys (Realsil Semiconductor Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (SpatialGraphFilter) -- C:\Windows\SysNative\drivers\SpatialGraphFilter.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (bam) -- C:\Windows\SysNative\drivers\bam.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (afunix) -- C:\Windows\SysNative\drivers\afunix.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (NetAdapterCx) -- C:\Windows\SysNative\drivers\NetAdapterCx.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\Windows\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (applockerfltr) -- C:\Windows\SysNative\drivers\applockerfltr.sys (Microsoft Corporation)
DRV:64bit: - (WdmCompanionFilter) -- C:\Windows\SysNative\drivers\WdmCompanionFilter.sys (Microsoft Corporation)
DRV:64bit: - (Ufx01000) -- C:\Windows\SysNative\drivers\ufx01000.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (UcmTcpciCx0101) -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys (Microsoft Corporation)
DRV:64bit: - (wcifs) -- C:\Windows\SysNative\drivers\wcifs.sys (Microsoft Corporation)
DRV:64bit: - (UcmCx0101) -- C:\Windows\SysNative\drivers\UcmCx.sys (Microsoft Corporation)
DRV:64bit: - (wcnfs) -- C:\Windows\SysNative\drivers\wcnfs.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (UrsCx01000) -- C:\Windows\SysNative\drivers\urscx01000.sys (Microsoft Corporation)
DRV:64bit: - (cnghwassist) -- C:\Windows\SysNative\drivers\cnghwassist.sys (Microsoft Corporation)
DRV:64bit: - (IndirectKmd) -- C:\Windows\SysNative\drivers\IndirectKmd.sys (Microsoft Corporation)
DRV:64bit: - (HwNClx0101) -- C:\Windows\SysNative\drivers\mshwnclx.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (bindflt) -- C:\Windows\SysNative\drivers\bindflt.sys (Microsoft Corporation)
DRV:64bit: - (storqosflt) -- C:\Windows\SysNative\drivers\storqosflt.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (SgrmAgent) -- C:\Windows\SysNative\drivers\SgrmAgent.sys (Microsoft Corporation)
DRV:64bit: - (iorate) -- C:\Windows\SysNative\drivers\iorate.sys (Microsoft Corporation)
DRV:64bit: - (MMCSS) -- C:\Windows\SysNative\drivers\mmcss.sys (Microsoft Corporation)
DRV:64bit: - (GpuEnergyDrv) -- C:\Windows\SysNative\drivers\gpuenergydrv.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (FileCrypt) -- C:\Windows\SysNative\drivers\filecrypt.sys (Microsoft Corporation)
DRV:64bit: - (UdeCx) -- C:\Windows\SysNative\drivers\Udecx.sys (Microsoft Corporation)
DRV:64bit: - (Ramdisk) -- C:\Windows\SysNative\drivers\ramdisk.sys (Microsoft Corporation)
DRV:64bit: - (vhf) -- C:\Windows\SysNative\drivers\vhf.sys (Microsoft Corporation)
DRV:64bit: - (IPT) -- C:\Windows\SysNative\drivers\ipt.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (UcmUcsi) -- C:\Windows\SysNative\drivers\UcmUcsi.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (hidinterrupt) -- C:\Windows\SysNative\drivers\hidinterrupt.sys (Microsoft Corporation)
DRV:64bit: - (xinputhid) -- C:\Windows\SysNative\drivers\xinputhid.sys (Microsoft Corporation)
DRV:64bit: - (buttonconverter) -- C:\Windows\SysNative\drivers\buttonconverter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRTProxy) -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys (Microsoft Corporation)
DRV:64bit: - (ufxsynopsys) -- C:\Windows\SysNative\drivers\ufxsynopsys.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (UfxChipidea) -- C:\Windows\SysNative\drivers\UfxChipidea.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys (Microsoft Corporation)
DRV:64bit: - (UrsChipidea) -- C:\Windows\SysNative\drivers\urschipidea.sys (Microsoft Corporation)
DRV:64bit: - (UrsSynopsys) -- C:\Windows\SysNative\drivers\urssynopsys.sys (Microsoft Corporation)
DRV:64bit: - (genericusbfn) -- C:\Windows\SysNative\drivers\genericusbfn.sys (Microsoft Corporation)
DRV:64bit: - (cht4vbd) -- C:\Windows\SysNative\drivers\cht4vx64.sys (Chelsio Communications)
DRV:64bit: - (iaStorAVC) -- C:\Windows\SysNative\drivers\iaStorAVC.sys (Intel Corporation)
DRV:64bit: - (mlx4_bus) -- C:\Windows\SysNative\drivers\mlx4_bus.sys (Mellanox)
DRV:64bit: - (rt640x64) -- C:\Windows\SysNative\drivers\rt640x64.sys (Realtek )
DRV:64bit: - (ibbus) -- C:\Windows\SysNative\drivers\ibbus.sys (Mellanox)
DRV:64bit: - (mausbhost) -- C:\Windows\SysNative\drivers\mausbhost.sys (Microsoft Corporation)
DRV:64bit: - (cht4iscsi) -- C:\Windows\SysNative\drivers\cht4sx64.sys (Chelsio Communications)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (ndfltr) -- C:\Windows\SysNative\drivers\ndfltr.sys (Mellanox)
DRV:64bit: - (pmem) -- C:\Windows\SysNative\drivers\pmem.sys (Microsoft Corporation)
DRV:64bit: - (nvdimm) -- C:\Windows\SysNative\drivers\nvdimm.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (WinVerbs) -- C:\Windows\SysNative\drivers\winverbs.sys (Mellanox)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (percsas3i) -- C:\Windows\SysNative\drivers\percsas3i.sys (Avago Technologies)
DRV:64bit: - (percsas2i) -- C:\Windows\SysNative\drivers\percsas2i.sys (Avago Technologies)
DRV:64bit: - (mausbip) -- C:\Windows\SysNative\drivers\mausbip.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (bttflt) -- C:\Windows\SysNative\drivers\bttflt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (hvcrash) -- C:\Windows\SysNative\drivers\hvcrash.sys (Microsoft Corporation)
DRV:64bit: - (SDFRd) -- C:\Windows\SysNative\drivers\SDFRd.sys (Microsoft Corporation)
DRV:64bit: - (WinMad) -- C:\Windows\SysNative\drivers\winmad.sys (Mellanox)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (swenum) -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (volume) -- C:\Windows\SysNative\drivers\volume.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (QLogic Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (QLogic Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (ItSas35i) -- C:\Windows\SysNative\drivers\ItSas35i.sys (Avago Technologies)
DRV:64bit: - (LSI_SAS3i) -- C:\Windows\SysNative\drivers\lsi_sas3i.sys (Avago Technologies)
DRV:64bit: - (LSI_SAS2i) -- C:\Windows\SysNative\drivers\lsi_sas2i.sys (LSI Corporation)
DRV:64bit: - (CapImg) -- C:\Windows\SysNative\drivers\capimg.sys (Microsoft Corporation)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (rhproxy) -- C:\Windows\SysNative\drivers\rhproxy.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (megasas35i) -- C:\Windows\SysNative\drivers\megasas35i.sys (Avago Technologies)
DRV:64bit: - (megasas2i) -- C:\Windows\SysNative\drivers\MegaSas2i.sys (Avago Technologies)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (AcpiDev) -- C:\Windows\SysNative\drivers\AcpiDev.sys (Microsoft Corporation)
DRV:64bit: - (PNPMEM) -- C:\Windows\SysNative\drivers\pnpmem.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (iaLPSS2i_I2C_BXT_P) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C_BXT_P.sys (Intel Corporation)
DRV:64bit: - (iaLPSS2i_I2C) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys (Intel Corporation)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (iai2c) -- C:\Windows\SysNative\drivers\iai2c.sys (Intel(R) Corporation)
DRV:64bit: - (iaLPSS2i_GPIO2_BXT_P) -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2_BXT_P.sys (Intel Corporation)
DRV:64bit: - (iaLPSS2i_GPIO2) -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys (Intel Corporation)
DRV:64bit: - (CAD) -- C:\Windows\SysNative\drivers\CAD.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (iagpio) -- C:\Windows\SysNative\drivers\iagpio.sys (Intel(R) Corporation)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverW8x64.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV - (afunix) -- C:\Windows\SysWOW64\drivers\afunix.sys (Microsoft Corporation)
DRV - (swenum) -- C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "EC"
FF - prefs.js..browser.search.region: "EC"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 62.0.3\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 62.0.3\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS
[2018/10/17 18:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bramp\AppData\Roaming\mozilla\Extensions
[2018/10/17 18:13:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bramp\AppData\Roaming\mozilla\SystemExtensionsDev
[2018/10/21 20:55:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bramp\AppData\Roaming\mozilla\Firefox\Profiles\r8cixcmo.default\extensions
[2018/10/21 20:48:26 | 000,789,048 | ---- | M] () (No name found) -- C:\Users\bramp\AppData\Roaming\mozilla\firefox\profiles\r8cixcmo.default\extensions\[email protected]
[2018/10/17 18:22:07 | 000,006,835 | ---- | M] () (No name found) -- C:\Users\bramp\AppData\Roaming\mozilla\firefox\profiles\r8cixcmo.default\features\{a7e3a724-085a-4d14-947a-8abc45e2ab39}\[email protected]
[2012/10/01 20:33:44 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
========== Chrome ==========
CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\
CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\
CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\
CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgjopcolgcafhnicdahjemapkniikeh\3.4.22_0\
CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\
CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\
CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\
CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmmeekapjbfjachdkgabdaoccfclpaa\1.0.24.20_0\
CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo\3.30_0\
CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.4_0\
CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7018.903.0.0_0\
O1 HOSTS File: ([2018/10/19 10:05:58 | 002,097,675 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 cpm.paneladmin.pro
O1 - Hosts: 127.0.0.1 publisher.hmdiadmingate.xyz
O1 - Hosts: 127.0.0.1 hmdicrewtracksystem.xyz
O1 - Hosts: 127.0.0.1 mydownloaddomain.com
O1 - Hosts: 127.0.0.1 linkmate.space
O1 - Hosts: 127.0.0.1 space1.adminpressure.space
O1 - Hosts: 127.0.0.1 trackpressure.website
O1 - Hosts: 127.0.0.1 doctorlink.space
O1 - Hosts: 127.0.0.1 plugpackdownload.net
O1 - Hosts: 127.0.0.1 texttotalk.org
O1 - Hosts: 127.0.0.1 gambling577.xyz
O1 - Hosts: 127.0.0.1 htagdownload.space
O1 - Hosts: 127.0.0.1 mybcnmonetize.com
O1 - Hosts: 127.0.0.1 360devtraking.website
O1 - Hosts: 127.0.0.1 dscdn.pw
O1 - Hosts: 127.0.0.1 bcnmonetize.go2affise.com
O1 - Hosts: 127.0.0.1 beautifllink.xyz
O4:64bit: - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SecurityHealth] C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AvastBrowserAutoLaunch_C47317C0BC34F90619D957E46A565EC7] C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_6CFD100A57B8C1B5220228FC4193464B] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [OneDrive] C:\Users\bramp\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableFullTrustStartupTasks = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUwpStartupTasks = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SupportFullTrustStartupTasks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SupportUwpStartupTasks = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0d44a2fa-3617-49dd-b680-b33630629d6a}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{246bd046-8f7e-4214-abda-1e2373d0dede}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{246bd046-8f7e-4214-abda-1e2373d0dede}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{264d5823-90d2-4603-bc01-125bbf1639fe}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47f83278-d279-11e8-a1f9-806e6f6e6963}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{788f174d-3046-455d-b68e-3098617fa0f2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{788f174d-3046-455d-b68e-3098617fa0f2}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87403074-c8a6-410e-ba56-a30956a05ae9}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{cec8c91f-d8bd-4583-9de4-3724f624fbf0}: NameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2e52f201-d271-11e8-a1fb-74867a0dfa4d}\Shell - "" = AutoRun
O33 - MountPoints2\{2e52f201-d271-11e8-a1fb-74867a0dfa4d}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2018/10/21 20:59:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2018/10/21 20:53:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVAST Software
[2018/10/21 20:50:37 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\CEF
[2018/10/21 20:50:37 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Roaming\AVAST Software
[2018/10/21 20:50:36 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\AVAST Software
[2018/10/21 20:50:10 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\CrashDumps
[2018/10/21 20:48:51 | 001,028,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2018/10/21 20:48:51 | 000,467,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2018/10/21 20:48:51 | 000,381,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswVmm.sys
[2018/10/21 20:48:51 | 000,346,760 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbloga.sys
[2018/10/21 20:48:51 | 000,230,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys
[2018/10/21 20:48:51 | 000,208,640 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2018/10/21 20:48:51 | 000,201,928 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbidsha.sys
[2018/10/21 20:48:51 | 000,201,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswArPot.sys
[2018/10/21 20:48:51 | 000,185,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHdsKe.sys
[2018/10/21 20:48:51 | 000,163,376 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2018/10/21 20:48:51 | 000,111,968 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2018/10/21 20:48:51 | 000,088,112 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2018/10/21 20:48:51 | 000,059,664 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbuniva.sys
[2018/10/21 20:48:51 | 000,047,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2018/10/21 20:48:51 | 000,042,456 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2018/10/21 20:48:51 | 000,015,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswElam.sys
[2018/10/21 20:48:47 | 000,378,584 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2018/10/21 20:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVAST Software
[2018/10/21 20:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2018/10/21 20:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2018/10/21 20:40:58 | 000,058,400 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2018/10/21 20:40:51 | 000,118,584 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2018/10/21 20:40:51 | 000,110,424 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2018/10/21 20:22:51 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\mbam
[2018/10/21 20:22:29 | 000,200,232 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys
[2018/10/21 20:22:28 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\mbamtray
[2018/10/21 20:22:22 | 000,260,384 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2018/10/21 20:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2018/10/21 20:22:12 | 000,152,688 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbae64.sys
[2018/10/21 20:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2018/10/21 20:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2018/10/21 20:03:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2018/10/21 06:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2018/10/21 06:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2018/10/21 06:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2018/10/21 06:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2018/10/20 19:39:50 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Roaming\dvdcss
[2018/10/20 19:39:38 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Roaming\vlc
[2018/10/20 19:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2018/10/20 19:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2018/10/19 10:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mur
[2018/10/19 10:04:58 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Programs
[2018/10/19 10:04:29 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\AdvinstAnalytics
[2018/10/19 10:04:20 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\MicroService
[2018/10/19 10:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Toolkit Final
[2018/10/19 09:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2018/10/19 09:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2018/10/19 09:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2018/10/19 09:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2018/10/19 09:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2018/10/19 09:41:48 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2018/10/19 09:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2018/10/19 09:40:39 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2018/10/19 09:40:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2018/10/19 09:40:37 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Microsoft Help
[2018/10/19 09:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2018/10/19 09:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2018/10/19 09:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2018/10/19 09:39:37 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2018/10/18 19:33:05 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\DBG
[2018/10/18 09:04:35 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\ElevatedDiagnostics
[2018/10/18 08:44:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2018/10/17 20:58:08 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2018/10/17 20:43:58 | 000,000,000 | ---D | C] -- C:\Users\bramp\Desktop\AlexandraFolder
[2018/10/17 20:00:43 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2018/10/17 20:00:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2018/10/17 20:00:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2018/10/17 20:00:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2018/10/17 20:00:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2018/10/17 20:00:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2018/10/17 20:00:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2018/10/17 20:00:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2018/10/17 20:00:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2018/10/17 20:00:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2018/10/17 19:59:48 | 000,000,000 | -HSD | C] -- C:\Recovery
[2018/10/17 19:58:40 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2018/10/17 19:58:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\wd
[2018/10/17 19:58:31 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2018/10/17 19:58:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SleepStudy
[2018/10/17 19:58:23 | 000,000,000 | ---D | C] -- C:\Windows\ServiceProfiles
[2018/10/17 19:58:22 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\Microsoft
[2018/10/17 19:58:21 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2018/10/17 18:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2018/10/17 18:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2018/10/17 18:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2018/10/17 18:45:04 | 000,000,000 | ---D | C] -- C:\Users\bramp\Desktop\ContractsLeases
[2018/10/17 18:45:01 | 000,000,000 | ---D | C] -- C:\Users\bramp\Desktop\BrandonCV
[2018/10/17 18:39:11 | 000,000,000 | ---D | C] -- C:\Users\bramp\Desktop\Trading
[2018/10/17 18:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\MetaQuotes
[2018/10/17 18:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader 4 IC Markets
[2018/10/17 18:38:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MetaTrader 4 IC Markets
[2018/10/17 18:38:03 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Roaming\MetaQuotes
[2018/10/17 18:34:10 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Adobe
[2018/10/17 18:24:45 | 000,000,000 | ---D | C] -- C:\Users\bramp\Desktop\FBA
[2018/10/17 18:24:00 | 000,000,000 | ---D | C] -- C:\Users\bramp\Desktop\TeachEnglish
[2018/10/17 18:23:47 | 000,000,000 | ---D | C] -- C:\Users\bramp\Desktop\Browsers
[2018/10/17 18:23:26 | 000,000,000 | -HSD | C] -- C:\Users\bramp\IntelGraphicsProfiles
[2018/10/17 18:23:04 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\PackageStaging
[2018/10/17 18:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Packages
[2018/10/17 18:13:34 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Roaming\Mozilla
[2018/10/17 18:13:33 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Mozilla
[2018/10/17 18:13:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2018/10/17 18:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2018/10/17 18:11:14 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Comms
[2018/10/17 18:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Atheros
[2018/10/17 18:10:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2018/10/17 18:10:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2018/10/17 18:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2018/10/17 18:08:26 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\D3DSCache
[2018/10/17 18:08:11 | 000,000,000 | R--D | C] -- C:\Users\bramp\OneDrive
[2018/10/17 18:07:53 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\PlaceholderTileLogoFolder
[2018/10/17 18:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2018/10/17 18:07:45 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Google
[2018/10/17 18:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2018/10/17 18:06:17 | 000,053,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys
[2018/10/17 18:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2018/10/17 18:05:45 | 000,000,000 | -H-D | C] -- C:\Users\bramp\MicrosoftEdgeBackups
[2018/10/17 18:05:36 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\MicrosoftEdge
[2018/10/17 18:05:29 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Publishers
[2018/10/17 18:05:25 | 000,000,000 | R--D | C] -- C:\Users\bramp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2018/10/17 18:05:25 | 000,000,000 | R--D | C] -- C:\Users\bramp\Searches
[2018/10/17 18:05:25 | 000,000,000 | R--D | C] -- C:\Users\bramp\Contacts
[2018/10/17 18:05:25 | 000,000,000 | R--D | C] -- C:\Users\bramp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2018/10/17 18:05:25 | 000,000,000 | R--D | C] -- C:\Users\bramp\3D Objects
[2018/10/17 18:05:24 | 000,000,000 | -H-D | C] -- C:\Users\bramp\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2018/10/17 18:05:24 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\VirtualStore
[2018/10/17 18:05:24 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Packages
[2018/10/17 18:05:24 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Roaming\Adobe
[2018/10/17 18:05:23 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\ConnectedDevicesPlatform
[2018/10/17 18:04:28 | 000,072,688 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.DLL
[2018/10/17 18:04:28 | 000,069,104 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.DLL
[2018/10/17 18:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2018/10/17 18:04:28 | 000,000,000 | ---D | C] -- C:\Intel
[2018/10/17 18:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2018/10/17 18:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2018/10/17 18:02:52 | 000,000,000 | --SD | C] -- C:\Users\bramp\AppData\Roaming\Microsoft
[2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\Videos
[2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\Saved Games
[2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\Pictures
[2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\Music
[2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\Links
[2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\Favorites
[2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\Downloads
[2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\Documents
[2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\Desktop
[2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\AppData\Local\Temporary Internet Files
[2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\Templates
[2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\Start Menu
[2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\SendTo
[2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\Recent
[2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\PrintHood
[2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\NetHood
[2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\Documents\My Videos
[2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\Documents\My Pictures
[2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\Documents\My Music
[2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\My Documents
[2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\Local Settings
[2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\AppData\Local\History
[2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\Cookies
[2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\Application Data
[2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\AppData\Local\Application Data
[2018/10/17 18:02:52 | 000,000,000 | -H-D | C] -- C:\Users\bramp\AppData
[2018/10/17 18:02:52 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Temp
[2018/10/17 18:02:52 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Microsoft
[2018/10/17 18:02:52 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2018/10/17 18:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\USOShared
========== Files - Modified Within 30 Days ==========
[2018/10/21 21:01:50 | 000,002,571 | ---- | M] () -- C:\Users\bramp\Application Data\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk
[2018/10/21 20:55:01 | 000,002,539 | ---- | M] () -- C:\Users\Public\Desktop\Avast Secure Browser.lnk
[2018/10/21 20:50:34 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2018/10/21 20:48:36 | 000,467,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2018/10/21 20:48:36 | 000,381,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswVmm.sys
[2018/10/21 20:48:36 | 000,208,640 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2018/10/21 20:48:36 | 000,163,376 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2018/10/21 20:48:36 | 000,088,112 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2018/10/21 20:48:36 | 000,047,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2018/10/21 20:48:36 | 000,015,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswElam.sys
[2018/10/21 20:48:35 | 000,378,584 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2018/10/21 20:48:35 | 000,201,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswArPot.sys
[2018/10/21 20:48:35 | 000,111,968 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2018/10/21 20:48:31 | 000,042,456 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2018/10/21 20:48:25 | 001,028,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2018/10/21 20:48:19 | 000,185,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHdsKe.sys
[2018/10/21 20:48:17 | 000,346,760 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbloga.sys
[2018/10/21 20:48:17 | 000,230,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys
[2018/10/21 20:48:17 | 000,201,928 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbidsha.sys
[2018/10/21 20:48:17 | 000,059,664 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbuniva.sys
[2018/10/21 20:45:07 | 000,838,560 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2018/10/21 20:45:07 | 000,710,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2018/10/21 20:45:07 | 000,133,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2018/10/21 20:42:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2018/10/21 20:40:58 | 000,058,400 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2018/10/21 20:40:51 | 000,118,584 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2018/10/21 20:40:51 | 000,110,424 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2018/10/21 20:40:41 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2018/10/21 20:40:40 | 2522,148,864 | -HS- | M] () -- C:\hiberfil.sys
[2018/10/21 20:22:29 | 000,200,232 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys
[2018/10/21 20:22:22 | 000,260,384 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2018/10/21 20:22:15 | 000,001,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2018/10/21 20:06:19 | 000,404,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2018/10/20 19:39:21 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2018/10/19 10:04:48 | 000,140,800 | ---- | M] () -- C:\Users\bramp\AppData\Local\installer.dat
[2018/10/18 18:46:23 | 000,000,144 | ---- | M] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2018/10/18 13:18:32 | 000,098,244 | ---- | M] () -- C:\Windows\uninstaller.dat
[2018/10/18 09:10:13 | 000,002,360 | ---- | M] () -- C:\Users\bramp\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2018/10/18 09:10:09 | 000,000,451 | ---- | M] () -- C:\Windows\SysNative\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
[2018/10/17 20:00:06 | 000,105,420 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2018/10/17 20:00:06 | 000,105,420 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2018/10/17 19:58:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2018/10/17 18:56:42 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk
[2018/10/17 18:10:40 | 000,849,474 | ---- | M] () -- C:\Windows\SysNative\drivers\rtwavesskdy.dat
[2018/10/17 18:10:40 | 000,188,490 | ---- | M] () -- C:\Windows\SysNative\drivers\RTWAVES40.dat
[2018/10/17 18:10:40 | 000,031,095 | ---- | M] () -- C:\Windows\SysNative\drivers\rtwavesEFX.dat
[2018/10/17 18:10:40 | 000,010,945 | ---- | M] () -- C:\Windows\SysNative\drivers\rtwavesMFX.dat
[2018/10/17 18:10:35 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2018/10/17 18:06:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
[2018/10/17 18:06:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01011.Wdf
========== Files Created - No Company Name ==========
[2018/10/21 20:55:01 | 000,002,574 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
[2018/10/21 20:55:01 | 000,002,571 | ---- | C] () -- C:\Users\bramp\Application Data\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk
[2018/10/21 20:55:01 | 000,002,539 | ---- | C] () -- C:\Users\Public\Desktop\Avast Secure Browser.lnk
[2018/10/21 20:50:34 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
[2018/10/21 20:50:34 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2018/10/21 20:22:15 | 000,001,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2018/10/20 19:39:21 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2018/10/19 10:04:48 | 000,140,800 | ---- | C] () -- C:\Users\bramp\AppData\Local\installer.dat
[2018/10/18 18:46:23 | 000,000,144 | ---- | C] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2018/10/18 13:18:32 | 000,098,244 | ---- | C] () -- C:\Windows\uninstaller.dat
[2018/10/18 09:10:09 | 000,000,451 | ---- | C] () -- C:\Windows\SysNative\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
[2018/10/18 08:37:42 | 001,308,672 | ---- | C] () -- C:\Windows\SysNative\FaceProcessor.dll
[2018/10/18 08:37:26 | 000,542,888 | ---- | C] () -- C:\Windows\SysNative\FaceProcessorCore.dll
[2018/10/18 08:37:23 | 000,052,736 | ---- | C] () -- C:\Windows\SysNative\runexehelper.exe
[2018/10/18 08:37:23 | 000,001,312 | ---- | C] () -- C:\Windows\SysNative\tcbres.wim
[2018/10/18 08:37:22 | 000,058,524 | ---- | C] () -- C:\Windows\SysNative\srms.dat
[2018/10/17 20:00:20 | 2522,148,864 | -HS- | C] () -- C:\hiberfil.sys
[2018/10/17 20:00:06 | 000,105,420 | ---- | C] () -- C:\Windows\SysWow64\license.rtf
[2018/10/17 20:00:06 | 000,105,420 | ---- | C] () -- C:\Windows\SysNative\license.rtf
[2018/10/17 19:59:02 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2018/10/17 19:58:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2018/10/17 19:58:22 | 000,404,368 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2018/10/17 19:58:21 | 016,777,216 | -HS- | C] () -- C:\swapfile.sys
[2018/10/17 18:56:41 | 000,002,457 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[2018/10/17 18:56:41 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk
[2018/10/17 18:13:32 | 000,001,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
[2018/10/17 18:10:40 | 000,849,474 | ---- | C] () -- C:\Windows\SysNative\drivers\rtwavesskdy.dat
[2018/10/17 18:10:40 | 000,031,095 | ---- | C] () -- C:\Windows\SysNative\drivers\rtwavesEFX.dat
[2018/10/17 18:10:40 | 000,010,945 | ---- | C] () -- C:\Windows\SysNative\drivers\rtwavesMFX.dat
[2018/10/17 18:10:35 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2018/10/17 18:10:34 | 000,188,490 | ---- | C] () -- C:\Windows\SysNative\drivers\RTWAVES40.dat
[2018/10/17 18:09:02 | 000,002,377 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2018/10/17 18:09:02 | 000,002,360 | ---- | C] () -- C:\Users\bramp\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2018/10/17 18:06:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
[2018/10/17 18:06:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01011.Wdf
[2018/10/17 18:04:52 | 000,838,560 | ---- | C] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2018/10/17 18:02:52 | 000,002,367 | ---- | C] () -- C:\Users\bramp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[2018/10/17 18:02:52 | 000,000,352 | ---- | C] () -- C:\Users\bramp\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2018/10/17 18:02:52 | 000,000,334 | ---- | C] () -- C:\Users\bramp\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2018/06/19 15:06:01 | 002,841,312 | ---- | C] () -- C:\Windows\SysWow64\Windows.Mirage.dll
[2018/06/19 15:06:01 | 000,018,716 | ---- | C] () -- C:\Windows\SysWow64\srms-apr.dat
[2018/04/11 18:38:34 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2018/04/11 18:38:34 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2018/04/11 18:34:55 | 000,518,144 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2018/04/11 18:34:50 | 000,054,272 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2018/04/11 18:34:49 | 000,002,404 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2018/04/11 18:34:47 | 000,364,200 | ---- | C] () -- C:\Windows\SysWow64\InputHost.dll
[2018/04/11 18:34:46 | 003,575,808 | ---- | C] () -- C:\Windows\SysWow64\Windows.UI.Input.Inking.Analysis.dll
[2018/04/11 18:34:46 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\Windows.WARP.JITService.exe
[2018/04/11 18:34:45 | 000,329,216 | ---- | C] () -- C:\Windows\SysWow64\ssdm.dll
[2018/04/11 18:34:45 | 000,223,232 | ---- | C] () -- C:\Windows\SysWow64\HeatCore.dll
[2018/04/11 18:34:45 | 000,167,640 | ---- | C] () -- C:\Windows\SysWow64\chs_singlechar_pinyin.dat
[2018/04/11 18:34:45 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\WindowsDefaultHeatProcessor.dll
[2018/04/11 18:34:45 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\xboxgipsynthetic.dll
[2018/04/11 18:34:36 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2018/04/11 18:34:30 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== ZeroAccess Check ==========
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2018/09/19 23:09:56 | 007,432,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2018/09/19 23:29:04 | 006,039,368 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2018/04/11 18:34:40 | 000,973,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2018/04/11 18:34:55 | 000,785,408 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2018/04/11 18:34:40 | 000,524,288 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2018/10/21 20:50:37 | 000,000,000 | ---D | M] -- C:\Users\bramp\AppData\Roaming\AVAST Software
[2018/10/17 18:38:34 | 000,000,000 | ---D | M] -- C:\Users\bramp\AppData\Roaming\MetaQuotes
========== Purity Check ==========

< End of report >
 

Bramp

Member
recycle bin on C is corrupt. I get this message when booting or coming from standby. Machine is a little slower and crashed once at the recycle bin message.
 

johnb35

Administrator
Staff member
The Ask and AOL are no big deal so don't have to worry about that. Have you ran an Avast virus scan since you have that installed already? Not seeing a whole heck of a lot in the OTL scan. If recycle bin is corrupted then it may be time to reload windows. However, you can try running the SFC /scannow command at an elevated command prompt.
 
Top