Malwarebytes scan. 81 of 83 threats removed. 2 remain

Discussion in 'Computer Security' started by Bramp, Oct 22, 2018.

  1. Bramp

    Bramp Member

    Messages:
    512
    Malwarebytes scan. 81 of 83 threats removed. 2 remain

    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.4.0
    # -------------------------------
    # Build: 09-25-2018
    # Database: 2018-10-12.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 10-21-2018
    # Duration: 00:00:07
    # OS: Windows 10 Home
    # Cleaned: 81
    # Failed: 2


    ***** [ Services ] *****

    Deleted MicroService

    ***** [ Folders ] *****

    Deleted C:\Program Files (x86)\Microleaves
    Deleted C:\Users\bramp\AppData\Roaming\Microleaves
    Deleted C:\Program Files (x86)\ShutdownTime
    Deleted C:\ProgramData\44580252-5135-1
    Deleted C:\ProgramData\44580252-0437-0
    Deleted C:\Program Files (x86)\FastDataX
    Deleted C:\Windows\Syswow64\SSL
    Deleted C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}

    ***** [ Files ] *****

    Deleted C:\Users\bramp\appdata\local\installationconfiguration.xml
    Deleted C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    Deleted C:\Windows\Tasks\Online Application V2G5.job
    Deleted C:\Windows\System32\Tasks\Online Application V2G5
    Deleted C:\Windows\Tasks\Online Application V2G4.job
    Deleted C:\Windows\System32\Tasks\Online Application V2G4
    Deleted C:\Windows\Tasks\Online Application V2G6.job
    Deleted C:\Windows\System32\Tasks\Online Application V2G6
    Deleted C:\Windows\System32\Tasks\FastDataX Task
    Deleted C:\Windows\System32\Tasks\PPI Update
    Deleted C:\Windows\Tasks\Online Application V2G2.job
    Deleted C:\Windows\System32\Tasks\Online Application V2G2
    Deleted C:\Windows\Tasks\Online Application V2G3.job
    Deleted C:\Windows\System32\Tasks\Online Application V2G3
    Deleted C:\Windows\Tasks\Online Application V2G1.job
    Deleted C:\Windows\System32\Tasks\Online Application V2G1
    Deleted C:\Windows\Tasks\Updater_Online_Application.job
    Deleted C:\Windows\System32\Tasks\Updater_Online_Application

    ***** [ Registry ] *****

    Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
    Deleted HKLM\Software\MICROSOFT\TechnologyDesktopnew
    Deleted HKLM\SOFTWARE\MICROSOFT\Speedycar
    Deleted HKLM\Software\Wow6432Node\Microleaves
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A36F15B8-2B98-42C0-8E7B-87AFEF3D636E}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A36F15B8-2B98-42C0-8E7B-87AFEF3D636E}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{892A835C-33BF-435B-8188-A5A86B4662C9}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{892A835C-33BF-435B-8188-A5A86B4662C9}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62325963-895E-4A4D-A899-D22428A1B370}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62325963-895E-4A4D-A899-D22428A1B370}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6
    Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|ShutdownTime
    Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ShutdownTime_is1
    Deleted HKCU\Software\Microsoft\BigTime
    Deleted HKCU\Software\FastDataX
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD8A926F-B3DF-4430-AD29-FD07C2CC5FB5}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD8A926F-B3DF-4430-AD29-FD07C2CC5FB5}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FastDataX Task
    Deleted HKLM\Software\Microsoft\DMunversion
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B341C4F-E1E4-4115-A3E1-86E8ED9F850F}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B341C4F-E1E4-4115-A3E1-86E8ED9F850F}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PPI Update
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE1D2BE8-CA18-4D59-AF05-BD0FFAB07BCA}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE1D2BE8-CA18-4D59-AF05-BD0FFAB07BCA}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCC3EE15-69DD-4B71-BF86-B15E70816351}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCC3EE15-69DD-4B71-BF86-B15E70816351}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4561ABB2-0CBA-4688-BB9F-19D1B1440798}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4561ABB2-0CBA-4688-BB9F-19D1B1440798}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1
    Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
    Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
    Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
    Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
    Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
    Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10A15802-5D7D-4250-8356-92DB2E6A9C9A}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10A15802-5D7D-4250-8356-92DB2E6A9C9A}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application
    Deleted HKCU\Software\MICROSOFT\wewewe
    Deleted HKLM\Software\Wow6432Node\SrcAAAesom Browser Enhancer
    Deleted HKLM\Software\SrcAAAesom Browser Enhancer
    Deleted HKCU\Software\WajIEnhance
    Deleted HKLM\Software\Wow6432Node\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
    Deleted HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
    Deleted HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
    Deleted HKLM\Software\Microsoft\PrIncub
    Deleted HKLM\Software\Microsoft\MPrForShutT
    Deleted HKLM\Software\Microsoft\PrAmNP
    Deleted HKLM\Software\Microsoft\NSaveA
    Deleted HKLM\Software\Microsoft\APreSam

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    Not Deleted Ask
    Not Deleted AOL

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [9455 octets] - [21/10/2018 20:04:12]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
     
  2. Bramp

    Bramp Member

    Messages:
    512
    Ran the scan again and 1 more was removed with 1 remaining.. Mouse is not working.. I think there is virus on here still . Using the touchpad. Ok and now suddenly the mouse is working again .

    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.4.0
    # -------------------------------
    # Build: 09-25-2018
    # Database: 2018-10-12.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 10-21-2018
    # Duration: 00:00:00
    # OS: Windows 10 Home
    # Cleaned: 1
    # Failed: 1


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    No malicious registry entries cleaned.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    Deleted Ask
    Not Deleted AOL

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [9455 octets] - [21/10/2018 20:04:12]
    AdwCleaner[C00].txt - [8135 octets] - [21/10/2018 20:04:47]
    AdwCleaner[S01].txt - [1411 octets] - [21/10/2018 20:12:58]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
     
  3. Bramp

    Bramp Member

    Messages:
    512
    Ran this.. Cant run JUNKWARE REMOVAL TOOL, its no longer in business.
    Are there any other scans I should do?
    Windows defender originally found a Trojan!!


    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 10/21/18
    Scan Time: 8:24 PM
    Log File: 3f43e67e-d599-11e8-835c-74867a0dfa4d.json

    -Software Information-
    Version: 3.6.1.2711
    Components Version: 1.0.463
    Update Package Version: 1.0.7459
    License: Trial

    -System Information-
    OS: Windows 10 (Build 17134.345)
    CPU: x64
    File System: NTFS
    User: DESKTOP-75HFSQL\bramp

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 275850
    Threats Detected: 101
    Threats Quarantined: 101
    Time Elapsed: 2 min, 26 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 1
    Adware.Tuto4PC, C:\Program Files (x86)\Multitimer\Multitimer.exe, Quarantined, [2781], [474048],1.0.7459

    Module: 2
    Adware.Tuto4PC, C:\Program Files (x86)\Multitimer\Multitimer.exe, Quarantined, [2781], [474048],1.0.7459
    Adware.Wajam.Generic, C:\WINDOWS\XTNOKZYUBY.XTNO, Quarantined, [4874], [580236],1.0.7459

    Registry Key: 24
    Adware.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Multitimer_is1, Delete-on-Reboot, [2781], [474048],1.0.7459
    Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NWNiZWRiND, Delete-on-Reboot, [464], [556539],1.0.7459
    Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Delete-on-Reboot, [464], [-1],0.0.0
    Adware.Tuto4PC, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\MICROSOFT\EWMON, Delete-on-Reboot, [2781], [411543],1.0.7459
    Trojan.Agent, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amazon assistant 1.0, Delete-on-Reboot, [397], [533745],1.0.7459
    Trojan.Agent, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amazon assistant 2.0, Delete-on-Reboot, [397], [533745],1.0.7459
    Trojan.Agent, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\disk genius 2.02, Delete-on-Reboot, [397], [533746],1.0.7459
    Trojan.Agent, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\farmer 1.0, Delete-on-Reboot, [397], [533747],1.0.7459
    Trojan.Agent, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\pro 1.0, Delete-on-Reboot, [397], [533748],1.0.7459
    Trojan.Agent, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\soundplay 3.0, Delete-on-Reboot, [397], [533749],1.0.7459
    Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\bestavicampaign563, Delete-on-Reboot, [426], [584322],1.0.7459
    Adware.Wajam, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NWNiZWRiND, Delete-on-Reboot, [464], [533738],1.0.7459
    Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Delete-on-Reboot, [426], [518478],1.0.7459
    Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MPrForWeathI, Delete-on-Reboot, [2781], [572664],1.0.7459
    Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MTPreC_B, Delete-on-Reboot, [2781], [572665],1.0.7459
    Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MTPreC_Qn, Delete-on-Reboot, [2781], [572666],1.0.7459
    Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Delete-on-Reboot, [426], [518476],1.0.7459
    Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreAm, Delete-on-Reboot, [2781], [572667],1.0.7459
    Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreIc, Delete-on-Reboot, [2781], [572668],1.0.7459
    Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreJ, Delete-on-Reboot, [2781], [572669],1.0.7459
    Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreShM, Delete-on-Reboot, [2781], [572670],1.0.7459
    Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MTYxNT, Delete-on-Reboot, [4874], [580236],1.0.7459
    Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\OWQzOThmNWQ5Nj, Delete-on-Reboot, [464], [480979],1.0.7459
    Spyware.Socelars, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\{6D187CC8-35BD-47F6-8760-D406AA1927B1}, Delete-on-Reboot, [6273], [584328],1.0.7459

    Registry Value: 8
    Adware.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Multitimer, Delete-on-Reboot, [2781], [474048],1.0.7459
    Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [464], [-1],0.0.0
    Adware.Wajam, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [464], [-1],0.0.0
    Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [464], [-1],0.0.0
    Adware.Tuto4PC, HKU\S-1-5-21-1797091403-4285730871-1708639384-1001\SOFTWARE\MICROSOFT\EWMON|PARTNER, Delete-on-Reboot, [2781], [411543],1.0.7459
    Adware.Wajam, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NWNiZWRiND|DISPLAYNAME, Delete-on-Reboot, [464], [533738],1.0.7459
    Adware.Wajam, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NWNiZWRiND|PUBLISHER, Delete-on-Reboot, [464], [533738],1.0.7459
    Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MTYxNT|IMAGEPATH, Delete-on-Reboot, [4874], [580236],1.0.7459

    Registry Data: 10
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replace-on-Reboot, [3162], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replace-on-Reboot, [3162], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{0d44a2fa-3617-49dd-b680-b33630629d6a}|NameServer, Replace-on-Reboot, [3162], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{246bd046-8f7e-4214-abda-1e2373d0dede}|NameServer, Replace-on-Reboot, [3162], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{246bd046-8f7e-4214-abda-1e2373d0dede}|DhcpNameServer, Replace-on-Reboot, [3162], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{264d5823-90d2-4603-bc01-125bbf1639fe}|NameServer, Replace-on-Reboot, [3162], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{788f174d-3046-455d-b68e-3098617fa0f2}|NameServer, Replace-on-Reboot, [3162], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{788f174d-3046-455d-b68e-3098617fa0f2}|DhcpNameServer, Replace-on-Reboot, [3162], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{87403074-c8a6-410e-ba56-a30956a05ae9}|NameServer, Replace-on-Reboot, [3162], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{cec8c91f-d8bd-4583-9de4-3724f624fbf0}|NameServer, Replace-on-Reboot, [3162], [-1],0.0.0

    Data Stream: 0
    (No malicious items detected)

    Folder: 6
    Adware.Tuto4PC, C:\PROGRAM FILES (X86)\MULTITIMER, Delete-on-Reboot, [2781], [474048],1.0.7459
    Adware.Tuto4PC, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\CFDX42UGOE, Delete-on-Reboot, [2781], [487472],1.0.7459
    Adware.Tuto4PC, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\DQGFPGXWZ4, Delete-on-Reboot, [2781], [487472],1.0.7459
    Adware.Wajam, C:\PROGRAM FILES\NWNiZWRiND, Delete-on-Reboot, [464], [556539],1.0.7459
    PUP.Optional.BundleInstaller, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\89674062, Delete-on-Reboot, [415], [463480],1.0.7459
    PUP.Optional.BundleInstaller, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\89674062, Delete-on-Reboot, [415], [463480],1.0.7459

    File: 50
    Adware.Tuto4PC, C:\PROGRAM FILES (X86)\MULTITIMER\UNINS000.DAT, Delete-on-Reboot, [2781], [474048],1.0.7459
    Adware.Tuto4PC, C:\Program Files (x86)\Multitimer\Multitimer.exe, Delete-on-Reboot, [2781], [474048],1.0.7459
    Adware.Tuto4PC, C:\Program Files (x86)\Multitimer\unins000.exe, Delete-on-Reboot, [2781], [474048],1.0.7459
    Adware.Tuto4PC, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\CFDX42UGOE\up.exe.config, Delete-on-Reboot, [2781], [487472],1.0.7459
    Adware.Tuto4PC, C:\Users\bramp\AppData\Local\Temp\CFDX42UGOE\up.exe, Delete-on-Reboot, [2781], [487472],1.0.7459
    Adware.Tuto4PC, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\DQGFPGXWZ4\up.exe.config, Delete-on-Reboot, [2781], [487472],1.0.7459
    Adware.Tuto4PC, C:\Users\bramp\AppData\Local\Temp\DQGFPGXWZ4\up.exe, Delete-on-Reboot, [2781], [487472],1.0.7459
    Adware.Linkury.Generic, C:\USERS\BRAMP\APPDATA\LOCAL\SHAM.DB, Delete-on-Reboot, [3739], [516191],1.0.7459
    Adware.Wajam, C:\PROGRAM FILES\NWNiZWRiND\WBE_uninstall.dat, Delete-on-Reboot, [464], [556539],1.0.7459
    Adware.Wajam, C:\Program Files\NWNiZWRiND\mozcrt19.dll, Delete-on-Reboot, [464], [556539],1.0.7459
    Adware.Wajam, C:\Program Files\NWNiZWRiND\NDQ2NTI1Y.exe, Delete-on-Reboot, [464], [556539],1.0.7459
    Adware.Wajam, C:\Program Files\NWNiZWRiND\NmZiZWFmMTc, Delete-on-Reboot, [464], [556539],1.0.7459
    Adware.Wajam, C:\Program Files\NWNiZWRiND\nspr4.dll, Delete-on-Reboot, [464], [556539],1.0.7459
    Adware.Wajam, C:\Program Files\NWNiZWRiND\nss3.dll, Delete-on-Reboot, [464], [556539],1.0.7459
    Adware.Wajam, C:\Program Files\NWNiZWRiND\NTIyMzA1OW.exe, Delete-on-Reboot, [464], [556539],1.0.7459
    Adware.Wajam, C:\Program Files\NWNiZWRiND\OTcyYTFiYjM0MT.exe, Delete-on-Reboot, [464], [556539],1.0.7459
    Adware.Wajam, C:\Program Files\NWNiZWRiND\plc4.dll, Delete-on-Reboot, [464], [556539],1.0.7459
    Adware.Wajam, C:\Program Files\NWNiZWRiND\plds4.dll, Delete-on-Reboot, [464], [556539],1.0.7459
    Adware.Wajam, C:\Program Files\NWNiZWRiND\service.dat, Delete-on-Reboot, [464], [556539],1.0.7459
    Adware.Wajam, C:\Program Files\NWNiZWRiND\service_64.dat, Delete-on-Reboot, [464], [556539],1.0.7459
    Adware.Wajam, C:\Program Files\NWNiZWRiND\softokn3.dll, Delete-on-Reboot, [464], [556539],1.0.7459
    Adware.Wajam, C:\Program Files\NWNiZWRiND\YzE2Zjg1NjQ0Mjg2Y.ico, Delete-on-Reboot, [464], [556539],1.0.7459
    PUP.Optional.BundleInstaller, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\89674062\ic-0.2c9d8b3c3f102.exe, Delete-on-Reboot, [415], [463480],1.0.7459
    PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.556fb167274c1c.exe, Delete-on-Reboot, [415], [463480],1.0.7459
    PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.6392e473c033a.exe, Delete-on-Reboot, [415], [463480],1.0.7459
    PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.6e8a1316b59204.exe, Delete-on-Reboot, [415], [463480],1.0.7459
    PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.7b9a1977919e78.exe, Delete-on-Reboot, [415], [463480],1.0.7459
    PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.8aabfeca79344.exe, Delete-on-Reboot, [415], [463480],1.0.7459
    PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.a54c834a8f0eb.exe, Delete-on-Reboot, [415], [463480],1.0.7459
    PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.cdb1100eeb1aa.exe, Delete-on-Reboot, [415], [463480],1.0.7459
    PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.fa69ec4a2d418.exe, Delete-on-Reboot, [415], [463480],1.0.7459
    PUP.Optional.BundleInstaller, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\89674062\ic-0.556fb167274c1c.exe, Delete-on-Reboot, [415], [463480],1.0.7459
    PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.2c9d8b3c3f102.exe, Delete-on-Reboot, [415], [463480],1.0.7459
    PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.6392e473c033a.exe, Delete-on-Reboot, [415], [463480],1.0.7459
    PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.6e8a1316b59204.exe, Delete-on-Reboot, [415], [463480],1.0.7459
    PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.7b9a1977919e78.exe, Delete-on-Reboot, [415], [463480],1.0.7459
    PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.8aabfeca79344.exe, Delete-on-Reboot, [415], [463480],1.0.7459
    PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.a54c834a8f0eb.exe, Delete-on-Reboot, [415], [463480],1.0.7459
    PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.cdb1100eeb1aa.exe, Delete-on-Reboot, [415], [463480],1.0.7459
    PUP.Optional.BundleInstaller, C:\Users\bramp\AppData\Local\Temp\89674062\ic-0.fa69ec4a2d418.exe, Delete-on-Reboot, [415], [463480],1.0.7459
    Adware.Wajam.Generic, C:\WINDOWS\XTNOKZYUBY.XTNO, Delete-on-Reboot, [4874], [580236],1.0.7459
    Adware.Wajam, C:\WINDOWS\SYSTEM32\DRIVERS\OWQZOTHMNWQ5NJ, Delete-on-Reboot, [464], [480979],1.0.7459
    Adware.Csdimonetize, C:\PROGRAM FILES (X86)\MUR\681850109.EXE, Delete-on-Reboot, [7812], [585499],1.0.7459
    Adware.DNSUnlocker.ACMB2, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\IS-E1EMB.TMP\CXGZ.DLL, Delete-on-Reboot, [3162], [582788],1.0.7459
    Adware.Tuto4PC, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\IS-IOUQ4.TMP\UNREALS.EXE, Delete-on-Reboot, [2781], [551717],1.0.7459
    Adware.Csdimonetize, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\IS-IOUQ4.TMP\SETUP.EXE, Delete-on-Reboot, [7812], [585488],1.0.7459
    Adware.Csdimonetize, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\IS-OS7BG.TMP\PMALAML.EXE, Delete-on-Reboot, [7812], [585499],1.0.7459
    Adware.Tuto4PC, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\GIB3NMEPK0A.EXE, Delete-on-Reboot, [2781], [474076],1.0.7459
    Adware.Csdimonetize, C:\USERS\BRAMP\APPDATA\LOCAL\TEMP\IS-CDJI9.TMP\PMALAML.EXE, Delete-on-Reboot, [7812], [585499],1.0.7459
    Adware.Wajam, C:\WINDOWS\NTIYMZA1OW.EXE, Delete-on-Reboot, [464], [554644],1.0.7459

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)
     
  4. Bramp

    Bramp Member

    Messages:
    512
    windows defender says it found threats, wont say what it is, and will not remove it either.
     
  5. Bramp

    Bramp Member

    Messages:
    512
    HERE IS OLT file thank you for your assitance.


    OTL logfile created on: 10/21/2018 9:02:57 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bramp\Downloads
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.17134.0)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
    5.87 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 51.04% Memory free
    7.50 Gb Paging File | 4.63 Gb Available in Paging File | 61.75% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 222.97 Gb Total Space | 191.17 Gb Free Space | 85.74% Space Free | Partition Type: NTFS
    Computer Name: DESKTOP-75HFSQL | User Name: bramp | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
    ========== Processes (SafeList) ==========
    PRC - File not found
    PRC - C:\Users\bramp\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe (AVAST Software)
    PRC - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Users\bramp\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Windows\SysWOW64\fontdrvhost.exe (Microsoft Corporation)
    PRC - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    PRC - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
    ========== Modules (No Company Name) ==========
    MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
    MOD - C:\Program Files\AVAST Software\Avast\streamback.dll ()
    ========== Services (SafeList) ==========
    SRV:64bit: - (AvastWscReporter) -- C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (AVAST Software)
    SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (aswbIDSAgent) -- C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (AVAST Software)
    SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
    SRV:64bit: - (BcastDVRUserService) -- C:\Windows\SysNative\bcastdvruserservice.dll (Microsoft Corporation)
    SRV:64bit: - (CoreMessagingRegistrar) -- C:\Windows\SysNative\CoreMessaging.dll (Microsoft Corporation)
    SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
    SRV:64bit: - (UsoSvc) -- C:\Windows\SysNative\usocore.dll (Microsoft Corporation)
    SRV:64bit: - (MBAMService) -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
    SRV:64bit: - (NgcSvc) -- C:\Windows\SysNative\ngcsvc.dll (Microsoft Corporation)
    SRV:64bit: - (DoSvc) -- C:\Windows\SysNative\dosvc.dll (Microsoft Corporation)
    SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
    SRV:64bit: - (SharedRealitySvc) -- C:\Windows\SysNative\SharedRealitySvc.dll (Microsoft Corporation)
    SRV:64bit: - (WaaSMedicSvc) -- C:\Windows\SysNative\WaaSMedicSvc.dll (Microsoft Corporation)
    SRV:64bit: - (HvHost) -- C:\Windows\SysNative\hvhostsvc.dll (Microsoft Corporation)
    SRV:64bit: - (diagnosticshub.standardcollector.service) -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (Microsoft Corporation)
    SRV:64bit: - (TokenBroker) -- C:\Windows\SysNative\TokenBroker.dll (Microsoft Corporation)
    SRV:64bit: - (SecurityHealthService) -- C:\Windows\SysNative\SecurityHealthService.exe (Microsoft Corporation)
    SRV:64bit: - (PushToInstall) -- C:\Windows\SysNative\PushToInstall.dll (Microsoft Corporation)
    SRV:64bit: - (WFDSConMgrSvc) -- C:\Windows\SysNative\WFDSConMgrSvc.dll (Microsoft Corporation)
    SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
    SRV:64bit: - (wlpasvc) -- C:\Windows\SysNative\lpasvc.dll (Microsoft Corporation)
    SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
    SRV:64bit: - (MapsBroker) -- C:\Windows\SysNative\moshost.dll (Microsoft Corporation)
    SRV:64bit: - (WpcMonSvc) -- C:\Windows\SysNative\WpcDesktopMonSvc.dll (Microsoft Corporation)
    SRV:64bit: - (spectrum) -- C:\Windows\SysNative\Spectrum.exe (Microsoft Corporation)
    SRV:64bit: - (wisvc) -- C:\Windows\SysNative\FlightSettings.dll (Microsoft Corporation)
    SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
    SRV:64bit: - (PhoneSvc) -- C:\Windows\SysNative\PhoneService.dll (Microsoft Corporation)
    SRV:64bit: - (StateRepository) -- C:\Windows\SysNative\Windows.StateRepository.dll (Microsoft Corporation)
    SRV:64bit: - (FrameServer) -- C:\Windows\SysNative\FrameServer.dll (Microsoft Corporation)
    SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
    SRV:64bit: - (DsSvc) -- C:\Windows\SysNative\dssvc.dll (Microsoft Corporation)
    SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
    SRV:64bit: - (camsvc) -- C:\Windows\SysNative\CapabilityAccessManager.dll (Microsoft Corporation)
    SRV:64bit: - (DmEnrollmentSvc) -- C:\Windows\SysNative\Windows.Internal.Management.dll (Microsoft Corporation)
    SRV:64bit: - (InstallService) -- C:\Windows\SysNative\InstallService.dll (Microsoft Corporation)
    SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
    SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
    SRV:64bit: - (RetailDemo) -- C:\Windows\SysNative\RDXService.dll (Microsoft Corporation)
    SRV:64bit: - (WalletService) -- C:\Windows\SysNative\WalletService.dll (Microsoft Corporation)
    SRV:64bit: - (DevicePickerUserSvc) -- C:\Windows\SysNative\Windows.Devices.Picker.dll (Microsoft Corporation)
    SRV:64bit: - (NaturalAuthentication) -- C:\Windows\SysNative\NaturalAuth.dll (Microsoft Corporation)
    SRV:64bit: - (SmsRouter) -- C:\Windows\SysNative\SmsRouterSvc.dll (Microsoft Corporation)
    SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
    SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
    SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
    SRV:64bit: - (diagsvc) -- C:\Windows\SysNative\DiagSvc.dll (Microsoft Corporation)
    SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
    SRV:64bit: - (TieringEngineService) -- C:\Windows\SysNative\TieringEngineService.exe (Microsoft Corporation)
    SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
    SRV:64bit: - (SensorDataService) -- C:\Windows\SysNative\SensorDataService.exe (Microsoft Corporation)
    SRV:64bit: - (PrintWorkflowUserSvc) -- C:\Windows\SysNative\PrintWorkflowService.dll (Microsoft Corporation)
    SRV:64bit: - (RmSvc) -- C:\Windows\SysNative\RMapi.dll (Microsoft Corporation)
    SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
    SRV:64bit: - (UserManager) -- C:\Windows\SysNative\usermgr.dll (Microsoft Corporation)
    SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
    SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
    SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
    SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
    SRV:64bit: - (NetSetupSvc) -- C:\Windows\SysNative\NetSetupSvc.dll (Microsoft Corporation)
    SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
    SRV:64bit: - (WpnUserService_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
    SRV:64bit: - (UserDataSvc_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
    SRV:64bit: - (UnistoreSvc_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
    SRV:64bit: - (PrintWorkflowUserSvc_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
    SRV:64bit: - (PimIndexMaintenanceSvc_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
    SRV:64bit: - (OneSyncSvc_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
    SRV:64bit: - (MessagingService_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
    SRV:64bit: - (DevicesFlowUserSvc_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
    SRV:64bit: - (DevicePickerUserSvc_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
    SRV:64bit: - (CDPUserSvc_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
    SRV:64bit: - (BluetoothUserService_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
    SRV:64bit: - (BcastDVRUserService_5579e) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
    SRV:64bit: - (DevicesFlowUserSvc) -- C:\Windows\SysNative\DevicesFlowBroker.dll (Microsoft Corporation)
    SRV:64bit: - (shpamsvc) -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
    SRV:64bit: - (SensorService) -- C:\Windows\SysNative\SensorService.dll (Microsoft Corporation)
    SRV:64bit: - (BTAGService) -- C:\Windows\SysNative\BTAGService.dll (Microsoft Corporation)
    SRV:64bit: - (BthAvctpSvc) -- C:\Windows\SysNative\BthAvctpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (dmwappushservice) -- C:\Windows\SysNative\dmwappushsvc.dll (Microsoft Corporation)
    SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
    SRV:64bit: - (UserDataSvc) -- C:\Windows\SysNative\UserDataService.dll (Microsoft Corporation)
    SRV:64bit: - (UnistoreSvc) -- C:\Windows\SysNative\Unistore.dll (Microsoft Corporation)
    SRV:64bit: - (NgcCtnrSvc) -- C:\Windows\SysNative\NgcCtnrSvc.dll (Microsoft Corporation)
    SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
    SRV:64bit: - (EntAppSvc) -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll (Microsoft Corporation)
    SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
    SRV:64bit: - (WpnService) -- C:\Windows\SysNative\wpnservice.dll (Microsoft Corporation)
    SRV:64bit: - (icssvc) -- C:\Windows\SysNative\tetheringservice.dll (Microsoft Corporation)
    SRV:64bit: - (PimIndexMaintenanceSvc) -- C:\Windows\SysNative\PimIndexMaintenance.dll (Microsoft Corporation)
    SRV:64bit: - (TimeBrokerSvc) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
    SRV:64bit: - (WpnUserService) -- C:\Windows\SysNative\WpnUserService.dll (Microsoft Corporation)
    SRV:64bit: - (XboxGipSvc) -- C:\Windows\SysNative\xboxgipsvc.dll (Microsoft Corporation)
    SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\lfsvc.dll (Microsoft Corporation)
    SRV:64bit: - (SEMgrSvc) -- C:\Windows\SysNative\SEMgrSvc.dll (Microsoft Corporation)
    SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
    SRV:64bit: - (LicenseManager) -- C:\Windows\SysNative\LicenseManagerSvc.dll (Microsoft Corporation)
    SRV:64bit: - (DevQueryBroker) -- C:\Windows\SysNative\DevQueryBroker.dll (Microsoft Corporation)
    SRV:64bit: - (XblGameSave) -- C:\Windows\SysNative\XblGameSave.dll (Microsoft Corporation)
    SRV:64bit: - (embeddedmode) -- C:\Windows\SysNative\embeddedmodesvc.dll (Microsoft Corporation)
    SRV:64bit: - (GraphicsPerfSvc) -- C:\Windows\SysNative\GraphicsPerfSvc.dll (Microsoft Corporation)
    SRV:64bit: - (xbgm) -- C:\Windows\SysNative\xbgmsvc.exe (Microsoft Corporation)
    SRV:64bit: - (WarpJITSvc) -- C:\Windows\SysNative\Windows.WARP.JITService.dll (Microsoft Corporation)
    SRV:64bit: - (XblAuthManager) -- C:\Windows\SysNative\XblAuthManager.dll (Microsoft Corporation)
    SRV:64bit: - (tzautoupdate) -- C:\Windows\SysNative\tzautoupdate.dll (Microsoft Corporation)
    SRV:64bit: - (ClipSVC) -- C:\Windows\SysNative\ClipSVC.dll (Microsoft Corporation)
    SRV:64bit: - (CDPSvc) -- C:\Windows\SysNative\cdpsvc.dll (Microsoft Corporation)
    SRV:64bit: - (CDPUserSvc) -- C:\Windows\SysNative\cdpusersvc.dll (Microsoft Corporation)
    SRV:64bit: - (AJRouter) -- C:\Windows\SysNative\AJRouter.dll (Microsoft Corporation)
    SRV:64bit: - (XboxNetApiSvc) -- C:\Windows\SysNative\XboxNetApiSvc.dll (Microsoft Corporation)
    SRV:64bit: - (VacSvc) -- C:\Windows\SysNative\vac.dll (Microsoft Corporation)
    SRV:64bit: - (DusmSvc) -- C:\Windows\SysNative\dusmsvc.dll (Microsoft Corporation)
    SRV:64bit: - (LxpSvc) -- C:\Windows\SysNative\LanguageOverlayServer.dll (Microsoft Corporation)
    SRV:64bit: - (SgrmBroker) -- C:\Windows\SysNative\SgrmBroker.exe (Microsoft Corporation)
    SRV:64bit: - (MessagingService) -- C:\Windows\SysNative\MessagingService.dll (Microsoft Corporation)
    SRV:64bit: - (BluetoothUserService) -- C:\Windows\SysNative\Microsoft.Bluetooth.UserService.dll (Microsoft Corporation)
    SRV:64bit: - (IpxlatCfgSvc) -- C:\Windows\SysNative\ipxlatcfg.dll (Microsoft Corporation)
    SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
    SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvcext.dll (Microsoft Corporation)
    SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvcext.dll (Microsoft Corporation)
    SRV:64bit: - (vmicvmsession) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
    SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
    SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
    SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
    SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
    SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
    SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
    SRV:64bit: - (OneSyncSvc) -- C:\Windows\SysNative\APHostService.dll (Microsoft Corporation)
    SRV:64bit: - (ssh-agent) -- C:\Windows\SysNative\OpenSSH\ssh-agent.exe ()
    SRV:64bit: - (SynTPEnhService) -- C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated)
    SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
    SRV:64bit: - (igfxCUIService1.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation)
    SRV - (avastm) -- C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software)
    SRV - (avast) -- C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software)
    SRV - (WdNisSvc) -- C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\NisSrv.exe (Microsoft Corporation)
    SRV - (WinDefend) -- C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MsMpEng.exe (Microsoft Corporation)
    SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (CoreMessagingRegistrar) -- C:\Windows\SysWOW64\CoreMessaging.dll (Microsoft Corporation)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (TokenBroker) -- C:\Windows\SysWOW64\TokenBroker.dll (Microsoft Corporation)
    SRV - (wisvc) -- C:\Windows\SysWOW64\FlightSettings.dll (Microsoft Corporation)
    SRV - (StateRepository) -- C:\Windows\SysWOW64\Windows.StateRepository.dll (Microsoft Corporation)
    SRV - (DmEnrollmentSvc) -- C:\Windows\SysWOW64\Windows.Internal.Management.dll (Microsoft Corporation)
    SRV - (InstallService) -- C:\Windows\SysWOW64\InstallService.dll (Microsoft Corporation)
    SRV - (DevicePickerUserSvc) -- C:\Windows\SysWOW64\Windows.Devices.Picker.dll (Microsoft Corporation)
    SRV - (PrintWorkflowUserSvc) -- C:\Windows\SysWOW64\PrintWorkflowService.dll (Microsoft Corporation)
    SRV - (UnistoreSvc) -- C:\Windows\SysWOW64\Unistore.dll (Microsoft Corporation)
    SRV - (tzautoupdate) -- C:\Windows\SysWOW64\tzautoupdate.dll (Microsoft Corporation)
    SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
    SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
    SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
    ========== Driver Services (SafeList) ==========
    DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
    DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys (AVAST Software)
    DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (AVAST Software)
    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
    DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys (AVAST Software)
    DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys (AVAST Software)
    DRV:64bit: - (aswElam) -- C:\Windows\SysNative\drivers\aswElam.sys (AVAST Software)
    DRV:64bit: - (aswArPot) -- C:\Windows\SysNative\drivers\aswArPot.sys (AVAST Software)
    DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
    DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
    DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
    DRV:64bit: - (aswHdsKe) -- C:\Windows\SysNative\drivers\aswHdsKe.sys (AVAST Software)
    DRV:64bit: - (aswblog) -- C:\Windows\SysNative\drivers\aswbloga.sys (AVAST Software)
    DRV:64bit: - (aswbidsdriver) -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys (AVAST Software)
    DRV:64bit: - (aswbidsh) -- C:\Windows\SysNative\drivers\aswbidsha.sys (AVAST Software)
    DRV:64bit: - (aswbuniv) -- C:\Windows\SysNative\drivers\aswbuniva.sys (AVAST Software)
    DRV:64bit: - (MBAMProtection) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes)
    DRV:64bit: - (MBAMFarflt) -- C:\Windows\SysNative\drivers\farflt.sys (Malwarebytes)
    DRV:64bit: - (MBAMWebProtection) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes)
    DRV:64bit: - (MBAMChameleon) -- C:\Windows\SysNative\drivers\MbamChameleon.sys (Malwarebytes)
    DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys (Malwarebytes)
    DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\wd\WdFilter.sys (Microsoft Corporation)
    DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\wd\WdNisDrv.sys (Microsoft Corporation)
    DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\wd\WdBoot.sys (Microsoft Corporation)
    DRV:64bit: - (hvservice) -- C:\Windows\SysNative\drivers\hvservice.sys (Microsoft Corporation)
    DRV:64bit: - (ESProtectionDriver) -- C:\Windows\SysNative\drivers\mbae64.sys (Malwarebytes)
    DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
    DRV:64bit: - (scmbus) -- C:\Windows\SysNative\drivers\scmbus.sys (Microsoft Corporation)
    DRV:64bit: - (Ucx01000) -- C:\Windows\SysNative\drivers\Ucx01000.sys (Microsoft Corporation)
    DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
    DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
    DRV:64bit: - (vmgid) -- C:\Windows\SysNative\drivers\vmgid.sys (Microsoft Corporation)
    DRV:64bit: - (CldFlt) -- C:\Windows\SysNative\drivers\cldflt.sys (Microsoft Corporation)
    DRV:64bit: - (WinNat) -- C:\Windows\SysNative\drivers\winnat.sys (Microsoft Corporation)
    DRV:64bit: - (wdiwifi) -- C:\Windows\SysNative\drivers\WdiWiFi.sys (Microsoft Corporation)
    DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
    DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
    DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
    DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
    DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
    DRV:64bit: - (storufs) -- C:\Windows\SysNative\drivers\storufs.sys (Microsoft Corporation)
    DRV:64bit: - (ReFS) -- C:\Windows\SysNative\drivers\refs.sys (Microsoft Corporation)
    DRV:64bit: - (WindowsTrustedRT) -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys (Microsoft Corporation)
    DRV:64bit: - (ReFSv1) -- C:\Windows\SysNative\drivers\refsv1.sys (Microsoft Corporation)
    DRV:64bit: - (xboxgip) -- C:\Windows\SysNative\drivers\xboxgip.sys (Microsoft Corporation)
    DRV:64bit: - (RTSUER) -- C:\Windows\SysNative\drivers\RtsUer.sys (Realsil Semiconductor Corporation)
    DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
    DRV:64bit: - (SpatialGraphFilter) -- C:\Windows\SysNative\drivers\SpatialGraphFilter.sys (Microsoft Corporation)
    DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
    DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
    DRV:64bit: - (bam) -- C:\Windows\SysNative\drivers\bam.sys (Microsoft Corporation)
    DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
    DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
    DRV:64bit: - (afunix) -- C:\Windows\SysNative\drivers\afunix.sys (Microsoft Corporation)
    DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
    DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
    DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
    DRV:64bit: - (NetAdapterCx) -- C:\Windows\SysNative\drivers\NetAdapterCx.sys (Microsoft Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
    DRV:64bit: - (Wof) -- C:\Windows\SysNative\drivers\wof.sys (Microsoft Corporation)
    DRV:64bit: - (applockerfltr) -- C:\Windows\SysNative\drivers\applockerfltr.sys (Microsoft Corporation)
    DRV:64bit: - (WdmCompanionFilter) -- C:\Windows\SysNative\drivers\WdmCompanionFilter.sys (Microsoft Corporation)
    DRV:64bit: - (Ufx01000) -- C:\Windows\SysNative\drivers\ufx01000.sys (Microsoft Corporation)
    DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
    DRV:64bit: - (UcmTcpciCx0101) -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys (Microsoft Corporation)
    DRV:64bit: - (wcifs) -- C:\Windows\SysNative\drivers\wcifs.sys (Microsoft Corporation)
    DRV:64bit: - (UcmCx0101) -- C:\Windows\SysNative\drivers\UcmCx.sys (Microsoft Corporation)
    DRV:64bit: - (wcnfs) -- C:\Windows\SysNative\drivers\wcnfs.sys (Microsoft Corporation)
    DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
    DRV:64bit: - (UrsCx01000) -- C:\Windows\SysNative\drivers\urscx01000.sys (Microsoft Corporation)
    DRV:64bit: - (cnghwassist) -- C:\Windows\SysNative\drivers\cnghwassist.sys (Microsoft Corporation)
    DRV:64bit: - (IndirectKmd) -- C:\Windows\SysNative\drivers\IndirectKmd.sys (Microsoft Corporation)
    DRV:64bit: - (HwNClx0101) -- C:\Windows\SysNative\drivers\mshwnclx.sys (Microsoft Corporation)
    DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
    DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
    DRV:64bit: - (bindflt) -- C:\Windows\SysNative\drivers\bindflt.sys (Microsoft Corporation)
    DRV:64bit: - (storqosflt) -- C:\Windows\SysNative\drivers\storqosflt.sys (Microsoft Corporation)
    DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
    DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
    DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
    DRV:64bit: - (SgrmAgent) -- C:\Windows\SysNative\drivers\SgrmAgent.sys (Microsoft Corporation)
    DRV:64bit: - (iorate) -- C:\Windows\SysNative\drivers\iorate.sys (Microsoft Corporation)
    DRV:64bit: - (MMCSS) -- C:\Windows\SysNative\drivers\mmcss.sys (Microsoft Corporation)
    DRV:64bit: - (GpuEnergyDrv) -- C:\Windows\SysNative\drivers\gpuenergydrv.sys (Microsoft Corporation)
    DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
    DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
    DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (FileCrypt) -- C:\Windows\SysNative\drivers\filecrypt.sys (Microsoft Corporation)
    DRV:64bit: - (UdeCx) -- C:\Windows\SysNative\drivers\Udecx.sys (Microsoft Corporation)
    DRV:64bit: - (Ramdisk) -- C:\Windows\SysNative\drivers\ramdisk.sys (Microsoft Corporation)
    DRV:64bit: - (vhf) -- C:\Windows\SysNative\drivers\vhf.sys (Microsoft Corporation)
    DRV:64bit: - (IPT) -- C:\Windows\SysNative\drivers\ipt.sys (Microsoft Corporation)
    DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
    DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
    DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
    DRV:64bit: - (UcmUcsi) -- C:\Windows\SysNative\drivers\UcmUcsi.sys (Microsoft Corporation)
    DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
    DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
    DRV:64bit: - (hidinterrupt) -- C:\Windows\SysNative\drivers\hidinterrupt.sys (Microsoft Corporation)
    DRV:64bit: - (xinputhid) -- C:\Windows\SysNative\drivers\xinputhid.sys (Microsoft Corporation)
    DRV:64bit: - (buttonconverter) -- C:\Windows\SysNative\drivers\buttonconverter.sys (Microsoft Corporation)
    DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
    DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
    DRV:64bit: - (WindowsTrustedRTProxy) -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys (Microsoft Corporation)
    DRV:64bit: - (ufxsynopsys) -- C:\Windows\SysNative\drivers\ufxsynopsys.sys (Microsoft Corporation)
    DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
    DRV:64bit: - (UfxChipidea) -- C:\Windows\SysNative\drivers\UfxChipidea.sys (Microsoft Corporation)
    DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys (Microsoft Corporation)
    DRV:64bit: - (UrsChipidea) -- C:\Windows\SysNative\drivers\urschipidea.sys (Microsoft Corporation)
    DRV:64bit: - (UrsSynopsys) -- C:\Windows\SysNative\drivers\urssynopsys.sys (Microsoft Corporation)
    DRV:64bit: - (genericusbfn) -- C:\Windows\SysNative\drivers\genericusbfn.sys (Microsoft Corporation)
    DRV:64bit: - (cht4vbd) -- C:\Windows\SysNative\drivers\cht4vx64.sys (Chelsio Communications)
    DRV:64bit: - (iaStorAVC) -- C:\Windows\SysNative\drivers\iaStorAVC.sys (Intel Corporation)
    DRV:64bit: - (mlx4_bus) -- C:\Windows\SysNative\drivers\mlx4_bus.sys (Mellanox)
    DRV:64bit: - (rt640x64) -- C:\Windows\SysNative\drivers\rt640x64.sys (Realtek )
    DRV:64bit: - (ibbus) -- C:\Windows\SysNative\drivers\ibbus.sys (Mellanox)
    DRV:64bit: - (mausbhost) -- C:\Windows\SysNative\drivers\mausbhost.sys (Microsoft Corporation)
    DRV:64bit: - (cht4iscsi) -- C:\Windows\SysNative\drivers\cht4sx64.sys (Chelsio Communications)
    DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
    DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc.sys (Microsoft Corporation)
    DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
    DRV:64bit: - (ndfltr) -- C:\Windows\SysNative\drivers\ndfltr.sys (Mellanox)
    DRV:64bit: - (pmem) -- C:\Windows\SysNative\drivers\pmem.sys (Microsoft Corporation)
    DRV:64bit: - (nvdimm) -- C:\Windows\SysNative\drivers\nvdimm.sys (Microsoft Corporation)
    DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
    DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
    DRV:64bit: - (WinVerbs) -- C:\Windows\SysNative\drivers\winverbs.sys (Mellanox)
    DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
    DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
    DRV:64bit: - (percsas3i) -- C:\Windows\SysNative\drivers\percsas3i.sys (Avago Technologies)
    DRV:64bit: - (percsas2i) -- C:\Windows\SysNative\drivers\percsas2i.sys (Avago Technologies)
    DRV:64bit: - (mausbip) -- C:\Windows\SysNative\drivers\mausbip.sys (Microsoft Corporation)
    DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
    DRV:64bit: - (bttflt) -- C:\Windows\SysNative\drivers\bttflt.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
    DRV:64bit: - (hvcrash) -- C:\Windows\SysNative\drivers\hvcrash.sys (Microsoft Corporation)
    DRV:64bit: - (SDFRd) -- C:\Windows\SysNative\drivers\SDFRd.sys (Microsoft Corporation)
    DRV:64bit: - (WinMad) -- C:\Windows\SysNative\drivers\winmad.sys (Mellanox)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
    DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
    DRV:64bit: - (swenum) -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys (Microsoft Corporation)
    DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
    DRV:64bit: - (volume) -- C:\Windows\SysNative\drivers\volume.sys (Microsoft Corporation)
    DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
    DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
    DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (QLogic Corporation)
    DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (QLogic Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
    DRV:64bit: - (ItSas35i) -- C:\Windows\SysNative\drivers\ItSas35i.sys (Avago Technologies)
    DRV:64bit: - (LSI_SAS3i) -- C:\Windows\SysNative\drivers\lsi_sas3i.sys (Avago Technologies)
    DRV:64bit: - (LSI_SAS2i) -- C:\Windows\SysNative\drivers\lsi_sas2i.sys (LSI Corporation)
    DRV:64bit: - (CapImg) -- C:\Windows\SysNative\drivers\capimg.sys (Microsoft Corporation)
    DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
    DRV:64bit: - (rhproxy) -- C:\Windows\SysNative\drivers\rhproxy.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
    DRV:64bit: - (megasas35i) -- C:\Windows\SysNative\drivers\megasas35i.sys (Avago Technologies)
    DRV:64bit: - (megasas2i) -- C:\Windows\SysNative\drivers\MegaSas2i.sys (Avago Technologies)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
    DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (AcpiDev) -- C:\Windows\SysNative\drivers\AcpiDev.sys (Microsoft Corporation)
    DRV:64bit: - (PNPMEM) -- C:\Windows\SysNative\drivers\pnpmem.sys (Microsoft Corporation)
    DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
    DRV:64bit: - (iaLPSS2i_I2C_BXT_P) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C_BXT_P.sys (Intel Corporation)
    DRV:64bit: - (iaLPSS2i_I2C) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys (Intel Corporation)
    DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
    DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
    DRV:64bit: - (iai2c) -- C:\Windows\SysNative\drivers\iai2c.sys (Intel(R) Corporation)
    DRV:64bit: - (iaLPSS2i_GPIO2_BXT_P) -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2_BXT_P.sys (Intel Corporation)
    DRV:64bit: - (iaLPSS2i_GPIO2) -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys (Intel Corporation)
    DRV:64bit: - (CAD) -- C:\Windows\SysNative\drivers\CAD.sys (Microsoft Corporation)
    DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys (Microsoft Corporation)
    DRV:64bit: - (iagpio) -- C:\Windows\SysNative\drivers\iagpio.sys (Intel(R) Corporation)
    DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies, Inc.)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Qualcomm Atheros)
    DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverW8x64.sys (Intel Corporation)
    DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
    DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
    DRV - (afunix) -- C:\Windows\SysWOW64\drivers\afunix.sys (Microsoft Corporation)
    DRV - (swenum) -- C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys (Microsoft Corporation)
    DRV - (CompositeBus) -- C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys (Microsoft Corporation)
    ========== Standard Registry (SafeList) ==========
    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    ========== FireFox ==========
    FF - prefs.js..browser.search.countryCode: "EC"
    FF - prefs.js..browser.search.region: "EC"
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 62.0.3\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 62.0.3\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS
    [2018/10/17 18:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bramp\AppData\Roaming\mozilla\Extensions
    [2018/10/17 18:13:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bramp\AppData\Roaming\mozilla\SystemExtensionsDev
    [2018/10/21 20:55:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bramp\AppData\Roaming\mozilla\Firefox\Profiles\r8cixcmo.default\extensions
    [2018/10/21 20:48:26 | 000,789,048 | ---- | M] () (No name found) -- C:\Users\bramp\AppData\Roaming\mozilla\firefox\profiles\r8cixcmo.default\extensions\[email protected]
    [2018/10/17 18:22:07 | 000,006,835 | ---- | M] () (No name found) -- C:\Users\bramp\AppData\Roaming\mozilla\firefox\profiles\r8cixcmo.default\features\{a7e3a724-085a-4d14-947a-8abc45e2ab39}\[email protected]
    [2012/10/01 20:33:44 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
    ========== Chrome ==========
    CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\
    CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\
    CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\
    CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
    CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgjopcolgcafhnicdahjemapkniikeh\3.4.22_0\
    CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\
    CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\
    CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\
    CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmmeekapjbfjachdkgabdaoccfclpaa\1.0.24.20_0\
    CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo\3.30_0\
    CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.4_0\
    CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
    CHR - Extension: No name found = C:\Users\bramp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7018.903.0.0_0\
    O1 HOSTS File: ([2018/10/19 10:05:58 | 002,097,675 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 cpm.paneladmin.pro
    O1 - Hosts: 127.0.0.1 publisher.hmdiadmingate.xyz
    O1 - Hosts: 127.0.0.1 hmdicrewtracksystem.xyz
    O1 - Hosts: 127.0.0.1 mydownloaddomain.com
    O1 - Hosts: 127.0.0.1 linkmate.space
    O1 - Hosts: 127.0.0.1 space1.adminpressure.space
    O1 - Hosts: 127.0.0.1 trackpressure.website
    O1 - Hosts: 127.0.0.1 doctorlink.space
    O1 - Hosts: 127.0.0.1 plugpackdownload.net
    O1 - Hosts: 127.0.0.1 texttotalk.org
    O1 - Hosts: 127.0.0.1 gambling577.xyz
    O1 - Hosts: 127.0.0.1 htagdownload.space
    O1 - Hosts: 127.0.0.1 mybcnmonetize.com
    O1 - Hosts: 127.0.0.1 360devtraking.website
    O1 - Hosts: 127.0.0.1 dscdn.pw
    O1 - Hosts: 127.0.0.1 bcnmonetize.go2affise.com
    O1 - Hosts: 127.0.0.1 beautifllink.xyz
    O4:64bit: - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AVAST Software)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SecurityHealth] C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [AvastBrowserAutoLaunch_C47317C0BC34F90619D957E46A565EC7] C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software)
    O4 - HKCU..\Run: [GoogleChromeAutoLaunch_6CFD100A57B8C1B5220228FC4193464B] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - HKCU..\Run: [OneDrive] C:\Users\bramp\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableFullTrustStartupTasks = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUwpStartupTasks = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SupportFullTrustStartupTasks = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SupportUwpStartupTasks = 1
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0d44a2fa-3617-49dd-b680-b33630629d6a}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{246bd046-8f7e-4214-abda-1e2373d0dede}: DhcpNameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{246bd046-8f7e-4214-abda-1e2373d0dede}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{264d5823-90d2-4603-bc01-125bbf1639fe}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47f83278-d279-11e8-a1f9-806e6f6e6963}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{788f174d-3046-455d-b68e-3098617fa0f2}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{788f174d-3046-455d-b68e-3098617fa0f2}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87403074-c8a6-410e-ba56-a30956a05ae9}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{cec8c91f-d8bd-4583-9de4-3724f624fbf0}: NameServer = 8.8.8.8
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\osf - No CLSID value found
    O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
    O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{2e52f201-d271-11e8-a1fb-74867a0dfa4d}\Shell - "" = AutoRun
    O33 - MountPoints2\{2e52f201-d271-11e8-a1fb-74867a0dfa4d}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
    ========== Files/Folders - Created Within 30 Days ==========
    [2018/10/21 20:59:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2018/10/21 20:53:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVAST Software
    [2018/10/21 20:50:37 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\CEF
    [2018/10/21 20:50:37 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Roaming\AVAST Software
    [2018/10/21 20:50:36 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\AVAST Software
    [2018/10/21 20:50:10 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\CrashDumps
    [2018/10/21 20:48:51 | 001,028,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2018/10/21 20:48:51 | 000,467,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2018/10/21 20:48:51 | 000,381,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswVmm.sys
    [2018/10/21 20:48:51 | 000,346,760 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbloga.sys
    [2018/10/21 20:48:51 | 000,230,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys
    [2018/10/21 20:48:51 | 000,208,640 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
    [2018/10/21 20:48:51 | 000,201,928 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbidsha.sys
    [2018/10/21 20:48:51 | 000,201,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswArPot.sys
    [2018/10/21 20:48:51 | 000,185,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHdsKe.sys
    [2018/10/21 20:48:51 | 000,163,376 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2018/10/21 20:48:51 | 000,111,968 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2018/10/21 20:48:51 | 000,088,112 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
    [2018/10/21 20:48:51 | 000,059,664 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbuniva.sys
    [2018/10/21 20:48:51 | 000,047,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
    [2018/10/21 20:48:51 | 000,042,456 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
    [2018/10/21 20:48:51 | 000,015,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswElam.sys
    [2018/10/21 20:48:47 | 000,378,584 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2018/10/21 20:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVAST Software
    [2018/10/21 20:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2018/10/21 20:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2018/10/21 20:40:58 | 000,058,400 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
    [2018/10/21 20:40:51 | 000,118,584 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
    [2018/10/21 20:40:51 | 000,110,424 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
    [2018/10/21 20:22:51 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\mbam
    [2018/10/21 20:22:29 | 000,200,232 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys
    [2018/10/21 20:22:28 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\mbamtray
    [2018/10/21 20:22:22 | 000,260,384 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
    [2018/10/21 20:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    [2018/10/21 20:22:12 | 000,152,688 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbae64.sys
    [2018/10/21 20:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2018/10/21 20:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
    [2018/10/21 20:03:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2018/10/21 06:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
    [2018/10/21 06:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
    [2018/10/21 06:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
    [2018/10/21 06:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
    [2018/10/20 19:39:50 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Roaming\dvdcss
    [2018/10/20 19:39:38 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Roaming\vlc
    [2018/10/20 19:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2018/10/20 19:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
    [2018/10/19 10:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mur
    [2018/10/19 10:04:58 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Programs
    [2018/10/19 10:04:29 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\AdvinstAnalytics
    [2018/10/19 10:04:20 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\MicroService
    [2018/10/19 10:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Toolkit Final
    [2018/10/19 09:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2018/10/19 09:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2018/10/19 09:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    [2018/10/19 09:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2018/10/19 09:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2018/10/19 09:41:48 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2018/10/19 09:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
    [2018/10/19 09:40:39 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
    [2018/10/19 09:40:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
    [2018/10/19 09:40:37 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Microsoft Help
    [2018/10/19 09:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2018/10/19 09:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2018/10/19 09:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2018/10/19 09:39:37 | 000,000,000 | RH-D | C] -- C:\MSOCache
    [2018/10/18 19:33:05 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\DBG
    [2018/10/18 09:04:35 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\ElevatedDiagnostics
    [2018/10/18 08:44:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
    [2018/10/17 20:58:08 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2018/10/17 20:43:58 | 000,000,000 | ---D | C] -- C:\Users\bramp\Desktop\AlexandraFolder
    [2018/10/17 20:00:43 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2018/10/17 20:00:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
    [2018/10/17 20:00:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
    [2018/10/17 20:00:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
    [2018/10/17 20:00:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
    [2018/10/17 20:00:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
    [2018/10/17 20:00:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
    [2018/10/17 20:00:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
    [2018/10/17 20:00:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
    [2018/10/17 20:00:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
    [2018/10/17 19:59:48 | 000,000,000 | -HSD | C] -- C:\Recovery
    [2018/10/17 19:58:40 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
    [2018/10/17 19:58:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\wd
    [2018/10/17 19:58:31 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2018/10/17 19:58:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SleepStudy
    [2018/10/17 19:58:23 | 000,000,000 | ---D | C] -- C:\Windows\ServiceProfiles
    [2018/10/17 19:58:22 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\Microsoft
    [2018/10/17 19:58:21 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2018/10/17 18:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2018/10/17 18:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2018/10/17 18:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2018/10/17 18:45:04 | 000,000,000 | ---D | C] -- C:\Users\bramp\Desktop\ContractsLeases
    [2018/10/17 18:45:01 | 000,000,000 | ---D | C] -- C:\Users\bramp\Desktop\BrandonCV
    [2018/10/17 18:39:11 | 000,000,000 | ---D | C] -- C:\Users\bramp\Desktop\Trading
    [2018/10/17 18:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\MetaQuotes
    [2018/10/17 18:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader 4 IC Markets
    [2018/10/17 18:38:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MetaTrader 4 IC Markets
    [2018/10/17 18:38:03 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Roaming\MetaQuotes
    [2018/10/17 18:34:10 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Adobe
    [2018/10/17 18:24:45 | 000,000,000 | ---D | C] -- C:\Users\bramp\Desktop\FBA
    [2018/10/17 18:24:00 | 000,000,000 | ---D | C] -- C:\Users\bramp\Desktop\TeachEnglish
    [2018/10/17 18:23:47 | 000,000,000 | ---D | C] -- C:\Users\bramp\Desktop\Browsers
    [2018/10/17 18:23:26 | 000,000,000 | -HSD | C] -- C:\Users\bramp\IntelGraphicsProfiles
    [2018/10/17 18:23:04 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\PackageStaging
    [2018/10/17 18:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Packages
    [2018/10/17 18:13:34 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Roaming\Mozilla
    [2018/10/17 18:13:33 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Mozilla
    [2018/10/17 18:13:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2018/10/17 18:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2018/10/17 18:11:14 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Comms
    [2018/10/17 18:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Atheros
    [2018/10/17 18:10:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
    [2018/10/17 18:10:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
    [2018/10/17 18:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2018/10/17 18:08:26 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\D3DSCache
    [2018/10/17 18:08:11 | 000,000,000 | R--D | C] -- C:\Users\bramp\OneDrive
    [2018/10/17 18:07:53 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\PlaceholderTileLogoFolder
    [2018/10/17 18:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2018/10/17 18:07:45 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Google
    [2018/10/17 18:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
    [2018/10/17 18:06:17 | 000,053,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys
    [2018/10/17 18:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
    [2018/10/17 18:05:45 | 000,000,000 | -H-D | C] -- C:\Users\bramp\MicrosoftEdgeBackups
    [2018/10/17 18:05:36 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\MicrosoftEdge
    [2018/10/17 18:05:29 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Publishers
    [2018/10/17 18:05:25 | 000,000,000 | R--D | C] -- C:\Users\bramp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2018/10/17 18:05:25 | 000,000,000 | R--D | C] -- C:\Users\bramp\Searches
    [2018/10/17 18:05:25 | 000,000,000 | R--D | C] -- C:\Users\bramp\Contacts
    [2018/10/17 18:05:25 | 000,000,000 | R--D | C] -- C:\Users\bramp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2018/10/17 18:05:25 | 000,000,000 | R--D | C] -- C:\Users\bramp\3D Objects
    [2018/10/17 18:05:24 | 000,000,000 | -H-D | C] -- C:\Users\bramp\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2018/10/17 18:05:24 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\VirtualStore
    [2018/10/17 18:05:24 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Packages
    [2018/10/17 18:05:24 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Roaming\Adobe
    [2018/10/17 18:05:23 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\ConnectedDevicesPlatform
    [2018/10/17 18:04:28 | 000,072,688 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.DLL
    [2018/10/17 18:04:28 | 000,069,104 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.DLL
    [2018/10/17 18:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
    [2018/10/17 18:04:28 | 000,000,000 | ---D | C] -- C:\Intel
    [2018/10/17 18:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
    [2018/10/17 18:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
    [2018/10/17 18:02:52 | 000,000,000 | --SD | C] -- C:\Users\bramp\AppData\Roaming\Microsoft
    [2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
    [2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\Videos
    [2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    [2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\Saved Games
    [2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\Pictures
    [2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\Music
    [2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\Links
    [2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\Favorites
    [2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\Downloads
    [2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\Documents
    [2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\Desktop
    [2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2018/10/17 18:02:52 | 000,000,000 | R--D | C] -- C:\Users\bramp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    [2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\AppData\Local\Temporary Internet Files
    [2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\Templates
    [2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\Start Menu
    [2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\SendTo
    [2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\Recent
    [2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\PrintHood
    [2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\NetHood
    [2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\Documents\My Videos
    [2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\Documents\My Pictures
    [2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\Documents\My Music
    [2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\My Documents
    [2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\Local Settings
    [2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\AppData\Local\History
    [2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\Cookies
    [2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\Application Data
    [2018/10/17 18:02:52 | 000,000,000 | -HSD | C] -- C:\Users\bramp\AppData\Local\Application Data
    [2018/10/17 18:02:52 | 000,000,000 | -H-D | C] -- C:\Users\bramp\AppData
    [2018/10/17 18:02:52 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Temp
    [2018/10/17 18:02:52 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Local\Microsoft
    [2018/10/17 18:02:52 | 000,000,000 | ---D | C] -- C:\Users\bramp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2018/10/17 18:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\USOShared
    ========== Files - Modified Within 30 Days ==========
    [2018/10/21 21:01:50 | 000,002,571 | ---- | M] () -- C:\Users\bramp\Application Data\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk
    [2018/10/21 20:55:01 | 000,002,539 | ---- | M] () -- C:\Users\Public\Desktop\Avast Secure Browser.lnk
    [2018/10/21 20:50:34 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    [2018/10/21 20:48:36 | 000,467,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2018/10/21 20:48:36 | 000,381,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswVmm.sys
    [2018/10/21 20:48:36 | 000,208,640 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
    [2018/10/21 20:48:36 | 000,163,376 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2018/10/21 20:48:36 | 000,088,112 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
    [2018/10/21 20:48:36 | 000,047,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
    [2018/10/21 20:48:36 | 000,015,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswElam.sys
    [2018/10/21 20:48:35 | 000,378,584 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2018/10/21 20:48:35 | 000,201,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswArPot.sys
    [2018/10/21 20:48:35 | 000,111,968 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2018/10/21 20:48:31 | 000,042,456 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
    [2018/10/21 20:48:25 | 001,028,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2018/10/21 20:48:19 | 000,185,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHdsKe.sys
    [2018/10/21 20:48:17 | 000,346,760 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbloga.sys
    [2018/10/21 20:48:17 | 000,230,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys
    [2018/10/21 20:48:17 | 000,201,928 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbidsha.sys
    [2018/10/21 20:48:17 | 000,059,664 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbuniva.sys
    [2018/10/21 20:45:07 | 000,838,560 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2018/10/21 20:45:07 | 000,710,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2018/10/21 20:45:07 | 000,133,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2018/10/21 20:42:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2018/10/21 20:40:58 | 000,058,400 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
    [2018/10/21 20:40:51 | 000,118,584 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
    [2018/10/21 20:40:51 | 000,110,424 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
    [2018/10/21 20:40:41 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
    [2018/10/21 20:40:40 | 2522,148,864 | -HS- | M] () -- C:\hiberfil.sys
    [2018/10/21 20:22:29 | 000,200,232 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys
    [2018/10/21 20:22:22 | 000,260,384 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
    [2018/10/21 20:22:15 | 000,001,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
    [2018/10/21 20:06:19 | 000,404,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2018/10/20 19:39:21 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2018/10/19 10:04:48 | 000,140,800 | ---- | M] () -- C:\Users\bramp\AppData\Local\installer.dat
    [2018/10/18 18:46:23 | 000,000,144 | ---- | M] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    [2018/10/18 13:18:32 | 000,098,244 | ---- | M] () -- C:\Windows\uninstaller.dat
    [2018/10/18 09:10:13 | 000,002,360 | ---- | M] () -- C:\Users\bramp\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2018/10/18 09:10:09 | 000,000,451 | ---- | M] () -- C:\Windows\SysNative\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
    [2018/10/17 20:00:06 | 000,105,420 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2018/10/17 20:00:06 | 000,105,420 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2018/10/17 19:58:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
    [2018/10/17 18:56:42 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk
    [2018/10/17 18:10:40 | 000,849,474 | ---- | M] () -- C:\Windows\SysNative\drivers\rtwavesskdy.dat
    [2018/10/17 18:10:40 | 000,188,490 | ---- | M] () -- C:\Windows\SysNative\drivers\RTWAVES40.dat
    [2018/10/17 18:10:40 | 000,031,095 | ---- | M] () -- C:\Windows\SysNative\drivers\rtwavesEFX.dat
    [2018/10/17 18:10:40 | 000,010,945 | ---- | M] () -- C:\Windows\SysNative\drivers\rtwavesMFX.dat
    [2018/10/17 18:10:35 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
    [2018/10/17 18:06:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
    [2018/10/17 18:06:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01011.Wdf
    ========== Files Created - No Company Name ==========
    [2018/10/21 20:55:01 | 000,002,574 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
    [2018/10/21 20:55:01 | 000,002,571 | ---- | C] () -- C:\Users\bramp\Application Data\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk
    [2018/10/21 20:55:01 | 000,002,539 | ---- | C] () -- C:\Users\Public\Desktop\Avast Secure Browser.lnk
    [2018/10/21 20:50:34 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
    [2018/10/21 20:50:34 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    [2018/10/21 20:22:15 | 000,001,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
    [2018/10/20 19:39:21 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2018/10/19 10:04:48 | 000,140,800 | ---- | C] () -- C:\Users\bramp\AppData\Local\installer.dat
    [2018/10/18 18:46:23 | 000,000,144 | ---- | C] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    [2018/10/18 13:18:32 | 000,098,244 | ---- | C] () -- C:\Windows\uninstaller.dat
    [2018/10/18 09:10:09 | 000,000,451 | ---- | C] () -- C:\Windows\SysNative\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
    [2018/10/18 08:37:42 | 001,308,672 | ---- | C] () -- C:\Windows\SysNative\FaceProcessor.dll
    [2018/10/18 08:37:26 | 000,542,888 | ---- | C] () -- C:\Windows\SysNative\FaceProcessorCore.dll
    [2018/10/18 08:37:23 | 000,052,736 | ---- | C] () -- C:\Windows\SysNative\runexehelper.exe
    [2018/10/18 08:37:23 | 000,001,312 | ---- | C] () -- C:\Windows\SysNative\tcbres.wim
    [2018/10/18 08:37:22 | 000,058,524 | ---- | C] () -- C:\Windows\SysNative\srms.dat
    [2018/10/17 20:00:20 | 2522,148,864 | -HS- | C] () -- C:\hiberfil.sys
    [2018/10/17 20:00:06 | 000,105,420 | ---- | C] () -- C:\Windows\SysWow64\license.rtf
    [2018/10/17 20:00:06 | 000,105,420 | ---- | C] () -- C:\Windows\SysNative\license.rtf
    [2018/10/17 19:59:02 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2018/10/17 19:58:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
    [2018/10/17 19:58:22 | 000,404,368 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2018/10/17 19:58:21 | 016,777,216 | -HS- | C] () -- C:\swapfile.sys
    [2018/10/17 18:56:41 | 000,002,457 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    [2018/10/17 18:56:41 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk
    [2018/10/17 18:13:32 | 000,001,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    [2018/10/17 18:10:40 | 000,849,474 | ---- | C] () -- C:\Windows\SysNative\drivers\rtwavesskdy.dat
    [2018/10/17 18:10:40 | 000,031,095 | ---- | C] () -- C:\Windows\SysNative\drivers\rtwavesEFX.dat
    [2018/10/17 18:10:40 | 000,010,945 | ---- | C] () -- C:\Windows\SysNative\drivers\rtwavesMFX.dat
    [2018/10/17 18:10:35 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
    [2018/10/17 18:10:34 | 000,188,490 | ---- | C] () -- C:\Windows\SysNative\drivers\RTWAVES40.dat
    [2018/10/17 18:09:02 | 000,002,377 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    [2018/10/17 18:09:02 | 000,002,360 | ---- | C] () -- C:\Users\bramp\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2018/10/17 18:06:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
    [2018/10/17 18:06:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01011.Wdf
    [2018/10/17 18:04:52 | 000,838,560 | ---- | C] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2018/10/17 18:02:52 | 000,002,367 | ---- | C] () -- C:\Users\bramp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    [2018/10/17 18:02:52 | 000,000,352 | ---- | C] () -- C:\Users\bramp\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2018/10/17 18:02:52 | 000,000,334 | ---- | C] () -- C:\Users\bramp\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2018/06/19 15:06:01 | 002,841,312 | ---- | C] () -- C:\Windows\SysWow64\Windows.Mirage.dll
    [2018/06/19 15:06:01 | 000,018,716 | ---- | C] () -- C:\Windows\SysWow64\srms-apr.dat
    [2018/04/11 18:38:34 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2018/04/11 18:38:34 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2018/04/11 18:34:55 | 000,518,144 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2018/04/11 18:34:50 | 000,054,272 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2018/04/11 18:34:49 | 000,002,404 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
    [2018/04/11 18:34:47 | 000,364,200 | ---- | C] () -- C:\Windows\SysWow64\InputHost.dll
    [2018/04/11 18:34:46 | 003,575,808 | ---- | C] () -- C:\Windows\SysWow64\Windows.UI.Input.Inking.Analysis.dll
    [2018/04/11 18:34:46 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\Windows.WARP.JITService.exe
    [2018/04/11 18:34:45 | 000,329,216 | ---- | C] () -- C:\Windows\SysWow64\ssdm.dll
    [2018/04/11 18:34:45 | 000,223,232 | ---- | C] () -- C:\Windows\SysWow64\HeatCore.dll
    [2018/04/11 18:34:45 | 000,167,640 | ---- | C] () -- C:\Windows\SysWow64\chs_singlechar_pinyin.dat
    [2018/04/11 18:34:45 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\WindowsDefaultHeatProcessor.dll
    [2018/04/11 18:34:45 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\xboxgipsynthetic.dll
    [2018/04/11 18:34:36 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2018/04/11 18:34:30 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    ========== ZeroAccess Check ==========
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\windows.storage.dll -- [2018/09/19 23:09:56 | 007,432,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\windows.storage.dll -- [2018/09/19 23:29:04 | 006,039,368 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2018/04/11 18:34:40 | 000,973,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2018/04/11 18:34:55 | 000,785,408 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2018/04/11 18:34:40 | 000,524,288 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    ========== LOP Check ==========
    [2018/10/21 20:50:37 | 000,000,000 | ---D | M] -- C:\Users\bramp\AppData\Roaming\AVAST Software
    [2018/10/17 18:38:34 | 000,000,000 | ---D | M] -- C:\Users\bramp\AppData\Roaming\MetaQuotes
    ========== Purity Check ==========

    < End of report >
     
  6. Bramp

    Bramp Member

    Messages:
    512
    recycle bin on C is corrupt. I get this message when booting or coming from standby. Machine is a little slower and crashed once at the recycle bin message.
     
  7. johnb35

    johnb35 Administrator Staff Member

    Messages:
    41,608
    The Ask and AOL are no big deal so don't have to worry about that. Have you ran an Avast virus scan since you have that installed already? Not seeing a whole heck of a lot in the OTL scan. If recycle bin is corrupted then it may be time to reload windows. However, you can try running the SFC /scannow command at an elevated command prompt.
     

Share This Page