Solved Gmer found rootkit activity

[Kevin Hill]

I have no idea how to remove it??

 

[Broni]

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Kevin Hill]

The scans since isnt showing rootkit activity now, but I cant reset the computer windows 10, it wont reset

I have an adwcleaner scan

which showed ask

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2018-06-19 05:43:21
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001f rev. 0.00MB
Running: ittix0tn.exe; Driver: C:\Users\kevca\AppData\Local\Temp\agwdipob.sys


---- Disk sectors - GMER 2.2 ----

Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior

---- Threads - GMER 2.2 ----

Thread C:\WINDOWS\system32\csrss.exe [580:632] ffff9f5f5ebd9c20

---- Services - GMER 2.2 ----

Service (*** hidden *** ) {7D207609-3976-492C-A1FA-6D44E913524C} <-- ROOTKIT !!!

---- EOF - GMER 2.2 ----

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2018-06-19 05:12:50
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001e rev. 0.00MB
Running: 8074o1sl.exe; Driver: C:\Users\kevca\AppData\Local\Temp\agwdipob.sys


---- Disk sectors - GMER 2.2 ----

Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior

---- Threads - GMER 2.2 ----

Thread C:\WINDOWS\system32\csrss.exe [540:636] 00007ffc7747a6c0
Thread C:\WINDOWS\system32\csrss.exe [540:644] 00007ffc774725f0
Thread C:\WINDOWS\system32\csrss.exe [540:648] 00007ffc77472a30
Thread C:\WINDOWS\system32\csrss.exe [540:724] 00007ffc77472fe0
Thread C:\WINDOWS\system32\csrss.exe [540:728] 00007ffc77472fe0
Thread C:\WINDOWS\system32\csrss.exe [540:1016] 00007ffc77472fe0
Thread C:\WINDOWS\system32\csrss.exe [676:888] fffff922727d9c20
Thread C:\WINDOWS\system32\svchost.exe [916:532] 00007ffc75d15990
Thread C:\WINDOWS\system32\svchost.exe [916:80] 00007ffc75a68bd0
Thread C:\WINDOWS\system32\svchost.exe [916:1096] 00007ffc75d10790
Thread c:\windows\system32\svchost.exe [1260:1312] 00007ffc73f51a30
Thread c:\windows\system32\svchost.exe [1260:1320] 00007ffc73f51ff0
Thread c:\windows\system32\svchost.exe [1260:1324] 00007ffc73f522f0
Thread c:\windows\system32\svchost.exe [1260:1328] 00007ffc73f522f0
Thread c:\windows\system32\svchost.exe [1368:1488] 00007ffc73a97e00
Thread C:\WINDOWS\system32\svchost.exe [1500:1560] 00007ffc7552c5e0
Thread C:\WINDOWS\system32\svchost.exe [1500:3056] 00007ffc76726ab0
Thread C:\WINDOWS\system32\svchost.exe [1500:3176] 00007ffc76726ab0
Thread C:\WINDOWS\system32\svchost.exe [1500:3188] 00007ffc76726ab0
Thread C:\WINDOWS\system32\svchost.exe [1500:3208] 00007ffc6afcea70
Thread C:\WINDOWS\system32\svchost.exe [1500:3360] 00007ffc6bb65830
Thread C:\WINDOWS\system32\svchost.exe [1500:3720] 00007ffc6afd0410
Thread C:\WINDOWS\system32\svchost.exe [1500:3756] 00007ffc6afcdfe0
Thread C:\WINDOWS\system32\svchost.exe [1500:3760] 00007ffc6afcfd60
Thread c:\windows\system32\svchost.exe [1508:1656] 00007ffc7370a290
Thread c:\windows\system32\svchost.exe [1508:1900] 00007ffc736fd020
Thread c:\windows\system32\svchost.exe [1508:1904] 00007ffc736fd020
Thread c:\windows\system32\svchost.exe [1508:2796] 00007ffc736fd020
Thread c:\windows\system32\svchost.exe [1980:2040] 00007ffc7118b0c0
Thread c:\windows\system32\svchost.exe [1980:2096] 00007ffc7118bba0
Thread c:\windows\system32\svchost.exe [1980:2100] 00007ffc7118c0f0
Thread c:\windows\system32\svchost.exe [1980:2104] 00007ffc7118ba30
Thread c:\windows\system32\svchost.exe [1980:26456] 00007ffc7118c5d0
Thread c:\windows\system32\svchost.exe [1980:26260] 00007ffc71187bf0
Thread c:\windows\system32\svchost.exe [2060:2204] 00007ffc70d64360
Thread c:\windows\system32\svchost.exe [2060:2208] 00007ffc70d649a0
Thread c:\windows\system32\svchost.exe [2060:23364] 00007ffc70bcf9e0
Thread c:\windows\system32\svchost.exe [2068:2176] 00007ffc70f04f50
Thread c:\windows\system32\svchost.exe [2372:2392] 00007ffc7ad62670
Thread C:\WINDOWS\system32\svchost.exe [2716:2800] 00007ffc6c1b2680
Thread c:\windows\system32\svchost.exe [3248:8496] 00007ffc6b67ebb0
Thread c:\windows\system32\svchost.exe [3248:8244] 00007ffc6b67ebb0
Thread c:\windows\system32\svchost.exe [3248:8112] 00007ffc6a223af0
Thread c:\windows\system32\svchost.exe [3260:3748] 00007ffc6a1a6ad0
Thread c:\windows\system32\svchost.exe [3260:3788] 00007ffc6a1aab80
Thread c:\windows\system32\svchost.exe [3260:4340] 00007ffc6a0d1230
Thread c:\windows\system32\svchost.exe [3260:4344] 00007ffc657bad80
Thread c:\windows\system32\svchost.exe [3260:4732] 00007ffc633b77d0
Thread c:\windows\system32\svchost.exe [3260:5300] 00007ffc61bd3f30
Thread c:\windows\system32\svchost.exe [3260:3504] 00007ffc61bd2240
Thread [3324:3568] 0000000074d3aa20
Thread [3324:3376] 0000000071063d80
Thread [3324:14592] 0000000077022db0
Thread [3324:16916] 0000000077022db0
Thread c:\windows\system32\svchost.exe [4480:4508] 00007ffc7858dbd0
Thread c:\windows\system32\svchost.exe [4480:4512] 00007ffc7858dbd0
Thread c:\windows\system32\svchost.exe [4480:4520] 00007ffc7858dbd0
Thread c:\windows\system32\svchost.exe [4480:4532] 00007ffc7858dbd0
Thread c:\windows\system32\svchost.exe [4480:4544] 00007ffc79e90cf0
Thread c:\windows\system32\svchost.exe [4480:4560] 00007ffc7858dbd0
Thread c:\windows\system32\svchost.exe [4480:4564] 00007ffc7858dbd0
Thread c:\windows\system32\svchost.exe [4480:4568] 00007ffc7858dbd0
Thread c:\windows\system32\svchost.exe [4480:4572] 00007ffc7858dbd0
Thread c:\windows\system32\svchost.exe [4480:4576] 00007ffc7858dbd0
Thread c:\windows\system32\svchost.exe [4480:4580] 00007ffc7858dbd0
Thread c:\windows\system32\svchost.exe [4480:4584] 00007ffc7858dbd0
Thread c:\windows\system32\svchost.exe [4480:4588] 00007ffc7858dbd0
Thread c:\windows\system32\svchost.exe [4480:4592] 00007ffc7858dbd0
Thread c:\windows\system32\svchost.exe [4480:4596] 00007ffc7858dbd0
Thread c:\windows\system32\svchost.exe [4480:4600] 00007ffc7858dbd0
Thread c:\windows\system32\svchost.exe [4480:4604] 00007ffc7858dbd0
Thread c:\windows\system32\svchost.exe [4480:6820] 00007ffc7858dbd0
Thread c:\windows\system32\svchost.exe [4640:4900] 00007ffc615282e0
Thread c:\windows\system32\svchost.exe [4640:4896] 00007ffc6152c370
Thread C:\WINDOWS\system32\ctfmon.exe [5880:5936] 00007ffc5e7816f0
Thread C:\WINDOWS\system32\ctfmon.exe [5880:5988] 00007ffc5e6576e0
Thread C:\WINDOWS\system32\ctfmon.exe [5880:5992] 00007ffc5e6576e0
Thread C:\WINDOWS\system32\ctfmon.exe [5880:5996] 00007ffc5e6576e0
Thread C:\WINDOWS\system32\ctfmon.exe [5880:3372] 00007ffc72fd4960
Thread C:\WINDOWS\Explorer.EXE [6088:6648] 00007ffc59eba800
Thread C:\WINDOWS\Explorer.EXE [6088:6660] 00007ffc71ed4d84
Thread C:\WINDOWS\Explorer.EXE [6088:6668] 00007ffc71ed4d84
Thread C:\WINDOWS\Explorer.EXE [6088:7140] 00007ffc59eba800
Thread C:\WINDOWS\Explorer.EXE [6088:7244] 00007ffc59eba800
Thread C:\WINDOWS\Explorer.EXE [6088:7804] 00007ffc71065d90
Thread C:\WINDOWS\Explorer.EXE [6088:7852] 00007ffc63a69830
Thread C:\WINDOWS\Explorer.EXE [6088:7856] 00007ffc71065d90
Thread C:\WINDOWS\Explorer.EXE [6088:7864] 00007ffc71065d90
Thread C:\WINDOWS\Explorer.EXE [6088:7344] 00007ffc59eba800
Thread C:\WINDOWS\Explorer.EXE [6088:9652] 00007ffc619c3020
Thread C:\WINDOWS\Explorer.EXE [6088:16864] 00007ffc63993680
Thread C:\WINDOWS\Explorer.EXE [6088:11624] 00007ffc5887c3b0
Thread C:\WINDOWS\Explorer.EXE [6088:15996] 00007ffc639a24a0
Thread C:\WINDOWS\Explorer.EXE [6088:11896] 00007ffc639a24a0
Thread C:\WINDOWS\Explorer.EXE [6088:24412] 00007ffc639a24a0
Thread C:\WINDOWS\Explorer.EXE [6088:26616] 00007ffc639a24a0
Thread C:\WINDOWS\Explorer.EXE [6088:13556] 00007ffc6d9811b0
Thread C:\WINDOWS\Explorer.EXE [6088:22080] 00007ffc639a24a0
Thread C:\WINDOWS\Explorer.EXE [6088:2808] 00007ffc5a611320
Thread C:\WINDOWS\Explorer.EXE [6088:17852] 00007ffc639a24a0
Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6772:4940] 00007ffc6c3998e0
Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6772:7256] 00007ffc6c3998e0
Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6772:3540] 00007ffc6c3998e0
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [2816:8280] 00007ffc6655dd90
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [2816:2780] 00007ffc7a18d480
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [2816:9720] 00007ffc6e15c3a0
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [2816:2760] 00007ffc71ed4d84
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [2816:672] 00007ffc6eff77d0
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [2816:840] 00007ffc7a18da70
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [2816:9496] 00007ffc779143b0
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [2816:8516] 00007ffc75efc140
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [2816:6360] 00007ffc6c3998e0
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [2816:8864] 00007ffc6df84080

---- EOF - GMER 2.2 ----

 

[Broni]

Please read my previous reply.

 

[Kevin Hill]

Ok im waiting for farbar

 

[Kevin Hill]

Files r too large to copy

 

[Kevin Hill]

Users shortcut scan result (x64) Version: 19.06.2018
Ran by kevca (19-06-2018 18:19:17)
Running from C:\Users\kevca\Downloads
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutorunRemover\AutorunRemover on the Web.lnk -> hxxp://www.autorunremover.com


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\kevca\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\kevca\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\kevca\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\kevca\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\kevca\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\kevca ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield\Uninstall VoodooShield.lnk -> C:\Program Files\VoodooShield\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield\VoodooShield.lnk -> C:\Program Files\VoodooShield\VoodooShield.exe (VoodooSoft, LLC )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Anti-Rootkit\Release notes.lnk -> C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\readsar.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller\RogueKiller.lnk -> C:\Program Files\RogueKiller\RogueKiller64.exe (Adlice Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree\Emsisoft HiJackFree Homepage.lnk -> C:\Program Files (x86)\Emsisoft HiJackFree\emsisoft.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree\Emsisoft HiJackFree.lnk -> C:\Program Files (x86)\Emsisoft HiJackFree\a2hijackfree.exe (Emsi Software GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree\Uninstall.lnk -> C:\Program Files (x86)\Emsisoft HiJackFree\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutorunRemover\AutorunRemover.lnk -> C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutorunRemover\Help.lnk -> C:\Program Files (x86)\AutorunRemover\Help.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutorunRemover\Uninstall AutorunRemover.lnk -> C:\Program Files (x86)\AutorunRemover\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\WINDOWS\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\WINDOWS\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\WINDOWS\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\WINDOWS\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\WINDOWS\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\WINDOWS\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\WINDOWS\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\WINDOWS\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\WINDOWS\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\WINDOWS\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\WINDOWS\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\WINDOWS\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\WINDOWS\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\WINDOWS\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\WINDOWS\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\WINDOWS\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\WINDOWS\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\WINDOWS\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\WINDOWS\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\WINDOWS\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\WINDOWS\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\System Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (No File)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\WINDOWS\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\WINDOWS\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\WINDOWS\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\WINDOWS\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\WINDOWS\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\WINDOWS\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\WINDOWS\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\WINDOWS\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\Links\Desktop.lnk -> C:\Users\kevca\Desktop ()
Shortcut: C:\Users\kevca\Links\Downloads.lnk -> C:\Users\kevca\Downloads ()
Shortcut: C:\Users\kevca\Downloads\backups\backup-20180619-053647-103-Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (No File)
Shortcut: C:\Users\kevca\Desktop\Microsoft Edge.lnk -> Tile and icon assets
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\kevca\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\WINDOWS\explorer.exe,-30
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\WINDOWS\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\WINDOWS\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\WINDOWS\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Emsisoft HiJackFree.lnk -> C:\Program Files (x86)\Emsisoft HiJackFree\a2hijackfree.exe (Emsi Software GmbH)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\WINDOWS\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\WINDOWS\System32\compmgmt.msc ()
Shortcut: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\WINDOWS\System32\diskmgmt.msc ()
Shortcut: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\WINDOWS\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\WINDOWS\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\AutorunRemover.lnk -> C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe ()
Shortcut: C:\Users\Public\Desktop\Driver Easy.lnk -> C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (No File)
Shortcut: C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk -> C:\Program Files (x86)\Emsisoft HiJackFree\a2hijackfree.exe (Emsi Software GmbH)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\HitmanPro.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.)
Shortcut: C:\Users\Public\Desktop\RogueKiller.lnk -> C:\Program Files\RogueKiller\RogueKiller64.exe (Adlice Software)
Shortcut: C:\Users\Public\Desktop\Voodoo Shield.lnk -> C:\Program Files\VoodooShield\VoodooShield.exe (VoodooSoft, LLC )


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) -> /LAUNCH_BY_STARTMENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\WINDOWS\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers Help.lnk -> C:\WINDOWS\Installer\{746AB259-6474-4111-8966-1C62F9A6E063}\Icon.exe () -> -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers.lnk -> C:\WINDOWS\Installer\{746AB259-6474-4111-8966-1C62F9A6E063}\Icon.exe () -> /byUser
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Remove HitmanPro 3.8.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.) -> /uninstall
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\WINDOWS\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\WINDOWS\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\WINDOWS\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\WINDOWS\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\WINDOWS\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\WINDOWS\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\WINDOWS\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\WINDOWS\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\WINDOWS\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\WINDOWS\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\WINDOWS\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\SlimDrivers.lnk -> C:\WINDOWS\Installer\{746AB259-6474-4111-8966-1C62F9A6E063}\Icon.exe () -> /byUser


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield\VoodooShield on the Web.url -> URL: hxxp://www.voodooshield.com/
InternetURL: C:\Users\kevca\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\kevca\Downloads\Autorun Deleter\Majorgeeks.website -> URL: hxxp://www.majorgeeks.com/
InternetURL: C:\Users\kevca\Downloads\Autorun Deleter\Autorun Deleter\Remove stubborn Autorun virus with Autorun Deleter The Windows Club.URL -> URL: hxxp://www.thewindowsclub.com/autorun-virus-remover-deleter

==================== End of Shortcut.txt =============================

 

[Kevin Hill]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.06.2018
Ran by kevca (19-06-2018 18:18:29)
Running from C:\Users\kevca\Downloads
Windows 10 Pro Version 1709 16299.492 (X64) (2018-06-12 05:32:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-425427065-1682947844-3322345623-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-425427065-1682947844-3322345623-503 - Limited - Disabled)
Guest (S-1-5-21-425427065-1682947844-3322345623-501 - Limited - Disabled)
kevca (S-1-5-21-425427065-1682947844-3322345623-1001 - Administrator - Enabled) => C:\Users\kevca
WDAGUtilityAccount (S-1-5-21-425427065-1682947844-3322345623-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.5.1 - Advanced Micro Devices, Inc.)
Autorun Virus Remover 3.2 (HKLM-x32\...\Autorun Virus Remover_is1) (Version: - Autorun Remover)
Emsisoft HiJackFree 4.5 (HKLM-x32\...\Emsisoft HiJackFree_is1) (Version: 4.5 - Emsi Software GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.294 - SurfRight B.V.)
Microsoft OneDrive (HKU\S-1-5-21-425427065-1682947844-3322345623-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0006 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
NoVirusThanks Anti-Rootkit (Free Edition) v1.2 (HKLM-x32\...\NoVirusThanks Anti-Rootkit (Free Edition)_is1) (Version: 1.2.0.0 - NoVirusThanks Company Srl)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8372 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.21.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.21.0 - Adlice Software)
SlimCleaner Plus (HKLM\...\{BDFFBC5C-0414-4D59-8EF9-AC28884A8213}) (Version: 2.8.2 - Slimware Utilities Holdings, Inc.) Hidden
SlimCleaner Plus (HKLM\...\SlimCleaner Plus) (Version: 2.8.2 - Slimware Utilities Holdings, Inc.)
SlimDrivers (HKLM-x32\...\{746AB259-6474-4111-8966-1C62F9A6E063}) (Version: 2.3.1 - SlimWare Utilities, Inc.)
Sophos Anti-Rootkit 1.5.4 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.4 - Sophos Plc)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Telegram Desktop version 1.3.7 (HKU\S-1-5-21-425427065-1682947844-3322345623-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.3.7 - Telegram Messenger LLP)
VoodooShield version 4.28 (HKLM\...\{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 4.28 - VoodooSoft, LLC)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1C556375-3076-4A2A-934D-81205DC52D2B} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
Task: {3139E04A-EEAE-4964-A379-887FDB647B98} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {369120AB-A738-4E51-8DBC-003FA07A077E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {61F69AC7-995D-4F8D-BC10-94F2A987211F} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe [2018-05-04] (Microsoft Corporation)
Task: {65867600-B5BE-4A63-9216-1CEF0F06CC96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-11] (Google Inc.)
Task: {70D47C35-FF81-4F2C-9856-1B5B00C3218B} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe
Task: {A53BDC3B-D374-44D3-B94C-BCF1459E92D2} - System32\Tasks\S-1-5-21-425427065-1682947844-3322345623-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {BD43396D-A416-49E9-AC8E-7C62807752D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-11] (Google Inc.)
Task: {D7E1FD22-F1A5-4817-A888-4CA87586FE88} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2018-05-30] (Realtek Semiconductor)
Task: {DDCE08D2-68DE-4EA0-85CD-BEDA296AB3AE} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe
Task: {E403DCE7-8B8A-4FC9-B8FC-DDDCE1D18EE7} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2018-06-15] (Enigma Software Group USA, LLC.)
Task: {F7847BC9-CC38-4D1F-BB72-C50488C60B63} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-06-13 09:52 - 2018-06-08 02:00 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-06-13 09:51 - 2018-06-08 01:56 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-06-11 23:49 - 2018-06-11 23:50 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-06-11 23:49 - 2018-06-11 23:50 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-06-11 23:49 - 2018-06-11 23:50 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-06-11 23:49 - 2018-06-11 23:50 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-06-11 23:49 - 2018-06-11 23:50 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-06-11 23:49 - 2018-06-11 23:50 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.Proxies.dll
2018-06-12 14:54 - 2018-06-12 01:36 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libglesv2.dll
2018-06-12 14:54 - 2018-06-12 01:36 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-06-12 01:53 - 2018-06-19 08:20 - 000000747 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-425427065-1682947844-3322345623-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{763B3EF8-1416-4FB4-8C91-58751AD5651B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8BC16BF7-EAFF-4334-9F33-EA49557EF692}] => (Allow) C:\Program Files\Bitdefender Home Scanner\hvasrv.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

19-06-2018 13:41:10 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2018 04:01:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-3NEUN1F)
Description: Package Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (06/19/2018 02:16:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-3NEUN1F)
Description: Package Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (06/19/2018 11:05:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-3NEUN1F)
Description: Package windows.immersivecontrolpanel_10.0.1.1000_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

Error: (06/19/2018 10:45:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCE.exe, version: 10.0.0.6111, time stamp: 0x58820daa
Faulting module name: CCE.dll, version: 10.0.0.6111, time stamp: 0x58820dcb
Exception code: 0xc0000409
Fault offset: 0x00000000001e9eb8
Faulting process id: 0x182c
Faulting application start time: 0x01d407d70c596c29
Faulting application path: C:\Users\kevca\Downloads\cce_public_x64\cce_2.5.242177.201_x64\cce_x64\CCE.exe
Faulting module path: C:\Users\kevca\Downloads\cce_public_x64\cce_2.5.242177.201_x64\cce_x64\CCE.dll
Report Id: c3597a71-7e2e-42f7-9f0e-d38b1df4488d
Faulting package full name:
Faulting package-relative application ID:

Error: (06/19/2018 08:13:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-3NEUN1F)
Description: Package microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe+microsoft.windowslive.mail was terminated because it took too long to suspend.

Error: (06/19/2018 07:11:25 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (06/19/2018 07:11:25 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (06/19/2018 06:58:01 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected


System errors:
=============
Error: (06/19/2018 05:16:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/19/2018 05:16:05 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\kevca\AppData\Local\Temp\ehdrv.sys

Error: (06/19/2018 05:16:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/19/2018 05:16:04 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\kevca\AppData\Local\Temp\ehdrv.sys

Error: (06/19/2018 05:16:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/19/2018 05:16:04 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\kevca\AppData\Local\Temp\ehdrv.sys

Error: (06/19/2018 05:16:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/19/2018 05:16:04 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\kevca\AppData\Local\Temp\ehdrv.sys


Windows Defender:
===================================
Date: 2018-06-14 08:33:14.213
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li.../Powessere.D&threatid=2147690011&enterprise=0
Name: Behavior:Win32/Powessere.D
ID: 2147690011
Severity: Severe
Category: Suspicious Behavior
Path: behavior:_pid:20116:50247080127395;process:_pid:20116,ProcessStart:131734525534684591
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: Unknown
Process Name: Unknown
Signature Version: AV: 1.269.1157.0, AS: 1.269.1157.0, NIS: 1.269.1157.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4

Date: 2018-06-14 08:11:52.052
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li.../Powessere.D&threatid=2147690011&enterprise=0
Name: Behavior:Win32/Powessere.D
ID: 2147690011
Severity: Severe
Category: Suspicious Behavior
Path: behavior:_pid:12940:50247080127395;process:_pid:12940,ProcessStart:131734512395197120
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: Unknown
Process Name: C:\Users\kevca\Downloads\RogueKiller.exe
Signature Version: AV: 1.269.1157.0, AS: 1.269.1157.0, NIS: 1.269.1157.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4

Date: 2018-06-14 08:11:24.938
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li.../Powessere.D&threatid=2147690011&enterprise=0
Name: Behavior:Win32/Powessere.D
ID: 2147690011
Severity: Severe
Category: Suspicious Behavior
Path: behavior:_pid:12940:50247080127395;process:_pid:12940,ProcessStart:131734512395197120
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: Unknown
Process Name: Unknown
Signature Version: AV: 1.269.1157.0, AS: 1.269.1157.0, NIS: 1.269.1157.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4

Date: 2018-06-13 17:50:52.949
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {FAC1E62A-8112-485A-B382-D71F856EB067}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-13 16:14:11.463
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C9983E3B-0A2C-47E9-B555-F53A0C17C10C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2018-06-17 03:16:14.079
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\NewOS\Windows\System32\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-17 03:16:14.063
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\NewOS\Windows\System32\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-17 03:16:14.048
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\NewOS\Windows\System32\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-17 03:16:14.005
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\NewOS\Windows\System32\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-16 15:49:57.978
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\NewOS\Windows\System32\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-16 15:49:57.921
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\NewOS\Windows\System32\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-16 15:49:57.729
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\NewOS\Windows\System32\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-16 15:49:57.609
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\NewOS\Windows\System32\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics
Percentage of memory in use: 77%
Total physical RAM: 3774.11 MB
Available physical RAM: 851.36 MB
Total Virtual: 9150.11 MB
Available Virtual: 4500.3 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.61 GB) (Free:876.12 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.24 GB) (Free:16.12 GB) NTFS
Drive e: (GSP1RMCPRFREO_EN_DVD) (CDROM) (Total:2.39 GB) (Free:0 GB) UDF

\\?\Volume{d449f8e8-43a8-49d2-bf73-88cf82d4038b}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
\\?\Volume{fd99637c-da41-451f-8c7b-c3bf61abaed9}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F9B5B31A)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

From instructions:
"Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it into a couple of replies."

 

[Kevin Hill]

U want all 3 logs , I pasted 2?

 

[Broni]

You pasted only Addition.txt log.
I still need entire first log - FRST.txt
FRST produces two logs not three.

 

[Kevin Hill]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.06.2018
Ran by kevca (administrator) on DESKTOP-3NEUN1F (19-06-2018 20:06:11)
Running from C:\Users\kevca\Downloads
Loaded Profiles: kevca (Available Profiles: kevca)
Platform: Windows 10 Pro Version 1709 16299.492 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\tbaseprovisioning.exe
(AMD) C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CIM\BIN64\RadeonInstaller.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

[Kevin Hill]

Users shortcut scan result (x64) Version: 19.06.2018
Ran by kevca (19-06-2018 20:09:36)
Running from C:\Users\kevca\Downloads
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\kevca\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\kevca\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\kevca\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\kevca\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\kevca\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\kevca ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield\Uninstall VoodooShield.lnk -> C:\Program Files\VoodooShield\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield\VoodooShield.lnk -> C:\Program Files\VoodooShield\VoodooShield.exe (VoodooSoft, LLC )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Anti-Rootkit\Release notes.lnk -> C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\readsar.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller\RogueKiller.lnk -> C:\Program Files\RogueKiller\RogueKiller64.exe (Adlice Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller Help.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\Revo Uninstaller Help.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe (VS Revo Group)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall Revo Uninstaller.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree\Emsisoft HiJackFree Homepage.lnk -> C:\Program Files (x86)\Emsisoft HiJackFree\emsisoft.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree\Emsisoft HiJackFree.lnk -> C:\Program Files (x86)\Emsisoft HiJackFree\a2hijackfree.exe (Emsi Software GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree\Uninstall.lnk -> C:\Program Files (x86)\Emsisoft HiJackFree\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\WINDOWS\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\WINDOWS\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\WINDOWS\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\WINDOWS\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\WINDOWS\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\WINDOWS\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\WINDOWS\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\WINDOWS\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\WINDOWS\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\WINDOWS\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\WINDOWS\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\WINDOWS\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\WINDOWS\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\WINDOWS\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\WINDOWS\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\WINDOWS\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\WINDOWS\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\WINDOWS\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\WINDOWS\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\WINDOWS\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\WINDOWS\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\System Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (No File)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\WINDOWS\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\WINDOWS\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\WINDOWS\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\WINDOWS\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\WINDOWS\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\WINDOWS\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\WINDOWS\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\WINDOWS\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\Links\Desktop.lnk -> C:\Users\kevca\Desktop ()
Shortcut: C:\Users\kevca\Links\Downloads.lnk -> C:\Users\kevca\Downloads ()
Shortcut: C:\Users\kevca\Downloads\backups\backup-20180619-053647-103-Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (No File)
Shortcut: C:\Users\kevca\Desktop\Microsoft Edge.lnk -> Tile and icon assets
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\kevca\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\WINDOWS\explorer.exe,-30
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\WINDOWS\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\WINDOWS\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\WINDOWS\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Emsisoft HiJackFree.lnk -> C:\Program Files (x86)\Emsisoft HiJackFree\a2hijackfree.exe (Emsi Software GmbH)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\WINDOWS\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\WINDOWS\System32\compmgmt.msc ()
Shortcut: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\WINDOWS\System32\diskmgmt.msc ()
Shortcut: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\WINDOWS\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\WINDOWS\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Driver Easy.lnk -> C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (No File)
Shortcut: C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk -> C:\Program Files (x86)\Emsisoft HiJackFree\a2hijackfree.exe (Emsi Software GmbH)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\HitmanPro.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.)
Shortcut: C:\Users\Public\Desktop\Revo Uninstaller.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe (VS Revo Group)
Shortcut: C:\Users\Public\Desktop\RogueKiller.lnk -> C:\Program Files\RogueKiller\RogueKiller64.exe (Adlice Software)
Shortcut: C:\Users\Public\Desktop\Voodoo Shield.lnk -> C:\Program Files\VoodooShield\VoodooShield.exe (VoodooSoft, LLC )


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) -> /LAUNCH_BY_STARTMENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\WINDOWS\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers Help.lnk -> C:\WINDOWS\Installer\{746AB259-6474-4111-8966-1C62F9A6E063}\Icon.exe () -> -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers.lnk -> C:\WINDOWS\Installer\{746AB259-6474-4111-8966-1C62F9A6E063}\Icon.exe () -> /byUser
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Remove HitmanPro 3.8.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.) -> /uninstall
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\WINDOWS\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\WINDOWS\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\WINDOWS\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\WINDOWS\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\WINDOWS\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\WINDOWS\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\WINDOWS\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\WINDOWS\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\WINDOWS\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\kevca\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\WINDOWS\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\WINDOWS\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\WINDOWS\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\WINDOWS\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\kevca\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\SlimDrivers.lnk -> C:\WINDOWS\Installer\{746AB259-6474-4111-8966-1C62F9A6E063}\Icon.exe () -> /byUser


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield\VoodooShield on the Web.url -> URL: hxxp://www.voodooshield.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller on the Web.url -> URL: hxxps://www.revouninstaller.com/
InternetURL: C:\Users\kevca\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\kevca\Downloads\Autorun Deleter\Majorgeeks.website -> URL: hxxp://www.majorgeeks.com/
InternetURL: C:\Users\kevca\Downloads\Autorun Deleter\Autorun Deleter\Remove stubborn Autorun virus with Autorun Deleter The Windows Club.URL -> URL: hxxp://www.thewindowsclub.com/autorun-virus-remover-deleter

==================== End of Shortcut.txt =============================

 

[Broni]

FRST.txt log is incomplete.
Please post entire log.

 

[Kevin Hill]

Its in the downloads?

 

[Kevin Hill]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.06.2018
Ran by kevca (administrator) on DESKTOP-3NEUN1F (19-06-2018 20:06:11)
Running from C:\Users\kevca\Downloads
Loaded Profiles: kevca (Available Profiles: kevca)
Platform: Windows 10 Pro Version 1709 16299.492 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\tbaseprovisioning.exe
(AMD) C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CIM\BIN64\RadeonInstaller.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Farbar) C:\Users\kevca\Downloads\FRST64 (2).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-425427065-1682947844-3322345623-1001\...\MountPoints2: {e889aced-6e08-11e8-82aa-806e6f6e6963} - "E:\setup.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8d7fc6f1-1264-40c4-92d4-13631fd6844a}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{fdefe56a-9a81-4a77-9299-b60e674b4840}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-425427065-1682947844-3322345623-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
Handler: cardisabled - No CLSID Value

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-11] (Google Inc.)

Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default [2018-06-19]
CHR Extension: (Slides) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-11]
CHR Extension: (Docs) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-11]
CHR Extension: (Google Drive) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-11]
CHR Extension: (YouTube) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-11]
CHR Extension: (Notifier for Gmail™) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2018-06-16]
CHR Extension: (Sheets) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-11]
CHR Extension: (AddToAny: Share Anywhere) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffpgijchhhkhnokafdeklpllijgnbche [2018-06-15]
CHR Extension: (Google Docs Offline) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-06-12]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-11]
CHR Extension: (Gmail) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atiesrxx.exe [481656 2018-05-22] (AMD)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-06-18] (SurfRight B.V.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324544 2018-05-30] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-13] (Microsoft Corporation)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe [889016 2018-06-15] (Enigma Software Group USA, LLC.)
R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [60440 2015-12-22] (Advanced Micro Devices, Inc.)
S4 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [131920 2018-04-11] (VoodooSoft, LLC )
S2 AUEPLauncher; "C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe" [X]
S2 SDScannerService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [X]
S2 SDUpdateService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [X]

 

[Kevin Hill]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.06.2018
Ran by kevca (administrator) on DESKTOP-3NEUN1F (19-06-2018 20:06:11)
Running from C:\Users\kevca\Downloads
Loaded Profiles: kevca (Available Profiles: kevca)
Platform: Windows 10 Pro Version 1709 16299.492 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\tbaseprovisioning.exe
(AMD) C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CIM\BIN64\RadeonInstaller.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Farbar) C:\Users\kevca\Downloads\FRST64 (2).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-425427065-1682947844-3322345623-1001\...\MountPoints2: {e889aced-6e08-11e8-82aa-806e6f6e6963} - "E:\setup.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8d7fc6f1-1264-40c4-92d4-13631fd6844a}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{fdefe56a-9a81-4a77-9299-b60e674b4840}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-425427065-1682947844-3322345623-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
Handler: cardisabled - No CLSID Value

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-11] (Google Inc.)

Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default [2018-06-19]
CHR Extension: (Slides) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-11]
CHR Extension: (Docs) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-11]
CHR Extension: (Google Drive) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-11]
CHR Extension: (YouTube) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-11]
CHR Extension: (Notifier for Gmail™) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2018-06-16]
CHR Extension: (Sheets) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-11]
CHR Extension: (AddToAny: Share Anywhere) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffpgijchhhkhnokafdeklpllijgnbche [2018-06-15]
CHR Extension: (Google Docs Offline) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-06-12]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-11]
CHR Extension: (Gmail) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\kevca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atiesrxx.exe [481656 2018-05-22] (AMD)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-06-18] (SurfRight B.V.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324544 2018-05-30] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-13] (Microsoft Corporation)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe [889016 2018-06-15] (Enigma Software Group USA, LLC.)
R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [60440 2015-12-22] (Advanced Micro Devices, Inc.)
S4 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [131920 2018-04-11] (VoodooSoft, LLC )
S2 AUEPLauncher; "C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe" [X]
S2 SDScannerService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [X]
S2 SDUpdateService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [X]

 

[Kevin Hill]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\WINDOWS\System32\drivers\amdkmcsp.sys [101112 2015-12-22] (Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atikmdag.sys [44682104 2018-05-22] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atikmpag.sys [552824 2018-05-22] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2014-07-14] (Advanced Micro Devices, Inc.)
S0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137104 2018-05-30] (Advanced Micro Devices, Inc. )
S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2018-06-10] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2018-06-15] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [22704 2018-06-15] ()
S3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [16896 2017-09-29] (Microsoft Corporation)
R3 LifeCamTrueColor; C:\WINDOWS\system32\DRIVERS\LifeCamTrueColor.sys [37928 2016-07-27] (Microsoft Corporation)
R3 pikbd; C:\WINDOWS\System32\drivers\pikbd.sys [41368 2016-11-17] ()
R3 pimou; C:\WINDOWS\System32\drivers\pimou.sys [42392 2016-11-17] (Christian Gulden)
S3 rccfg; C:\WINDOWS\System32\drivers\rccfg.sys [21680 2014-07-14] (AMD, Inc.)
S0 rcraid; C:\WINDOWS\System32\drivers\rcraid.sys [533680 2014-07-14] (AMD, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1024384 2018-05-30] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [424384 2018-05-30] (Realsil Semiconductor Corporation)
S3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7959408 2018-05-30] (Realtek Semiconductor Corporation )
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [151552 2018-06-12] (Microsoft Corporation)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-07-22] (QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU Co., LTD.)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [16056 2018-06-19] (SlimWare Utilities, Inc.)
U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [35064 2018-06-19] ()
S3 VSScanner; C:\WINDOWS\System32\DRIVERS\vsscanner.sys [29808 2016-08-18] (VoodooSoft, LLC)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-06-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313384 2018-06-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-06-11] (Microsoft Corporation)
U4 npcap_wifi; no ImagePath

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys 08312DEEF0D3F8647AA53AD90A69094E
C:\WINDOWS\System32\drivers\3ware.sys 645009E711BBF117CCEE917A03FB0CDD
C:\WINDOWS\System32\drivers\ACPI.sys 334BAC25FE297342B119730E699B826C
C:\WINDOWS\System32\drivers\AcpiDev.sys 44EA35A4B397898A83BF1B9B4B8DAE35
C:\WINDOWS\System32\Drivers\acpiex.sys 91D113A1532B8AB1E25B7DE5AB3C2F83
C:\WINDOWS\System32\drivers\acpipagr.sys 620BB2682BA625DF037072D89F44F6EE
C:\WINDOWS\System32\drivers\acpipmi.sys B9805A3C479390CEAEA5AEF5E4A90A2E
C:\WINDOWS\System32\drivers\acpitime.sys ABD4EB55C661143B015BD0B9B47B235C
C:\WINDOWS\System32\drivers\ADP80XX.SYS 8C58BD711FAD5F11E8CFDBC5CED973A5
C:\WINDOWS\system32\drivers\afd.sys 9619C0D7DB55CC3A636A24A7D82B0C8E
C:\WINDOWS\System32\DRIVERS\ahcache.sys DCE606F0E15E0FB75ECC02EBB3DEFA9C
C:\WINDOWS\System32\drivers\amdhub30.sys 05120427227F6F088ECA75942ED7ACA9
C:\WINDOWS\System32\drivers\amdk8.sys 654824DF0CE32C9D274C1943DEB19AEA
C:\WINDOWS\System32\drivers\amdkmcsp.sys 8E4F8E74FEA244B42BA19FA000F85CB8
C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atikmdag.sys 2726C4D4EE7F4D4DE7FC4B158FA5EE35
C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atikmpag.sys 61294EB23FC1994D9815F138BAC743B5
C:\WINDOWS\System32\drivers\amdkmpfd.sys EF4680F07516F6D61F6E0BA1D34B3A3A
C:\WINDOWS\System32\drivers\amdppm.sys 12C4246CE1B769B720BE0848F75AB4C1
C:\WINDOWS\System32\drivers\amdpsp.sys BC394B09B3B83C46966A26B52832F7D9
C:\WINDOWS\System32\drivers\amdsata.sys F1C16AABA27E9E153AEC7BD2AB853F30
C:\WINDOWS\System32\drivers\amdsbs.sys C834D0F1ECB8473E9E6D18EE1BCEECB2
C:\WINDOWS\System32\drivers\amdxata.sys 49203D2FFE30CBB36BE66A0E70F3D954
C:\WINDOWS\System32\drivers\amdxhc.sys 7DCA2C59491D420947A0B529DB37C7CF
C:\WINDOWS\System32\drivers\amd_sata.sys 25A9E15B317AFA4C98E54D987E5545C0
C:\WINDOWS\System32\drivers\amd_xata.sys A114AE7DCE3640AC860EC191246DDB08
C:\WINDOWS\system32\drivers\AmUStor.SYS E5F36F2FF6E8BC2E9E51655489EA753D
C:\WINDOWS\System32\drivers\appid.sys 38DC4D8B1BD5DA43179EEA726BD05249
C:\WINDOWS\System32\drivers\applockerfltr.sys 1E085E2302D568F0CE041732B3E887B0
C:\WINDOWS\system32\drivers\AppvStrm.sys 05B19AD776D80FF0FADB44608896C16F
C:\WINDOWS\system32\drivers\AppvVemgr.sys 3EA678F2C70083FB1588772FE7FAFFE1
C:\WINDOWS\system32\drivers\AppvVfs.sys ADD72B1FFE20B37A13A5A861724ECA05
C:\WINDOWS\System32\drivers\arcsas.sys B42C83DE28776B80DBA1310C56DD4F74
C:\WINDOWS\System32\drivers\asyncmac.sys C2151380227CD1F7DDA2401C1F151367
C:\WINDOWS\System32\drivers\atapi.sys 6191B9B2EE0E8CB957C683B9B341CC86
C:\WINDOWS\system32\drivers\AtihdWT6.sys D1A54E20877DBE8F5772FD249B0A6F2C
C:\WINDOWS\System32\drivers\bxvbda.sys A921805C1ED3253DF48FCA4D724173EB
C:\WINDOWS\System32\drivers\bam.sys 3CC12A09AE7293F4CD1688117B46B9BB
C:\WINDOWS\System32\drivers\BasicDisplay.sys 2A7267AA15E508F6D05A5B562F1FD1CE
C:\WINDOWS\System32\drivers\BasicRender.sys FAFAEDFC7CAFD8B8FADA6A81BAF92E3A
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys 355D162E52819C19396FB01A8E005A1F
C:\WINDOWS\System32\DRIVERS\bowser.sys 8843185CC8F60801C06812799584F6EB
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys A4863B7B1F0DB513D6E34547BACC211A
C:\WINDOWS\System32\drivers\bthhfenum.sys 9C9EE272C11252C651C5DE6A1AC1EDAA
C:\WINDOWS\System32\drivers\BthHFHid.sys 69734E386826ED857C889330F35B4D9C
C:\WINDOWS\System32\drivers\bthmodem.sys A94AFAEA86F5F792BB4ECA095B231464
C:\WINDOWS\System32\drivers\bttflt.sys 39E7437FC59CDD7A303ABD514E462E8B
C:\WINDOWS\System32\drivers\buttonconverter.sys 522888590B0C19BC8128119060AE7901
C:\WINDOWS\System32\drivers\CAD.sys 2AB01CE5E233A6FBA3E91BD57772AA4B
C:\WINDOWS\System32\drivers\capimg.sys F6F97879F53AD57194C6BC8272FD73EA
C:\WINDOWS\System32\DRIVERS\cdfs.sys 9E82A95D77AC78C84BA75FF896B060BF
C:\WINDOWS\System32\drivers\cdrom.sys 6D83565C1652E80447EDEA6947FA89D7
C:\WINDOWS\System32\drivers\cht4sx64.sys D81954CE5E016FD716EDDB2B2FD9BA58
C:\WINDOWS\System32\drivers\cht4vx64.sys F9A8570805807FFD66488F0A858E1308
C:\WINDOWS\System32\drivers\circlass.sys 9798D58461706930190F1F2F6BF21D80
C:\WINDOWS\System32\drivers\cldflt.sys CE46F05E36B2C0A667FEB7CC30022E99
C:\WINDOWS\System32\drivers\CLFS.sys F2B55209327431954BA0700B87148C86
C:\WINDOWS\System32\drivers\CmBatt.sys 2BA3BA38B5A6A667B0EAEC477276707B
C:\WINDOWS\System32\Drivers\cng.sys D04DD45709036526921D768FEFAED33D
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys C65AF00EF12A1755E7CA370B0C71935D
C:\WINDOWS\System32\drivers\lvbflt64.sys 81F2B52C47B8AD32CC4FF967FC8D73DA
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys A50300498D56B2448F3593D25478D508
C:\WINDOWS\System32\drivers\condrv.sys 65602B0DB49199647FECB2D1212147BE
C:\WINDOWS\System32\drivers\csc.sys 0AAC6E3138AB83C466281642D1A48F15
C:\WINDOWS\System32\drivers\dam.sys 72BE43ABD786E86AAE7EA2193201E100
C:\WINDOWS\System32\Drivers\dfsc.sys D7E6591F3D2B9FB5C4F0D05D5CF3A9F8
C:\WINDOWS\System32\drivers\ssudbus.sys 0F4A5D01156B948B54550375498B08A2
C:\WINDOWS\System32\drivers\disk.sys 8C7FF86607E367E6319F7F637115D665
C:\WINDOWS\System32\drivers\dmvsc.sys 64009621AAF4BC6626BC1A623A26FAD1
C:\WINDOWS\System32\drivers\drmkaud.sys F4800922F4ABA619585CE320A72E6389
C:\WINDOWS\System32\drivers\dxgkrnl.sys BF249873F737EA00E23A726672878444
C:\WINDOWS\System32\drivers\evbda.sys C99D40C97841E0A7F0F90B8629593A97
C:\WINDOWS\System32\drivers\EhStorClass.sys 260BBD6B1ED06298E509B452354EDB91
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys F3BEBDC1B9DBA32F183079EAE6244837
C:\WINDOWS\System32\drivers\errdev.sys 1B63CA857FD03FD0A5A1379F2996784F
C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 7AEC5E76816178BF6C543A155D8208B6
C:\WINDOWS\System32\DRIVERS\EsgScanner.sys 3B32CAA07D672F8A2E0DF5CB3A873F45
C:\Windows\System32\Drivers\exfat.sys F1ACA42D448E3986565EA54275EEEA65
C:\Windows\System32\Drivers\fastfat.sys 0AF4B36754A6EAE794EE4398E219A9E1
C:\WINDOWS\System32\drivers\fdc.sys 7CD8426A33F06EB72BFEC51F7C264AF8
C:\WINDOWS\System32\drivers\filecrypt.sys DE51BBBCF358188F9736F031546F9908
C:\WINDOWS\System32\drivers\fileinfo.sys 822F664952B0F8D11BB6BD2F11779602
C:\WINDOWS\System32\drivers\filetrace.sys 5A4935682A0D47A4EAC4BE3C2ACF74D6
C:\WINDOWS\System32\drivers\flpydisk.sys 60641F22D1D38EAD197C25F0339C9712
C:\WINDOWS\System32\drivers\fltmgr.sys ECD2030E78AF8D696A2E59796CA0B798
C:\WINDOWS\System32\drivers\FsDepends.sys 0425D9D2A679060CC9755449779FBA54
C:\Windows\System32\Drivers\Fs_Rec.sys B962036CAADC05E466FEB165E0974587
C:\WINDOWS\System32\DRIVERS\fvevol.sys 2C8891C306C8F43A273BDB7C490E1C92
C:\WINDOWS\System32\drivers\vmgencounter.sys DFAB4D8FE39C64EAD3A4DCBA25AAFEE0
C:\WINDOWS\System32\drivers\genericusbfn.sys 8B34E3F794F652082D7E8AF112F71681
C:\WINDOWS\System32\Drivers\msgpioclx.sys 127C23F4720C8902A3AB0FEE12205317
C:\WINDOWS\System32\drivers\gpuenergydrv.sys 582578F031109BE65C15E1D8A45BA547
C:\WINDOWS\System32\drivers\HDAudBus.sys 99A34FD1F6431A10D8C3BB50E170D0F2
C:\WINDOWS\System32\drivers\HidBatt.sys 2443FC6EEB9CF092B62127D867901B02
C:\WINDOWS\System32\drivers\hidbth.sys 205043CDC16ADE85E252DD54AE925161
C:\WINDOWS\System32\drivers\hidi2c.sys B521DDDC9038C066B1B957BF063A531A
C:\WINDOWS\System32\drivers\hidinterrupt.sys 5AC0EBFA76E93273A806176D3178E986
C:\WINDOWS\System32\drivers\hidir.sys 366AC0E05EBF5D5C375F65CD8BC7F0DF
C:\WINDOWS\System32\drivers\hidusb.sys 7CB54D02746024648FCE184FC3F941FF
C:\WINDOWS\System32\drivers\HpSAMD.sys 835FB95D85D362057A72D21A48C2C7F8
C:\WINDOWS\System32\drivers\HTTP.sys BF45CC47E03026E7406D403D671AB79D
C:\WINDOWS\System32\drivers\hvservice.sys 9F2CFC90306532866C62BDCDFD2532AA
C:\WINDOWS\System32\Drivers\mshwnclx.sys 3737FE486929AFC48F1D10677B698E52
C:\WINDOWS\System32\drivers\hwpolicy.sys 3C65EBF7F1BFD98426C355D66876ECEE
C:\WINDOWS\System32\drivers\hyperkbd.sys E3BDE6C567ED5CD7B15B2E522C120D02
C:\WINDOWS\System32\drivers\HyperVideo.sys 1D7BBC4C6F33A4A6189AEA1509615DF9
C:\WINDOWS\System32\drivers\i8042prt.sys 56FF074E50F9042FD2856AB3418F4B18
C:\WINDOWS\System32\drivers\iagpio.sys B5EC43755E62591197DE5CBBDAA9FEB7
C:\WINDOWS\System32\drivers\iai2c.sys D8CA23F9C5FEF44296FDE1E005C06EC0
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 7B769C9D19C013F94874C4B15D59A005
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys E0F1B3A2A70FABE3BE1C9140BB55E607
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 89A869BCC0588A3009ECB875B09ECD39
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 2E693DF3C02A0859DB8DE25772751100
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorAV.sys 435883A27A376B125BD4DF888417C85F
C:\WINDOWS\System32\drivers\iaStorV.sys 7118E4390C4ACDE61E280CE52BCAF44E
C:\WINDOWS\System32\drivers\ibbus.sys 9DBE8C359ABACE1BE1BBAB687D114506
C:\WINDOWS\System32\drivers\IndirectKmd.sys 42CAF6216A6E516DC56BA319ACC7EEC5
C:\WINDOWS\system32\drivers\RTKVHD64.sys 33F372B7B210D7E2FBAD70ED58A86D3C
C:\WINDOWS\System32\drivers\intelide.sys 40943C1CD031ACE06A8374AD56B9E5EA
C:\WINDOWS\System32\drivers\intelpep.sys 327D9CCF5492543AEF3979F9EEAD02BE
C:\WINDOWS\System32\drivers\intelppm.sys 7344528DFD4484CF86F36E24E7CB59B1
C:\WINDOWS\System32\drivers\invdimm.sys 8387E90B551B9B7F32EDC69909591E9E
C:\WINDOWS\System32\drivers\iorate.sys E207078E0E1BB3524277DB9077E4148E
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys FD8F64B7B345E539F2EA7F72846F83B4
C:\WINDOWS\System32\drivers\IPMIDrv.sys 8AAB863E72A4F9C578FED2EE3541545B
C:\WINDOWS\System32\drivers\ipnat.sys 7BEC2AF23F586EFF0DB4DBF4331B0C70
C:\WINDOWS\System32\drivers\ipt.sys 35A54F19E703D4FE5919F812F6CC5D0A
C:\WINDOWS\system32\drivers\irda.sys BF933330256DEDAFA939BEBC46D060C7
C:\WINDOWS\System32\drivers\irenum.sys F88664A2A82DDA456180FFF95A771765
C:\WINDOWS\System32\drivers\isapnp.sys A3B7A93F32E110949CA01DDE7C6B991B
C:\WINDOWS\System32\drivers\msiscsi.sys 13BAA9B1970343AE7B7028B611E52133
C:\WINDOWS\System32\drivers\kbdclass.sys E320F986BBE0CD9324EA0A193EBF29B1
C:\WINDOWS\System32\drivers\kbdhid.sys AFF5DDCC1A79217C9526FF5E01A69E89
C:\WINDOWS\System32\drivers\kdnic.sys 916E62AF3386F7A74603E5C545F6FF2D
C:\WINDOWS\System32\drivers\loop.sys 653FDAEFB15026C32BA9B8BEF2D56F2E
C:\WINDOWS\System32\Drivers\ksecdd.sys BE46CEF0F176D215B3FDF1C664B3D6A7
C:\WINDOWS\System32\Drivers\ksecpkg.sys 5F0A90AC0AA8C772B20AD71B87422838
C:\WINDOWS\system32\drivers\ksthunk.sys DD8C4726127CFE313233372D70787C37
C:\WINDOWS\system32\DRIVERS\LifeCamTrueColor.sys 2A981DE0BB7663850C418271627D3039
C:\WINDOWS\System32\drivers\lltdio.sys 56B6326B15A14043C82ED9EA3B817E2C
C:\WINDOWS\System32\drivers\lsi_sas.sys 20048BEE892138A745B1C23EBB0E069F
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 9EAB16572B576979D585DDEDB12417CD
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 3B7B359C0870317106DF3438D4FF491D
C:\WINDOWS\System32\drivers\lsi_sss.sys 2DE03BA338A4B0ACDB416A30F1C7D56F
C:\WINDOWS\system32\drivers\luafv.sys 9A497169E145FCE2D8AA7DBC67377F64
C:\WINDOWS\System32\drivers\mausbhost.sys BF56CB9D02DEE8CA9CBA50220BE16F15
C:\WINDOWS\System32\drivers\mausbip.sys 01BDEE1FFF6D2216797DFEE4ABD937D9
C:\WINDOWS\System32\drivers\megasas.sys C7B8B5053D646CBD30BE1BA6B487D396
C:\WINDOWS\System32\drivers\MegaSas2i.sys EB8ED3204499DDB2D3BA094A4563EE3E
C:\WINDOWS\System32\drivers\megasr.sys F1C1D4E752DE1D58295040E5BE8813AF
C:\WINDOWS\System32\drivers\mlx4_bus.sys 16B078D1089FEA98710C9D07C152DCEE
C:\WINDOWS\system32\drivers\mmcss.sys 20C57CE47B1A877C48A4B68E9A4E21FA
C:\WINDOWS\System32\drivers\modem.sys A4467A5C080318F0CCCF5ED463821F8B
C:\WINDOWS\System32\drivers\monitor.sys 78BE85C1F1C7F3AF6C87BCE127007D5A
C:\WINDOWS\System32\drivers\mouclass.sys 8E262B34A8BD184B4B3025AA8C396B00
C:\WINDOWS\System32\drivers\mouhid.sys C094A555F148495EA130D3BBC5232D5E
C:\WINDOWS\System32\drivers\mountmgr.sys 8209AC7D3F8AF41E3A14D022CD1F2040
C:\WINDOWS\System32\drivers\mpsdrv.sys AB69197417D2A5149BAE749CA63818BF
C:\WINDOWS\system32\drivers\mrxdav.sys DAFBC585B0EE92CE047219778C033A17
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 71729B1EE949E1B092CB5CB75CC63715
C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys 6537678DEEA2A5B079052D75E21E46DA
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys EC70CED325D4DF908F265A9526016254
C:\WINDOWS\System32\drivers\bridge.sys 167408B38458ECAE545C57527BC99024
C:\Windows\System32\Drivers\Msfs.sys DC23D3D24C64BF3A314E34887AD86732
C:\WINDOWS\System32\drivers\msgpiowin32.sys 6DDDFCAB646BBBCFC583135C4430E10F
C:\WINDOWS\System32\drivers\mshidkmdf.sys 01C6A86BEA8279E557A5056148F068BF
C:\WINDOWS\System32\drivers\mshidumdf.sys F65ABC7DE945047147F17330F79732CB
C:\WINDOWS\System32\drivers\msisadrv.sys 05B23012427801E710BDD12720B9020B
C:\WINDOWS\System32\drivers\MSKSSRV.sys 021C34C1968B78ACFBF30553EE78A1D3
C:\WINDOWS\System32\drivers\mslldp.sys C3F5EA6B9041A30B4F11BE2E7863E487
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 601D666820F0408B896791D19BE6D258
C:\WINDOWS\System32\drivers\MSPQM.sys 46E61FBA0097E48E5628C74A3F72233A
C:\Windows\System32\Drivers\MsRPC.sys 1A749D2727A63191F850E37385B182B6
C:\WINDOWS\System32\drivers\mssecflt.sys 29DC5DFDF305E73A40AB13D102736EEA
C:\WINDOWS\System32\drivers\mssmbios.sys CBD56E0B55FB3672BA80382EC2F8835C
C:\WINDOWS\System32\drivers\MSTEE.sys 5734B2A36D3BB13A638E5305EEEC582D
C:\WINDOWS\System32\drivers\MTConfig.sys 85270E0DC6907C6B99F72A36F17AED34
C:\WINDOWS\System32\Drivers\mup.sys DD673D9422457EFCCDEE45C73C0DF241
C:\WINDOWS\System32\drivers\mvumis.sys 3C57FF3BCF496D24C39C2198158864BB
C:\WINDOWS\System32\DRIVERS\nwifi.sys FD916B66910494DFF70C944FC38A2623
C:\WINDOWS\System32\drivers\ndfltr.sys 77B047B109CE758A017F58FAE5038D0D
C:\WINDOWS\System32\drivers\ndis.sys 25D126EFFEC0B117DA4C81F7AE6C99FC
C:\WINDOWS\System32\drivers\ndiscap.sys 067AE5BA349CC35AF8975D22DC483DDF
C:\WINDOWS\System32\drivers\NdisImPlatform.sys 6FC4D7EB5D38CFB7966405036116F065
C:\WINDOWS\System32\DRIVERS\ndistapi.sys ED7CC4E16B76B2603C9F827188EA63B4
C:\WINDOWS\System32\drivers\ndisuio.sys E9676E94DEA144259344A15D68785B17
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys DC1D26D62F40B7552BCF49D92774F0C5
C:\WINDOWS\System32\drivers\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\NDProxy.sys 8ABF5B8D5839F8DAE2E0D3165AE732F6
C:\WINDOWS\System32\drivers\Ndu.sys A791792DC412CCD83DA0AF6871682552
C:\WINDOWS\System32\drivers\NetAdapterCx.sys BE79982A50AC88BC0765F3AFECFCB596
C:\WINDOWS\System32\drivers\netbios.sys 80475A12D4AA90937CE69265BAFA993F
C:\WINDOWS\System32\DRIVERS\netbt.sys E258CE8B8053518AF47610BC0486E915
C:\WINDOWS\System32\drivers\netvsc.sys 8AED8AF4CBF661E82CF74CBF198B0C56
C:\Windows\System32\Drivers\Npfs.sys EFF488F6DA45224965B30CE1AB464C08
C:\WINDOWS\System32\drivers\npsvctrig.sys 5CB8082E51DE7D19042F0FF8C517CB0D
C:\WINDOWS\System32\drivers\nsiproxy.sys 201F3764A379001168DFB2B90F7C1E57
C:\Windows\System32\Drivers\NTFS.sys FDD87E943A52052CE6B732179895F353
C:\Windows\System32\Drivers\Null.sys 6D8A287B88F76EB47ACC6BF8E318E1FD
C:\WINDOWS\System32\drivers\nvdimmn.sys 532F27A2B62D70C327E763F035AED6C1
C:\WINDOWS\System32\drivers\nvraid.sys 7E04652EB1A476BC0A72ECDC613AF0C5
C:\WINDOWS\System32\drivers\nvstor.sys 880B3E874914DAEF97119876543AE117
C:\WINDOWS\System32\drivers\parport.sys 2E07EC2C1622F5E7B535D62DCD61F3AB
C:\WINDOWS\System32\drivers\partmgr.sys 681E8A68C13253D23B93953FDE569120
C:\WINDOWS\System32\drivers\pci.sys B45750AB74B3F59C13530A7AB596A67E
C:\WINDOWS\System32\drivers\pciide.sys E5AF806815ED797086629741F29E4156
C:\WINDOWS\System32\drivers\pcmcia.sys 2A631D447B988AFBE847CBAA8E5CC298
C:\WINDOWS\System32\drivers\pcw.sys 6F55F5AD830F8EA1D37ED23A0CBD7112
C:\WINDOWS\System32\drivers\pdc.sys 1796112EB89559910BC18865A29C8894
C:\WINDOWS\System32\drivers\peauth.sys 7D9F4EB1450CFB32D708BF943C170475
C:\WINDOWS\System32\drivers\percsas2i.sys 35FD028E4323018202C0B7D115FD3AEF
C:\WINDOWS\System32\drivers\percsas3i.sys F9F3D8BE9BC9241CC726197261362AC4
C:\WINDOWS\System32\drivers\pikbd.sys C54551CC28214130EA4A356FC12B09EB
C:\WINDOWS\System32\drivers\pimou.sys 8E4CB6A8862188DC4D23586B853DB9B0
C:\WINDOWS\System32\drivers\pmem.sys 36D43EA5517F3F4AAAC8EE061C957EF1
C:\WINDOWS\System32\drivers\pnpmem.sys 59048555B59FD69287CFAB6022B5CC86
C:\WINDOWS\System32\drivers\raspptp.sys AACA74DEF7BE3DED322411787494878B
C:\WINDOWS\System32\drivers\processr.sys C009BE61D95CAD5F999D0F4785AEFB7B
C:\WINDOWS\System32\drivers\pacer.sys 5818FE76C3C6AE0CA723EBE483BF447F
C:\WINDOWS\system32\drivers\qwavedrv.sys 16F9A6B593B52EB18F7ECB9D251BDF7A
C:\WINDOWS\System32\DRIVERS\ramdisk.sys 13600C467512147E99052806F2C1307A
C:\WINDOWS\System32\DRIVERS\rasacd.sys BD6EF1748DC3DBACEC97B87B6252AAC7
C:\WINDOWS\System32\drivers\AgileVpn.sys ED0EE10911C16AD8B21B9003C90E968F
C:\WINDOWS\System32\drivers\rasl2tp.sys E0220BB6580D34001D4D1D133052DAA4
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 12EE1D92F4E5FAE4B6F65195A2016CE5
C:\WINDOWS\System32\drivers\rassstp.sys 91CE469015979E5B3C3DBC2C41A476E8
C:\WINDOWS\System32\drivers\rccfg.sys 5E2BB3DE9DF45BC69C8FB1A7186A458E
C:\WINDOWS\System32\drivers\rcraid.sys 090DE462B187D8C17E719B3016814A46
C:\WINDOWS\System32\DRIVERS\rdbss.sys 36BBCCF6124EDA8A05D024B150C09E21
C:\WINDOWS\System32\drivers\rdpbus.sys 9D7E65A15478944836C353B556F9CB87
C:\WINDOWS\System32\drivers\rdpdr.sys 39886C19FB466BBF8AEC31E3E77C034C
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 4D1A63ACEC42A88E52AFC4E84A8CE9EE
C:\WINDOWS\System32\drivers\rdyboost.sys A4C3DC6530752AF3C78DAAC8B2B23EA7
C:\Windows\System32\Drivers\ReFS.sys 976DAA8477CEAC02BEB7D350C2B804B3
C:\Windows\System32\Drivers\ReFSv1.sys 0CE894AE8D1DDA78D611915E171692F1
C:\WINDOWS\System32\drivers\rhproxy.sys BBC228CA2F96B784B01FE7F1C5E3CFBB
C:\WINDOWS\System32\drivers\rspndr.sys 27B80E5766B114621980F82FB78E912A
C:\WINDOWS\System32\drivers\rt640x64.sys FA6697D293D9F6BD0A69A44331D6AABB
C:\WINDOWS\system32\Drivers\RtsUer.sys FD0D651EFBDAAB24962805D44E8E345C
C:\WINDOWS\System32\drivers\rtwlane.sys A04D9405BCA9F13360234B4EAF1AB1B9
C:\WINDOWS\System32\drivers\vms3cap.sys 96C14A080CE15E4D8A9C7AE526F7B804
C:\WINDOWS\System32\drivers\sbp2port.sys 324FA3C337EB54B43448F7B08444DC8D
C:\WINDOWS\System32\DRIVERS\scfilter.sys 62A33CE69DB508BCEC63F4D3BFF400CE
C:\WINDOWS\System32\drivers\scmbus.sys 7B057373146CC4E5A1F1DA665EA55DC7
C:\WINDOWS\System32\drivers\sdbus.sys 1F58E6D5C1F211DE8BF5131BF12077D1
C:\WINDOWS\System32\drivers\SDFRd.sys 6D3853838864886B4F10B074282772E0
C:\WINDOWS\System32\drivers\sdstor.sys 80E9563F0B75E98482ECB7D5CBA56BBA
C:\WINDOWS\System32\drivers\SerCx.sys 75A27472AFD009255DBDE52038E3BDB5
C:\WINDOWS\System32\drivers\SerCx2.sys 84005F54308109A022413D628E966412
C:\WINDOWS\System32\drivers\serenum.sys 40384793F74CFFA45BCC38DF65E978EC
C:\WINDOWS\System32\drivers\serial.sys 699470AD24D67908991A777716A352FD
C:\WINDOWS\System32\drivers\sermouse.sys 92453F065F52A8EF0328A926B2C9502F

 

[Kevin Hill]

C:\WINDOWS\System32\drivers\sfloppy.sys 1D8920C40F19B5FBA5F4897779840AD1
C:\WINDOWS\System32\drivers\SiSRaid2.sys A871F9CC9CF388DC7193D22EF8D8C8DF
C:\WINDOWS\System32\drivers\sisraid4.sys D30FC341550CC364880950152AE8B1C5
C:\WINDOWS\System32\DRIVERS\smbdirect.sys ED2DA8C2F985BDAA3999FD70CE9B5285
C:\WINDOWS\System32\drivers\spaceport.sys DA0AECA8222682F90C325E483E8115D4
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys CCECE7E96B4F7B0E9F0FC82F6DADA917
C:\WINDOWS\System32\drivers\SpbCx.sys 545507AF670BC88B89200A118513ED9A
C:\WINDOWS\System32\DRIVERS\srv2.sys 09FADE98D187D1886950109E8AF083DA
C:\WINDOWS\System32\DRIVERS\srvnet.sys 57353D42FD273D3A39AF1E2A19951E34
C:\WINDOWS\System32\drivers\ssudcdf.sys 32C73F69519D51B8775874E0F2808AA1
C:\WINDOWS\System32\drivers\ssuddmgr.sys 423BAEA1A1A7FF889EC46C11A45F90B9
C:\WINDOWS\System32\drivers\ssudobex.sys 117DF2CC1758A097CC30305C4B8908C6
C:\WINDOWS\System32\drivers\ssudqcfilter.sys C143DDE3ED9E913E80D0FE9191C26E23
C:\WINDOWS\System32\drivers\ssudrmnet.sys BFB405D9197CE252B6D440F6250728FC
C:\WINDOWS\System32\drivers\ssudserd.sys 76F7D7217FBDAB77798A2A244ACD641F
C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys A82A4BED3D84BE21F83A97F0B7E86907
C:\WINDOWS\System32\drivers\stexstor.sys 162A805E13B3C0DD06AE8B6FC1900156
C:\WINDOWS\System32\drivers\storahci.sys 7D975D562E5F8A9CBDBC55328F3D1200
C:\WINDOWS\System32\drivers\vmstorfl.sys 03B1F66AB47618A6123EB0631B57A31B
C:\WINDOWS\System32\drivers\stornvme.sys B5C44E8262AA6D3B20E45F8D2FAE54A3
C:\WINDOWS\System32\drivers\storqosflt.sys 15599E47C28DC511F0CA3B664A257728
C:\WINDOWS\System32\drivers\storufs.sys 4D6FF8DDBF9CC61EC95A4BF4096D52FF
C:\WINDOWS\System32\drivers\storvsc.sys 6FD2D01E4AD9494874A3A8BA74A8FA64
C:\WINDOWS\system32\DRIVERS\SWDUMon.sys 98E8C921F7F17F113AAA128EC7310213
C:\WINDOWS\System32\drivers\swenum.sys 027B27E4B9DB3931D64159B81BD915A0
C:\WINDOWS\System32\drivers\Synth3dVsc.sys 3D63A58A9DD3F984A7E3C2F2CB357E06
C:\WINDOWS\System32\drivers\tcpip.sys AE5CA8D3D81DCC76C5FFF1CD60E48606
C:\WINDOWS\System32\drivers\tcpip.sys AE5CA8D3D81DCC76C5FFF1CD60E48606
C:\WINDOWS\System32\drivers\tcpipreg.sys 74A1BF4093FA7B7D6C9366A39911A78E
C:\WINDOWS\system32\DRIVERS\tdx.sys 09125A12CAB5F8D5EAE9C83C25792FDD
C:\WINDOWS\System32\drivers\terminpt.sys B4B68E1DB59456419D9E49645729502A
C:\WINDOWS\System32\drivers\tpm.sys F54728E32D67537C5A13454E23449C7A
C:\WINDOWS\System32\drivers\TrueSight.sys FD44FA80DA03EA144153A76DEBBB61B4
C:\WINDOWS\System32\drivers\TsUsbFlt.sys 8D811209E34358EAD3FD8E40F657E59C
C:\WINDOWS\System32\drivers\TsUsbGD.sys 68DE1735FB020AE8948BD7B60F2EBD3B
C:\WINDOWS\System32\drivers\tsusbhub.sys 32230D3F06B0874DFB727028CA4F6348
C:\WINDOWS\System32\drivers\tunnel.sys ACD39B0E5CFDA7B1AB7DF33FC5CC0E46
C:\WINDOWS\System32\drivers\uaspstor.sys 04FC2C7F73AE58BF0DD674164E28A6DF
C:\WINDOWS\System32\Drivers\UcmCx.sys E437FC4B1833F6B745184F78C4921FB8
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 950A3E42167904CAB9AA64863C31CEB5
C:\WINDOWS\System32\drivers\UcmUcsi.sys F520EF2D24C1B43A2151DCA271865271
C:\WINDOWS\System32\drivers\ucx01000.sys E6E91B3980A495D2A9D28A09580EA993
C:\WINDOWS\System32\drivers\udecx.sys DACA289DFFA7658C04FEF6DCFA2AA9CE
C:\WINDOWS\System32\DRIVERS\udfs.sys 12383D410AEF99AD6979A8EFD3D61888
C:\WINDOWS\System32\drivers\UEFI.sys A97114134A672616A807F2EC1439F566
C:\WINDOWS\system32\drivers\UevAgentDriver.sys A6134CA92B545353EEB0420F36D39F1C
C:\WINDOWS\System32\drivers\ufx01000.sys 58447F28E697A93521DD20530A8D50ED
C:\WINDOWS\System32\drivers\UfxChipidea.sys 69ED2D00A7787D9D84E6C90CE0B02B2D
C:\WINDOWS\System32\drivers\ufxsynopsys.sys F061EC57330FBC597A4E7298BE667780
C:\WINDOWS\System32\drivers\umbus.sys D40BCED160D332005AF612E1228825E6
C:\WINDOWS\System32\drivers\umpass.sys 64CF24D7B1FA4975C52A31BF4C82EB73
C:\WINDOWS\System32\drivers\urschipidea.sys ACE4C3B4C7D17B154FFC5BBE5F7A9835
C:\WINDOWS\System32\drivers\urscx01000.sys ECE40EB976A5ACB366808AECF6B235BA
C:\WINDOWS\System32\drivers\urssynopsys.sys EB738F830D3E7EA62A218F101EF91FD4
C:\WINDOWS\system32\drivers\usbaudio.sys 51A397ECC1AB2BD54C935E74A9543330
C:\WINDOWS\System32\drivers\usbccgp.sys B43E28E5CF868517EEC0923AB2BC366B
C:\WINDOWS\System32\drivers\usbcir.sys 1080D80B5F6D249F23BAE1C0C36233A4
C:\WINDOWS\System32\drivers\usbehci.sys EE162DA2C92026A5B96ED89737975AA8
C:\WINDOWS\System32\drivers\usbfilter.sys 5A4AC5D05A7C97C68596416C05D6F2B4
C:\WINDOWS\System32\drivers\usbhub.sys C27FEE9758E3BEDE4D48B5EDBE1122CF
C:\WINDOWS\System32\drivers\UsbHub3.sys DAB1695B400DE19A9DEA686022FD1544
C:\WINDOWS\System32\drivers\usbohci.sys 44B954306BB2B311E070EDA276FECAB1
C:\WINDOWS\System32\drivers\usbprint.sys EEF26F9034F0608B93D4D239534BB0BA
C:\WINDOWS\System32\drivers\usbser.sys 446F2908C891A583BEA930226E37036E
C:\WINDOWS\System32\drivers\USBSTOR.SYS 441CAE778B6A1FF6E618E37814A7A52A
C:\WINDOWS\System32\drivers\usbuhci.sys 2D6BB2157B37B2D9DABF8C218F2A805B
C:\WINDOWS\System32\Drivers\usbvideo.sys 68788AE61B2E6A7D97CAD73B632F5BF5
C:\WINDOWS\System32\drivers\USBXHCI.SYS F12FD012F562BF51B9720936918F926E
C:\WINDOWS\System32\drivers\vdrvroot.sys BF13071600C1A0B090BEEC159A75B133
C:\WINDOWS\System32\drivers\VerifierExt.sys 9D4EEE333603F3675685F644053499D5
C:\WINDOWS\System32\drivers\vhdmp.sys 274D49BBF0F3C7F193BFC13434F2F08C
C:\WINDOWS\System32\drivers\vhf.sys E10FEBB566E1F0A3936AB304F338637E
C:\WINDOWS\System32\drivers\vmbus.sys 3093314480D83FB733A6069AB12D3DA1
C:\WINDOWS\System32\drivers\VMBusHID.sys 12723C0F54432B4A98702110B344B030
C:\WINDOWS\System32\drivers\vmgid.sys BCD144BFA4E13E0F74D852ADF283626E
C:\WINDOWS\System32\drivers\vnvdimm.sys D81F6B790519A60F3D1788B45D04B749
C:\WINDOWS\System32\drivers\volmgr.sys E4FF0D44DE5AA492DEA3902D0349024E
C:\WINDOWS\System32\drivers\volmgrx.sys 6D6CACED512C1EF1FEAC215E37E3A9BC
C:\WINDOWS\System32\drivers\volsnap.sys 5B27846CF4B1C21AFB3A35A8336BA02F
C:\WINDOWS\System32\drivers\volume.sys 72A95A844D6BAF2924A4C15BEDFD6BCA
C:\WINDOWS\System32\drivers\vpci.sys 9198C53EE69D942217E2ACC29A01D605
C:\WINDOWS\System32\drivers\vsmraid.sys 075CE3C9E77D2666AFA888951E5F07A9
C:\WINDOWS\System32\DRIVERS\vsscanner.sys 88457246BE3C9DE59DDAA36305C013F4
C:\WINDOWS\System32\drivers\vstxraid.sys 26D00E85BE4726B114335250FCDEDA89
C:\WINDOWS\System32\drivers\vwifibus.sys 3DFDB573E4D49EA8F416B573525B7A86
C:\WINDOWS\System32\drivers\vwififlt.sys A40FA64655AB5B8773A96A821616C5FC
C:\WINDOWS\System32\drivers\vwifimp.sys 0D34F98DBDF09D239533AC345C360F03
C:\WINDOWS\System32\drivers\wacompen.sys 5B5430522E0BDF2A753D758710BE7C5E
C:\WINDOWS\System32\DRIVERS\wanarp.sys E77B19FF6C2FFA5B19CDF62DA4953BC9
C:\WINDOWS\System32\DRIVERS\wanarp.sys E77B19FF6C2FFA5B19CDF62DA4953BC9
C:\WINDOWS\system32\drivers\wcifs.sys 0610F02EC87DBF6BA319CB1D6B8771AE
C:\WINDOWS\system32\drivers\wcnfs.sys 87F462C7D37F380187BE12F079F73216
C:\WINDOWS\system32\drivers\wd\WdBoot.sys 042ABE47A7BA6722AA5B61E267B28DFC
C:\WINDOWS\System32\drivers\Wdf01000.sys FCC960498E3CD899F0A429F7CF9E77AD
C:\WINDOWS\system32\drivers\wd\WdFilter.sys C8C75E56CDDBCDF597055343B641C910
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys 394CCCA2A8C04BA14327636F20AB9DAD
C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys 318AE771614EE4919ED68830C13EA2AE
C:\WINDOWS\System32\drivers\wdnsfltr.sys DF58AA71FBA55E15F572C93447696DEC
C:\WINDOWS\System32\drivers\wfplwfs.sys C82198D3B33854D9578F9B09025E4293
C:\WINDOWS\System32\drivers\wimmount.sys C8D3FC38426E990E2787771678B19C6D
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys 4499AB24236526E5CFCE817CD02EC034
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 813EE0F4D4B8D599DB1968682D080732
C:\WINDOWS\System32\drivers\winmad.sys E23475E9150E6A50B12DB176EA5CDD56
C:\WINDOWS\System32\drivers\winnat.sys 90DBE4DB3A8266C6E078EF6682E26B91
C:\WINDOWS\System32\drivers\WinUSB.sys E92F3539C4758F6A9F4B80CBAC75B3E6
C:\WINDOWS\System32\drivers\winverbs.sys 59126AFCC64270747B5CC9B44A4A48F4
C:\WINDOWS\System32\drivers\wmiacpi.sys E8C793ED028E132771988760819E3754
C:\Windows\System32\Drivers\Wof.sys 8D6E6F6C233AF450C50FA615530B44D2
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 9EAE1EF282864674355B4B81DF6AE935
C:\WINDOWS\system32\drivers\ws2ifsl.sys 367B3ED0C688AFE28C376B0230814567
C:\WINDOWS\System32\drivers\WudfPf.sys BD5E68B369DF3453A0A87663C6C5476D
C:\WINDOWS\System32\drivers\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\System32\drivers\xboxgip.sys 2244A4CEFE8F9C74091369ACE2E9EBC6
C:\WINDOWS\System32\drivers\xinputhid.sys 4A91B49C6B1E41151D47CB919ADF013A

 

[Kevin Hill]

C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2018-06-15 20:57==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-19 20:05 - 2018-06-19 20:06 - 002413056 _____ (Farbar) C:\Users\kevca\Downloads\FRST64 (2).exe
2018-06-19 18:53 - 2018-06-19 18:53 - 007197480 _____ (VS Revo Group ) C:\Users\kevca\Downloads\revosetup.exe
2018-06-19 18:53 - 2018-06-19 18:53 - 000001081 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-06-19 18:53 - 2018-06-19 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-06-19 18:53 - 2018-06-19 18:53 - 000000000 ____D C:\Program Files\VS Revo Group
2018-06-19 18:16 - 2018-06-19 18:16 - 000023621 _____ C:\Users\kevca\Documents\Addition.txt
2018-06-19 18:01 - 2018-06-19 18:19 - 000025618 _____ C:\Users\kevca\Downloads\Shortcut.txt
2018-06-19 18:00 - 2018-06-19 18:19 - 000023621 _____ C:\Users\kevca\Downloads\Addition.txt
2018-06-19 17:56 - 2018-06-19 20:07 - 000042074 _____ C:\Users\kevca\Downloads\FRST.txt
2018-06-19 17:56 - 2018-06-19 20:06 - 000000000 ____D C:\Users\kevca\Downloads\FRST-OlderVersion
2018-06-19 17:56 - 2018-06-19 18:36 - 000000000 ____D C:\FRST
2018-06-19 17:53 - 2018-06-19 17:53 - 006334848 _____ (AVAST Software) C:\Users\kevca\Downloads\avast_free_antivirus_setup.exe
2018-06-19 13:43 - 2018-06-19 13:43 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_LifeCamTrueColor_01011.Wdf
2018-06-19 13:43 - 2018-06-19 13:43 - 000000000 ____D C:\WINDOWS\SysWOW64\LifeCamTrueColor
2018-06-19 13:43 - 2018-06-19 13:43 - 000000000 ____D C:\WINDOWS\system32\LifeCamTrueColor
2018-06-19 13:43 - 2018-06-19 13:43 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-06-19 11:55 - 2018-06-19 11:55 - 000527924 _____ C:\WINDOWS\Minidump\061918-25312-02.dmp
2018-06-19 11:05 - 2018-06-19 11:05 - 000000000 ____D C:\Windows.old
2018-06-19 10:13 - 2018-06-19 10:13 - 000025577 _____ C:\ProgramData\agent.uninstall.1529417604.bdinstall.bin
2018-06-19 09:31 - 2018-06-19 09:31 - 003563488 _____ (Igor Pavlov) C:\Users\kevca\Downloads\HPSupportSolutionsFramework-12.8.47.1.exe
2018-06-19 09:06 - 2018-06-19 09:06 - 000000000 ___HD C:\$SysReset
2018-06-19 07:02 - 2018-06-19 11:55 - 397958921 _____ C:\WINDOWS\MEMORY.DMP
2018-06-19 07:02 - 2018-06-19 07:02 - 000537148 _____ C:\WINDOWS\Minidump\061918-25296-01.dmp
2018-06-19 06:30 - 2018-06-19 13:52 - 000016056 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
2018-06-19 06:30 - 2018-06-19 06:30 - 000000000 ____D C:\Users\kevca\AppData\Local\SlimWare Utilities Inc
2018-06-19 06:26 - 2018-06-19 06:27 - 000000783 _____ C:\AdwCleaner[S7].txt
2018-06-19 06:22 - 2018-06-19 06:23 - 000000721 _____ C:\AdwCleaner[S6].txt
2018-06-19 05:38 - 2018-06-19 07:02 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-06-19 05:38 - 2018-06-19 05:38 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6527D363.sys
2018-06-19 05:38 - 2018-06-19 05:38 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-06-19 05:38 - 2018-06-19 05:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-19 05:34 - 2018-06-19 05:34 - 000012294 _____ C:\Users\kevca\Desktop\MBRCheck_06.19.18_05.34.16.txt
2018-06-19 05:31 - 2018-06-19 05:33 - 000277566 _____ C:\TDSSKiller.3.1.0.17_19.06.2018_05.31.01_log.txt
2018-06-19 05:13 - 2018-06-19 05:13 - 000000512 _____ C:\Users\kevca\Documents\MBR.dat
2018-06-19 05:06 - 2018-06-19 05:10 - 000000000 ____D C:\Users\kevca\Downloads\TMRBLog
2018-06-19 05:02 - 2018-06-19 05:02 - 015119536 _____ (Trend Micro Inc.) C:\Users\kevca\Downloads\RootkitBusterV5.0-1212x64.exe
2018-06-19 04:57 - 2018-06-19 04:57 - 000000000 ____D C:\$WINDOWS.~BT
2018-06-18 01:41 - 2018-06-18 01:41 - 006625600 _____ (Zemana Ltd. ) C:\Users\kevca\Downloads\Zemana.AntiMalware.Setup (1).exe
2018-06-18 01:38 - 2018-06-18 01:38 - 000000000 ____D C:\Users\kevca\AppData\Local\Zemana
2018-06-18 01:37 - 2018-06-18 01:37 - 006625600 _____ (Zemana Ltd. ) C:\Users\kevca\Downloads\Zemana.AntiMalware.Setup.exe
2018-06-18 01:33 - 2018-06-18 01:33 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2018-06-18 00:53 - 2018-06-19 17:26 - 000001964 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-06-18 00:53 - 2018-06-18 00:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-06-18 00:53 - 2018-06-18 00:53 - 000000000 ____D C:\Program Files\HitmanPro
2018-06-18 00:52 - 2018-06-18 01:39 - 000000000 ____D C:\ProgramData\HitmanPro
2018-06-18 00:52 - 2018-06-18 00:52 - 011609024 _____ (SurfRight B.V.) C:\Users\kevca\Downloads\HitmanPro_x64.exe
2018-06-17 22:23 - 2018-06-17 22:23 - 000000000 ____D C:\WINDOWS\HP
2018-06-17 22:21 - 2018-06-17 22:21 - 040663856 _____ (HP ) C:\Users\kevca\Downloads\sp85209.exe
2018-06-17 22:17 - 2018-06-17 22:18 - 023445632 _____ (Hewlett-Packard Company ) C:\Users\kevca\Downloads\sp71717.exe
2018-06-17 22:08 - 2018-06-17 22:08 - 018950424 _____ (Hewlett-Packard Company ) C:\Users\kevca\Downloads\sp73139.exe
2018-06-17 21:58 - 2018-06-17 21:58 - 000377200 _____ (Hewlett-Packard Company ) C:\Users\kevca\Downloads\sp71803.exe
2018-06-17 21:53 - 2018-06-17 22:22 - 000000000 ____D C:\SWSetup
2018-06-17 21:50 - 2018-06-17 21:51 - 039507576 _____ (Hewlett-Packard Company ) C:\Users\kevca\Downloads\sp71994.exe
2018-06-17 17:55 - 2018-06-17 17:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-425427065-1682947844-3322345623-1001
2018-06-17 17:36 - 2018-06-17 17:36 - 003958206 _____ C:\Users\kevca\Downloads\AutorunRemover.zip
2018-06-17 17:25 - 2018-06-17 17:27 - 000276218 _____ C:\TDSSKiller.3.1.0.17_17.06.2018_17.25.40_log.txt
2018-06-17 16:37 - 2018-06-17 16:37 - 000000000 ____D C:\ProgramData\SlimWare Utilities, Inc
2018-06-17 16:35 - 2018-06-17 16:35 - 000000000 ____D C:\Users\kevca\AppData\Local\Downloaded Installers
2018-06-17 16:34 - 2018-06-19 18:48 - 000000442 _____ C:\WINDOWS\Tasks\SlimDrivers Startup.job
2018-06-17 16:34 - 2018-06-19 15:17 - 000000000 ____D C:\Program Files (x86)\SlimDrivers
2018-06-17 16:34 - 2018-06-17 16:34 - 000002922 _____ C:\WINDOWS\System32\Tasks\SlimDrivers Startup
2018-06-17 16:34 - 2018-06-17 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
2018-06-17 14:43 - 2018-06-19 06:22 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-06-17 14:41 - 2018-06-19 06:29 - 000000000 ____D C:\WINDOWS\pss
2018-06-17 12:28 - 2018-06-17 12:28 - 041081896 _____ (AMD Inc.) C:\Users\kevca\Downloads\radeon-software-adrenalin-18.6.1-minimalsetup-180613_web.exe
2018-06-17 11:04 - 2018-06-17 16:34 - 000002499 _____ C:\Users\Public\Desktop\SlimDrivers.lnk
2018-06-17 11:03 - 2018-06-17 16:01 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2018-06-17 10:23 - 2018-06-17 10:23 - 000000741 _____ C:\Users\kevca\Documents\AdwCleaner[S1].txt ask.txt
2018-06-17 10:18 - 2018-06-17 10:18 - 000006335 _____ C:\Users\kevca\Documents\RKreport_DEL_06172018_101631.log road kill.txt
2018-06-17 09:01 - 2018-06-17 09:01 - 000380928 _____ C:\Users\kevca\Downloads\8074o1sl.exe
2018-06-17 08:44 - 2018-06-17 08:44 - 000380928 _____ C:\Users\kevca\Downloads\h4w6nifm.exe
2018-06-17 08:37 - 2018-06-17 08:37 - 000001014 _____ C:\Users\Public\Desktop\Driver Easy.lnk
2018-06-17 08:34 - 2018-06-17 08:35 - 004206984 _____ (Easeware ) C:\Users\kevca\Downloads\DriverEasy_Setup.exe
2018-06-17 08:26 - 2018-06-17 08:26 - 000602112 _____ (OldTimer Tools) C:\Users\kevca\Downloads\OTL (1).exe
2018-06-17 07:49 - 2018-06-17 07:49 - 000602112 _____ (OldTimer Tools) C:\Users\kevca\Downloads\OTL.exe
2018-06-17 06:00 - 2018-06-17 06:03 - 000048156 _____ C:\Users\kevca\Downloads\MTB.txt
2018-06-17 05:57 - 2018-06-17 05:59 - 000892416 _____ (Farbar) C:\Users\kevca\Downloads\MiniToolBox.exe
2018-06-17 05:02 - 2018-06-17 05:02 - 009497720 _____ (Symantec Corporation) C:\Users\kevca\Downloads\NPE.exe
2018-06-17 04:34 - 2018-06-19 06:08 - 000000000 ____D C:\Users\kevca\Desktop\mbar
2018-06-17 04:34 - 2018-06-17 04:34 - 014178840 _____ (Malwarebytes Corp.) C:\Users\kevca\Downloads\mbar-1.10.3.1001.exe
2018-06-17 03:56 - 2018-06-17 03:56 - 000001417 _____ C:\Users\kevca\Desktop\Microsoft Edge.lnk
2018-06-16 16:25 - 2018-06-16 16:25 - 000000000 ____D C:\ProgramData\Emsisoft
2018-06-16 13:17 - 2018-06-19 15:04 - 000000000 ____D C:\CCE_Quarantine
2018-06-16 08:20 - 2018-06-16 08:20 - 000000000 ____D C:\Users\kevca\Downloads\cce_1.6.183539.73_x64
2018-06-16 08:19 - 2018-06-16 08:19 - 000000000 ____D C:\da4a6bd6205b2b58bd509a
2018-06-16 08:17 - 2018-06-16 08:17 - 001618432 _____ C:\Users\kevca\Downloads\adwcleaner_5.004.exe
2018-06-16 08:16 - 2018-06-16 08:16 - 001563648 _____ C:\Users\kevca\Downloads\adwcleaner_5.000.exe
2018-06-15 22:43 - 2018-06-19 04:58 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2018-06-15 22:43 - 2018-06-19 04:58 - 000001908 _____ C:\WINDOWS\diagerr.xml
2018-06-15 20:57 - 2018-06-15 20:57 - 000030888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2018-06-15 20:57 - 2018-06-15 20:57 - 000029352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll

 

[Kevin Hill]

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-19 20:05 - 2018-06-19 20:06 - 002413056 _____ (Farbar) C:\Users\kevca\Downloads\FRST64 (2).exe
2018-06-19 18:53 - 2018-06-19 18:53 - 007197480 _____ (VS Revo Group ) C:\Users\kevca\Downloads\revosetup.exe
2018-06-19 18:53 - 2018-06-19 18:53 - 000001081 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-06-19 18:53 - 2018-06-19 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-06-19 18:53 - 2018-06-19 18:53 - 000000000 ____D C:\Program Files\VS Revo Group
2018-06-19 18:16 - 2018-06-19 18:16 - 000023621 _____ C:\Users\kevca\Documents\Addition.txt
2018-06-19 18:01 - 2018-06-19 18:19 - 000025618 _____ C:\Users\kevca\Downloads\Shortcut.txt
2018-06-19 18:00 - 2018-06-19 18:19 - 000023621 _____ C:\Users\kevca\Downloads\Addition.txt
2018-06-19 17:56 - 2018-06-19 20:07 - 000042074 _____ C:\Users\kevca\Downloads\FRST.txt
2018-06-19 17:56 - 2018-06-19 20:06 - 000000000 ____D C:\Users\kevca\Downloads\FRST-OlderVersion
2018-06-19 17:56 - 2018-06-19 18:36 - 000000000 ____D C:\FRST
2018-06-19 17:53 - 2018-06-19 17:53 - 006334848 _____ (AVAST Software) C:\Users\kevca\Downloads\avast_free_antivirus_setup.exe
2018-06-19 13:43 - 2018-06-19 13:43 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_LifeCamTrueColor_01011.Wdf
2018-06-19 13:43 - 2018-06-19 13:43 - 000000000 ____D C:\WINDOWS\SysWOW64\LifeCamTrueColor
2018-06-19 13:43 - 2018-06-19 13:43 - 000000000 ____D C:\WINDOWS\system32\LifeCamTrueColor
2018-06-19 13:43 - 2018-06-19 13:43 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-06-19 11:55 - 2018-06-19 11:55 - 000527924 _____ C:\WINDOWS\Minidump\061918-25312-02.dmp
2018-06-19 11:05 - 2018-06-19 11:05 - 000000000 ____D C:\Windows.old
2018-06-19 10:13 - 2018-06-19 10:13 - 000025577 _____ C:\ProgramData\agent.uninstall.1529417604.bdinstall.bin
2018-06-19 09:31 - 2018-06-19 09:31 - 003563488 _____ (Igor Pavlov) C:\Users\kevca\Downloads\HPSupportSolutionsFramework-12.8.47.1.exe
2018-06-19 09:06 - 2018-06-19 09:06 - 000000000 ___HD C:\$SysReset
2018-06-19 07:02 - 2018-06-19 11:55 - 397958921 _____ C:\WINDOWS\MEMORY.DMP
2018-06-19 07:02 - 2018-06-19 07:02 - 000537148 _____ C:\WINDOWS\Minidump\061918-25296-01.dmp
2018-06-19 06:30 - 2018-06-19 13:52 - 000016056 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
2018-06-19 06:30 - 2018-06-19 06:30 - 000000000 ____D C:\Users\kevca\AppData\Local\SlimWare Utilities Inc
2018-06-19 06:26 - 2018-06-19 06:27 - 000000783 _____ C:\AdwCleaner[S7].txt
2018-06-19 06:22 - 2018-06-19 06:23 - 000000721 _____ C:\AdwCleaner[S6].txt
2018-06-19 05:38 - 2018-06-19 07:02 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-06-19 05:38 - 2018-06-19 05:38 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6527D363.sys
2018-06-19 05:38 - 2018-06-19 05:38 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-06-19 05:38 - 2018-06-19 05:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-19 05:34 - 2018-06-19 05:34 - 000012294 _____ C:\Users\kevca\Desktop\MBRCheck_06.19.18_05.34.16.txt
2018-06-19 05:31 - 2018-06-19 05:33 - 000277566 _____ C:\TDSSKiller.3.1.0.17_19.06.2018_05.31.01_log.txt
2018-06-19 05:13 - 2018-06-19 05:13 - 000000512 _____ C:\Users\kevca\Documents\MBR.dat
2018-06-19 05:06 - 2018-06-19 05:10 - 000000000 ____D C:\Users\kevca\Downloads\TMRBLog
2018-06-19 05:02 - 2018-06-19 05:02 - 015119536 _____ (Trend Micro Inc.) C:\Users\kevca\Downloads\RootkitBusterV5.0-1212x64.exe
2018-06-19 04:57 - 2018-06-19 04:57 - 000000000 ____D C:\$WINDOWS.~BT
2018-06-18 01:41 - 2018-06-18 01:41 - 006625600 _____ (Zemana Ltd. ) C:\Users\kevca\Downloads\Zemana.AntiMalware.Setup (1).exe
2018-06-18 01:38 - 2018-06-18 01:38 - 000000000 ____D C:\Users\kevca\AppData\Local\Zemana
2018-06-18 01:37 - 2018-06-18 01:37 - 006625600 _____ (Zemana Ltd. ) C:\Users\kevca\Downloads\Zemana.AntiMalware.Setup.exe
2018-06-18 01:33 - 2018-06-18 01:33 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2018-06-18 00:53 - 2018-06-19 17:26 - 000001964 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-06-18 00:53 - 2018-06-18 00:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-06-18 00:53 - 2018-06-18 00:53 - 000000000 ____D C:\Program Files\HitmanPro
2018-06-18 00:52 - 2018-06-18 01:39 - 000000000 ____D C:\ProgramData\HitmanPro
2018-06-18 00:52 - 2018-06-18 00:52 - 011609024 _____ (SurfRight B.V.) C:\Users\kevca\Downloads\HitmanPro_x64.exe
2018-06-17 22:23 - 2018-06-17 22:23 - 000000000 ____D C:\WINDOWS\HP
2018-06-17 22:21 - 2018-06-17 22:21 - 040663856 _____ (HP ) C:\Users\kevca\Downloads\sp85209.exe
2018-06-17 22:17 - 2018-06-17 22:18 - 023445632 _____ (Hewlett-Packard Company ) C:\Users\kevca\Downloads\sp71717.exe
2018-06-17 22:08 - 2018-06-17 22:08 - 018950424 _____ (Hewlett-Packard Company ) C:\Users\kevca\Downloads\sp73139.exe
2018-06-17 21:58 - 2018-06-17 21:58 - 000377200 _____ (Hewlett-Packard Company ) C:\Users\kevca\Downloads\sp71803.exe
2018-06-17 21:53 - 2018-06-17 22:22 - 000000000 ____D C:\SWSetup
2018-06-17 21:50 - 2018-06-17 21:51 - 039507576 _____ (Hewlett-Packard Company ) C:\Users\kevca\Downloads\sp71994.exe
2018-06-17 17:55 - 2018-06-17 17:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-425427065-1682947844-3322345623-1001
2018-06-17 17:36 - 2018-06-17 17:36 - 003958206 _____ C:\Users\kevca\Downloads\AutorunRemover.zip
2018-06-17 17:25 - 2018-06-17 17:27 - 000276218 _____ C:\TDSSKiller.3.1.0.17_17.06.2018_17.25.40_log.txt
2018-06-17 16:37 - 2018-06-17 16:37 - 000000000 ____D C:\ProgramData\SlimWare Utilities, Inc
2018-06-17 16:35 - 2018-06-17 16:35 - 000000000 ____D C:\Users\kevca\AppData\Local\Downloaded Installers
2018-06-17 16:34 - 2018-06-19 18:48 - 000000442 _____ C:\WINDOWS\Tasks\SlimDrivers Startup.job
2018-06-17 16:34 - 2018-06-19 15:17 - 000000000 ____D C:\Program Files (x86)\SlimDrivers
2018-06-17 16:34 - 2018-06-17 16:34 - 000002922 _____ C:\WINDOWS\System32\Tasks\SlimDrivers Startup
2018-06-17 16:34 - 2018-06-17 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
2018-06-17 14:43 - 2018-06-19 06:22 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-06-17 14:41 - 2018-06-19 06:29 - 000000000 ____D C:\WINDOWS\pss
2018-06-17 12:28 - 2018-06-17 12:28 - 041081896 _____ (AMD Inc.) C:\Users\kevca\Downloads\radeon-software-adrenalin-18.6.1-minimalsetup-180613_web.exe
2018-06-17 11:04 - 2018-06-17 16:34 - 000002499 _____ C:\Users\Public\Desktop\SlimDrivers.lnk
2018-06-17 11:03 - 2018-06-17 16:01 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2018-06-17 10:23 - 2018-06-17 10:23 - 000000741 _____ C:\Users\kevca\Documents\AdwCleaner[S1].txt ask.txt
2018-06-17 10:18 - 2018-06-17 10:18 - 000006335 _____ C:\Users\kevca\Documents\RKreport_DEL_06172018_101631.log road kill.txt
2018-06-17 09:01 - 2018-06-17 09:01 - 000380928 _____ C:\Users\kevca\Downloads\8074o1sl.exe
2018-06-17 08:44 - 2018-06-17 08:44 - 000380928 _____ C:\Users\kevca\Downloads\h4w6nifm.exe
2018-06-17 08:37 - 2018-06-17 08:37 - 000001014 _____ C:\Users\Public\Desktop\Driver Easy.lnk
2018-06-17 08:34 - 2018-06-17 08:35 - 004206984 _____ (Easeware ) C:\Users\kevca\Downloads\DriverEasy_Setup.exe
2018-06-17 08:26 - 2018-06-17 08:26 - 000602112 _____ (OldTimer Tools) C:\Users\kevca\Downloads\OTL (1).exe
2018-06-17 07:49 - 2018-06-17 07:49 - 000602112 _____ (OldTimer Tools) C:\Users\kevca\Downloads\OTL.exe
2018-06-17 06:00 - 2018-06-17 06:03 - 000048156 _____ C:\Users\kevca\Downloads\MTB.txt
2018-06-17 05:57 - 2018-06-17 05:59 - 000892416 _____ (Farbar) C:\Users\kevca\Downloads\MiniToolBox.exe
2018-06-17 05:02 - 2018-06-17 05:02 - 009497720 _____ (Symantec Corporation) C:\Users\kevca\Downloads\NPE.exe
2018-06-17 04:34 - 2018-06-19 06:08 - 000000000 ____D C:\Users\kevca\Desktop\mbar
2018-06-17 04:34 - 2018-06-17 04:34 - 014178840 _____ (Malwarebytes Corp.) C:\Users\kevca\Downloads\mbar-1.10.3.1001.exe
2018-06-17 03:56 - 2018-06-17 03:56 - 000001417 _____ C:\Users\kevca\Desktop\Microsoft Edge.lnk
2018-06-16 16:25 - 2018-06-16 16:25 - 000000000 ____D C:\ProgramData\Emsisoft
2018-06-16 13:17 - 2018-06-19 15:04 - 000000000 ____D C:\CCE_Quarantine
2018-06-16 08:20 - 2018-06-16 08:20 - 000000000 ____D C:\Users\kevca\Downloads\cce_1.6.183539.73_x64
2018-06-16 08:19 - 2018-06-16 08:19 - 000000000 ____D C:\da4a6bd6205b2b58bd509a
2018-06-16 08:17 - 2018-06-16 08:17 - 001618432 _____ C:\Users\kevca\Downloads\adwcleaner_5.004.exe
2018-06-16 08:16 - 2018-06-16 08:16 - 001563648 _____ C:\Users\kevca\Downloads\adwcleaner_5.000.exe
2018-06-15 22:43 - 2018-06-19 04:58 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2018-06-15 22:43 - 2018-06-19 04:58 - 000001908 _____ C:\WINDOWS\diagerr.xml
2018-06-15 20:57 - 2018-06-15 20:57 - 000030888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2018-06-15 20:57 - 2018-06-15 20:57 - 000029352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2018-06-15 20:57 - 2018-06-15 20:57 - 000019088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2018-06-15 20:57 - 2018-06-15 20:57 - 000019088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2018-06-15 20:40 - 2018-06-15 20:40 - 000040741 _____ C:\ProgramData\hva.uninstall.1529109575.bdinstall.bin
2018-06-15 20:33 - 2018-06-16 08:18 - 000000000 ____D C:\PatchMyPCUpdates
2018-06-15 20:32 - 2018-06-15 20:32 - 000000000 ____D C:\Users\kevca\AppData\Local\Patch_My_PC,_LLC
2018-06-15 20:31 - 2018-06-15 20:31 - 001791264 _____ (Patch My PC, LLC) C:\Users\kevca\Downloads\PatchMyPC.exe
2018-06-15 20:26 - 2018-06-15 20:26 - 000000000 ____D C:\Users\kevca\AppData\Local\Secunia PSI
2018-06-15 20:26 - 2018-06-15 20:26 - 000000000 ____D C:\Program Files (x86)\Secunia
2018-06-15 20:25 - 2018-06-15 20:25 - 005490752 _____ (Secunia) C:\Users\kevca\Downloads\PSISetup.exe
2018-06-15 14:54 - 2018-06-15 14:54 - 004512256 _____ C:\Users\kevca\Downloads\CARLSON_11e_CH17_W.ppt
2018-06-15 10:06 - 2018-06-17 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2018-06-15 10:06 - 2018-06-15 10:06 - 000001089 _____ C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2018-06-15 10:06 - 2018-06-15 10:06 - 000000000 ____D C:\Program Files (x86)\Emsisoft HiJackFree
2018-06-15 10:05 - 2018-06-15 10:05 - 002095808 _____ (Emsi Software GmbH ) C:\Users\kevca\Downloads\a2HiJackFreeSetup.exe
2018-06-15 10:03 - 2018-06-19 08:20 - 000000000 ____D C:\EEK
2018-06-15 10:01 - 2018-06-15 10:01 - 000000000 ____D C:\Users\kevca\Downloads\cce_public_x64
2018-06-15 10:00 - 2018-06-15 10:01 - 025308861 _____ C:\Users\kevca\Downloads\cce_1.6.183539.73_x64.zip
2018-06-15 10:00 - 2018-06-15 10:00 - 034688252 _____ C:\Users\kevca\Downloads\cce_public_x64.zip
2018-06-15 09:55 - 2018-06-15 09:59 - 338582000 _____ C:\Users\kevca\Downloads\EmsisoftEmergencyKit.exe
2018-06-15 09:46 - 2018-06-19 08:45 - 000000000 ____D C:\Users\kevca\Downloads\backups
2018-06-15 09:42 - 2018-06-15 09:42 - 000388608 _____ (Trend Micro Inc.) C:\Users\kevca\Downloads\HijackThis.exe
2018-06-15 09:41 - 2018-06-15 09:41 - 000073816 _____ C:\ProgramData\hva.1529069942.bdinstall.bin
2018-06-15 09:39 - 2018-06-15 20:40 - 000000000 ____D C:\ProgramData\Bitdefender Home Scanner
2018-06-15 09:39 - 2018-06-15 20:40 - 000000000 ____D C:\Program Files\Npcap
2018-06-15 09:39 - 2018-06-15 20:40 - 000000000 ____D C:\Program Files\Bitdefender Home Scanner
2018-06-15 09:38 - 2018-06-15 09:38 - 000042860 _____ C:\ProgramData\agent.1529069892.bdinstall.bin
2018-06-15 09:38 - 2018-06-15 09:38 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2018-06-15 09:37 - 2018-06-15 09:37 - 009985504 _____ C:\Users\kevca\Downloads\bitdefender_homescanner.exe
2018-06-15 07:16 - 2018-06-15 07:16 - 000000000 _____ C:\autoexec.bat
2018-06-15 07:14 - 2018-06-15 07:14 - 000003442 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2018-06-15 07:13 - 2018-06-15 07:13 - 000022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2018-06-15 07:12 - 2018-06-15 07:12 - 000000000 ____D C:\Program Files\Enigma Software Group
2018-06-15 06:52 - 2018-06-15 06:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-06-15 06:51 - 2018-06-17 07:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-06-15 06:50 - 2018-06-17 08:15 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-06-15 06:50 - 2018-06-17 07:39 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-06-15 06:47 - 2018-06-15 06:48 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\kevca\Downloads\spybotsd-2.7.64.0.exe
2018-06-15 06:32 - 2018-06-15 06:32 - 000000000 ____D C:\Users\kevca\AppData\Local\ESET
2018-06-15 06:31 - 2018-06-15 06:32 - 006981240 _____ (ESET spol. s r.o.) C:\Users\kevca\Downloads\esetonlinescanner_enu (1).exe
2018-06-15 06:31 - 2018-06-15 06:31 - 006981240 _____ (ESET spol. s r.o.) C:\Users\kevca\Downloads\esetonlinescanner_enu.exe
2018-06-14 20:16 - 2018-06-14 20:16 - 000002627 _____ C:\Users\kevca\Downloads\FSS.txt
2018-06-14 20:15 - 2018-06-14 20:15 - 000899584 _____ (Farbar) C:\Users\kevca\Downloads\FSS.exe
2018-06-14 17:00 - 2018-06-17 07:37 - 000000000 ____D C:\Users\kevca\AppData\Roaming\Telegram Desktop
2018-06-14 17:00 - 2018-06-17 03:39 - 000000000 ____D C:\Users\kevca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2018-06-14 17:00 - 2018-06-14 17:00 - 022837912 _____ (Telegram Messenger LLP ) C:\Users\kevca\Downloads\tsetup.1.3.7.exe
2018-06-14 11:39 - 2018-06-14 11:39 - 000000000 ____D C:\ProgramData\Sophos
2018-06-14 11:32 - 2018-06-14 11:34 - 198283536 _____ (Sophos Limited) C:\Users\kevca\Downloads\Sophos Virus Removal Tool (1).exe
2018-06-14 10:54 - 2018-06-14 10:56 - 198260112 _____ (Sophos Limited) C:\Users\kevca\Downloads\Sophos Virus Removal Tool.exe
2018-06-14 10:49 - 2018-06-14 10:49 - 000448512 _____ (OldTimer Tools) C:\Users\kevca\Downloads\TFC.exe
2018-06-14 10:29 - 2018-06-14 10:29 - 000000000 ____H C:\Users\kevca\Documents\Default.rdp
2018-06-14 10:21 - 2018-06-14 10:21 - 000852798 _____ C:\Users\kevca\Downloads\SecurityCheck (3).exe
2018-06-14 10:16 - 2018-06-19 18:52 - 000000000 ____D C:\Users\kevca\AppData\Local\CrashDumps
2018-06-14 10:13 - 2018-06-14 10:14 - 000852798 _____ C:\Users\kevca\Downloads\SecurityCheck (2).exe
2018-06-14 09:21 - 2018-06-14 09:22 - 000852798 _____ C:\Users\kevca\Downloads\SecurityCheck (1).exe
2018-06-14 09:14 - 2018-06-14 09:17 - 000852798 _____ C:\Users\kevca\Downloads\SecurityCheck.exe
2018-06-14 07:59 - 2018-06-14 07:59 - 015566936 _____ C:\Users\kevca\Downloads\RogueKiller.exe
2018-06-13 23:05 - 2018-06-13 23:05 - 000080384 _____ C:\Users\kevca\Downloads\MBRCheck (3).exe
2018-06-13 09:52 - 2018-06-08 13:26 - 021754880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-06-13 09:52 - 2018-06-08 13:26 - 017084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-06-13 09:52 - 2018-06-08 03:30 - 008594848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-13 09:52 - 2018-06-08 03:24 - 007675792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-13 09:52 - 2018-06-08 03:23 - 021357336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-13 09:52 - 2018-06-08 03:21 - 007385096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-13 09:52 - 2018-06-08 02:26 - 025256960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-13 09:52 - 2018-06-08 02:09 - 017161216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-13 09:52 - 2018-06-08 02:06 - 006481096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-13 09:52 - 2018-06-08 02:01 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-13 09:52 - 2018-06-08 01:58 - 008068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-13 09:52 - 2018-06-08 01:44 - 019358720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-13 09:52 - 2018-06-08 01:36 - 006060032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-13 09:51 - 2018-06-08 13:03 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-13 09:51 - 2018-06-08 12:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-13 09:51 - 2018-06-08 12:58 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-13 09:51 - 2018-06-08 07:42 - 002491120 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll

 

[Kevin Hill]

2018-06-13 09:51 - 2018-06-08 07:41 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-13 09:51 - 2018-06-08 03:36 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-06-13 09:51 - 2018-06-08 03:36 - 000137120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-06-13 09:51 - 2018-06-08 03:35 - 001093040 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-13 09:51 - 2018-06-08 03:35 - 000924656 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-13 09:51 - 2018-06-08 03:35 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-13 09:51 - 2018-06-08 03:35 - 000069536 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-06-13 09:51 - 2018-06-08 03:34 - 000748472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-06-13 09:51 - 2018-06-08 03:34 - 000423352 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-06-13 09:51 - 2018-06-08 03:33 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-06-13 09:51 - 2018-06-08 03:33 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-13 09:51 - 2018-06-08 03:33 - 001056184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-13 09:51 - 2018-06-08 03:33 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-06-13 09:51 - 2018-06-08 03:33 - 000461216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-06-13 09:51 - 2018-06-08 03:33 - 000269720 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-06-13 09:51 - 2018-06-08 03:33 - 000192920 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-06-13 09:51 - 2018-06-08 03:33 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-06-13 09:51 - 2018-06-08 03:32 - 001638432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-13 09:51 - 2018-06-08 03:32 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-06-13 09:51 - 2018-06-08 03:32 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-06-13 09:51 - 2018-06-08 03:32 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-06-13 09:51 - 2018-06-08 03:32 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-06-13 09:51 - 2018-06-08 03:30 - 002514944 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-06-13 09:51 - 2018-06-08 03:30 - 001953544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-06-13 09:51 - 2018-06-08 03:30 - 001416360 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-13 09:51 - 2018-06-08 03:29 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-13 09:51 - 2018-06-08 03:29 - 001849760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-13 09:51 - 2018-06-08 03:29 - 001210272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-13 09:51 - 2018-06-08 03:29 - 000937376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-06-13 09:51 - 2018-06-08 03:29 - 000028576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-13 09:51 - 2018-06-08 03:27 - 001173584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-13 09:51 - 2018-06-08 03:27 - 000377760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-06-13 09:51 - 2018-06-08 03:26 - 000712456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-13 09:51 - 2018-06-08 03:26 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-06-13 09:51 - 2018-06-08 03:25 - 003903784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-06-13 09:51 - 2018-06-08 03:25 - 000525728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-13 09:51 - 2018-06-08 03:24 - 006282280 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2018-06-13 09:51 - 2018-06-08 03:24 - 003009736 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-06-13 09:51 - 2018-06-08 03:24 - 002711248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-13 09:51 - 2018-06-08 03:24 - 001488288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-06-13 09:51 - 2018-06-08 03:24 - 001029536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-06-13 09:51 - 2018-06-08 03:24 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2018-06-13 09:51 - 2018-06-08 03:24 - 000891808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-06-13 09:51 - 2018-06-08 03:24 - 000247712 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-06-13 09:51 - 2018-06-08 03:23 - 004486400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-06-13 09:51 - 2018-06-08 03:23 - 002472888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-06-13 09:51 - 2018-06-08 03:23 - 002412688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-06-13 09:51 - 2018-06-08 03:23 - 000824904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2018-06-13 09:51 - 2018-06-08 03:23 - 000706464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-13 09:51 - 2018-06-08 03:23 - 000677304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-13 09:51 - 2018-06-08 03:23 - 000137552 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-06-13 09:51 - 2018-06-08 03:22 - 006791992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-13 09:51 - 2018-06-08 03:22 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-13 09:51 - 2018-06-08 03:22 - 001358496 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-13 09:51 - 2018-06-08 03:22 - 001269640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-06-13 09:51 - 2018-06-08 03:22 - 000688072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-13 09:51 - 2018-06-08 03:22 - 000093624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-13 09:51 - 2018-06-08 03:22 - 000054376 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2018-06-13 09:51 - 2018-06-08 03:21 - 004507096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-13 09:51 - 2018-06-08 03:21 - 001779960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-13 09:51 - 2018-06-08 03:21 - 001206104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-06-13 09:51 - 2018-06-08 03:21 - 000594080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-06-13 09:51 - 2018-06-08 03:21 - 000260904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-13 09:51 - 2018-06-08 03:20 - 001101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-06-13 09:51 - 2018-06-08 02:21 - 001931256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-06-13 09:51 - 2018-06-08 02:21 - 001614168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-06-13 09:51 - 2018-06-08 02:21 - 000777912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll

 

[Kevin Hill]

2018-06-13 09:51 - 2018-06-08 02:19 - 001433360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-13 09:51 - 2018-06-08 02:18 - 000212920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-06-13 09:51 - 2018-06-08 02:18 - 000097160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-06-13 09:51 - 2018-06-08 02:10 - 003485400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-06-13 09:51 - 2018-06-08 02:10 - 002338272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-06-13 09:51 - 2018-06-08 02:10 - 001124768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-06-13 09:51 - 2018-06-08 02:09 - 006092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-13 09:51 - 2018-06-08 02:09 - 002993728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2018-06-13 09:51 - 2018-06-08 02:09 - 002193688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-13 09:51 - 2018-06-08 02:09 - 000832952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2018-06-13 09:51 - 2018-06-08 02:09 - 000791968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-06-13 09:51 - 2018-06-08 02:09 - 000592800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-13 09:51 - 2018-06-08 02:08 - 020290256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-13 09:51 - 2018-06-08 02:08 - 003979696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-06-13 09:51 - 2018-06-08 02:08 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-13 09:51 - 2018-06-08 02:08 - 001990672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-06-13 09:51 - 2018-06-08 02:08 - 001075984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-13 09:51 - 2018-06-08 02:08 - 000640024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-06-13 09:51 - 2018-06-08 02:08 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-06-13 09:51 - 2018-06-08 02:07 - 002386320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-06-13 09:51 - 2018-06-08 02:07 - 000975360 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-06-13 09:51 - 2018-06-08 02:07 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-13 09:51 - 2018-06-08 02:07 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2018-06-13 09:51 - 2018-06-08 02:07 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-06-13 09:51 - 2018-06-08 02:07 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-06-13 09:51 - 2018-06-08 02:07 - 000047608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2018-06-13 09:51 - 2018-06-08 02:06 - 006015208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-13 09:51 - 2018-06-08 02:06 - 004668688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-13 09:51 - 2018-06-08 02:06 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-06-13 09:51 - 2018-06-08 02:06 - 001524784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-13 09:51 - 2018-06-08 02:06 - 001131696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-06-13 09:51 - 2018-06-08 02:06 - 000551696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-06-13 09:51 - 2018-06-08 02:06 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-06-13 09:51 - 2018-06-08 02:06 - 000129208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-06-13 09:51 - 2018-06-08 02:05 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-06-13 09:51 - 2018-06-08 02:05 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-13 09:51 - 2018-06-08 02:04 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-13 09:51 - 2018-06-08 02:04 - 001925120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2018-06-13 09:51 - 2018-06-08 02:04 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-13 09:51 - 2018-06-08 02:04 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-06-13 09:51 - 2018-06-08 02:04 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-13 09:51 - 2018-06-08 02:03 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-06-13 09:51 - 2018-06-08 02:03 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-06-13 09:51 - 2018-06-08 02:02 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-13 09:51 - 2018-06-08 02:02 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-06-13 09:51 - 2018-06-08 02:02 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-13 09:51 - 2018-06-08 02:02 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-06-13 09:51 - 2018-06-08 02:02 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-06-13 09:51 - 2018-06-08 02:01 - 001217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-13 09:51 - 2018-06-08 02:01 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-13 09:51 - 2018-06-08 02:01 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2018-06-13 09:51 - 2018-06-08 02:01 - 000623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-06-13 09:51 - 2018-06-08 02:01 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2018-06-13 09:51 - 2018-06-08 02:01 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-06-13 09:51 - 2018-06-08 02:00 - 012833792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-13 09:51 - 2018-06-08 02:00 - 003180032 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-13 09:51 - 2018-06-08 02:00 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-13 09:51 - 2018-06-08 02:00 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2018-06-13 09:51 - 2018-06-08 02:00 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2018-06-13 09:51 - 2018-06-08 02:00 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-06-13 09:51 - 2018-06-08 01:59 - 008432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-06-13 09:51 - 2018-06-08 01:59 - 003124224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-06-13 09:51 - 2018-06-08 01:59 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-06-13 09:51 - 2018-06-08 01:59 - 001297920 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-06-13 09:51 - 2018-06-08 01:59 - 001116672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-06-13 09:51 - 2018-06-08 01:59 - 001043968 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-06-13 09:51 - 2018-06-08 01:59 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-13 09:51 - 2018-06-08 01:59 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-13 09:51 - 2018-06-08 01:58 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-13 09:51 - 2018-06-08 01:58 - 004723712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-13 09:51 - 2018-06-08 01:58 - 003332608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-13 09:51 - 2018-06-08 01:58 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-13 09:51 - 2018-06-08 01:58 - 002083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-13 09:51 - 2018-06-08 01:57 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-06-13 09:51 - 2018-06-08 01:57 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-06-13 09:51 - 2018-06-08 01:57 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-13 09:51 - 2018-06-08 01:57 - 001812992 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-13 09:51 - 2018-06-08 01:57 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-13 09:51 - 2018-06-08 01:57 - 001345024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll

 

[Kevin Hill]

Its too long to copy n paste

 

[Kevin Hill]

Can u make exception? im getting mixed up copying n pasting , messages r too long for forum posting