Solved Three Com Surrogates

[KuyaNailclip]

Hello, I've been looking around at posts recently, and have found out that once there is around three Com Surrogates, it flashes in my task manager and then it closes and only shows one once I hover over it or wait a few seconds. I've scanned multiple times and it says that there are no threats. I'm not really the most efficient at looking at what is a virus or not, and I would like some help.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[KuyaNailclip]

Thanks! I've done the scan with the Farbar Recovery Tool and here are the logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-12-2017
Ran by cacaR (administrator) on DESKTOP-TVF40JE (31-12-2017 11:06:49)
Running from C:\Users\cacaR\Downloads
Loaded Profiles: cacaR (Available Profiles: cacaR)
Platform: Windows 10 Home Version 1709 16299.64 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(f.lux Software LLC) C:\Users\cacaR\AppData\Local\FluxSoftware\Flux\flux.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-31] (AVAST Software)
HKU\S-1-5-21-4118052371-3421211454-4028698306-1001\...\Run: [f.lux] => C:\Users\cacaR\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6062ffcd-d8b2-4ac2-bf41-203fdb74cad3}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-4118052371-3421211454-4028698306-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset

FireFox:
========
FF DefaultProfile: ijwwuihp.default
FF ProfilePath: C:\Users\cacaR\AppData\Roaming\Mozilla\Firefox\Profiles\ijwwuihp.default [2017-12-31]
FF Extension: (AdBlock) - C:\Users\cacaR\AppData\Roaming\Mozilla\Firefox\Profiles\ijwwuihp.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-12-31]
FF Extension: (Avast Online Security) - C:\Users\cacaR\AppData\Roaming\Mozilla\Firefox\Profiles\ijwwuihp.default\Extensions\wrc@avast.com.xpi [2017-12-31]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-31] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-31] (AVAST Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [185096 2017-12-31] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321512 2017-12-31] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199448 2017-12-31] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343768 2017-12-31] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57696 2017-12-31] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [149344 2017-12-31] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2017-12-31] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146664 2017-12-31] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110336 2017-12-31] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84384 2017-12-31] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1025176 2017-12-31] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [457400 2017-12-31] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [204456 2017-12-31] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [358672 2017-12-31] (AVAST Software)
S3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [54256 2016-12-10] (Corsair)
S3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [29168 2016-12-10] (Corsair)
U1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2017-12-31] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c791f781cd94491f\nvlddmkm.sys [16989296 2017-11-15] (NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [26560 2017-10-10] (Windows (R) Win 7 DDK provider)
S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-11-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 ssbthid; C:\WINDOWS\System32\drivers\ssbthid.sys [43824 2017-12-15] ()
S3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46896 2017-12-15] ()
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [46896 2017-12-15] ()
S3 STTub30; C:\WINDOWS\System32\Drivers\STTub30.sys [54104 2017-08-30] (STMicroelectronics)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-31 11:06 - 2017-12-31 11:07 - 000007661 _____ C:\Users\cacaR\Downloads\FRST.txt
2017-12-31 11:05 - 2017-12-31 11:06 - 000000000 ____D C:\FRST
2017-12-31 11:05 - 2017-12-31 11:05 - 000000000 ____D C:\Users\cacaR\Downloads\FRST-OlderVersion
2017-12-31 11:04 - 2017-12-31 11:05 - 002392064 _____ (Farbar) C:\Users\cacaR\Downloads\FRST64.exe
2017-12-31 11:00 - 2017-12-31 11:00 - 000000000 ____D C:\Users\cacaR\AppData\Local\AVAST Software
2017-12-31 10:59 - 2017-12-31 10:59 - 000000000 ____D C:\Users\cacaR\AppData\Roaming\AVAST Software
2017-12-31 10:59 - 2017-12-31 10:59 - 000000000 ____D C:\Users\cacaR\AppData\Local\CEF
2017-12-31 10:59 - 2017-12-31 10:59 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-12-31 10:58 - 2017-12-31 10:58 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-12-31 10:58 - 2017-12-31 10:58 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-12-31 10:58 - 2017-12-31 10:58 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-12-31 10:58 - 2017-12-31 10:58 - 000001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-12-31 10:58 - 2017-12-31 10:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2017-12-31 10:58 - 2017-12-31 10:58 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-12-31 10:54 - 2017-12-31 10:53 - 001025176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-12-31 10:54 - 2017-12-31 10:53 - 000457400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-12-31 10:54 - 2017-12-31 10:53 - 000358672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-12-31 10:54 - 2017-12-31 10:53 - 000343768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-12-31 10:54 - 2017-12-31 10:53 - 000321512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-12-31 10:54 - 2017-12-31 10:53 - 000204456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-12-31 10:54 - 2017-12-31 10:53 - 000199448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-12-31 10:54 - 2017-12-31 10:53 - 000185096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-12-31 10:54 - 2017-12-31 10:53 - 000149344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2017-12-31 10:54 - 2017-12-31 10:53 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-12-31 10:54 - 2017-12-31 10:53 - 000110336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-12-31 10:54 - 2017-12-31 10:53 - 000084384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-12-31 10:54 - 2017-12-31 10:53 - 000057696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-12-31 10:54 - 2017-12-31 10:53 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-12-31 10:53 - 2017-12-31 10:53 - 000365680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-12-31 10:52 - 2017-12-31 10:40 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-12-31 10:51 - 2017-12-31 10:53 - 000000000 ____D C:\ProgramData\AVAST Software
2017-12-31 10:51 - 2017-12-31 10:51 - 006334848 _____ (AVAST Software) C:\Users\cacaR\Downloads\avast_free_antivirus_setup.exe
2017-12-31 10:51 - 2017-12-31 10:51 - 000000039 _____ C:\Users\cacaR\Downloads\Stats.ini
2017-12-31 10:51 - 2017-12-31 10:51 - 000000000 ____D C:\Users\cacaR\AppData\Local\Comms
2017-12-31 10:51 - 2017-12-31 10:51 - 000000000 ____D C:\Program Files\AVAST Software
2017-12-31 10:50 - 2017-12-31 10:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-31 10:50 - 2017-12-31 10:50 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-31 10:49 - 2017-12-31 10:49 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-31 10:39 - 2017-12-31 10:39 - 000002160 _____ C:\Users\cacaR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2017-12-31 10:39 - 2017-12-31 10:39 - 000000000 ____D C:\Users\cacaR\AppData\Local\FluxSoftware
2017-12-31 10:38 - 2017-12-31 10:39 - 000766552 _____ C:\Users\cacaR\Downloads\flux-setup.exe
2017-12-31 10:37 - 2017-12-31 10:41 - 000000000 ____D C:\Users\cacaR\AppData\Local\Mozilla
2017-12-31 10:37 - 2017-12-31 10:37 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-31 10:37 - 2017-12-31 10:37 - 000000993 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-12-31 10:37 - 2017-12-31 10:37 - 000000000 ____D C:\Users\cacaR\AppData\Roaming\Mozilla
2017-12-31 10:37 - 2017-12-31 10:37 - 000000000 ____D C:\Users\cacaR\AppData\LocalLow\Mozilla
2017-12-31 10:37 - 2017-12-31 10:37 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-31 10:37 - 2017-12-31 10:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-31 10:36 - 2017-12-31 10:36 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4118052371-3421211454-4028698306-1001
2017-12-31 10:36 - 2017-12-31 10:36 - 000000000 ___HD C:\OneDriveTemp
2017-12-31 10:36 - 2015-01-02 22:29 - 000000174 _____ C:\Users\cacaR\OneDrive\Documents\Passwords.txt
2017-12-31 10:35 - 2017-12-31 10:36 - 000002367 _____ C:\Users\cacaR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-31 10:35 - 2017-12-31 10:36 - 000000000 ___RD C:\Users\cacaR\OneDrive
2017-12-31 10:35 - 2017-12-31 10:35 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-12-31 10:33 - 2017-12-31 10:51 - 000000000 ____D C:\Users\cacaR\AppData\Local\PackageStaging
2017-12-31 10:33 - 2017-12-31 10:51 - 000000000 ____D C:\Users\cacaR\AppData\Local\Packages
2017-12-31 10:33 - 2017-12-31 10:34 - 000000000 ____D C:\Users\cacaR\AppData\Local\ConnectedDevicesPlatform
2017-12-31 10:33 - 2017-12-31 10:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-31 10:33 - 2017-12-31 10:33 - 000000000 ___RD C:\Users\cacaR\3D Objects
2017-12-31 10:33 - 2017-12-31 10:33 - 000000000 ___HD C:\Users\cacaR\MicrosoftEdgeBackups
2017-12-31 10:33 - 2017-12-31 10:33 - 000000000 ____D C:\Users\cacaR\AppData\Roaming\Adobe
2017-12-31 10:33 - 2017-12-31 10:33 - 000000000 ____D C:\Users\cacaR\AppData\Local\VirtualStore
2017-12-31 10:33 - 2017-12-31 10:33 - 000000000 ____D C:\Users\cacaR\AppData\Local\Publishers
2017-12-31 10:33 - 2017-12-31 10:33 - 000000000 ____D C:\Users\cacaR\AppData\Local\MicrosoftEdge
2017-12-31 10:31 - 2017-12-31 10:35 - 000000000 ____D C:\Users\cacaR
2017-12-31 10:31 - 2017-12-31 10:31 - 000000020 ___SH C:\Users\cacaR\ntuser.ini
2017-12-31 07:24 - 2017-12-31 07:24 - 000000000 _SHDL C:\Users\Default User
2017-12-31 07:24 - 2017-12-31 07:24 - 000000000 _SHDL C:\Users\All Users
2017-12-31 07:24 - 2017-12-31 07:24 - 000000000 _SHDL C:\Documents and Settings
2017-12-31 07:17 - 2017-12-31 10:33 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-31 07:17 - 2017-12-31 07:17 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-31 07:17 - 2017-12-31 07:17 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-31 07:17 - 2017-12-31 07:17 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-31 07:17 - 2017-11-14 15:15 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-12-31 07:17 - 2017-11-14 14:56 - 005960640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-12-31 07:17 - 2017-11-14 14:56 - 002587584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-12-31 07:17 - 2017-11-14 14:56 - 001766336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-12-31 07:17 - 2017-11-14 14:56 - 000607352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-12-31 07:17 - 2017-11-14 14:56 - 000449472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-12-31 07:17 - 2017-11-14 14:56 - 000123000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-12-31 07:17 - 2017-11-14 14:56 - 000082040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-12-31 07:17 - 2017-11-10 01:09 - 007855841 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-12-31 07:14 - 2017-12-31 10:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-31 07:14 - 2017-12-31 07:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-31 07:14 - 2017-12-31 07:14 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-12-31 07:13 - 2017-12-31 07:14 - 000222832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-31 04:34 - 2017-12-31 04:34 - 000000000 ____D C:\ProgramData\USOShared
2017-12-31 04:28 - 2017-12-31 04:28 - 000886066 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-31 04:26 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-12-31 02:20 - 2017-12-31 02:20 - 000000000 ____D C:\WINDOWS\InfusedApps
2017-12-31 02:19 - 2017-12-31 02:33 - 000000000 ____D C:\Windows.old
2017-12-31 02:19 - 2017-12-31 02:19 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-12-31 02:18 - 2017-12-31 02:18 - 000000000 ____D C:\WINDOWS\Setup
2017-12-31 02:18 - 2017-12-31 02:18 - 000000000 ____D C:\Program Files (x86)\Razer
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-12-31 02:16 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-12-31 02:16 - 2017-12-31 02:16 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-12-31 02:16 - 2017-12-31 02:16 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2017-12-31 02:16 - 2017-12-31 02:16 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2017-12-31 02:16 - 2017-12-31 02:16 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2017-12-31 02:16 - 2017-12-31 02:16 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2017-12-31 02:16 - 2017-12-31 02:16 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2017-12-31 02:16 - 2017-12-31 02:16 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2017-12-31 02:16 - 2017-12-31 02:16 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2017-12-31 02:16 - 2017-12-31 02:16 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2017-12-31 02:16 - 2017-12-31 02:16 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2017-12-31 02:16 - 2017-12-31 02:16 - 000000000 ____D C:\WINDOWS\OCR
2017-12-31 02:16 - 2017-12-31 02:16 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-12-31 02:16 - 2017-12-31 02:16 - 000000000 ____D C:\Program Files\MSBuild
2017-12-31 02:16 - 2017-12-31 02:16 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-12-31 02:16 - 2017-12-31 02:16 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-12-31 02:14 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-12-31 02:14 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-12-31 02:14 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-12-31 02:14 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-12-31 02:14 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-12-31 02:14 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2017-12-31 02:14 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\system32\winrm
2017-12-31 02:14 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\system32\WCN
2017-12-31 02:14 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\system32\slmgr
2017-12-31 02:14 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-12-31 02:14 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\system32\0409
2017-12-31 02:14 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\DigitalLocker
2017-12-31 02:11 - 2017-12-03 17:38 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-31 02:11 - 2017-12-03 17:38 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-31 02:09 - 2017-12-31 11:07 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-31 02:09 - 2017-12-31 11:07 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-31 02:09 - 2017-12-31 11:06 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-12-31 02:09 - 2017-12-31 10:37 - 000000000 ___RD C:\Program Files (x86)
2017-12-31 02:09 - 2017-12-31 07:22 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-12-31 02:09 - 2017-12-31 07:22 - 000000000 ____D C:\WINDOWS\appcompat
2017-12-31 02:09 - 2017-12-31 07:18 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-12-31 02:09 - 2017-12-31 07:18 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-12-31 02:09 - 2017-12-31 04:34 - 000000000 ____D C:\ProgramData\USOPrivate
2017-12-31 02:09 - 2017-12-31 04:27 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-12-31 02:09 - 2017-12-31 04:27 - 000000000 ____D C:\WINDOWS\rescache
2017-12-31 02:09 - 2017-12-31 04:26 - 000000000 ____D C:\WINDOWS\system32\spool
2017-12-31 02:09 - 2017-12-31 04:26 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-12-31 02:09 - 2017-12-31 02:19 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-12-31 02:09 - 2017-12-31 02:17 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-12-31 02:09 - 2017-12-31 02:17 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-12-31 02:09 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\TextInput
2017-12-31 02:09 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-12-31 02:09 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-12-31 02:09 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-12-31 02:09 - 2017-12-31 02:17 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-31 02:09 - 2017-12-31 02:16 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\system32\setup
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\system32\com
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\IME
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\Help
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ____D C:\Program Files\Common Files\system
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-12-31 02:09 - 2017-12-31 02:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 __RSD C:\WINDOWS\media
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 __RHD C:\Users\Public\Libraries
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ___SD C:\WINDOWS\system32\UNP
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ___SD C:\WINDOWS\system32\Nui
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\Web
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\Vss
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\tracing
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\TAPI
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SystemResources
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SystemApps
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\winevt
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\ras
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\IME
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\icsxml
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\ias
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\downlevel
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\DDFs
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\System
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SKB
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\security
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\schemas
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\SchCache
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\Resources
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\Registration
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\Provisioning
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\PLA
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\Performance
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\ModemLogs
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\L2Schemas
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\InputMethod
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\Globalization
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\Cursors
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\Branding
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\addins
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\Program Files\Windows Security
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\Program Files\Windows Portable Devices
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\Program Files\windows nt
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\Program Files\Common Files\Services
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\Program Files (x86)\windows nt
2017-12-31 02:09 - 2017-12-31 02:09 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-12-31 02:09 - 2017-12-31 02:06 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-12-31 02:09 - 2017-12-31 02:06 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2017-12-31 02:09 - 2017-12-31 02:06 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2017-12-31 02:09 - 2017-12-31 02:06 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-12-31 02:09 - 2017-12-31 02:06 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2017-12-31 02:09 - 2017-12-31 02:06 - 000017572 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-12-31 02:09 - 2017-12-31 02:06 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2017-12-31 02:09 - 2017-12-31 02:06 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2017-12-31 02:09 - 2017-12-31 02:06 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2017-12-31 02:09 - 2017-12-31 02:06 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2017-12-31 02:09 - 2017-12-31 02:06 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2017-12-31 02:09 - 2017-12-31 02:06 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2017-12-31 02:09 - 2017-12-31 02:06 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2017-12-31 02:09 - 2017-12-31 02:06 - 000000219 _____ C:\WINDOWS\system.ini
2017-12-31 02:09 - 2017-12-31 02:06 - 000000092 _____ C:\WINDOWS\win.ini
2017-12-31 02:07 - 2017-12-31 10:51 - 000000000 ____D C:\WINDOWS\INF
2017-12-31 02:01 - 2017-12-31 10:48 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-31 01:57 - 2017-12-31 07:22 - 069730304 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-12-31 01:57 - 2017-12-31 07:22 - 011272192 _____ C:\WINDOWS\system32\config\SYSTEM
2017-12-31 01:57 - 2017-12-31 07:22 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2017-12-31 01:57 - 2017-12-31 07:22 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2017-12-31 01:57 - 2017-12-31 07:22 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2017-12-31 01:57 - 2017-12-31 07:15 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-12-31 01:57 - 2017-12-31 04:25 - 000000000 ____D C:\WINDOWS\Panther
2017-12-31 01:57 - 2017-12-31 02:14 - 000000000 ____D C:\WINDOWS\servicing
2017-12-31 01:57 - 2017-12-31 02:12 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2017-12-31 01:57 - 2017-12-31 02:09 - 000000000 ____D C:\WINDOWS\system32\SMI
2017-12-30 22:48 - 2017-12-31 01:57 - 000000000 ___HD C:\$SysReset
2017-12-18 15:55 - 2017-12-07 17:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2017-12-13 09:49 - 2017-12-07 17:10 - 001313792 ____N (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-31 02:05 - 2017-09-29 08:40 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2017-12-15 14:59 - 2017-08-15 06:29 - 000046896 _____ C:\WINDOWS\system32\Drivers\sshid.sys
2017-12-15 14:59 - 2017-06-01 21:44 - 000046896 _____ C:\WINDOWS\system32\Drivers\ssdevfactory.sys
2017-12-15 14:59 - 2017-05-12 13:48 - 000043824 _____ C:\WINDOWS\system32\Drivers\ssbthid.sys

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-31 07:13

==================== End of FRST.txt ============================
(I couldn't upload the addition, it said that it was considered to be spam..)

 

[Broni]

FRST produces two logs. I still need second one.

 

[KuyaNailclip]

Really sorry, it still considers it to be spam whenever I try and copy and paste it

 

[Broni]

Attach the log.

 

[KuyaNailclip]

Here

 

[Broni]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-12-2017
Ran by cacaR (31-12-2017 11:07:52)
Running from C:\Users\cacaR\Downloads
Windows 10 Home Version 1709 16299.64 (X64) (2017-12-31 09:25:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4118052371-3421211454-4028698306-500 - Administrator - Disabled)
cacaR (S-1-5-21-4118052371-3421211454-4028698306-1001 - Administrator - Enabled) => C:\Users\cacaR
DefaultAccount (S-1-5-21-4118052371-3421211454-4028698306-503 - Limited - Disabled)
Guest (S-1-5-21-4118052371-3421211454-4028698306-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4118052371-3421211454-4028698306-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
f.lux (HKU\S-1-5-21-4118052371-3421211454-4028698306-1001\...\Flux) (Version: - f.lux Software LLC)
Microsoft OneDrive (HKU\S-1-5-21-4118052371-3421211454-4028698306-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Mozilla Firefox 57.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.3 (x64 en-US)) (Version: 57.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.3 - Mozilla)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-31] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-31] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-31] (AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-31] (AVAST Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {540F6DA0-1C47-4341-AAA5-75622B3F7487} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-31] (AVAST Software)
Task: {5AA68E30-7563-422B-8871-9A6038A611F0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-12-31] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-09-29 08:42 - 2017-09-29 09:43 - 011044864 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 08:42 - 2017-09-29 09:43 - 001804288 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-29 09:44 - 2017-09-29 09:44 - 000819200 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1706.2401.0_x64__8wekyb3d8bbwe\TimeBackground.dll
2017-12-31 10:36 - 2017-12-31 10:36 - 000102088 _____ () C:\Users\cacaR\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2017-12-31 10:53 - 2017-12-31 10:53 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-12-31 10:53 - 2017-12-31 10:53 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-12-31 10:53 - 2017-12-31 10:53 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2017-12-31 10:53 - 2017-12-31 10:53 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-31 10:53 - 2017-12-31 10:53 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-12-31 10:53 - 2017-12-31 10:53 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-12-31 02:09 - 2017-12-31 02:06 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4118052371-3421211454-4028698306-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cacaR\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\brighton_pier_sunset-wallpaper-1920x1080.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{42A3F871-85A5-4569-B992-E62106341DDA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6CFC3135-0BC6-497B-A53C-6BBD218B0599}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

31-12-2017 10:45:05 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2017 10:59:01 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/31/2017 10:52:07 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/31/2017 10:33:42 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (4276,P,0) TILEREPOSITORYS-1-5-21-4118052371-3421211454-4028698306-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (12/31/2017 10:33:42 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (4276,P,0) TILEREPOSITORYS-1-5-21-4118052371-3421211454-4028698306-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (12/31/2017 10:33:42 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (4276,P,0) TILEREPOSITORYS-1-5-21-4118052371-3421211454-4028698306-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (12/31/2017 10:33:42 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (4276,P,0) TILEREPOSITORYS-1-5-21-4118052371-3421211454-4028698306-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (12/31/2017 10:33:42 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (4276,P,0) TILEREPOSITORYS-1-5-21-4118052371-3421211454-4028698306-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (12/31/2017 10:33:42 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (4276,P,0) TILEREPOSITORYS-1-5-21-4118052371-3421211454-4028698306-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (12/31/2017 07:17:15 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.

Error: (12/31/2017 07:17:14 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.


System errors:
=============
Error: (12/31/2017 11:07:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: 9NBLGGH3FRZM-Microsoft.VCLibs.140.00.

Error: (12/31/2017 10:50:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/31/2017 10:50:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/31/2017 10:50:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/31/2017 10:50:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/31/2017 10:50:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/31/2017 10:50:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/31/2017 10:50:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/31/2017 10:50:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/31/2017 10:29:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 46%
Total physical RAM: 8091.51 MB
Available physical RAM: 4356.78 MB
Total Virtual: 10011.51 MB
Available Virtual: 5920.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.46 GB) (Free:1840.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

I don't see much so far...

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[KuyaNailclip]

Hey, thanks for helping me, but I just wanted to preface this by saying that I do have three com surrogates and then two disappear and one stays active, but I've noticed that the two others usually don't eat up that much memory, usually using up to 1.0 to 1.3 MBs while the other one still follows suit. I know that because it looks normal, it doesn't actually mean that in reality it isn't infected, but just something that I've wanted to point out (I had also reset my computer before hand just cause I wanted to restart new..) Here are the logs for all three of them.

RogueKiller:

RogueKiller V12.11.30.0 (x64) [Dec 26 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : cacaR [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 01/01/2018 19:13:46 (Duration : 00:19:34)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM006-2DM164 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1159168 | Size: 1907163 MB
User = LL1 ... OK
User = LL2 ... OK

Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/1/18
Scan Time: 7:47 PM
Log File: 79c6b580-ef56-11e7-a087-305a3a08ddbe.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3604
License: Trial

-System Information-
OS: Windows 10 (Build 16299.64)
CPU: x64
File System: NTFS
User: DESKTOP-TVF40JE\cacaR

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 265724
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 0 min, 58 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

AdwCleaner:

# AdwCleaner 7.0.6.0 - Logfile created on Tue Jan 02 00:54:54 2018
# Updated on 2017/21/12 by Malwarebytes
# Database: 01-01-2018.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

 

[KuyaNailclip]

Sorry if you can't see the logs/messages, it's currently awaiting moderator approval...

 

[Broni]

I don't see anything malicious there.
You should be good to go

 

[KuyaNailclip]

Thanks
I really feel like donating to you, but unfortunately I don't really have any money with me But thanks for the support and dedication!

 

[Broni]

No worries