ShashankJakhmola

Addition.txt FRST.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.3 (04.10.2017) Operating System: Windows 10 Pro x64 Ran by SHANK (Administrator) on 11-07-2017 at 11:34:42.19 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 5 Successfully deleted: C:\ai_recyclebin (Folder) Successfully deleted: C:\ProgramData\productdata (Folder) Successfully deleted: C:\Users\SHANK\AppData\Roaming\productdata (Folder) Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Administrator (Task) Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job (Task) Deleted the following from C:\Users\SHANK\AppData\Roaming\Mozilla\Firefox\Profiles\2mh0mued.default-1494169835761\prefs.js user_pref(browser.urlbar.suggest.searches, true); Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11-07-2017 at 11:37:09.31 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v6.047 - Logfile created 11/07/2017 at 11:29:46 # Updated on 19/05/2017 by Malwarebytes # Database : 2017-07-10.1 [Server] # Operating System : Windows 10 Pro (X64) # Username : SHANK - PC # Running from : C:\Users\SHANK\Downloads\Programs\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\ProgramData\IObit\ASCDownloader [#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\ASCDownloader ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: [x64] HKLM\SOFTWARE\Reimage ***** [ Web browsers ] ***** [-] [C:\Users\SHANK\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [4635 Bytes] - [26/04/2017 12:06:40] C:\AdwCleaner\AdwCleaner[C2].txt - [1117 Bytes] - [11/07/2017 11:29:46] C:\AdwCleaner\AdwCleaner[S0].txt - [4456 Bytes] - [26/04/2017 12:06:02] C:\AdwCleaner\AdwCleaner[S1].txt - [1664 Bytes] - [11/07/2017 11:29:01] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1336 Bytes] ##########

Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/10/17 Scan Time: 3:14 PM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2330 License: Trial -System Information- OS: Windows 10 (Build 10240.16384) CPU: x64 File System: NTFS User: PC\SHANK -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 434624 Threats Detected: 115 Threats Quarantined: 115 Time Elapsed: 11 min, 54 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 110 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1088], [327205],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, Quarantined, [1088], [327205],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, Quarantined, [1088], [327205],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1088], [327205],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1088], [327205],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1088], [327205],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1088], [327205],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1088], [327205],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1088], [327205],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1088], [327205],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1088], [327205],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1088], [327205],1.0.2330 PUP.Optional.Reimage, HKU\S-1-5-21-2700927378-2106285669-3968480891-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1088], [327205],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1088], [332494],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1088], [332494],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1088], [332494],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, Quarantined, [1088], [327206],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1088], [327193],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1088], [327193],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09, Quarantined, [6315], [406765],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB, Quarantined, [6315], [406766],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884, Quarantined, [6315], [406767],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE, Quarantined, [6315], [406768],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF, Quarantined, [6315], [406769],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF, Quarantined, [6315], [406770],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7, Quarantined, [6315], [406773],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59, Quarantined, [6315], [406774],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A, Quarantined, [6315], [406775],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F, Quarantined, [6315], [406778],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC, Quarantined, [6315], [406779],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159, Quarantined, [6315], [406781],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01, Quarantined, [6315], [406788],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF, Quarantined, [6315], [406787],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF, Quarantined, [6315], [406783],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C, Quarantined, [6315], [406784],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D, Quarantined, [6315], [406789],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E, Quarantined, [6315], [406823],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29, Quarantined, [6315], [406822],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF, Quarantined, [6315], [406790],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB, Quarantined, [6315], [406791],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF, Quarantined, [6315], [406792],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E, Quarantined, [6315], [406793],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1, Quarantined, [6315], [406821],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361, Quarantined, [6315], [406806],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5, Quarantined, [6315], [406807],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13, Quarantined, [6315], [406812],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99, Quarantined, [6315], [406811],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309, Quarantined, [6315], [406810],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F, Quarantined, [6315], [406809],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947, Quarantined, [6315], [406804],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F, Quarantined, [6315], [406805],1.0.2330 PUP.Optional.Reimage, HKU\S-1-5-21-2700927378-2106285669-3968480891-1001\SOFTWARE\Reimage, Quarantined, [1088], [357494],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0, Quarantined, [6315], [406803],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8, Quarantined, [6315], [406802],1.0.2330 PUP.Optional.Reimage, HKU\S-1-5-21-2700927378-2106285669-3968480891-1001\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., Quarantined, [1088], [327203],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598, Quarantined, [6315], [406801],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87, Quarantined, [6315], [406799],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA, Quarantined, [6315], [406798],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00, Quarantined, [6315], [406797],1.0.2330 PUP.Optional.Reimage, HKU\S-1-5-21-2700927378-2106285669-3968480891-1001\SOFTWARE\REIMAGE\PC REPAIR, Quarantined, [1088], [327204],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF, Quarantined, [6315], [406796],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09, Quarantined, [6315], [406765],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54, Quarantined, [6315], [406795],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB, Quarantined, [6315], [406766],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9, Quarantined, [6315], [406786],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884, Quarantined, [6315], [406767],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A, Quarantined, [6315], [406785],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE, Quarantined, [6315], [406768],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138, Quarantined, [6315], [406777],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF, Quarantined, [6315], [406769],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF, Quarantined, [6315], [406770],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7, Quarantined, [6315], [406773],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59, Quarantined, [6315], [406774],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A, Quarantined, [6315], [406775],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F, Quarantined, [6315], [406778],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC, Quarantined, [6315], [406779],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159, Quarantined, [6315], [406781],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01, Quarantined, [6315], [406788],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF, Quarantined, [6315], [406787],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF, Quarantined, [6315], [406783],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C, Quarantined, [6315], [406784],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D, Quarantined, [6315], [406789],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E, Quarantined, [6315], [406823],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29, Quarantined, [6315], [406822],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF, Quarantined, [6315], [406790],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB, Quarantined, [6315], [406791],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF, Quarantined, [6315], [406792],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E, Quarantined, [6315], [406793],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1, Quarantined, [6315], [406821],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361, Quarantined, [6315], [406806],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5, Quarantined, [6315], [406807],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13, Quarantined, [6315], [406812],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99, Quarantined, [6315], [406811],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309, Quarantined, [6315], [406810],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F, Quarantined, [6315], [406809],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947, Quarantined, [6315], [406804],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F, Quarantined, [6315], [406805],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0, Quarantined, [6315], [406803],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8, Quarantined, [6315], [406802],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598, Quarantined, [6315], [406801],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87, Quarantined, [6315], [406799],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA, Quarantined, [6315], [406798],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00, Quarantined, [6315], [406797],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF, Quarantined, [6315], [406796],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54, Quarantined, [6315], [406795],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9, Quarantined, [6315], [406786],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A, Quarantined, [6315], [406785],1.0.2330 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138, Quarantined, [6315], [406777],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, Quarantined, [1088], [336077],1.0.2330 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, Quarantined, [1088], [327193],1.0.2330 Registry Value: 1 PUP.Optional.Reimage, HKU\S-1-5-21-2700927378-2106285669-3968480891-1001\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, Quarantined, [1088], [327204],1.0.2330 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 4 PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.6\STANDALONEPHASE1.DAT, Quarantined, [592], [393793],1.0.2330 PUP.Optional.Reimage, C:\USERS\SHANK\APPDATA\LOCAL\TEMP\REIMAGE.LOG, Quarantined, [1088], [334717],1.0.2330 PUP.Optional.Reimage, C:\USERS\SHANK\APPDATA\LOCAL\TEMP\REIMAGEPACKAGE.EXE, Quarantined, [1088], [331559],1.0.2330 PUP.Optional.Reimage, C:\WINDOWS\REIMAGE.INI, Quarantined, [1088], [412667],1.0.2330 Physical Sector: 0 (No malicious items detected) (end)

Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2017.07.05.05 rootkit: v2017.05.27.01 Windows 10 x64 NTFS Internet Explorer 11.0.10240.16384 SHANK :: PC [administrator] 05-07-2017 17:53:50 mbar-log-2017-07-05 (17-53-50).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 353956 Time elapsed: 19 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 14 HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.Wdfload) -> Delete on reboot. [beeb342ebbee93a3a18a81a67f81a35d] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.Wdfload) -> Delete on reboot. [00a9a2c0941587afbb61e73ba15f7090] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{07E70E7B-BD09-417E-A6C7-8227153FE25C} (Trojan.Agent.Generic) -> Delete on reboot. [d7d2a1c101a8bb7ba43fc974956c9e62] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0BA4E7EC-FED8-41F9-B2D5-8C1CA3C71420} (Trojan.Agent.Generic) -> Delete on reboot. [2287a3bf9712dc5a5cab81264fb205fb] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6492275E-C2A9-4EBB-9F1F-7C106CDCC6EA} (Trojan.Agent.Generic) -> Delete on reboot. [387121416d3c2d09dc2b2285926ff808] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{796D4625-D6F9-414E-8604-AB0A91E4092C} (Trojan.Agent.Generic) -> Delete on reboot. [8425481a4f5a999db92a0439cc35a15f] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9516155D-FC48-4F00-BA6F-F43AEA5D3966} (Trojan.Agent.Generic) -> Delete on reboot. [5b4e1f432584ef479926af67e21f8f71] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\39L8356g1037X775 (Trojan.Agent.Generic) -> Delete on reboot. [67424e14c0e964d27fb406364fb2e719] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\39L8356g1037X775-dll (Trojan.Agent.Generic) -> Delete on reboot. [4069c89aa4052610d072347209f847b9] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\51L8028a6987u910 (Trojan.Agent.Generic) -> Delete on reboot. [a207085abbee0630d95a380421e0669a] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\51L8028a6987u910-dll (Trojan.Agent.Generic) -> Delete on reboot. [2089dc86c3e61620a79bebbba75af907] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\5L4294g9684X604 (Trojan.Agent.Generic) -> Delete on reboot. [f0b91b472188280ec6fec155bd44b050] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.Wdfload) -> Delete on reboot. [6544e1816247c274929933f48f71837d] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.Wdfload) -> Delete on reboot. [b5f472f0aaff5bdb78a45bc72cd453ad] Registry Values Detected: 5 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{07E70E7B-BD09-417E-A6C7-8227153FE25C}|Path (Trojan.Agent.Generic) -> Data: \51L8028a6987u910 -> Delete on reboot. [d7d2a1c101a8bb7ba43fc974956c9e62] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0BA4E7EC-FED8-41F9-B2D5-8C1CA3C71420}|Path (Trojan.Agent.Generic) -> Data: \39L8356g1037X775-dll -> Delete on reboot. [2287a3bf9712dc5a5cab81264fb205fb] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6492275E-C2A9-4EBB-9F1F-7C106CDCC6EA}|Path (Trojan.Agent.Generic) -> Data: \51L8028a6987u910-dll -> Delete on reboot. [387121416d3c2d09dc2b2285926ff808] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{796D4625-D6F9-414E-8604-AB0A91E4092C}|Path (Trojan.Agent.Generic) -> Data: \39L8356g1037X775 -> Delete on reboot. [8425481a4f5a999db92a0439cc35a15f] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9516155D-FC48-4F00-BA6F-F43AEA5D3966}|Path (Trojan.Agent.Generic) -> Data: \5L4294g9684X604 -> Delete on reboot. [5b4e1f432584ef479926af67e21f8f71] Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 10 C:\Program Files\Wevice a Art Home Simulator\Wevice a Art Home Simulator.dll (Trojan.Wdfload.Generic) -> Delete on reboot. [a7027ce6525749ed21e423e947bb07f9] C:\Program Files (x86)\Bandicam\Bandicam Universal Crack.exe (RiskWare.Tool.HCK) -> Delete on reboot. [1f8a0c565356d85e56eab7947f820000] C:\ProgramData\39L8356g1037X775\39L8356g1037X775.dll (Trojan.Wdfload.Generic) -> Delete on reboot. [703992d06247c76fcc91338a21e02bd5] C:\ProgramData\51L8028a6987u910\51L8028a6987u910.dll (Trojan.Wdfload.Generic) -> Delete on reboot. [3178570b5950d46274e9873618e9b64a] C:\ProgramData\5L4294g9684X604\5L4294g9684X604.dll (Trojan.Wdfload.Generic) -> Delete on reboot. [04a573ef2a7f171f65f8e9d4af5221df] C:\Windows\System32\Tasks\5L4294G9684X604 (Trojan.Agent.Generic) -> Delete on reboot. [9f0acf933277e94d309b46d09b6616ea] C:\Windows\System32\Tasks\39L8356G1037X775 (Trojan.Agent.Generic) -> Delete on reboot. [5d4cbfa37f2a6ec837f57cc14db4758b] C:\Windows\System32\Tasks\51L8028A6987U910 (Trojan.Agent.Generic) -> Delete on reboot. [00a900623673fb3b89a37ebf46bb1ae6] C:\Windows\System32\Tasks\39L8356G1037X775-DLL (Trojan.Agent.Generic) -> Delete on reboot. [cddce57dd8d152e4194b6a3c847dbe42] C:\Windows\System32\Tasks\51L8028A6987U910-DLL (Trojan.Agent.Generic) -> Delete on reboot. [1c8d8dd524851b1bd4905155eb164cb4] Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.0.10240.16384 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, S:\ DRIVE_FIXED CPU speed: 3.100000 GHz Memory total: 4244598784, free: 2259517440 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.0.10240.16384 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, S:\ DRIVE_FIXED CPU speed: 3.100000 GHz Memory total: 4244598784, free: 2325258240 Downloaded database version: v2017.07.05.05 ======================================= Downloaded database version: v2017.05.27.01 Downloaded database version: v2017.06.16.01 ======================================= Initializing... Driver version: 0.3.0.4 ------------ Kernel report ------------ 07/05/2017 17:53:40 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\pciide.sys \SystemRoot\System32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\atapi.sys \SystemRoot\System32\drivers\ataport.SYS \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\NTFS.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\SCDEmu.SYS \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\gpuenergydrv.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\portcls.sys \SystemRoot\System32\drivers\drmk.sys \SystemRoot\System32\drivers\ks.sys \SystemRoot\System32\drivers\TeeDriverW8x64.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\nvvhci.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\drivers\viahduaa.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\xusb22.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\idmwfp.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\System32\drivers\rdpvideominiport.sys \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{65B6AD42-5A92-437A-B4C9-67E044A91F53}\MpKsl4bb12f56.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\system32\Drivers\WdNisDrv.sys \SystemRoot\System32\cdd.dll \SystemRoot\System32\drivers\usb8023x.sys \SystemRoot\System32\drivers\RNDISMPX.SYS \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys ----------- End ----------- Done! Scan started Database versions: main: v2017.07.05.05 rootkit: v2017.05.27.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffe001f2bbe060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001f2bbd7d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001f2bbe060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001f259c060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-6\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 7B365392 Partition information: Partition 0 type is Other (0xb) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition is bootable Partition file system is FAT32 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 206848 Numsec = 204593152 Partition is bootable Partition file system is NTFS Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 204800001 Numsec = 1748719615 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Infected: C:\Program Files\Wevice a Art Home Simulator\Wevice a Art Home Simulator.dll --> [Trojan.Wdfload.Generic] Infected: C:\Program Files (x86)\Bandicam\Bandicam Universal Crack.exe --> [RiskWare.Tool.HCK] File "C:\Users\SHANK\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768) File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768) Infected: C:\ProgramData\39L8356g1037X775\39L8356g1037X775.dll --> [Trojan.Wdfload.Generic] Infected: C:\ProgramData\51L8028a6987u910\51L8028a6987u910.dll --> [Trojan.Wdfload.Generic] Infected: C:\ProgramData\5L4294g9684X604\5L4294g9684X604.dll --> [Trojan.Wdfload.Generic] File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-23CD51F3B93912CFF307FF5B56DB1BF80F438E70.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-23CD51F3B93912CFF307FF5B56DB1BF80F438E70.bin.7C" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-23CD51F3B93912CFF307FF5B56DB1BF80F438E70.bin.83" is compressed (flags = 1) Infected: C:\Windows\System32\Tasks\5L4294G9684X604 --> [Trojan.Agent.Generic] Infected: C:\Windows\System32\Tasks\39L8356G1037X775 --> [Trojan.Agent.Generic] Infected: C:\Windows\System32\Tasks\51L8028A6987U910 --> [Trojan.Agent.Generic] Infected: C:\Windows\System32\Tasks\39L8356G1037X775-DLL --> [Trojan.Agent.Generic] Infected: C:\Windows\System32\Tasks\51L8028A6987U910-DLL --> [Trojan.Agent.Generic] Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 --> [Trojan.Wdfload] Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 --> [Trojan.Wdfload] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{07E70E7B-BD09-417E-A6C7-8227153FE25C}|Path --> [Trojan.Agent.Generic] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{07E70E7B-BD09-417E-A6C7-8227153FE25C} --> [Trojan.Agent.Generic] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0BA4E7EC-FED8-41F9-B2D5-8C1CA3C71420}|Path --> [Trojan.Agent.Generic] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0BA4E7EC-FED8-41F9-B2D5-8C1CA3C71420} --> [Trojan.Agent.Generic] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6492275E-C2A9-4EBB-9F1F-7C106CDCC6EA}|Path --> [Trojan.Agent.Generic] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6492275E-C2A9-4EBB-9F1F-7C106CDCC6EA} --> [Trojan.Agent.Generic] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{796D4625-D6F9-414E-8604-AB0A91E4092C}|Path --> [Trojan.Agent.Generic] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{796D4625-D6F9-414E-8604-AB0A91E4092C} --> [Trojan.Agent.Generic] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9516155D-FC48-4F00-BA6F-F43AEA5D3966}|Path --> [Trojan.Agent.Generic] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9516155D-FC48-4F00-BA6F-F43AEA5D3966} --> [Trojan.Agent.Generic] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\39L8356g1037X775 --> [Trojan.Agent.Generic] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\39L8356g1037X775-dll --> [Trojan.Agent.Generic] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\51L8028a6987u910 --> [Trojan.Agent.Generic] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\51L8028a6987u910-dll --> [Trojan.Agent.Generic] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\5L4294g9684X604 --> [Trojan.Agent.Generic] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 --> [Trojan.Wdfload] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 --> [Trojan.Wdfload] Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred =======================================

Addition.txt FRST.txt

This has been troubling me for quite a while I often goto C:/Windows/Temp to delete them but they reappear. MB-CheckResults.txt