Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM Blocking malicious website beautyfile.info


  • This topic is locked This topic is locked
8 replies to this topic

#1 plaiche

plaiche

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey City
  • Local time:12:26 AM

Posted 07 March 2017 - 04:37 PM

After receiving help from bleeping admin boopme on an infection to my system yesterday, I received a Malwarebytes message for a blocked website as per the log details below. H/she steered me here to ensure no Trojan hooks were left. Please advise at your convenience.

Thank you 

 
www.malwarebytes.com
 
-Log Details-
Protection Event Date: 3/7/17
Protection Event Time: 7:49 AM
Logfile: 
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1444
License: Premium
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System
 
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
 
-Website Data-
Domain: beautyfile.info
IP Address: 81.171.14.67
Port: [57523]
Type: Outbound
File: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
 
 
 
(end)

FARBAR FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by Admin (administrator) on ENTOHACK-CENTRA (07-03-2017 15:07:36)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(SugarSync, Inc.) C:\Program Files (x86)\SugarSync\SugarSync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Ditto\Ditto.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Admin\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17012.10301.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Malwarebytes) C:\ProgramData\Malwarebytes\MBAMService\ctlrupdate\mbupdatr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-06] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3001536 2016-12-16] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Run: [Spotify Web Helper] => C:\Users\Admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-10] (Spotify Ltd)
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Run: [SugarSync] => C:\Program Files (x86)\SugarSync\SugarSync.exe [19073504 2017-02-17] (SugarSync, Inc.)
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Run: [NvLedServiceHost] => C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe [86904 2016-06-14] ()
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Run: [Ditto] => C:\Program Files (x86)\Ditto\Ditto.exe [2415616 2017-01-29] ()
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ !SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2017-02-17] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2017-02-17] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncSharedSyncing] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2017-02-17] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncSynced] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2017-02-17] (SugarSync, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-09-19]
ShortcutTarget: EvernoteClipper.lnk -> C:\Users\Admin\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{193ed7e6-59d4-4e53-8ac8-59479437fe37}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5d3650d4-8bc4-11e6-8e27-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{92b608ba-21a3-45e7-a5bd-b1fb0e425dd6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{92b608ba-21a3-45e7-a5bd-b1fb0e425dd6}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.entohack.earth/
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3777986144-643453739-1554320205-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-08-19] [not signed]
FF HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Admin\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3777986144-643453739-1554320205-1000: @acestream.net/acestreamplugin,version=3.1.6 -> C:\Users\Admin\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin HKU\S-1-5-21-3777986144-643453739-1554320205-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-12-04] (Citrix Online)
FF Plugin HKU\S-1-5-21-3777986144-643453739-1554320205-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Admin\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-12-26] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default [2016-08-08]
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-05]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-05]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-05]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-05]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-05]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-08-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-07]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-05]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-07]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-07]
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-08]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-08]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-08]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-08]
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2016-11-18]
CHR Extension: (Pushbullet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-11-25]
CHR Extension: (OneTab) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-22]
CHR Extension: (Session Buddy) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-11-25]
CHR Extension: (Tabs Outliner) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2016-12-03]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-08]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-08]
CHR Extension: (PixelBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmpmfcjnflbcoidlgapblgpgbilinlem [2016-10-25]
CHR Extension: (Grammarly for Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-03-06]
CHR Extension: (Momentum) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2017-01-02]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-08-08]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Evernote Web Clipper) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-02-11]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-08]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]
CHR HKU\S-1-5-21-3777986144-643453739-1554320205-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Admin\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-08-08]
CHR HKU\S-1-5-21-3777986144-643453739-1554320205-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3777986144-643453739-1554320205-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-07-07] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-14] (NVIDIA Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
S3 PACSPTISVR-Sound_Organizer; C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [174176 2012-11-08] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [505024 2016-12-16] (Sony Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-10-06] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-01-30] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-03-06] (Malwarebytes)
R1 MpKsl352fe023; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CD3123F8-4762-42FC-94B7-E97AFBF2F8D5}\MpKsl352fe023.sys [44928 2017-03-06] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2016-11-02] (Corel Corporation)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [252432 2016-03-24] (QUALCOMM Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-09-05] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-09-05] (Zemana Ltd.)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-07 15:07 - 2017-03-07 15:07 - 00028935 _____ C:\Users\Admin\Downloads\FRST.txt
2017-03-07 15:05 - 2017-03-07 15:07 - 00000000 ___DC C:\FRST
2017-03-07 15:04 - 2017-03-07 15:04 - 02423808 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2017-03-06 12:28 - 2017-03-06 12:28 - 00012946 _____ C:\Users\Admin\Desktop\ESET_log.txt
2017-03-06 09:34 - 2017-03-06 09:34 - 00000000 ____D C:\Program Files (x86)\ESET
2017-03-06 09:24 - 2017-03-06 09:24 - 00000554 _____ C:\Users\Admin\Desktop\JRT.txt
2017-03-06 09:11 - 2017-03-06 14:33 - 00000000 ___DC C:\AdwCleaner
2017-03-06 08:59 - 2017-03-06 08:59 - 00038341 _____ C:\Users\Admin\Desktop\MTB.txt
2017-03-06 08:57 - 2017-03-06 09:34 - 02870984 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
2017-03-06 08:57 - 2017-03-06 09:23 - 01663736 _____ (Malwarebytes) C:\Users\Admin\Desktop\JRT (1).exe
2017-03-06 08:57 - 2017-03-06 09:11 - 04031440 _____ C:\Users\Admin\Desktop\AdwCleaner (1).exe
2017-03-06 08:57 - 2017-03-06 08:58 - 00892416 _____ (Farbar) C:\Users\Admin\Desktop\MiniToolBox (1).exe
2017-02-28 15:49 - 2017-02-28 15:49 - 00003972 _____ C:\WINDOWS\System32\Tasks\{78A7866B-CF0C-31C0-299D-F332B9005369}
2017-02-28 15:49 - 2017-02-28 15:49 - 00000000 ____D C:\ProgramData\{11EB9B1C-A640-2CB7-4355-EFF407FB8756}
2017-02-28 07:49 - 2017-02-28 07:49 - 00000000 ____D C:\ProgramData\{41CAFEC8-F661-4963-7944-42629A8A44AB}
2017-02-22 10:23 - 2017-02-22 10:23 - 00055772 _____ C:\Users\Admin\Downloads\entomology-company-database_54.xlsx
2017-02-17 18:08 - 2017-02-17 18:08 - 00034458 _____ C:\Users\Admin\Downloads\Convertible Note Agreement_EH7G_LIorio.pdf
2017-02-17 18:06 - 2017-02-17 18:06 - 00034608 _____ C:\Users\Admin\Downloads\Convertible Note Agreement (7).pdf
2017-02-17 18:06 - 2017-02-17 18:06 - 00034515 _____ C:\Users\Admin\Downloads\Convertible Note Agreement (6).pdf
2017-02-17 18:05 - 2017-02-17 18:05 - 00034595 _____ C:\Users\Admin\Downloads\Convertible Note Agreement (5).pdf
2017-02-17 18:03 - 2017-02-17 18:03 - 00034683 _____ C:\Users\Admin\Downloads\Convertible Note Agreement (4).pdf
2017-02-17 18:02 - 2017-02-17 18:02 - 00034683 _____ C:\Users\Admin\Downloads\Convertible Note Agreement (3).pdf
2017-02-17 14:10 - 2017-02-17 14:10 - 00922339 _____ C:\Users\Admin\Downloads\7a3c2572-aaba-4dce-85aa-57594507d6d4.pdf
2017-02-17 14:10 - 2017-02-17 14:10 - 00922339 _____ C:\Users\Admin\Downloads\7a3c2572-aaba-4dce-85aa-57594507d6d4 (1).pdf
2017-02-17 12:16 - 2017-02-17 12:16 - 02794874 _____ C:\Users\Admin\Downloads\161130+Presentation+to+UBS+Food+%26+Agribusiness+Conference.pdf
2017-02-17 12:16 - 2017-02-17 12:16 - 01643929 _____ C:\Users\Admin\Downloads\859644_RIC.pdf
2017-02-16 16:46 - 2017-02-16 16:46 - 02828266 _____ C:\Users\Admin\Documents\EH7G_Detailed_Investment_Info_N3-5-0.pdf
2017-02-16 13:43 - 2017-02-16 13:43 - 00993494 ____T C:\Users\Admin\Documents\EH7G_Fins.xlsx
2017-02-16 10:20 - 2017-02-16 10:20 - 00000363 _____ C:\Users\Admin\Downloads\calendar (1).ics
2017-02-15 18:47 - 2017-02-15 18:47 - 05796044 _____ C:\Users\Admin\Downloads\North America Industrial Forecast 2014-2017.pdf
2017-02-15 07:40 - 2017-02-15 07:40 - 01200203 _____ C:\Users\Admin\Downloads\FY17 CIG RFP signed.pdf
2017-02-15 07:13 - 2017-03-06 14:40 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-14 13:44 - 2017-02-14 13:44 - 00031130 _____ C:\Users\Admin\Downloads\NC10028010_2016_11_22 (1).pdf
2017-02-14 13:42 - 2017-02-14 13:42 - 00031130 _____ C:\Users\Admin\Downloads\NC10028010_2016_11_22.pdf
2017-02-13 13:07 - 2017-02-13 13:07 - 11511296 _____ C:\Users\Admin\Downloads\indname.xls
2017-02-13 13:04 - 2017-02-13 13:04 - 00098816 _____ C:\Users\Admin\Downloads\GICS Structure effective Sep 1, 2016.xls
2017-02-13 12:16 - 2017-02-13 12:16 - 01042205 _____ C:\Users\Admin\Downloads\Microbiome-AgBioTech-Full-Event-Guide-1.pdf
2017-02-13 12:16 - 2017-02-13 12:16 - 01042205 _____ C:\Users\Admin\Downloads\Microbiome-AgBioTech-Full-Event-Guide-1 (1).pdf
2017-02-13 10:40 - 2017-02-13 10:40 - 00021332 _____ C:\Users\Admin\Downloads\Convertible Note Agreement copy.pdf
2017-02-13 10:28 - 2017-02-13 10:28 - 00034646 _____ C:\Users\Admin\Downloads\Convertible Note Agreement (2).pdf
2017-02-13 10:28 - 2017-02-13 10:28 - 00034646 _____ C:\Users\Admin\Downloads\Convertible Note Agreement (1).pdf
2017-02-11 17:05 - 2017-02-11 19:46 - 01477120 ____H C:\Users\Admin\Documents\~WRL1316.tmp
2017-02-11 12:08 - 2017-02-11 12:08 - 00000423 _____ C:\Users\Admin\Downloads\calendar.ics
2017-02-10 08:40 - 2017-02-10 08:40 - 04813862 _____ C:\Users\Admin\Downloads\Inventory_BSFLxLivinFarms.xlsx
2017-02-10 08:40 - 2017-02-10 08:40 - 00000165 ____H C:\Users\Admin\Downloads\~$Inventory_BSFLxLivinFarms.xlsx
2017-02-09 14:36 - 2017-02-09 14:36 - 00370315 _____ C:\Users\Admin\Downloads\16sepPPziobro.pdf
2017-02-09 13:33 - 2017-02-09 13:33 - 00117248 _____ C:\Users\Admin\Downloads\Livestock.xls
2017-02-09 13:31 - 2017-02-09 13:31 - 00059392 _____ C:\Users\Admin\Downloads\FeedGrains.xls
2017-02-08 16:41 - 2016-12-29 07:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 16:40 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-08 16:40 - 2016-12-29 08:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-08 08:27 - 2017-02-08 08:27 - 02350400 _____ C:\Users\Admin\Downloads\BSFL.pdf
2017-02-07 20:39 - 2017-02-07 20:39 - 00592673 _____ C:\Users\Admin\Downloads\Advertisment.pdf
2017-02-07 09:32 - 2017-02-07 09:32 - 00034372 _____ C:\Users\Admin\Downloads\Convertible Note Agreement.pdf
2017-02-07 08:18 - 2017-02-07 08:18 - 00000165 ____H C:\Users\Admin\Documents\~$Turnover Model USA v.05.xlsx
2017-02-07 07:44 - 2017-02-07 07:44 - 00000165 ____H C:\Users\Admin\Documents\~$EH7G_Financials.xlsx
2017-02-07 01:08 - 2017-02-07 01:09 - 00888843 _____ C:\Users\Admin\Documents\Project Entohack Documentation.pdf
2017-02-06 15:50 - 2017-02-06 15:50 - 00118740 _____ C:\Users\Admin\Downloads\Turnover Model USA (Autosaved).xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-07 15:07 - 2016-09-05 09:57 - 00475700 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-07 15:07 - 2016-09-05 09:56 - 00456739 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-07 15:07 - 2016-07-07 15:26 - 00000000 ____D C:\Users\Admin\Documents\Outlook Files
2017-03-07 15:00 - 2016-07-12 09:07 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2017-03-07 14:38 - 2016-10-06 06:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-07 12:14 - 2016-08-05 08:17 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-07 11:34 - 2017-02-04 04:39 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Ditto
2017-03-07 07:30 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-07 07:30 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-07 07:26 - 2016-12-04 11:16 - 00003858 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3777986144-643453739-1554320205-1000
2017-03-07 07:26 - 2016-12-04 11:16 - 00003762 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3777986144-643453739-1554320205-1000
2017-03-07 07:26 - 2016-12-04 11:16 - 00000690 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3777986144-643453739-1554320205-1000.job
2017-03-07 07:26 - 2016-12-04 11:16 - 00000594 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3777986144-643453739-1554320205-1000.job
2017-03-06 15:36 - 2016-08-21 21:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2017-03-06 14:46 - 2016-10-06 06:58 - 01698926 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-06 14:42 - 2016-10-06 06:58 - 00000000 ____D C:\Users\Admin
2017-03-06 14:41 - 2016-07-13 07:04 - 00000000 ___RD C:\Users\Admin\Google Drive
2017-03-06 14:40 - 2016-11-28 16:40 - 00000000 ____D C:\Temp
2017-03-06 14:40 - 2016-10-06 07:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-06 14:40 - 2016-10-06 06:57 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-06 14:40 - 2016-08-05 09:06 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-06 14:40 - 2016-08-05 08:17 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-06 14:40 - 2016-07-16 01:04 - 08912896 _____ C:\WINDOWS\system32\config\BBI
2017-03-06 09:24 - 2017-01-23 23:19 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2017-03-03 13:58 - 2017-01-10 14:33 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-03 13:58 - 2016-06-08 20:31 - 00002408 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-03 13:58 - 2016-06-08 20:31 - 00000000 ___RD C:\Users\Admin\OneDrive
2017-02-28 19:54 - 2017-01-20 15:49 - 00000000 ____D C:\ProgramData\9bb972f
2017-02-28 09:13 - 2016-07-11 06:31 - 00000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2017-02-28 07:49 - 2017-01-20 15:49 - 00003878 _____ C:\WINDOWS\System32\Tasks\{9DEB05F9-A036-EC6C-781D-C607C8633175}
2017-02-24 23:01 - 2016-08-21 18:26 - 00000000 ____D C:\Users\Admin\AppData\Roaming\uTorrent
2017-02-24 21:26 - 2017-01-08 19:43 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\uTorrent
2017-02-24 10:14 - 2016-07-12 09:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-24 10:14 - 2016-07-12 09:07 - 00000000 ____D C:\ProgramData\Skype
2017-02-22 21:27 - 2016-06-11 22:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-22 21:25 - 2016-06-11 22:41 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 20:07 - 2016-08-16 16:06 - 00000000 ____D C:\Program Files (x86)\SugarSync
2017-02-22 09:08 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-16 15:59 - 2016-12-04 11:16 - 00000000 ____D C:\Users\Admin\AppData\Local\Citrix
2017-02-15 07:09 - 2016-10-15 08:08 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-15 07:09 - 2016-07-16 12:36 - 00482484 ____N C:\WINDOWS\Minidump\021517-13796-01.dmp
2017-02-14 07:12 - 2016-08-16 16:06 - 00000000 ____D C:\Users\Admin\AppData\Local\SugarSync
2017-02-10 03:46 - 2016-07-12 11:37 - 00018740 _____ C:\Users\Admin\Documents\Turnover Model USA v.05.xlsx
2017-02-09 10:58 - 2016-07-12 08:56 - 00000000 ____D C:\Users\Admin\AppData\Roaming\foobar2000
2017-02-08 16:41 - 2016-10-06 06:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 16:41 - 2016-09-07 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 16:41 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 16:41 - 2016-05-22 21:40 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-08 16:40 - 2016-10-06 06:57 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 16:40 - 2016-10-06 06:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-08 16:36 - 2016-05-22 23:15 - 00000000 ____D C:\Users\Admin\AppData\Local\NVIDIA Corporation
2017-02-08 12:59 - 2016-07-12 10:02 - 00000000 ____D C:\Users\Admin\AppData\Local\join.me
2017-02-08 11:21 - 2016-07-13 08:37 - 00000000 ____D C:\Users\Admin\AppData\Local\join.me.launcher
2017-02-08 11:20 - 2016-07-12 10:02 - 00001090 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2017-02-08 11:20 - 2016-07-12 10:02 - 00001082 _____ C:\Users\Admin\Desktop\join.me.lnk
2017-02-06 20:28 - 2016-07-09 12:16 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 20:28 - 2016-07-09 12:16 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 15:52 - 2016-10-06 06:57 - 04969896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-06 15:49 - 2017-02-03 17:54 - 01054060 _____ C:\Users\Admin\Documents\EH7G_Financials.xlsx
2017-02-06 14:48 - 2016-10-12 06:04 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 14:48 - 2016-10-12 06:04 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2016-07-26 21:46 - 2016-07-26 21:46 - 0000132 _____ () C:\Users\Admin\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-09-28 07:49 - 2016-09-28 07:49 - 0036581 _____ () C:\Users\Admin\AppData\Roaming\Comma Separated Values (Windows).ADR
2016-08-05 06:44 - 2016-08-05 06:44 - 0000364 _____ () C:\Users\Admin\AppData\Roaming\ScotJayplus.bin
2016-12-01 17:34 - 2016-12-01 17:34 - 0010185 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2016-08-05 06:44 - 2016-08-05 06:44 - 0000000 _____ () C:\Users\Admin\AppData\Local\run.txt
2016-08-05 06:44 - 2016-08-05 06:44 - 0000000 _____ () C:\Users\Admin\AppData\Local\stxtname.txt
2016-09-07 11:50 - 2016-09-07 11:50 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-01 08:13
 
==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 PM

Posted 08 March 2017 - 10:55 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by Admin (administrator) on ENTOHACK-CENTRA (07-03-2017 15:07:36)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(SugarSync, Inc.) C:\Program Files (x86)\SugarSync\SugarSync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Ditto\Ditto.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Admin\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17012.10301.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Malwarebytes) C:\ProgramData\Malwarebytes\MBAMService\ctlrupdate\mbupdatr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-06] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3001536 2016-12-16] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Run: [Spotify Web Helper] => C:\Users\Admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-10] (Spotify Ltd)
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Run: [SugarSync] => C:\Program Files (x86)\SugarSync\SugarSync.exe [19073504 2017-02-17] (SugarSync, Inc.)
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Run: [NvLedServiceHost] => C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe [86904 2016-06-14] ()
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Run: [Ditto] => C:\Program Files (x86)\Ditto\Ditto.exe [2415616 2017-01-29] ()
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ !SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2017-02-17] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2017-02-17] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncSharedSyncing] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2017-02-17] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncSynced] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2017-02-17] (SugarSync, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-09-19]
ShortcutTarget: EvernoteClipper.lnk -> C:\Users\Admin\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{193ed7e6-59d4-4e53-8ac8-59479437fe37}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5d3650d4-8bc4-11e6-8e27-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{92b608ba-21a3-45e7-a5bd-b1fb0e425dd6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{92b608ba-21a3-45e7-a5bd-b1fb0e425dd6}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.entohack.earth/
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3777986144-643453739-1554320205-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-08-19] [not signed]
FF HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Admin\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3777986144-643453739-1554320205-1000: @acestream.net/acestreamplugin,version=3.1.6 -> C:\Users\Admin\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin HKU\S-1-5-21-3777986144-643453739-1554320205-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-12-04] (Citrix Online)
FF Plugin HKU\S-1-5-21-3777986144-643453739-1554320205-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Admin\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-12-26] (Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default [2016-08-08]
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-05]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-05]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-05]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-05]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-05]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-08-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-07]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-05]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-07]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-07]
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-08]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-08]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-08]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-08]
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2016-11-18]
CHR Extension: (Pushbullet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-11-25]
CHR Extension: (OneTab) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-22]
CHR Extension: (Session Buddy) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-11-25]
CHR Extension: (Tabs Outliner) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2016-12-03]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-08]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-08]
CHR Extension: (PixelBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmpmfcjnflbcoidlgapblgpgbilinlem [2016-10-25]
CHR Extension: (Grammarly for Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-03-06]
CHR Extension: (Momentum) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2017-01-02]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-08-08]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Evernote Web Clipper) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-02-11]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-08]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]
CHR HKU\S-1-5-21-3777986144-643453739-1554320205-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Admin\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-08-08]
CHR HKU\S-1-5-21-3777986144-643453739-1554320205-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3777986144-643453739-1554320205-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-07-07] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-14] (NVIDIA Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
S3 PACSPTISVR-Sound_Organizer; C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [174176 2012-11-08] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [505024 2016-12-16] (Sony Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-10-06] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-01-30] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-03-06] (Malwarebytes)
R1 MpKsl352fe023; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CD3123F8-4762-42FC-94B7-E97AFBF2F8D5}\MpKsl352fe023.sys [44928 2017-03-06] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2016-11-02] (Corel Corporation)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [252432 2016-03-24] (QUALCOMM Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-09-05] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-09-05] (Zemana Ltd.)
U3 idsvc; no ImagePath

====

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 PM

Posted 08 March 2017 - 11:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-3777986144-643453739-1554320205-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Admin\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin HKU\S-1-5-21-3777986144-643453739-1554320205-1000: @acestream.net/acestreamplugin,version=3.1.6 -> C:\Users\Admin\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-07]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]
CHR HKU\S-1-5-21-3777986144-643453739-1554320205-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
Task: {0B8030FC-47C8-4D73-BC1F-8BD2645FAD17} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {40949E8D-3161-45D2-B309-630AA6AB31F1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {41A88322-0D76-4594-98C0-D0EEC2BE7DD0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {48D30622-1A78-4900-A4F4-01A6327AD4B6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4AA528F1-B83C-4AF9-A376-F71456C201BE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {6C49CD1A-B72D-4898-AD20-6A3165ABA204} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8368412A-0918-4B0D-9388-C35D1B02235A} - System32\Tasks\{78A7866B-CF0C-31C0-299D-F332B9005369} => C:\ProgramData\{11EB9B1C-A640-2CB7-4355-EFF407FB8756}\6D24EF5B-DA8F-58F0-F371-081BD0BBDAE4.exe  <==== ATTENTION
Task: {94A57705-9473-439A-9B69-8014EB0F7A09} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9511F340-18C8-43AC-996C-A0E7FB98D7E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9BBC6FB4-A4E6-413C-99CB-5E97D4E56B7B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B0BA9504-61A8-4D1C-8123-54229625FE80} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {B19B4434-1006-439F-A29C-5C05AE511CA3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BB52B38C-C805-44CB-AFBE-EA44765BC17B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {C3DAB03B-8646-4689-8AC0-46A38C2F8154} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {ED91379B-6481-47AA-8D00-152D77CBC604} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F2BBAEF2-5465-4922-BB9A-DF481105745E} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {F32BEBBF-4694-4D67-8A08-159D54F521B7} - \{7F090C47-0F0E-7D05-0E11-0F7D087D117A} -> No File <==== ATTENTION
Task: {FA298A12-59CB-4757-B13A-6FF166A25564} - System32\Tasks\{9DEB05F9-A036-EC6C-781D-C607C8633175} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\9bb972f\27944df1.dll" <==== ATTENTION
Task: {FCC42D3F-568F-4A9E-8D0C-5394E654C715} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Admin\Local Settings:CU1XVwDTJVY9TsNmQjGFE7Nf [2230]
AlternateDataStreams: C:\Users\Admin\Local Settings:TOIp0VkoOfI2vzqljaY [2300]
AlternateDataStreams: C:\Users\Admin\AppData\Local:CU1XVwDTJVY9TsNmQjGFE7Nf [2230]
AlternateDataStreams: C:\Users\Admin\AppData\Local:TOIp0VkoOfI2vzqljaY [2300]
AlternateDataStreams: C:\Users\Admin\AppData\Local\Application Data:CU1XVwDTJVY9TsNmQjGFE7Nf [2230]
AlternateDataStreams: C:\Users\Admin\AppData\Local\Application Data:TOIp0VkoOfI2vzqljaY [2300]
AlternateDataStreams: C:\Users\Admin\AppData\Local\Temporary Internet Files:3wfIl4hsQhvObxr7w2Vm [2118]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
FirewallRules: [UDP Query User{3BB98403-EBCF-4470-80B8-D8FCCAAF11DE}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [TCP Query User{FFA1B04A-853F-462A-915D-761F1AB4EABF}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [UDP Query User{C74D2554-4673-4437-9600-6DB3430FC9B1}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [TCP Query User{27F19931-F87C-40FB-BDEE-1BC47A95B59E}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [{54CF2212-E68A-4D80-B362-D08862BBC4BE}] => (Allow) C:\Windows\sully.exe
FirewallRules: [{44E18194-9CFB-44F5-9DF9-2F2A4D3B959B}] => (Allow) C:\Program Files (x86)\behoves\pithy.exe
FirewallRules: [{6D2F0534-F04C-4C24-BCFC-20F7E798E3B7}] => (Allow) C:\Program Files (x86)\bendel\reload.exe
FirewallRules: [{2E6ED163-2DD2-4BC3-8BF9-5C3537693995}] => (Allow) C:\Program Files (x86)\usurpers\modulo.exe
FirewallRules: [{1D51C204-3ADA-48CE-8467-25352CFC98FF}] => (Allow) C:\Program Files (x86)\usurpers\prosthetics.exe
FirewallRules: [{3B59044D-DC43-4DB9-B679-9B609E6704F3}] => (Allow) C:\Users\Admin\AppData\Local\Temp\chromedriver.exe
FirewallRules: [{966A6869-5C96-40A8-B920-DA8610C7921D}] => (Allow) C:\Users\Admin\AppData\Local\ddnow.exe
FirewallRules: [{34BA5C48-865B-4F27-8240-B7D175A3C6B4}] => (Allow) C:\Users\Admin\AppData\Local\48906509.exe
FirewallRules: [{6C255156-D59F-4150-B12E-98EB3CBBA1AE}] => (Allow) C:\Users\Admin\AppData\Local\Temp\nse8328.tmp\oksoft12.exe
FirewallRules: [{147F6A89-034A-4971-AED6-97D51F3AF17B}] => (Allow) C:\Users\Admin\AppData\Local\ddnowyes.exe
FirewallRules: [TCP Query User{D670A12D-1DE4-430A-AF87-ECDD650F8722}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{72A7AA7E-A297-4CDE-B9CF-24FDD20FE3DE}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
C:\ProgramData\{11EB9B1C-A640-2CB7-4355-EFF407FB8756}\6D24EF5B-DA8F-58F0-F371-081BD0BBDAE4.exe
C:\PROGRA~3\9bb972f
C:\program files (x86)\google\chrome\application\chrome334.exe
C:\Windows\sully.exe
C:\Program Files (x86)\behoves
C:\Program Files (x86)\bendel
C:\Program Files (x86)\usurpers
C:\Users\Admin\AppData\Local\Temp\chromedriver.exe
C:\Users\Admin\AppData\Local\ddnow.exe
C:\Users\Admin\AppData\Local\48906509.exe
C:\Users\Admin\AppData\Local\Temp\nse8328.tmp\oksoft12.exe
C:\Users\Admin\AppData\Local\ddnowyes.exe
C:\windows\kmsemulator.exe
C:\windows\kmsemulator.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixldog.txt and let me know what problem persists.

#4 plaiche

plaiche
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey City
  • Local time:12:26 AM

Posted 08 March 2017 - 04:56 PM

Hello, 

 

An event occurred this morning 1 hour priot to your posting instructions above, so to avoid confusion I am posting the MBAM scan report of what was found and quarantined and the scan result after reboot before I execute your instructions above. 

 

Thank you

--------
 

Malwarebytes

www.malwarebytes.com
 
-Log Details-
Scan Date: 3/8/17
Scan Time: 9:47 AM
Logfile: 
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1449
License: Premium
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 449881
Time Elapsed: 1 min, 41 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 2
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, No Action By User, [46], [260247],1.0.1449
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, No Action By User, [46], [260247],1.0.1449
 
Registry Value: 1
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{92b608ba-21a3-45e7-a5bd-b1fb0e425dd6}|NAMESERVER, No Action By User, [7713], [260227],1.0.1449
 
Registry Data: 7
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, No Action By User, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, No Action By User, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{193ed7e6-59d4-4e53-8ac8-59479437fe37}|NameServer, No Action By User, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5d3650d4-8bc4-11e6-8e27-806e6f6e6963}|NameServer, No Action By User, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{92b608ba-21a3-45e7-a5bd-b1fb0e425dd6}|NameServer, No Action By User, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{92b608ba-21a3-45e7-a5bd-b1fb0e425dd6}|DhcpNameServer, No Action By User, [46], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NAMESERVER, No Action By User, [7713], [293494],1.0.1449
 
Data Stream: 0
(No malicious items detected)
 
Folder: 4
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\07c61d78-1f55-0, No Action By User, [46], [182288],1.0.1449
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\07c61d78-2885-0, No Action By User, [46], [182288],1.0.1449
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\07c61d78-5bb3-1, No Action By User, [46], [182288],1.0.1449
Adware.Agent.Generic, C:\PROGRAMDATA\{B3CF4DAD-0464-FA06-6312-078293536955}, No Action By User, [1715], [331038],1.0.1449
 
File: 2
Adware.Elex, C:\PROGRAMDATA\9BB972F\27944DF1.DLL, No Action By User, [305], [375719],1.0.1449
Adware.Agent.Generic, C:\PROGRAMDATA\{B3CF4DAD-0464-FA06-6312-078293536955}\9753B84D-20F8-0FE6-E7EE-784729413B48.EXE, No Action By User, [1715], [331038],1.0.1449
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

After reboot

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/8/17
Scan Time: 10:01 AM
Logfile: 
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1455
License: Premium
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: ENTOHACK-CENTRA\Admin
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 396252
Time Elapsed: 2 min, 37 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 PM

Posted 09 March 2017 - 08:26 AM

Please execute my suggested fix and post the Fixlog.txt.

Let me know what problem persists.

#6 plaiche

plaiche
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey City
  • Local time:12:26 AM

Posted 09 March 2017 - 11:52 AM

Fixlog.txt 
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by Admin (09-03-2017 11:43:08) Run:1
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-3777986144-643453739-1554320205-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF HKU\S-1-5-21-3777986144-643453739-1554320205-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Admin\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin HKU\S-1-5-21-3777986144-643453739-1554320205-1000: @acestream.net/acestreamplugin,version=3.1.6 -> C:\Users\Admin\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-07]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]
CHR HKU\S-1-5-21-3777986144-643453739-1554320205-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
Task: {0B8030FC-47C8-4D73-BC1F-8BD2645FAD17} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {40949E8D-3161-45D2-B309-630AA6AB31F1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {41A88322-0D76-4594-98C0-D0EEC2BE7DD0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {48D30622-1A78-4900-A4F4-01A6327AD4B6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4AA528F1-B83C-4AF9-A376-F71456C201BE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {6C49CD1A-B72D-4898-AD20-6A3165ABA204} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8368412A-0918-4B0D-9388-C35D1B02235A} - System32\Tasks\{78A7866B-CF0C-31C0-299D-F332B9005369} => C:\ProgramData\{11EB9B1C-A640-2CB7-4355-EFF407FB8756}\6D24EF5B-DA8F-58F0-F371-081BD0BBDAE4.exe  <==== ATTENTION
Task: {94A57705-9473-439A-9B69-8014EB0F7A09} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9511F340-18C8-43AC-996C-A0E7FB98D7E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9BBC6FB4-A4E6-413C-99CB-5E97D4E56B7B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B0BA9504-61A8-4D1C-8123-54229625FE80} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {B19B4434-1006-439F-A29C-5C05AE511CA3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BB52B38C-C805-44CB-AFBE-EA44765BC17B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {C3DAB03B-8646-4689-8AC0-46A38C2F8154} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {ED91379B-6481-47AA-8D00-152D77CBC604} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F2BBAEF2-5465-4922-BB9A-DF481105745E} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {F32BEBBF-4694-4D67-8A08-159D54F521B7} - \{7F090C47-0F0E-7D05-0E11-0F7D087D117A} -> No File <==== ATTENTION
Task: {FA298A12-59CB-4757-B13A-6FF166A25564} - System32\Tasks\{9DEB05F9-A036-EC6C-781D-C607C8633175} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\9bb972f\27944df1.dll" <==== ATTENTION
Task: {FCC42D3F-568F-4A9E-8D0C-5394E654C715} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Admin\Local Settings:CU1XVwDTJVY9TsNmQjGFE7Nf [2230]
AlternateDataStreams: C:\Users\Admin\Local Settings:TOIp0VkoOfI2vzqljaY [2300]
AlternateDataStreams: C:\Users\Admin\AppData\Local:CU1XVwDTJVY9TsNmQjGFE7Nf [2230]
AlternateDataStreams: C:\Users\Admin\AppData\Local:TOIp0VkoOfI2vzqljaY [2300]
AlternateDataStreams: C:\Users\Admin\AppData\Local\Application Data:CU1XVwDTJVY9TsNmQjGFE7Nf [2230]
AlternateDataStreams: C:\Users\Admin\AppData\Local\Application Data:TOIp0VkoOfI2vzqljaY [2300]
AlternateDataStreams: C:\Users\Admin\AppData\Local\Temporary Internet Files:3wfIl4hsQhvObxr7w2Vm [2118]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
FirewallRules: [UDP Query User{3BB98403-EBCF-4470-80B8-D8FCCAAF11DE}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [TCP Query User{FFA1B04A-853F-462A-915D-761F1AB4EABF}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [UDP Query User{C74D2554-4673-4437-9600-6DB3430FC9B1}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [TCP Query User{27F19931-F87C-40FB-BDEE-1BC47A95B59E}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [{54CF2212-E68A-4D80-B362-D08862BBC4BE}] => (Allow) C:\Windows\sully.exe
FirewallRules: [{44E18194-9CFB-44F5-9DF9-2F2A4D3B959B}] => (Allow) C:\Program Files (x86)\behoves\pithy.exe
FirewallRules: [{6D2F0534-F04C-4C24-BCFC-20F7E798E3B7}] => (Allow) C:\Program Files (x86)\bendel\reload.exe
FirewallRules: [{2E6ED163-2DD2-4BC3-8BF9-5C3537693995}] => (Allow) C:\Program Files (x86)\usurpers\modulo.exe
FirewallRules: [{1D51C204-3ADA-48CE-8467-25352CFC98FF}] => (Allow) C:\Program Files (x86)\usurpers\prosthetics.exe
FirewallRules: [{3B59044D-DC43-4DB9-B679-9B609E6704F3}] => (Allow) C:\Users\Admin\AppData\Local\Temp\chromedriver.exe
FirewallRules: [{966A6869-5C96-40A8-B920-DA8610C7921D}] => (Allow) C:\Users\Admin\AppData\Local\ddnow.exe
FirewallRules: [{34BA5C48-865B-4F27-8240-B7D175A3C6B4}] => (Allow) C:\Users\Admin\AppData\Local\48906509.exe
FirewallRules: [{6C255156-D59F-4150-B12E-98EB3CBBA1AE}] => (Allow) C:\Users\Admin\AppData\Local\Temp\nse8328.tmp\oksoft12.exe
FirewallRules: [{147F6A89-034A-4971-AED6-97D51F3AF17B}] => (Allow) C:\Users\Admin\AppData\Local\ddnowyes.exe
FirewallRules: [TCP Query User{D670A12D-1DE4-430A-AF87-ECDD650F8722}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{72A7AA7E-A297-4CDE-B9CF-24FDD20FE3DE}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
C:\ProgramData\{11EB9B1C-A640-2CB7-4355-EFF407FB8756}\6D24EF5B-DA8F-58F0-F371-081BD0BBDAE4.exe
C:\PROGRA~3\9bb972f
C:\program files (x86)\google\chrome\application\chrome334.exe
C:\Windows\sully.exe
C:\Program Files (x86)\behoves
C:\Program Files (x86)\bendel
C:\Program Files (x86)\usurpers
C:\Users\Admin\AppData\Local\Temp\chromedriver.exe
C:\Users\Admin\AppData\Local\ddnow.exe
C:\Users\Admin\AppData\Local\48906509.exe
C:\Users\Admin\AppData\Local\Temp\nse8328.tmp\oksoft12.exe
C:\Users\Admin\AppData\Local\ddnowyes.exe
C:\windows\kmsemulator.exe
C:\windows\kmsemulator.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\Software\Mozilla\Firefox\Extensions\\acewebextension_unlisted@acestream.org => value removed successfully
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.6 => key removed successfully
C:\Users\Admin\AppData\Roaming\ACEStream\player\npace_plugin.dll => not found.
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKU\S-1-5-21-3777986144-643453739-1554320205-1000\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo => key removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B8030FC-47C8-4D73-BC1F-8BD2645FAD17} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B8030FC-47C8-4D73-BC1F-8BD2645FAD17} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40949E8D-3161-45D2-B309-630AA6AB31F1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40949E8D-3161-45D2-B309-630AA6AB31F1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41A88322-0D76-4594-98C0-D0EEC2BE7DD0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41A88322-0D76-4594-98C0-D0EEC2BE7DD0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48D30622-1A78-4900-A4F4-01A6327AD4B6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48D30622-1A78-4900-A4F4-01A6327AD4B6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AA528F1-B83C-4AF9-A376-F71456C201BE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AA528F1-B83C-4AF9-A376-F71456C201BE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6C49CD1A-B72D-4898-AD20-6A3165ABA204} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C49CD1A-B72D-4898-AD20-6A3165ABA204} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8368412A-0918-4B0D-9388-C35D1B02235A} => key not found. 
C:\WINDOWS\System32\Tasks\{78A7866B-CF0C-31C0-299D-F332B9005369} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{78A7866B-CF0C-31C0-299D-F332B9005369} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{94A57705-9473-439A-9B69-8014EB0F7A09} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94A57705-9473-439A-9B69-8014EB0F7A09} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9511F340-18C8-43AC-996C-A0E7FB98D7E4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9511F340-18C8-43AC-996C-A0E7FB98D7E4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BBC6FB4-A4E6-413C-99CB-5E97D4E56B7B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BBC6FB4-A4E6-413C-99CB-5E97D4E56B7B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0BA9504-61A8-4D1C-8123-54229625FE80} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0BA9504-61A8-4D1C-8123-54229625FE80} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B19B4434-1006-439F-A29C-5C05AE511CA3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B19B4434-1006-439F-A29C-5C05AE511CA3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB52B38C-C805-44CB-AFBE-EA44765BC17B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB52B38C-C805-44CB-AFBE-EA44765BC17B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3DAB03B-8646-4689-8AC0-46A38C2F8154} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3DAB03B-8646-4689-8AC0-46A38C2F8154} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED91379B-6481-47AA-8D00-152D77CBC604} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED91379B-6481-47AA-8D00-152D77CBC604} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2BBAEF2-5465-4922-BB9A-DF481105745E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2BBAEF2-5465-4922-BB9A-DF481105745E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F32BEBBF-4694-4D67-8A08-159D54F521B7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F32BEBBF-4694-4D67-8A08-159D54F521B7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7F090C47-0F0E-7D05-0E11-0F7D087D117A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA298A12-59CB-4757-B13A-6FF166A25564} => key not found. 
C:\WINDOWS\System32\Tasks\{9DEB05F9-A036-EC6C-781D-C607C8633175} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9DEB05F9-A036-EC6C-781D-C607C8633175} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCC42D3F-568F-4A9E-8D0C-5394E654C715} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCC42D3F-568F-4A9E-8D0C-5394E654C715} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
C:\Users\Admin\Local Settings => ":CU1XVwDTJVY9TsNmQjGFE7Nf" ADS removed successfully.
C:\Users\Admin\Local Settings => ":TOIp0VkoOfI2vzqljaY" ADS removed successfully.
"C:\Users\Admin\AppData\Local" => ":CU1XVwDTJVY9TsNmQjGFE7Nf" ADS not found.
"C:\Users\Admin\AppData\Local" => ":TOIp0VkoOfI2vzqljaY" ADS not found.
"C:\Users\Admin\AppData\Local\Application Data" => ":CU1XVwDTJVY9TsNmQjGFE7Nf" ADS not found.
"C:\Users\Admin\AppData\Local\Application Data" => ":TOIp0VkoOfI2vzqljaY" ADS not found.
C:\Users\Admin\AppData\Local\Temporary Internet Files => ":3wfIl4hsQhvObxr7w2Vm" ADS removed successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3BB98403-EBCF-4470-80B8-D8FCCAAF11DE}C:\program files (x86)\google\chrome\application\chrome334.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FFA1B04A-853F-462A-915D-761F1AB4EABF}C:\program files (x86)\google\chrome\application\chrome334.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C74D2554-4673-4437-9600-6DB3430FC9B1}C:\program files (x86)\google\chrome\application\chrome334.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{27F19931-F87C-40FB-BDEE-1BC47A95B59E}C:\program files (x86)\google\chrome\application\chrome334.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{54CF2212-E68A-4D80-B362-D08862BBC4BE} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{44E18194-9CFB-44F5-9DF9-2F2A4D3B959B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D2F0534-F04C-4C24-BCFC-20F7E798E3B7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2E6ED163-2DD2-4BC3-8BF9-5C3537693995} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D51C204-3ADA-48CE-8467-25352CFC98FF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B59044D-DC43-4DB9-B679-9B609E6704F3} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{966A6869-5C96-40A8-B920-DA8610C7921D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{34BA5C48-865B-4F27-8240-B7D175A3C6B4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6C255156-D59F-4150-B12E-98EB3CBBA1AE} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{147F6A89-034A-4971-AED6-97D51F3AF17B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D670A12D-1DE4-430A-AF87-ECDD650F8722}C:\windows\kmsemulator.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{72A7AA7E-A297-4CDE-B9CF-24FDD20FE3DE}C:\windows\kmsemulator.exe => value removed successfully
"C:\ProgramData\{11EB9B1C-A640-2CB7-4355-EFF407FB8756}\6D24EF5B-DA8F-58F0-F371-081BD0BBDAE4.exe" => not found.
C:\PROGRA~3\9bb972f => moved successfully
C:\program files (x86)\google\chrome\application\chrome334.exe => moved successfully
"C:\Windows\sully.exe" => not found.
C:\Program Files (x86)\behoves => moved successfully
C:\Program Files (x86)\bendel => moved successfully
C:\Program Files (x86)\usurpers => moved successfully
"C:\Users\Admin\AppData\Local\Temp\chromedriver.exe" => not found.
"C:\Users\Admin\AppData\Local\ddnow.exe" => not found.
"C:\Users\Admin\AppData\Local\48906509.exe" => not found.
"C:\Users\Admin\AppData\Local\Temp\nse8328.tmp\oksoft12.exe" => not found.
"C:\Users\Admin\AppData\Local\ddnowyes.exe" => not found.
"C:\windows\kmsemulator.exe" => not found.
"C:\windows\kmsemulator.exe" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 840534 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36926592 B
Java, Flash, Steam htmlcache => 8710 B
Windows/system/drivers => 48128310 B
Edge => 26328342 B
Chrome => 563164337 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 16674 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 2472 B
NetworkService => 328166 B
Admin => 690930243 B
DefaultAppPool => 33058 B
 
RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 11:45:19 ====


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 PM

Posted 09 March 2017 - 01:55 PM

Any remaining issues?

#8 plaiche

plaiche
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey City
  • Local time:12:26 AM

Posted 10 March 2017 - 01:23 PM

Everything seems good. 

 

Thank you very much for the help!



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 PM

Posted 10 March 2017 - 02:16 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users