Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rarsfx0-1056 - causes low CPU and slows laptop as time goes


  • This topic is locked This topic is locked
4 replies to this topic

#1 blablahbla

blablahbla

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 16 April 2017 - 07:06 AM

hxxp://imgur.com/a/vXpNG (contents of 1.bat&1.vbs and 12.bat&12.vbs). Rarsfx1 contains the 12.bat and vbs, whereas all the other folders contain 1.bat and vbs. The highlighted system.exe is the file, and as seen in the pictures, all those 32 bit cmd's are open (64 bit laptop). 
 
In the temp folder, there are these folders rarsfx0-1056. They all contain 1.bat and 1.vbs. When I open my task manager, there are multiple cmd's opened, each taking 0.6 or 0.7mb. It eats up a lot of my memory. In either the bat or the vbs file, there is an email - roma98(dot)27@mail(dot)ru. At one point, I started deleting all the files, and successfully did so (after deleting the processes, manually deleting all vbs and bat files, then system files, then all the .dll files). Then, I restarted. A command prompt opened up (couldnt take a screenshot), that looked like it connected to the email address(email address was mentioned, and multiple files were being downloaded). I closed it, then went back to the folder, and saw that all the rarsfx0-rarsfx1056 (1057 folders in total) came back.
Used adwcleaner, malwarebytes(premium), esetnod32(wrote kaspersky previously, premium), it doesnt do anything to the folder or the files at all. Need help, as it's slowing down my laptop, and my dad is superworried.
 
I used Everything program to delete all the vbs and bat files, and only then could I delete the system.exe file, then I deleted the folders.
!! DO NOT CLICK ON LINK!! This is the only website on google that contains the exact email words: hxxps://www(dot)google(dot)com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwio-a7J9KXTAhUSLlAKHRsuBicQFggkMAA&url=https%3A%2F%2Fvk(dot)com%2Fwall-93660645&usg=AFQjCNGaxIndpAipavAIXQeC75MxdZA5_A&sig2=y9fg80mwo7Sps0TkSuSL_w&bvm=bv(dot)152479541,d(dot)ZWM !! DO NOT CLICK ON LINK!!
 
Do not click on link said because I dont know what the bleep will happen to your pc.
 
safe Google search results: hxxps://www.google.com/search?q=roma98.27&rlz=1C1CHBD_enAE739AE739&oq=roma98.27&aqs=chrome..69i57.4148j0j4&sourceid=chrome&ie=UTF-8%23q=]https://www.google.com/search?q=roma98.27&rlz=1C1CHBD_enAE739AE739&oq=roma98.27&aqs=chrome..69i57.4148j0j4&sourceid=chrome&ie=UTF-8#q=]hxxps://www.google.com/search?q=roma98.27&rlz=1C1CHBD_enAE739AE739&oq=roma98.27&aqs=chrome..69i57.4148j0j4&sourceid=chrome&ie=UTF-8#q="roma98.27" safe
 
Thanks in advance  :)
 
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 (ATTENTION: ====> FRSTversion is 32 days old and could be outdated)
Ran by Frederick (administrator) on FERNANDO (16-04-2017 15:25:08)
Running from C:\Users\Frederick\Downloads
Loaded Profiles: Frederick (Available Profiles: Frederick)
Platform: Windows 10 Home Single Language (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Users\Frederick\Desktop\Apps\Everything-1.3.4.686.x64.Multilingual\Everything.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
() C:\WINDOWS\System32\igfxTray.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
() C:\Users\Frederick\Desktop\Apps\Everything-1.3.4.686.x64.Multilingual\Everything.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
() C:\Users\Frederick\AppData\Local\Temp\RarSFX98\system.exe
() C:\Users\Frederick\AppData\Local\Temp\RarSFX99\system.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\InstallAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\qBittorrent\qbittorrent.exe
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Farbar) C:\Users\Frederick\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [45056 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Run: [AntamediaBandwidth] => C:\Antamedia\Bandwidth Manager\ABandwidth.exe [10551112 2016-12-06] (Antamedia)
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Run: [Antamedia DBServer] => C:\Antamedia\DBServer\ADBServer.exe [2960896 2016-12-06] ()
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Run: [Antamedia DBServer AsService] => 0
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Run: [explorer] => C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe [8817462 2017-02-06] ()
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Run: [GoogleChromeAutoLaunch_850528626E5HFO8S7TEIWSFEC337D4CE6F2] => C:\Users\Frederick\AppData\system32\explorer.exe [8817462 2017-02-06] ()
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\RunOnce: [Uninstall C:\Users\Frederick\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Frederick\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Policies\Explorer: [] 
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-18\...\RunOnce: [iCloud] => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"
ShellIconOverlayIdentifiers: [] -> {b5458932-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlayError.dll -> No File
ShellIconOverlayIdentifiers: [] -> {b5458930-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlaySynced.dll -> No File
ShellIconOverlayIdentifiers: [] -> {b5458934-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlayReadOnly.dll -> No File
ShellIconOverlayIdentifiers: [] -> {b5458933-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlayLock.dll -> No File
ShellIconOverlayIdentifiers: [] -> {b5458931-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlaySyncing.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
Startup: C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Everything.exe - Shortcut.lnk [2016-12-09]
ShortcutTarget: Everything.exe - Shortcut.lnk -> C:\Users\Frederick\Desktop\Apps\Everything-1.3.4.686.x64.Multilingual\Everything.exe ()
Startup: C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe [2017-02-06] ()
Startup: C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayer.lnk [2017-04-16]
ShortcutTarget: FlashPlayer.lnk -> C:\Users\Frederick\AppData\Local\Temp\RarSFX99\1.VBS ()
Startup: C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2017-04-16]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.lnk [2017-04-16]
ShortcutTarget: System.lnk -> C:\Users\Frederick\AppData\Local\Temp\RarSFX83\12.VBS ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-1413109926-2682719023-2497955036-1004] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7e50cd7f-2169-4963-b406-b8473853f4e8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f8c726de-6a40-468b-b3d0-b45473932184}: [DhcpNameServer] 192.168.10.1
ManualProxies: 
 
Internet Explorer:
==================
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-1413109926-2682719023-2497955036-1004 -> {A3DAE4B1-8217-441F-89FD-DE8C9C51C386} URL = 
BHO: No Name -> {7FC878A7-F993-431D-94BE-7B12FDEC23C3} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-12] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-12] (Oracle Corporation)
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\HelpAsyncPluggableProtocol.dll [2015-10-16] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Frederick\AppData\Roaming\Mozilla\Firefox\Profiles\qnvn6bfn.default-1490077466659 [2017-04-01]
FF NetworkProxy: Mozilla\Firefox\Profiles\qnvn6bfn.default-1490077466659 -> type", 0
FF Extension: (Hoxx VPN Proxy) - C:\Users\Frederick\AppData\Roaming\Mozilla\Firefox\Profiles\qnvn6bfn.default-1490077466659\Extensions\@hoxx-vpn.xpi [2017-03-28]
FF Extension: (Google Docs Viewer) - C:\Users\Frederick\AppData\Roaming\Mozilla\Firefox\Profiles\qnvn6bfn.default-1490077466659\Extensions\adonis.cuhk@gmail.com.xpi [2017-03-28]
FF Extension: (Wiktionary and Google Translate) - C:\Users\Frederick\AppData\Roaming\Mozilla\Firefox\Profiles\qnvn6bfn.default-1490077466659\Extensions\googledictionary@toptip.ca.xpi [2017-03-28]
FF Extension: (uBlock Origin) - C:\Users\Frederick\AppData\Roaming\Mozilla\Firefox\Profiles\qnvn6bfn.default-1490077466659\Extensions\uBlock0@raymondhill.net.xpi [2017-03-21]
FF Extension: (Greasemonkey) - C:\Users\Frederick\AppData\Roaming\Mozilla\Firefox\Profiles\qnvn6bfn.default-1490077466659\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-03-28]
FF Extension: (Site Deployment Checker) - C:\Users\Frederick\AppData\Roaming\Mozilla\Firefox\Profiles\qnvn6bfn.default-1490077466659\features\{091fdecb-4f71-456b-b50c-d7ecb12c71fe}\deployment-checker@mozilla.org.xpi [2017-03-28]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Firefox\Extensions: [kpm_win_add_on@kaspersky] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm_win_add_on@kaspersky => not found
FF HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-28] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-22]
CHR Extension: (Google Docs) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-10]
CHR Extension: (Google Drive) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-10]
CHR Extension: (YouTube) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-10]
CHR Extension: (uBlock Origin) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-19]
CHR Extension: (Tampermonkey) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-20]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-03-19]
CHR Extension: (Google Sheets) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-22]
CHR Extension: (Kaspersky Protection) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-10]
CHR Extension: (Vysor) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2017-01-20]
CHR Extension: (VoiceNote II - Speech to text) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2016-06-02]
CHR Extension: (TagBot) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ippohhhloejhjppmbpmgmamdnmpjmkdm [2017-03-20]
CHR Extension: (Hoxx VPN Proxy) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2017-03-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-19]
CHR Extension: (Speechnotes - Speech To Text Notepad) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\opekipbefdbacebgkjjdgoiofdbhocok [2016-05-11]
CHR Extension: (Gmail) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-10]
CHR Extension: (Chrome Media Router) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-21]
CHR Profile: C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default [2017-04-16]
CHR Extension: (Google Slides) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-02]
CHR Extension: (Google Docs) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-02]
CHR Extension: (Google Drive) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-02]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2017-04-16]
CHR Extension: (YouTube) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-02]
CHR Extension: (uBlock Origin) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-04-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-29]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-03-29]
CHR Extension: (Google Sheets) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-02]
CHR Extension: (Google Docs Offline) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-02]
CHR Extension: (Imgur Gallery Downloader) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkcjdhcncfdmmbfgpcbiggpgdplcofe [2017-03-29]
CHR Extension: (Hoxx VPN Proxy) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2017-03-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-29]
CHR Extension: (Gmail) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-29]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gebpdbfmpedcnopofelmhndhincfkhki] - hxxps://chrome.google.com/webstore/detail/gebpdbfmpedcnopofelmhndhincfkhki
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
S3 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [132472 2016-09-09] (Dell Inc.)
S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [104160 2016-09-09] (Dell)
S3 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
S3 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
S3 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [395024 2016-12-07] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2624856 2017-03-09] (ESET)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-10-03] (NVIDIA Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-03-28] (Hi-Rez Studios) [File not signed]
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2713208 2016-09-20] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103168 2016-09-21] ()
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-20] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625648 2015-06-08] (Lenovo)
S3 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-10-03] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-10-03] (NVIDIA Corporation)
S3 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-10-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-11-07] (Intuit Inc.) [File not signed]
S3 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-11-07] (Intuit Inc.) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
S3 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-16] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-04] (Microsoft Corporation)
S3 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
S3 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [X]
S2 CG6Service; "C:\Program Files (x86)\CyberGhost\CyberGhost.Service.exe" [X]
S2 jswpbapi; C:\Program Files (x86)\Jumpstart\jswpbapi.exe [X]
S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AFTrafMgr1.1; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_1_64.sys [54712 2016-08-23] (AnchorFree Inc.)
S3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [33872 2013-10-12] (AnvSoft Inc.)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation)
S3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-12-27] (Samsung Electronics Co., Ltd.)
R3 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132848 2017-03-09] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [14880 2017-03-09] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [178056 2017-03-09] (ESET)
R1 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [77224 2017-03-09] (ESET)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [46960 2016-07-19] ()
S3 HTCAND64; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-11] (Intel Corporation)
R3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-11] (Intel Corporation)
U5 isocusb; C:\Windows\System32\Drivers\isocusb.sys [261120 2013-03-19] (Intel Corp.) [File not signed]
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [421200 2016-06-20] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1012048 2016-06-26] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [49488 2016-06-20] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
U0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [204488 2016-11-09] (AO Kaspersky Lab)
U0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [95800 2016-11-09] (AO Kaspersky Lab)
U3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [148864 2016-11-09] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [126864 2016-06-02] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-22] (Malwarebytes)
S3 MiraDispKmd; C:\WINDOWS\System32\drivers\MiraDispKmd.sys [23552 2015-07-10] (Microsoft Corporation)
S3 NDISAH; C:\WINDOWS\system32\DRIVERS\ndisah.sys [33832 2016-12-06] (Antamedia mdoo)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-10-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-10-03] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896744 2016-07-23] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-12-27] (Samsung Electronics Co., Ltd.)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [57032 2015-07-16] (Synaptics Incorporated)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-08-23] (Anchorfree Inc.)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S2 vcs; C:\Program Files (x86)\Common Files\Avnex\vcs64.sys [4096 2016-02-22] () [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-23] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 EACGuard; \??\C:\Users\Frederick\Desktop\Frederick\Paladins\EACGuard.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-16 15:25 - 2017-04-16 15:26 - 00034688 _____ C:\Users\Frederick\Downloads\FRST.txt
2017-04-16 15:24 - 2017-04-16 15:24 - 02424832 _____ (Farbar) C:\Users\Frederick\Downloads\FRST64 (1).exe
2017-04-16 15:21 - 2017-04-16 15:25 - 00000000 ____D C:\FRST
2017-04-16 15:21 - 2017-04-16 15:21 - 02424832 _____ (Farbar) C:\Users\Frederick\Downloads\FRST64.exe
2017-04-16 15:13 - 2017-04-16 15:13 - 00000000 ____D C:\Users\Frederick\AppData\Roaming\ESET
2017-04-16 15:10 - 2017-04-16 15:10 - 00003385 _____ C:\Users\Frederick\Downloads\9F17F7DC811D0FA485EAD63B909018F22CD07065.torrent
2017-04-16 15:10 - 2017-04-16 15:10 - 00000000 ____D C:\Users\Frederick\Downloads\TNod User & Password Finder 1.6.2 Beta 2 [CracksNow]
2017-04-16 15:08 - 2017-04-16 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-04-16 15:08 - 2017-04-16 15:08 - 00000000 ____D C:\ProgramData\ESET
2017-04-16 15:08 - 2017-04-16 15:08 - 00000000 ____D C:\Program Files\ESET
2017-04-16 15:07 - 2017-04-16 15:07 - 01381582 _____ (Igor Pavlov) C:\Users\Frederick\Downloads\7z1604-x64.exe
2017-04-16 15:07 - 2017-04-16 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-04-16 15:07 - 2017-04-16 15:07 - 00000000 ____D C:\Program Files\7-Zip
2017-04-16 15:03 - 2017-04-16 15:04 - 00000000 ____D C:\Users\Frederick\Downloads\ESET NOD32 Antivirus 10.1.204.0 + Crack [CracksNow]
2017-04-16 15:03 - 2017-04-16 15:03 - 00019602 _____ C:\Users\Frederick\Downloads\2F599D61FFBBC1B48554C1B290ED39885E5D2F16.torrent
2017-04-16 14:54 - 2017-04-16 14:54 - 00016148 _____ C:\WINDOWS\system32\FERNANDO_Frederick_HistoryPrediction.bin
2017-04-15 10:51 - 2017-04-16 14:56 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-04-15 10:38 - 2017-04-15 10:38 - 11415987 _____ C:\Users\Frederick\Desktop\Everything.db
2017-04-15 10:38 - 2017-04-15 10:38 - 00013528 _____ C:\Users\Frederick\Desktop\Everything.ini
2017-04-15 09:53 - 2017-04-15 09:54 - 04089296 _____ C:\Users\Frederick\Downloads\adwcleaner_6.045.exe
2017-04-09 22:46 - 2017-04-09 22:46 - 00018158 _____ C:\Users\Frederick\Downloads\Reminders_For_Those_Assigned_Public_Talks_-_S-141-E.pdf
2017-04-09 22:34 - 2017-04-09 22:54 - 00000000 ____D C:\Users\Frederick\Desktop\jwmail
2017-04-08 12:58 - 2017-04-08 12:57 - 00050844 _____ C:\Users\Frederick\Desktop\You Will Reap What You Sow (No. 59) (1).pdf
2017-04-08 12:57 - 2017-04-08 12:57 - 00050844 _____ C:\Users\Frederick\Downloads\You Will Reap What You Sow (No. 59) (1).pdf
2017-04-08 12:55 - 2017-04-08 12:55 - 00050844 _____ C:\Users\Frederick\Downloads\You Will Reap What You Sow (No. 59).pdf
2017-04-01 11:07 - 2017-04-01 11:07 - 00001281 _____ C:\Users\Public\Desktop\SHAREit.lnk
2017-04-01 11:07 - 2017-04-01 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-04-01 11:06 - 2017-04-01 11:07 - 09564512 _____ (Lenovo Group Limited ) C:\Users\Frederick\Downloads\Share it (From Lenovo).exe
2017-04-01 09:45 - 2017-04-01 09:58 - 00000000 ____D C:\Users\Frederick\Desktop\family
2017-03-29 22:39 - 2017-03-29 22:39 - 00000000 ____D C:\Users\Frederick\AppData\Local\Wondershare
2017-03-29 22:38 - 2017-03-30 20:33 - 00000000 ____D C:\Users\Frederick\AppData\Roaming\Wondershare
2017-03-29 22:36 - 2017-03-30 20:33 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-03-29 22:36 - 2017-03-29 22:36 - 01060496 _____ C:\Users\Frederick\Downloads\pdfelement_setup_full1042.exe
2017-03-29 22:19 - 2017-03-30 22:18 - 00000000 ____D C:\Users\Frederick\AppData\Roaming\NAPS2
2017-03-29 22:19 - 2017-03-29 22:19 - 01651226 _____ (Ben Olden-Cooligan ) C:\Users\Frederick\Downloads\naps2-5.3.3-setup.exe
2017-03-29 22:19 - 2017-03-29 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAPS2
2017-03-29 22:19 - 2017-03-29 22:19 - 00000000 ____D C:\Program Files (x86)\NAPS2
2017-03-29 22:19 - 2016-07-12 15:38 - 00150736 _____ (TWAIN Working Group) C:\WINDOWS\SysWOW64\twaindsm.dll
2017-03-29 21:52 - 2017-03-29 21:53 - 00000000 ____D C:\Users\Frederick\Downloads\jarlath
2017-03-29 19:52 - 2017-03-29 19:52 - 00000816 _____ C:\Users\Frederick\Desktop\Downloads - Shortcut.lnk
2017-03-27 12:54 - 2017-03-27 12:54 - 00000000 __SHD C:\found.002
2017-03-26 18:55 - 2017-03-26 18:55 - 00000000 __SHD C:\found.001
2017-03-23 14:38 - 2017-03-23 14:38 - 00005735 _____ C:\Users\Frederick\FileOptimizer.ini
2017-03-23 14:36 - 2017-03-23 14:36 - 00000000 ____D C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileOptimizer
2017-03-23 14:36 - 2017-03-23 14:36 - 00000000 ____D C:\Program Files\FileOptimizer
2017-03-23 14:24 - 2017-03-23 14:24 - 00000000 ____D C:\Users\Frederick\Documents\Apowersoft
2017-03-23 14:24 - 2017-03-23 14:24 - 00000000 ____D C:\Users\Frederick\AppData\Roaming\Apowersoft
2017-03-23 14:24 - 2017-03-23 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2017-03-23 14:24 - 2017-03-23 14:24 - 00000000 ____D C:\ProgramData\Apowersoft
2017-03-23 14:24 - 2017-03-23 14:24 - 00000000 ____D C:\Program Files (x86)\Apowersoft
2017-03-23 14:12 - 2017-03-23 14:12 - 00000000 ____D C:\Users\Frederick\AppData\Local\FreemakeVideoConverter
2017-03-23 14:11 - 2017-03-23 14:12 - 00000000 ____D C:\Users\Frederick\Documents\Freemake
2017-03-22 22:02 - 2017-03-22 22:02 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-22 16:27 - 2017-03-22 16:28 - 00000000 ____D C:\Users\Frederick\AppData\Roaming\Deezloader
2017-03-22 13:18 - 2014-08-06 10:34 - 01441792 _____ C:\Users\Frederick\Desktop\Everything.exe
2017-03-22 12:55 - 2017-03-22 12:55 - 00013785 _____ C:\Users\Frederick\Downloads\SimpleBhop_mpgh.net.rar
2017-03-22 12:50 - 2017-03-22 12:50 - 00105382 _____ C:\Users\Frederick\Downloads\Cd hack For Cs 1.6.rar
2017-03-22 12:45 - 2017-03-22 12:45 - 00012115 _____ C:\Users\Frederick\Downloads\GameOwner v0.3_[unknowncheats.me]_.rar
2017-03-22 12:41 - 2017-03-22 12:41 - 00010333 _____ C:\Users\Frederick\Downloads\SilentProject_mpgh.net.rar
2017-03-22 00:08 - 2017-03-22 00:08 - 00503295 _____ C:\Users\Frederick\Downloads\Rage & Revenge_[unknowncheats.me]_.zip
2017-03-21 23:52 - 2017-03-21 23:52 - 00000000 ____D C:\Users\Frederick\Downloads\Settings
2017-03-21 23:52 - 2017-03-21 23:52 - 00000000 ____D C:\Users\Frederick\Downloads\Info
2017-03-21 23:52 - 2014-09-22 16:28 - 00048640 _____ C:\Users\Frederick\Downloads\Unreal-Rage Public v9.dll
2017-03-21 23:52 - 2008-11-02 01:55 - 00022528 _____ C:\Users\Frederick\Downloads\Unreal-Rage Public v9.exe
2017-03-21 23:46 - 2012-07-15 15:32 - 00510976 _____ C:\Users\Frederick\Downloads\Rage & Revenge.dll
2017-03-21 23:45 - 2017-04-15 10:45 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6 OMONAS
2017-03-21 23:41 - 2017-03-21 23:45 - 219570826 _____ () C:\Users\Frederick\Downloads\counter-strike1.6s.exe
2017-03-21 10:23 - 2017-03-31 22:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-21 10:23 - 2017-03-31 22:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-21 10:23 - 2017-03-21 10:23 - 00001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-21 10:23 - 2017-03-21 10:23 - 00001224 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-21 10:22 - 2017-03-21 10:22 - 00245336 _____ C:\Users\Frederick\Downloads\Firefox Setup Stub 52.0.1.exe
2017-03-21 09:37 - 2017-03-21 09:37 - 00398138 _____ C:\Users\Frederick\Downloads\imgdl.zip
2017-03-19 23:30 - 2017-03-19 23:30 - 00150728 _____ C:\Users\Frederick\Downloads\TagBot.crx
2017-03-19 13:30 - 2017-03-29 21:49 - 00000000 ____D C:\Users\Frederick\AppData\Roaming\CDisplayEx
2017-03-19 13:30 - 2017-03-19 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
2017-03-19 13:30 - 2017-03-19 13:30 - 00000000 ____D C:\Program Files\CDisplayEx
2017-03-19 12:29 - 2017-03-19 12:29 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2017-03-19 12:29 - 2017-03-19 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win2PDF
2017-03-19 12:29 - 2016-08-12 11:10 - 00092792 _____ (Dane Prairie Systems, LLC - hxxp://www.win2pdf.com) C:\WINDOWS\system32\WIN2PDFM7.DLL
2017-03-19 12:29 - 2016-08-12 11:06 - 00160376 _____ C:\WINDOWS\SysWOW64\WIN2PDFS.DLL
2017-03-19 12:29 - 2016-01-07 12:39 - 00000002 _____ C:\WINDOWS\1way.ini
2017-03-19 12:25 - 2017-03-19 12:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A-PDF Merger
2017-03-19 12:25 - 2017-03-19 12:25 - 00000000 ____D C:\Program Files (x86)\A-PDF Merger
2017-03-19 12:22 - 2017-03-19 12:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axommsoft Image to Pdf
2017-03-19 12:22 - 2017-03-19 12:22 - 00000000 ____D C:\Program Files (x86)\Axommsoft Image to Pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-16 15:20 - 2016-12-05 14:44 - 00000000 ____D C:\Users\Frederick\AppData\Roaming\qBittorrent
2017-04-16 15:10 - 2015-07-10 15:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-04-16 15:10 - 2015-07-10 15:02 - 00000000 ____D C:\WINDOWS\INF
2017-04-16 15:09 - 2015-07-10 15:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-16 15:00 - 2015-07-10 15:04 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-16 14:56 - 2016-11-21 12:11 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-04-16 14:56 - 2015-07-14 13:33 - 00000000 __SHD C:\Users\Frederick\IntelGraphicsProfiles
2017-04-16 14:53 - 2015-07-10 16:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-16 13:26 - 2015-07-10 13:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-04-15 21:55 - 2015-09-19 10:07 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{900C2C05-BCD0-455C-8FA3-15C0F74B0052}
2017-04-15 10:23 - 2016-04-25 11:15 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-15 10:22 - 2016-04-25 11:14 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-15 09:57 - 2015-10-30 19:39 - 00000000 ____D C:\AdwCleaner
2017-04-13 10:58 - 2015-07-10 15:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-02 08:18 - 2016-12-22 18:37 - 00000000 ____D C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-04-02 08:18 - 2016-12-22 18:37 - 00000000 ____D C:\Users\Frederick\AppData\Local\Discord
2017-04-01 11:08 - 2015-07-17 11:20 - 00000000 ____D C:\Users\Frederick\AppData\Local\Lenovo
2017-04-01 11:07 - 2015-05-30 19:48 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-04-01 10:16 - 2016-02-09 21:09 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-01 09:51 - 2016-08-26 17:46 - 00000000 ____D C:\Users\Frederick\Desktop\Fernando
2017-04-01 08:50 - 2015-08-01 11:52 - 00876602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-01 00:33 - 2017-01-04 18:18 - 00000000 ____D C:\Users\Frederick\AppData\LocalLow\Mozilla
2017-03-31 15:00 - 2015-08-01 11:34 - 00000000 ____D C:\Users\Frederick
2017-03-30 07:04 - 2016-12-22 18:37 - 00000000 ____D C:\Users\Frederick\AppData\Roaming\discord
2017-03-29 23:06 - 2016-12-09 11:26 - 00562728 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-03-29 23:03 - 2017-03-09 15:34 - 00149264 _____ (Microsoft Corporation) C:\WINDOWS\system32\symsrv.dll
2017-03-29 23:03 - 2017-03-09 15:34 - 00000000 _____ C:\WINDOWS\system32\symsrv.yes
2017-03-29 22:51 - 2015-07-10 16:20 - 00383280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-29 18:53 - 2016-01-02 16:18 - 00007601 _____ C:\Users\Frederick\AppData\Local\Resmon.ResmonCfg
2017-03-28 10:23 - 2015-10-01 22:38 - 00000000 ____D C:\Users\Frederick\Documents\My Games
2017-03-28 10:20 - 2015-02-08 05:58 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-27 21:29 - 2016-12-30 21:29 - 00000000 ____D C:\Users\Frederick\AppData\Roaming\Kodi
2017-03-25 23:54 - 2016-12-23 16:59 - 00000000 ____D C:\Users\Frederick\AppData\Roaming\vlc
2017-03-25 19:22 - 2015-10-13 19:12 - 00000000 ____D C:\Users\Frederick\AppData\Local\ElevatedDiagnostics
2017-03-23 14:24 - 2015-07-10 15:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-23 14:13 - 2016-05-10 20:21 - 00000000 ____D C:\ProgramData\Freemake
2017-03-23 14:13 - 2016-05-10 20:21 - 00000000 ____D C:\Program Files (x86)\Freemake
2017-03-22 16:33 - 2017-01-13 19:57 - 00000000 ____D C:\Users\Frederick\AppData\Roaming\deezloader-app
2017-03-21 23:47 - 2015-10-16 00:22 - 00000000 ____D C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
2017-03-21 22:50 - 2015-08-08 14:33 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-21 22:27 - 2015-07-10 14:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-21 10:56 - 2016-04-02 13:12 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-17 10:02 - 2015-04-04 16:53 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-17 10:00 - 2015-02-08 06:13 - 00000000 ____D C:\ProgramData\McAfee
2017-03-17 09:56 - 2015-07-10 15:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-03-17 09:56 - 2015-07-10 15:04 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-03-17 09:56 - 2015-07-10 15:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-03-17 09:56 - 2015-07-10 15:04 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-17 09:56 - 2015-07-10 15:04 - 00000000 ____D C:\Program Files\Windows Defender
2017-03-17 09:56 - 2015-07-10 15:04 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-03-17 09:56 - 2015-07-10 15:04 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-03-17 09:56 - 2015-07-10 13:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
 
==================== Files in the root of some directories =======
 
2016-11-09 21:28 - 2016-11-09 21:28 - 0000000 _____ () C:\Program Files (x86)\Apple Software Update
2016-11-09 21:28 - 2016-11-09 21:28 - 0000000 _____ () C:\Program Files (x86)\AUTOCLICK
2016-11-09 21:28 - 2016-11-09 21:28 - 0000000 _____ () C:\Program Files (x86)\Cheat Engine 6.4
2016-11-09 21:28 - 2016-11-09 21:28 - 0000000 _____ () C:\Program Files (x86)\RocketDock
2016-12-10 13:32 - 2016-12-10 13:34 - 0019968 _____ () C:\Users\Frederick\AppData\Roaming\ERROR.exe
2016-02-07 12:44 - 2016-02-07 12:45 - 0000194 _____ () C:\Users\Frederick\AppData\Roaming\KB8888239.log
2016-03-08 16:15 - 2016-03-08 16:17 - 0000115 _____ () C:\Users\Frederick\AppData\Roaming\LogFile.txt
2016-12-10 13:32 - 2016-12-10 13:34 - 0024064 _____ () C:\Users\Frederick\AppData\Roaming\Paladins.exe
2016-02-21 18:58 - 2016-02-21 18:58 - 0001167 _____ () C:\Users\Frederick\AppData\Roaming\trace_FilterInstaller.1.txt
2016-02-21 18:58 - 2016-11-13 15:21 - 0000905 _____ () C:\Users\Frederick\AppData\Roaming\trace_FilterInstaller.txt
2016-02-21 18:58 - 2016-11-13 15:21 - 0000000 _____ () C:\Users\Frederick\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-12-28 14:30 - 2017-03-14 13:21 - 0004608 _____ () C:\Users\Frederick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-30 19:29 - 2016-05-27 12:44 - 0004096 ____H () C:\Users\Frederick\AppData\Local\keyfile3.drm
2016-01-02 16:18 - 2017-03-29 18:53 - 0007601 _____ () C:\Users\Frederick\AppData\Local\Resmon.ResmonCfg
2016-11-16 22:36 - 2016-11-16 22:36 - 25416816 _____ (One Click Root) C:\Users\Frederick\AppData\Local\TempOneClickRoot.exe
2016-09-02 12:00 - 2016-09-02 12:00 - 0000164 _____ () C:\Users\Frederick\AppData\Local\uts.ini
2016-03-14 10:55 - 2016-03-14 10:55 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-01 11:29 - 2015-08-01 11:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-03-05 10:12 - 2016-11-09 20:03 - 0019535 _____ () C:\ProgramData\empty.ico
2016-01-29 14:47 - 2016-01-29 14:47 - 0004136 _____ () C:\ProgramData\oqztiqep.adk
2016-12-20 13:31 - 2016-12-20 13:31 - 0000032 _____ () C:\ProgramData\Temp.log
2015-10-18 23:20 - 2015-10-18 23:20 - 0005050 _____ () C:\ProgramData\wmzddnmb.cix
2015-02-08 05:56 - 2015-02-08 05:57 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-02-08 05:53 - 2015-02-08 05:54 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-02-08 05:54 - 2015-02-08 05:55 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2015-02-08 05:55 - 2015-02-08 05:56 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-02-08 05:53 - 2015-02-08 05:53 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Files to move or delete:
====================
C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
 
 
Some files in TEMP:
====================
2016-12-24 11:02 - 2016-10-21 14:23 - 0970264 _____ (BlueStack Systems, Inc.) C:\Users\Frederick\AppData\Local\Temp\BluestacksUninstaller.exe
2016-12-24 11:02 - 2016-10-21 14:21 - 0187416 _____ (BlueStack Systems) C:\Users\Frederick\AppData\Local\Temp\HD-LibraryHandler.dll
2016-12-24 11:02 - 2016-10-21 14:19 - 0246808 _____ (BlueStack Systems) C:\Users\Frederick\AppData\Local\Temp\HD-Logger-Native.dll
2016-12-07 14:19 - 2016-11-16 01:30 - 0037376 _____ (Microsoft) C:\Users\Frederick\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
2016-12-07 14:19 - 2016-11-16 01:30 - 0020992 _____ (Microsoft) C:\Users\Frederick\AppData\Local\Temp\HiRezLauncherControls.dll
2016-12-24 11:01 - 2016-07-19 21:26 - 11438608 _____ (SurfRight B.V.) C:\Users\Frederick\AppData\Local\Temp\HitmanPro.exe
2016-12-24 11:20 - 2016-10-27 10:59 - 0389765 _____ () C:\Users\Frederick\AppData\Local\Temp\IDM Patch Uninstaller.exe
2016-12-02 23:42 - 2016-12-02 23:42 - 2458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Frederick\AppData\Local\Temp\libeay32.dll
2016-12-02 23:42 - 2016-12-02 23:42 - 0970912 _____ (Microsoft Corporation) C:\Users\Frederick\AppData\Local\Temp\msvcr120.dll
2017-03-09 15:34 - 2016-10-25 13:31 - 1824872 _____ (Microsoft Corporation) C:\Users\Frederick\AppData\Local\Temp\ntddk.dll
2016-12-10 13:32 - 2016-12-09 20:52 - 0109847 _____ () C:\Users\Frederick\AppData\Local\Temp\paladins2.exe
2016-12-05 13:34 - 2016-11-02 22:15 - 0067397 _____ () C:\Users\Frederick\AppData\Local\Temp\Setup.exe
2016-12-02 23:42 - 2016-12-02 23:42 - 0772672 _____ () C:\Users\Frederick\AppData\Local\Temp\sqlite3.dll
2017-03-16 21:12 - 2008-10-01 12:40 - 0453720 _____ (Macrovision Corporation) C:\Users\Frederick\AppData\Local\Temp\_is6431.exe
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\usoclient.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-08 10:10
 
==================== End of FRST.txt ============================
 
Edit Jo*: Made URLs unclickable...

Attached Files


Edited by blablahbla, 16 April 2017 - 07:16 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 AM

Posted 17 April 2017 - 09:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Users\Frederick\AppData\Local\Temp\RarSFX98\system.exe
() C:\Users\Frederick\AppData\Local\Temp\RarSFX99\system.exe
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Run: [explorer] => C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe [8817462 2017-02-06] ()
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Run: [GoogleChromeAutoLaunch_850528626E5HFO8S7TEIWSFEC337D4CE6F2] => C:\Users\Frederick\AppData\system32\explorer.exe [8817462 2017-02-06] ()
ShellIconOverlayIdentifiers: [] -> {b5458932-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlayError.dll -> No File
ShellIconOverlayIdentifiers: [] -> {b5458930-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlaySynced.dll -> No File
ShellIconOverlayIdentifiers: [] -> {b5458934-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlayReadOnly.dll -> No File
ShellIconOverlayIdentifiers: [] -> {b5458933-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlayLock.dll -> No File
ShellIconOverlayIdentifiers: [] -> {b5458931-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlaySyncing.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe [2017-02-06] ()
Startup: C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayer.lnk [2017-04-16]
ShortcutTarget: FlashPlayer.lnk -> C:\Users\Frederick\AppData\Local\Temp\RarSFX99\1.VBS ()
Startup: C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.lnk [2017-04-16]
ShortcutTarget: System.lnk -> C:\Users\Frederick\AppData\Local\Temp\RarSFX83\12.VBS ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {7FC878A7-F993-431D-94BE-7B12FDEC23C3} -> No File
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Firefox\Extensions: [kpm_win_add_on@kaspersky] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm_win_add_on@kaspersky => not found
FF HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
CHR Profile: C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-28] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-19]
CHR Extension: (Chrome Media Router) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-29]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
S3 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
S3 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [X]
S2 CG6Service; "C:\Program Files (x86)\CyberGhost\CyberGhost.Service.exe" [X]
S2 jswpbapi; C:\Program Files (x86)\Jumpstart\jswpbapi.exe [X]
S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [X]
S3 EACGuard; \??\C:\Users\Frederick\Desktop\Frederick\Paladins\EACGuard.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
CustomCLSID: HKU\S-1-5-21-1413109926-2682719023-2497955036-1004_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-1413109926-2682719023-2497955036-1004_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1413109926-2682719023-2497955036-1004_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1413109926-2682719023-2497955036-1004_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll => No File
Task: {00DF34BB-5B95-479D-8224-E207AA4642FB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {113BF764-B600-47FF-BFDD-8503E336DB59} - System32\Tasks\CupblueUpdateTaskMachineCore => C:\Program Files (x86)\Cupblue\Update\CupblueUpdate.exe  <==== ATTENTION
Task: {1967DA27-E223-411F-9806-FE0B0D9A75F9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1EB5D1A2-8704-42D6-B0F6-2B18A1FF0810} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5A2B5428-ABCC-4D3A-ADFB-0D8705445E60} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8F74A9B7-FAC6-4724-BB08-0F6A0159E9B5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8F922643-E3BC-43C1-AFFC-97348177CD3B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {99890393-023C-4F6C-A257-A5B5638A76DD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A381D815-0049-4081-ADF9-DCA40A9FFFBB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AE6B61B3-BD22-4AB9-B1E6-1AE503DEE172} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CD2CBE75-D4C6-4BE5-B442-DAD3F6362D7D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CF54C9D1-76DC-45BE-8748-3B7FA7034566} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {F016C4C0-4B15-415F-AB0A-1D4FAF58D798} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F1C7CAEB-3215-4945-86C6-E699646545C5} - System32\Tasks\CupblueUpdateTaskMachineUA => C:\Program Files (x86)\Cupblue\Update\CupblueUpdate.exe  <==== ATTENTION
Task: {F1E5EE25-C1E2-499B-9964-45366F920FD7} - \TechBlitz -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\TechBlitz.job => c:\programdata\{a747666e-0377-7cba-a747-7666e03799b8}\6594737358601786497b.exe <==== ATTENTION
FirewallRules: [{489FF3CF-7E5F-4433-8FC7-536FACADFB1E}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{6D066D5F-169A-4CFC-8BBF-787BB700F9D8}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{7CD5B3F5-8D8F-41DE-A335-C12824EC98D4}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{9E3E8F2A-F928-4AA1-A886-D457DDC4EAFD}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{9306EFEB-37FC-4075-897A-2944B7E2E8FB}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{C39F0598-F4CF-47DC-964A-FC6EC14534F2}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files (x86)\Cupblue
c:\programdata\{a747666e-0377-7cba-a747-7666e03799b8}
C:\Users\Frederick\AppData\Local\Temp\RarSFX83
C:\Users\Frederick\AppData\Local\Temp\RarSFX98
C:\Users\Frederick\AppData\Local\Temp\RarSFX99
C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe
C:\Users\Frederick\AppData\system32\explorer.exe
C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayer.lnk
C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.lnk
C:\Program Files\KMSpico

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)

Please let me know what problem persists with this computer.

#3 blablahbla

blablahbla
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 17 April 2017 - 04:27 PM

Thank you for replying.
Also, my computer hasn't been running any slower lately, past 2-3 days. Still worried about these weird russian rar files though. The winrar file and weird dll options dialog box(both russian) didn't open on computer start after running the fix.
These are the only rarsfx files remaining - http://imgur.com/a/ccXyu
http://imgur.com/a/fKdS8 (what is in each folder).
In your reply to my comment, I think some updates are needed. The horizontal line option now is three vertical dots, and "Reset browser settings" is now "Reset settings". Just sayin. Thanks for replying again.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-04-2017 01
Ran by Frederick (18-04-2017 00:57:20) Run:1
Running from C:\Users\Frederick\Downloads
Loaded Profiles: Frederick (Available Profiles: Frederick)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
() C:\Users\Frederick\AppData\Local\Temp\RarSFX98\system.exe
() C:\Users\Frederick\AppData\Local\Temp\RarSFX99\system.exe
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Run: [explorer] => C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe [8817462 2017-02-06] ()
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Run: [GoogleChromeAutoLaunch_850528626E5HFO8S7TEIWSFEC337D4CE6F2] => C:\Users\Frederick\AppData\system32\explorer.exe [8817462 2017-02-06] ()
ShellIconOverlayIdentifiers: [] -> {b5458932-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlayError.dll -> No File
ShellIconOverlayIdentifiers: [] -> {b5458930-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlaySynced.dll -> No File
ShellIconOverlayIdentifiers: [] -> {b5458934-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlayReadOnly.dll -> No File
ShellIconOverlayIdentifiers: [] -> {b5458933-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlayLock.dll -> No File
ShellIconOverlayIdentifiers: [] -> {b5458931-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlaySyncing.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe [2017-02-06] ()
Startup: C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayer.lnk [2017-04-16]
ShortcutTarget: FlashPlayer.lnk -> C:\Users\Frederick\AppData\Local\Temp\RarSFX99\1.VBS ()
Startup: C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.lnk [2017-04-16]
ShortcutTarget: System.lnk -> C:\Users\Frederick\AppData\Local\Temp\RarSFX83\12.VBS ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {7FC878A7-F993-431D-94BE-7B12FDEC23C3} -> No File
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\Firefox\Extensions: [kpm_win_add_on@kaspersky] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm_win_add_on@kaspersky => not found
FF HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
CHR Profile: C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-28] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-19]
CHR Extension: (Chrome Media Router) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-29]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
S3 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
S3 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [X]
S2 CG6Service; "C:\Program Files (x86)\CyberGhost\CyberGhost.Service.exe" [X]
S2 jswpbapi; C:\Program Files (x86)\Jumpstart\jswpbapi.exe [X]
S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [X]
S3 EACGuard; \??\C:\Users\Frederick\Desktop\Frederick\Paladins\EACGuard.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
CustomCLSID: HKU\S-1-5-21-1413109926-2682719023-2497955036-1004_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-1413109926-2682719023-2497955036-1004_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1413109926-2682719023-2497955036-1004_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1413109926-2682719023-2497955036-1004_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll => No File
Task: {00DF34BB-5B95-479D-8224-E207AA4642FB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {113BF764-B600-47FF-BFDD-8503E336DB59} - System32\Tasks\CupblueUpdateTaskMachineCore => C:\Program Files (x86)\Cupblue\Update\CupblueUpdate.exe  <==== ATTENTION
Task: {1967DA27-E223-411F-9806-FE0B0D9A75F9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1EB5D1A2-8704-42D6-B0F6-2B18A1FF0810} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5A2B5428-ABCC-4D3A-ADFB-0D8705445E60} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8F74A9B7-FAC6-4724-BB08-0F6A0159E9B5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8F922643-E3BC-43C1-AFFC-97348177CD3B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {99890393-023C-4F6C-A257-A5B5638A76DD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A381D815-0049-4081-ADF9-DCA40A9FFFBB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AE6B61B3-BD22-4AB9-B1E6-1AE503DEE172} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CD2CBE75-D4C6-4BE5-B442-DAD3F6362D7D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CF54C9D1-76DC-45BE-8748-3B7FA7034566} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {F016C4C0-4B15-415F-AB0A-1D4FAF58D798} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F1C7CAEB-3215-4945-86C6-E699646545C5} - System32\Tasks\CupblueUpdateTaskMachineUA => C:\Program Files (x86)\Cupblue\Update\CupblueUpdate.exe  <==== ATTENTION
Task: {F1E5EE25-C1E2-499B-9964-45366F920FD7} - \TechBlitz -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\TechBlitz.job => c:\programdata\{a747666e-0377-7cba-a747-7666e03799b8}\6594737358601786497b.exe <==== ATTENTION
FirewallRules: [{489FF3CF-7E5F-4433-8FC7-536FACADFB1E}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{6D066D5F-169A-4CFC-8BBF-787BB700F9D8}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{7CD5B3F5-8D8F-41DE-A335-C12824EC98D4}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{9E3E8F2A-F928-4AA1-A886-D457DDC4EAFD}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{9306EFEB-37FC-4075-897A-2944B7E2E8FB}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{C39F0598-F4CF-47DC-964A-FC6EC14534F2}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files (x86)\Cupblue
c:\programdata\{a747666e-0377-7cba-a747-7666e03799b8}
C:\Users\Frederick\AppData\Local\Temp\RarSFX83
C:\Users\Frederick\AppData\Local\Temp\RarSFX98
C:\Users\Frederick\AppData\Local\Temp\RarSFX99
C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe
C:\Users\Frederick\AppData\system32\explorer.exe
C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayer.lnk
C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.lnk
C:\Program Files\KMSpico
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Frederick\AppData\Local\Temp\RarSFX98\system.exe => No running process found
C:\Users\Frederick\AppData\Local\Temp\RarSFX99\system.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore => key removed successfully
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\Software\Microsoft\Windows\CurrentVersion\Run\\explorer => value removed successfully
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_850528626E5HFO8S7TEIWSFEC337D4CE6F2 => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [] -> {b5458932-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlayError.dll -> No File => key not found. 
HKCR\CLSID\{b5458932-3c8c-4131-ba1e-f0b5350e4e1e} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [] -> {b5458930-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlaySynced.dll -> No File => key not found. 
HKCR\CLSID\{b5458930-3c8c-4131-ba1e-f0b5350e4e1e} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [] -> {b5458934-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlayReadOnly.dll -> No File => key not found. 
HKCR\CLSID\{b5458934-3c8c-4131-ba1e-f0b5350e4e1e} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [] -> {b5458933-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlayLock.dll -> No File => key not found. 
HKCR\CLSID\{b5458933-3c8c-4131-ba1e-f0b5350e4e1e} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [] -> {b5458931-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Frederick\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlaySyncing.dll -> No File => key not found. 
HKCR\CLSID\{b5458931-3c8c-4131-ba1e-f0b5350e4e1e} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe => moved successfully
C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayer.lnk => moved successfully
C:\Users\Frederick\AppData\Local\Temp\RarSFX99\1.VBS => moved successfully
C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.lnk => moved successfully
C:\Users\Frederick\AppData\Local\Temp\RarSFX83\12.VBS => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FC878A7-F993-431D-94BE-7B12FDEC23C3} => key removed successfully
HKCR\CLSID\{7FC878A7-F993-431D-94BE-7B12FDEC23C3} => key not found. 
HKLM\Software\Mozilla\Firefox\Extensions\\light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com => value removed successfully
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\Software\Mozilla\Firefox\Extensions\\kpm_win_add_on@kaspersky => value removed successfully
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004\Software\Mozilla\SeaMonkey\Extensions\\mozilla_cc2@internetdownloadmanager.com => value removed successfully
C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => not found
C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => not found
C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Frederick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => key removed successfully
HKLM\System\CurrentControlSet\Services\AIPS => key removed successfully
AIPS => service removed successfully
HKLM\System\CurrentControlSet\Services\Apple Mobile Device => key removed successfully
Apple Mobile Device => service removed successfully
HKLM\System\CurrentControlSet\Services\CG6Service => key removed successfully
CG6Service => service removed successfully
HKLM\System\CurrentControlSet\Services\jswpbapi => key removed successfully
jswpbapi => service removed successfully
HKLM\System\CurrentControlSet\Services\jswpsapi => key removed successfully
jswpsapi => service removed successfully
HKLM\System\CurrentControlSet\Services\EACGuard => key removed successfully
EACGuard => service removed successfully
HKLM\System\CurrentControlSet\Services\wfpcapture => key removed successfully
wfpcapture => service removed successfully
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB} => key removed successfully
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1} => key removed successfully
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F} => key removed successfully
HKU\S-1-5-21-1413109926-2682719023-2497955036-1004_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{00DF34BB-5B95-479D-8224-E207AA4642FB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00DF34BB-5B95-479D-8224-E207AA4642FB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{113BF764-B600-47FF-BFDD-8503E336DB59} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{113BF764-B600-47FF-BFDD-8503E336DB59} => key removed successfully
C:\WINDOWS\System32\Tasks\CupblueUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CupblueUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1967DA27-E223-411F-9806-FE0B0D9A75F9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1967DA27-E223-411F-9806-FE0B0D9A75F9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1EB5D1A2-8704-42D6-B0F6-2B18A1FF0810} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EB5D1A2-8704-42D6-B0F6-2B18A1FF0810} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A2B5428-ABCC-4D3A-ADFB-0D8705445E60} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A2B5428-ABCC-4D3A-ADFB-0D8705445E60} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F74A9B7-FAC6-4724-BB08-0F6A0159E9B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F74A9B7-FAC6-4724-BB08-0F6A0159E9B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F922643-E3BC-43C1-AFFC-97348177CD3B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F922643-E3BC-43C1-AFFC-97348177CD3B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99890393-023C-4F6C-A257-A5B5638A76DD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99890393-023C-4F6C-A257-A5B5638A76DD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A381D815-0049-4081-ADF9-DCA40A9FFFBB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A381D815-0049-4081-ADF9-DCA40A9FFFBB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE6B61B3-BD22-4AB9-B1E6-1AE503DEE172} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE6B61B3-BD22-4AB9-B1E6-1AE503DEE172} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD2CBE75-D4C6-4BE5-B442-DAD3F6362D7D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD2CBE75-D4C6-4BE5-B442-DAD3F6362D7D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF54C9D1-76DC-45BE-8748-3B7FA7034566} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF54C9D1-76DC-45BE-8748-3B7FA7034566} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F016C4C0-4B15-415F-AB0A-1D4FAF58D798} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F016C4C0-4B15-415F-AB0A-1D4FAF58D798} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1C7CAEB-3215-4945-86C6-E699646545C5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1C7CAEB-3215-4945-86C6-E699646545C5} => key removed successfully
C:\WINDOWS\System32\Tasks\CupblueUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CupblueUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1E5EE25-C1E2-499B-9964-45366F920FD7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1E5EE25-C1E2-499B-9964-45366F920FD7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TechBlitz => key removed successfully
C:\WINDOWS\Tasks\TechBlitz.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{489FF3CF-7E5F-4433-8FC7-536FACADFB1E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D066D5F-169A-4CFC-8BBF-787BB700F9D8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7CD5B3F5-8D8F-41DE-A335-C12824EC98D4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E3E8F2A-F928-4AA1-A886-D457DDC4EAFD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9306EFEB-37FC-4075-897A-2944B7E2E8FB} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39F0598-F4CF-47DC-964A-FC6EC14534F2} => value removed successfully
"C:\Program Files (x86)\Cupblue" => not found.
"c:\programdata\{a747666e-0377-7cba-a747-7666e03799b8}" => not found.
C:\Users\Frederick\AppData\Local\Temp\RarSFX83 => moved successfully
C:\Users\Frederick\AppData\Local\Temp\RarSFX98 => moved successfully
C:\Users\Frederick\AppData\Local\Temp\RarSFX99 => moved successfully
"C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe" => not found.
C:\Users\Frederick\AppData\system32\explorer.exe => moved successfully
"C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayer.lnk" => not found.
"C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.lnk" => not found.
C:\Program Files\KMSpico => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 33859 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 82684501 B
Java, Flash, Steam htmlcache => 394501386 B
Windows/system/drivers => 80273144 B
Edge => 4537 B
Chrome => 359817402 B
Firefox => 803665062 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 873569 B
LocalService => 146844 B
NetworkService => 16857856 B
Frederick => 6126663672 B
 
RecycleBin => 366707257 B
EmptyTemp: => 7.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 01:10:40 ====

Edited by blablahbla, 17 April 2017 - 04:33 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 AM

Posted 18 April 2017 - 07:17 AM

The fix removed the Rar* folders in the \temp folder.

C:\Users\Frederick\AppData\Local\Temp\RarSFX83 => moved successfully
C:\Users\Frederick\AppData\Local\Temp\RarSFX98 => moved successfully
C:\Users\Frederick\AppData\Local\Temp\RarSFX99 => moved successfully


Delete the ones in your C:\ Drive.
Delete also the one with the .xBAD extension.
===

The folders in the FRST Quarantine folder are not active. It's a backup of what we did.
You can also delete them from the Quarantine folder.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#5 blablahbla

blablahbla
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 18 April 2017 - 04:56 PM

Thank you! Problem solved!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users