Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cleanserp redirector


  • This topic is locked This topic is locked
12 replies to this topic

#1 MarshmallowMillicent

MarshmallowMillicent

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 PM

Posted 13 November 2017 - 01:41 AM

I made a thread about this before and was told Mbar had detected issues. I have run Farbar Recovery Scan Tool.

 

Here is the thread

 

Here are both logs:

 

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by End User (administrator) on DESKTOP-DK32AUA (12-11-2017 22:28:03)
Running from C:\Users\End User\Downloads
Loaded Profiles: End User (Available Profiles: defaultuser0 & End User)
Platform: Windows 10 Pro Version 1703 15063.674 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\System32\wimserv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\Monosnap\Monosnap.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Roblox Corporation) C:\Users\End User\AppData\Local\Roblox\Versions\version-a184d7ab177f46d9\RobloxStudioBeta.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-15] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [329992 2015-06-17] (HP Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\Run: [aliim] => C:\Program Files (x86)\TradeManager\AliIM.exe [556472 2017-07-25] (Alibaba (China) Co., Ltd.)
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [21938608 2017-10-22] (AVM Software)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{23665207-46fe-4776-8432-89de9c39ec12}: [DhcpNameServer] 10.208.0.1
Tcpip\..\Interfaces\{57eff3fd-30d2-4b9e-9e3d-900c15ab9dae}: [DhcpNameServer] 192.168.82.1
Tcpip\..\Interfaces\{85393695-9846-4e58-99b8-c276b92151de}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a877ee81-c160-4274-aa8e-724f3f20647b}: [DhcpNameServer] 172.18.11.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-10-29] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-10-29] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-20] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-10-03] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-10-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-03] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: gzl8vogr.default
FF DefaultProfile: vslgaegu.default
FF ProfilePath: C:\Users\End User\AppData\Roaming\Mozilla\Firefox\Profiles\gzl8vogr.default [2017-11-12]
FF NewTab: Mozilla\Firefox\Profiles\gzl8vogr.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\gzl8vogr.default -> Yahoo! Powered Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\gzl8vogr.default -> Yahoo! Powered Search
FF Homepage: Mozilla\Firefox\Profiles\gzl8vogr.default -> hxxps://www.google.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\gzl8vogr.default -> user_pref("keyword.URL", true);
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\End User\AppData\Roaming\Mozilla\Firefox\Profiles\gzl8vogr.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-12]
FF Extension: (Avast Online Security) - C:\Users\End User\AppData\Roaming\Mozilla\Firefox\Profiles\gzl8vogr.default\Extensions\wrc@avast.com.xpi [2017-10-18]
FF ProfilePath: C:\Users\End User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\vslgaegu.default [2017-10-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 -> C:\Program Files (x86)\TradeManager\nptrademanager.dll [2017-07-25] ( )
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\TradeManager\npwangwang.dll [2017-07-25] ( )
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-10-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-10-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-3750219003-330135889-1696341922-1002: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll [2014-10-07] (Alibaba software (Shanghai) Corporation.)
FF Plugin HKU\S-1-5-21-3750219003-330135889-1696341922-1002: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File]
FF Plugin HKU\S-1-5-21-3750219003-330135889-1696341922-1002: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File]
FF Plugin HKU\S-1-5-21-3750219003-330135889-1696341922-1002: @alipay.com/npalicert -> C:\Users\End User\AppData\Roaming\alipay\cf\npalicdo.dll [2014-10-20] (alipay.com)
FF Plugin HKU\S-1-5-21-3750219003-330135889-1696341922-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\End User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-03-08] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default [2017-11-12]
CHR Extension: (Slides) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (Mobile Phone Gamers Ad) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkofpcennnhneapiikojlfeklbhahnln [2017-11-09]
CHR Extension: (YouTube) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-12]
CHR Extension: (Sheets) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (DownloadManagerNow) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhifapajpoibpajokkokaajalaincjli [2017-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-21]
CHR Extension: (Avast Online Security) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-09]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2017-09-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
CHR Extension: (Gmail) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-21]
CHR Extension: (Chrome Media Router) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-27]
CHR Profile: C:\Users\End User\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-10-16]
CHR Profile: C:\Users\End User\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-16]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AliSafeEngine Service; C:\Program Files (x86)\AliSafeEngine\5.0.2\AliSafeEngine.exe [594080 2016-05-10] (阿里巴巴(中国)有限公司)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-15] (AVAST Software s.r.o.)
U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-15] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7923880 2017-10-23] (Microsoft Corporation)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-07-28] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (DEVGURU Co., LTD.)
S2 TBSecSvc; C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe [227296 2017-08-09] (Alibaba (China) Co., LTD. All rights reserved.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2016-07-27] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-17] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-21] (Microsoft Corporation)
S2 wwbizsrv; C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe [2909584 2017-03-10] (Alibaba Group)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [321032 2017-10-15] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-10-15] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-10-15] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-10-15] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47008 2017-10-15] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-12] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147776 2017-10-15] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-10-15] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-10-15] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1029872 2017-10-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [587168 2017-10-15] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [201352 2017-10-15] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [363440 2017-10-15] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2016-04-18] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-15] (Samsung Electronics Co., Ltd.)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2017-06-29] (LogMeIn Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [252232 2017-10-24] (Malwarebytes)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2017-10-05] (SoftEther Corporation)
S3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2017-06-23] (The OpenVPN Project)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2017-10-05] (SoftEther Corporation)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-06-13] (The OpenVPN Project)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-06-15] (Anchorfree Inc.)
R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [52288 2016-11-11] (VMware, Inc.)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-12 22:28 - 2017-11-12 22:28 - 000021497 _____ C:\Users\End User\Downloads\FRST.txt
2017-11-12 22:27 - 2017-11-12 22:28 - 000000000 ____D C:\FRST
2017-11-12 22:26 - 2017-11-12 22:26 - 002392576 _____ (Farbar) C:\Users\End User\Downloads\FRST64.exe
2017-11-10 16:03 - 2017-11-10 16:03 - 000077909 _____ C:\Users\End User\Downloads\encoded.pdf
2017-11-09 00:35 - 2017-11-09 00:35 - 001581512 _____ ( ) C:\Users\End User\Downloads\gta_download.exe
2017-11-06 22:52 - 2017-11-06 22:52 - 000820792 _____ (Roblox Corporation) C:\Users\End User\Downloads\RobloxPlayerLauncher (2).exe
2017-11-06 22:12 - 2017-11-06 22:12 - 000002117 _____ C:\Users\End User\Downloads\jailbreak bank.txt
2017-11-05 23:28 - 2017-11-05 23:28 - 000001947 _____ C:\Users\End User\AppData\Local\recently-used.xbel
2017-11-04 06:36 - 2017-11-04 06:36 - 000126378 _____ C:\Users\End User\Downloads\Unconfirmed 491606.crdownload
2017-11-04 06:13 - 2017-11-04 06:13 - 000145376 _____ C:\Users\End User\Downloads\JJSploit (2).rar
2017-11-04 06:10 - 2017-11-04 06:10 - 000145376 _____ C:\Users\End User\Downloads\JJSploit (1).rar
2017-11-04 06:09 - 2017-11-04 06:09 - 000145376 _____ C:\Users\End User\Downloads\JJSploit.rar
2017-11-04 06:07 - 2017-11-04 06:07 - 000782336 _____ () C:\Users\End User\Downloads\Multiple ROBLOX.exe
2017-11-04 05:47 - 2017-11-04 05:48 - 000717824 _____ () C:\Users\End User\Downloads\Gravity-Switch.exe
2017-10-31 23:09 - 2017-10-31 23:09 - 177341504 _____ C:\Users\End User\Downloads\Gameshow.exe
2017-10-30 17:04 - 2017-10-30 17:04 - 000000000 ____D C:\Users\End User\AppData\Local\A.V.M
2017-10-30 17:03 - 2017-10-30 17:03 - 000001038 _____ C:\Users\End User\Desktop\Paltalk.lnk
2017-10-30 17:03 - 2017-10-30 17:03 - 000000000 ____D C:\Users\End User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk
2017-10-30 17:03 - 2017-10-30 17:03 - 000000000 ____D C:\Users\End User\AppData\Local\Paltalk
2017-10-30 16:57 - 2017-10-30 16:57 - 058935880 _____ (AVM Software Inc.) C:\Users\End User\Downloads\PaltalkSetup.exe
2017-10-30 13:12 - 2017-10-30 13:12 - 000060949 _____ C:\Users\End User\Downloads\Form.pdf
2017-10-30 09:48 - 2017-10-30 09:48 - 000000146 _____ C:\Users\End User\Desktop\Sound.lnk
2017-10-30 07:03 - 2017-10-30 07:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-10-30 07:01 - 2017-10-30 07:01 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2017-10-30 07:00 - 2017-10-30 07:04 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-10-30 07:00 - 2017-10-30 07:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-10-30 07:00 - 2017-10-30 07:00 - 000000000 ____D C:\Program Files\Application Verifier
2017-10-30 07:00 - 2017-10-30 07:00 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2017-10-30 07:00 - 2017-10-30 07:00 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2017-10-30 06:50 - 2017-10-30 06:50 - 000587776 _____ C:\Users\End User\Downloads\RoHackV3 (Part 2).dll
2017-10-30 06:50 - 2017-10-30 06:50 - 000272384 _____ C:\Users\End User\Downloads\RoHackV4.dll
2017-10-30 06:50 - 2017-10-30 06:50 - 000253952 _____ C:\Users\End User\Downloads\RoHackV2.dll
2017-10-30 06:49 - 2017-10-30 06:49 - 000064000 _____ C:\Users\End User\Downloads\RoHackV1.dll
2017-10-30 06:42 - 2017-10-30 06:42 - 002488843 _____ C:\Users\End User\Downloads\Unconfirmed 273819.crdownload
2017-10-30 06:42 - 2017-10-30 06:42 - 000000000 ____D C:\Users\End User\AppData\Local\NeonEcho_Slave_Company
2017-10-30 06:38 - 2017-10-30 06:38 - 004095488 _____ () C:\Users\End User\Downloads\Apocalypse Rising Infinite Ammo.exe
2017-10-30 06:34 - 2017-10-30 06:34 - 001574912 _____ (NeonEcho Slave Company) C:\Users\End User\Downloads\NeonEcho Injector.exe
2017-10-30 05:40 - 2017-10-30 05:40 - 000041191 _____ C:\Users\End User\Downloads\x86-binary_autodllinjector-1.0.0.1.zip
2017-10-30 05:30 - 2017-10-30 05:30 - 000139198 _____ C:\Users\End User\Downloads\AirCraze's RoHack RELOADED V2 (1).rar
2017-10-30 05:25 - 2017-10-30 05:25 - 000139198 _____ C:\Users\End User\Downloads\AirCraze's RoHack RELOADED V2.rar
2017-10-30 05:10 - 2017-10-30 05:10 - 000086117 _____ C:\Users\End User\Downloads\btools-1.1 (1).jar
2017-10-29 21:52 - 2017-11-01 20:58 - 000000000 ____D C:\Users\End User\Desktop\Game Screenshots
2017-10-28 06:05 - 2017-10-28 06:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-10-28 06:04 - 2017-10-28 06:04 - 000000000 ____D C:\ProgramData\Samsung
2017-10-28 06:04 - 2017-01-15 22:26 - 000131712 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys
2017-10-28 06:03 - 2017-10-28 06:05 - 000000000 ____D C:\Users\End User\AppData\Roaming\Samsung
2017-10-28 06:03 - 2017-10-28 06:04 - 000000000 ____D C:\Program Files (x86)\Samsung
2017-10-28 06:03 - 2016-12-09 08:04 - 000144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2017-10-28 06:02 - 2017-10-28 06:02 - 039799968 _____ (Samsung Electronics) C:\Users\End User\Downloads\Smart_Switch_PC_Setup.exe
2017-10-26 14:26 - 2017-10-26 14:29 - 003375420 _____ C:\Users\End User\Desktop\Rkill.txt
2017-10-26 14:26 - 2017-10-26 14:26 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\End User\Downloads\iExplore.exe
2017-10-24 20:42 - 2017-10-26 10:18 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-10-24 20:41 - 2017-10-26 13:48 - 000000000 ____D C:\Users\End User\Desktop\mbar
2017-10-24 20:41 - 2017-10-24 20:41 - 016563352 _____ (Malwarebytes Corp.) C:\Users\End User\Downloads\mbar-1.09.3.1001.exe
2017-10-24 20:33 - 2017-11-01 15:47 - 000043049 _____ C:\Users\End User\Downloads\MTB.txt
2017-10-24 20:32 - 2017-10-24 20:32 - 000892416 _____ (Farbar) C:\Users\End User\Downloads\MiniToolBox.exe
2017-10-24 20:31 - 2017-11-01 15:43 - 000002988 _____ C:\Users\End User\Downloads\FSS.txt
2017-10-24 20:30 - 2017-10-24 20:30 - 000899584 _____ (Farbar) C:\Users\End User\Downloads\FSS.exe
2017-10-24 20:24 - 2017-10-24 20:24 - 000852798 _____ C:\Users\End User\Downloads\SecurityCheck.exe
2017-10-24 05:30 - 2017-10-30 05:32 - 000000000 ____D C:\Users\End User\Downloads\AirCraze RoHack Tools (Version 3.0)
2017-10-22 22:09 - 2017-10-22 22:09 - 001828354 _____ C:\Users\End User\Downloads\scan.pdf
2017-10-22 01:11 - 2017-10-22 01:15 - 012738728 _____ C:\Users\End User\Downloads\Wurst-Client-v6.13-MC1.12.jar
2017-10-22 00:45 - 2017-10-22 00:45 - 004938722 _____ C:\Users\End User\Downloads\forge-1.12.2-14.23.0.2515-installer-win.exe
2017-10-22 00:45 - 2017-10-22 00:45 - 004938722 _____ C:\Users\End User\Downloads\forge-1.12.2-14.23.0.2515-installer-win (1).exe
2017-10-22 00:43 - 2017-10-22 00:45 - 000106332 _____ C:\Users\End User\Downloads\adminweapons-v3.4-mc1.12.jar
2017-10-22 00:31 - 2017-10-22 00:31 - 001674929 _____ (TeamExtreme) C:\Users\End User\Downloads\Minecraft.exe
2017-10-22 00:04 - 2017-11-10 05:09 - 000000000 ____D C:\Users\End User\AppData\Roaming\.minecraft
2017-10-20 19:09 - 2017-10-20 19:09 - 000000234 _____ C:\Users\End User\Desktop\Assassin's Creed Syndicate.url
2017-10-20 18:43 - 2017-10-24 10:48 - 000000000 ____D C:\Users\End User\AppData\Local\Ubisoft Game Launcher
2017-10-20 18:43 - 2017-10-20 18:43 - 000001234 _____ C:\Users\End User\Desktop\Uplay.lnk
2017-10-20 18:43 - 2017-10-20 18:43 - 000000000 ____D C:\Users\End User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-10-20 18:43 - 2017-10-20 18:43 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2017-10-19 00:13 - 2017-10-19 00:13 - 001110604 _____ (TeamExtreme) C:\Users\End User\Downloads\Minecraft Launcher.exe
2017-10-18 23:53 - 2017-10-18 23:53 - 004721276 _____ (TerraminingMC ) C:\Users\End User\Downloads\Terramining Launcher v9.2.exe
2017-10-18 21:27 - 2017-10-18 21:27 - 001130328 _____ (Google Inc.) C:\Users\End User\Downloads\ChromeSetup.exe
2017-10-18 20:30 - 2017-10-12 03:33 - 001013375 _____ C:\Users\End User\Downloads\_Minigames-Pack-1.12.0-SNAPSHOT - Copy.zip
2017-10-18 20:30 - 2017-08-15 15:50 - 000520846 _____ C:\Users\End User\Downloads\tcm2012-12-316a - Copy.pdf
2017-10-18 20:03 - 2017-11-02 01:27 - 000000000 ____D C:\Users\End User\AppData\Local\Monosnap
2017-10-18 20:03 - 2017-10-18 20:03 - 000001870 _____ C:\Users\End User\Desktop\Monosnap for Games.lnk
2017-10-18 20:03 - 2017-10-18 20:03 - 000001022 _____ C:\Users\End User\Desktop\Monosnap.lnk
2017-10-18 20:03 - 2017-10-18 20:03 - 000000000 ____D C:\Users\End User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Monosnap
2017-10-18 20:03 - 2017-10-18 20:03 - 000000000 ____D C:\ProgramData\Monosnap
2017-10-18 20:03 - 2017-10-18 20:03 - 000000000 ____D C:\Program Files (x86)\Monosnap
2017-10-18 20:01 - 2017-10-18 20:01 - 009658368 _____ C:\Users\End User\Downloads\Monosnap(2).msi
2017-10-18 20:00 - 2017-10-18 20:00 - 009658368 _____ C:\Users\End User\Downloads\Monosnap(1).msi
2017-10-18 19:16 - 2017-11-06 15:21 - 000002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-18 19:16 - 2017-11-06 15:21 - 000002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-10-18 19:16 - 2017-10-21 19:48 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-10-18 19:16 - 2017-10-21 19:48 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-10-18 15:17 - 2017-10-24 20:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-18 15:17 - 2017-10-24 11:38 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-18 15:17 - 2017-10-18 15:17 - 071535032 _____ (Malwarebytes ) C:\Users\End User\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-10-18 15:17 - 2017-10-18 15:17 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-18 15:17 - 2017-10-18 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-18 15:17 - 2017-10-18 15:17 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-18 15:17 - 2017-10-04 12:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-17 22:03 - 2017-10-17 22:03 - 009658368 _____ C:\Users\End User\Downloads\Monosnap.msi
2017-10-17 21:55 - 2017-10-17 21:55 - 000000000 ____D C:\Users\End User\AppData\Local\Suite
2017-10-17 21:55 - 2017-10-17 21:55 - 000000000 ____D C:\Users\End User\AppData\Local\screenrecorder
2017-10-17 21:55 - 2017-10-17 21:55 - 000000000 ____D C:\Users\End User\AppData\Local\Movavi
2017-10-17 21:54 - 2017-10-17 21:54 - 000000000 ____D C:\ProgramData\Movavi
2017-10-17 21:44 - 2017-10-17 21:44 - 000005043 _____ C:\ProgramData\nyuhbnxq.dbn
2017-10-17 21:44 - 2017-10-17 21:44 - 000000016 _____ C:\ProgramData\mntemp
2017-10-17 21:44 - 2017-10-17 21:44 - 000000000 ____D C:\ProgramData\Movavi Video Suite 17
2017-10-16 22:48 - 2017-10-16 22:48 - 000000000 ____D C:\Users\End User\AppData\Roaming\Google
2017-10-16 22:10 - 2017-10-16 22:10 - 000001684 __RSH C:\ProgramData\ntuser.pol
2017-10-16 20:45 - 2017-10-16 20:45 - 000472284 _____ C:\Users\End User\Downloads\Block-Armor-Mod-1.12.1.jar
2017-10-16 19:04 - 2017-10-16 19:23 - 000000059 _____ C:\Users\End User\AppData\Local\UserProducts.xml
2017-10-16 19:04 - 2017-10-16 19:23 - 000000000 ____D C:\Program Files (x86)\Skillbrains
2017-10-15 09:01 - 2017-10-15 09:01 - 000000000 ____D C:\Users\End User\Downloads\MCLeaksAuthenticator
2017-10-15 08:58 - 2017-10-15 08:58 - 002314240 _____ C:\Users\End User\Downloads\MinecraftInstaller.msi
2017-10-15 04:33 - 2017-10-15 04:33 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-10-14 19:25 - 2017-10-14 19:32 - 000002073 _____ C:\Users\End User\Downloads\server.log.1
2017-10-14 19:25 - 2017-10-14 19:25 - 000000650 _____ C:\Users\End User\Downloads\server.log.2
2017-10-14 19:19 - 2017-10-14 19:21 - 000000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2017-10-14 19:19 - 2017-10-14 19:21 - 000000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2017-10-14 19:18 - 2017-10-14 19:18 - 000000000 ____D C:\Users\End User\AppData\Local\LogMeIn
2017-10-14 19:18 - 2017-10-14 19:18 - 000000000 ____D C:\ProgramData\LogMeIn
2017-10-14 19:15 - 2017-10-14 19:15 - 008536064 _____ C:\Users\End User\Downloads\hamachi.msi
2017-10-14 19:09 - 2017-10-14 20:10 - 000000000 ____D C:\Users\End User\Downloads\world
2017-10-14 19:09 - 2017-10-14 20:04 - 000000604 _____ C:\Users\End User\Downloads\server.properties
2017-10-14 19:09 - 2017-10-14 19:59 - 000000111 _____ C:\Users\End User\Downloads\banned-players.txt
2017-10-14 19:09 - 2017-10-14 19:59 - 000000111 _____ C:\Users\End User\Downloads\banned-ips.txt
2017-10-14 19:09 - 2017-10-14 19:59 - 000000052 _____ C:\Users\End User\Downloads\ops.txt
2017-10-14 19:09 - 2017-10-14 19:39 - 000000051 _____ C:\Users\End User\Downloads\white-list.txt
2017-10-13 11:54 - 2017-10-13 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-10-13 11:53 - 2017-10-13 11:54 - 000000000 ____D C:\Users\End User\AppData\Roaming\Notepad++
2017-10-13 11:53 - 2017-10-13 11:54 - 000000000 ____D C:\Program Files (x86)\Notepad++
2017-10-13 11:53 - 2017-10-13 11:53 - 004121418 _____ C:\Users\End User\Downloads\npp.6.8.8.Installer (1).exe
2017-10-13 05:34 - 2017-10-13 05:34 - 000103309 _____ C:\Users\End User\Downloads\Rankup.jar
2017-10-13 05:12 - 2017-10-13 05:12 - 000108734 _____ C:\Users\End User\Downloads\SkinsRestorer-v13.1.4-BETA.jar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-12 22:24 - 2017-03-21 17:45 - 000000000 ____D C:\Users\End User\AppData\LocalLow\Mozilla
2017-11-12 22:09 - 2017-06-03 05:44 - 000000000 ____D C:\Users\End User\AppData\Local\Roblox
2017-11-12 20:35 - 2017-03-21 17:37 - 000000000 ____D C:\Users\End User\AppData\Local\ClassicShell
2017-11-12 19:40 - 2017-07-21 20:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-11 11:27 - 2017-03-18 13:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-11 11:27 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-09 20:32 - 2017-06-18 12:42 - 000000000 ____D C:\Users\End User\.gimp-2.8
2017-11-08 23:03 - 2017-09-12 00:25 - 000001444 _____ C:\Users\End User\Desktop\Roblox Studio.lnk
2017-11-08 23:03 - 2017-09-12 00:25 - 000000000 ____D C:\Users\End User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-11-08 14:38 - 2017-09-12 00:25 - 000001432 _____ C:\Users\End User\Desktop\Roblox Player.lnk
2017-11-05 23:28 - 2017-06-18 12:54 - 000000000 ____D C:\Users\End User\AppData\Local\gtk-2.0
2017-11-04 23:31 - 2017-07-31 16:34 - 000000000 ____D C:\!Urban
2017-11-04 19:36 - 2017-07-02 14:38 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-11-04 05:01 - 2017-08-05 15:58 - 000000000 ____D C:\Users\End User\AppData\Roaming\TaobaoProtect
2017-11-04 05:01 - 2017-08-05 15:58 - 000000000 ____D C:\Users\End User\AppData\Local\aef
2017-11-04 05:01 - 2017-08-05 15:57 - 000000000 ____D C:\Program Files (x86)\TradeManager
2017-11-03 21:55 - 2017-07-25 17:32 - 000003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3750219003-330135889-1696341922-1002
2017-11-03 21:55 - 2017-03-14 13:51 - 000002372 _____ C:\Users\End User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-03 21:55 - 2017-03-14 13:51 - 000000000 ___RD C:\Users\End User\OneDrive
2017-11-02 19:20 - 2017-04-06 20:33 - 000000000 ____D C:\Users\End User\AppData\Local\ElevatedDiagnostics
2017-11-02 01:31 - 2017-08-05 15:59 - 000000000 ____D C:\ProgramData\AliAntiVirusED
2017-10-31 07:21 - 2017-07-02 14:31 - 000000000 ____D C:\Program Files (x86)\Paltalk Messenger
2017-10-31 07:21 - 2017-05-23 20:30 - 000000000 ____D C:\Program Files (x86)\Paltalk
2017-10-30 17:01 - 2017-07-21 20:30 - 000000000 ____D C:\Users\End User
2017-10-30 10:04 - 2017-03-18 13:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-10-30 10:02 - 2017-03-21 18:12 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-10-30 07:00 - 2017-07-21 20:29 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-28 07:57 - 2017-07-21 14:20 - 000000000 ___DC C:\WINDOWS\Panther
2017-10-28 07:49 - 2017-07-21 20:47 - 000028578 _____ C:\WINDOWS\diagwrn.xml
2017-10-28 07:49 - 2017-07-21 20:47 - 000028578 _____ C:\WINDOWS\diagerr.xml
2017-10-28 07:31 - 2017-09-29 07:05 - 000000000 ___HD C:\$WINDOWS.~BT
2017-10-28 07:31 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\Registration
2017-10-28 06:04 - 2017-03-18 13:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-28 06:03 - 2017-07-19 20:11 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-10-26 10:25 - 2017-03-21 18:03 - 001029872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2017-10-26 10:23 - 2017-07-21 20:46 - 001883756 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-26 10:17 - 2017-07-21 20:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-26 10:16 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\TAPI
2017-10-25 20:04 - 2017-07-21 20:43 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-25 20:04 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 20:04 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-22 22:12 - 2017-03-14 13:49 - 000000000 ____D C:\Users\End User\AppData\Local\Packages
2017-10-22 21:21 - 2017-03-14 14:06 - 000000000 ____D C:\Users\End User\AppData\Local\Comms
2017-10-21 19:48 - 2017-07-22 15:25 - 000002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-10-21 19:48 - 2017-07-21 20:43 - 000003370 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1490148307
2017-10-21 19:48 - 2017-07-21 20:43 - 000003322 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EF290BF5-C8BF-4F08-BA45-9631143333DB}
2017-10-21 19:48 - 2017-07-21 20:43 - 000002768 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-10-21 19:48 - 2017-07-21 20:43 - 000002534 _____ C:\WINDOWS\System32\Tasks\HPLJCustParticipation
2017-10-21 19:48 - 2017-07-21 20:43 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-10-19 21:26 - 2017-07-21 20:43 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-10-19 20:54 - 2017-09-21 22:37 - 000000000 ____D C:\Users\End User\Desktop\New folder
2017-10-19 08:55 - 2017-03-18 12:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-18 19:16 - 2017-02-01 13:59 - 000000000 ____D C:\Program Files (x86)\Google
2017-10-18 18:56 - 2017-06-27 15:29 - 000000562 _____ C:\WINDOWS\SysWOW64\nativelog.txt
2017-10-18 16:08 - 2017-10-05 01:57 - 000000000 ____D C:\Riot Games
2017-10-18 15:32 - 2017-07-21 20:30 - 000000000 ____D C:\Users\defaultuser0
2017-10-18 15:08 - 2017-03-14 13:49 - 000000000 ____D C:\Users\End User\AppData\Local\VirtualStore
2017-10-17 23:11 - 2017-04-16 20:48 - 000000000 ____D C:\Users\End User\AppData\Local\Facebook
2017-10-17 21:41 - 2017-03-31 22:23 - 000000000 ____D C:\Users\End User\AppData\Roaming\vlc
2017-10-17 02:19 - 2017-10-12 02:39 - 000000000 ____D C:\Users\End User\AppData\Local\Adobe
2017-10-17 02:18 - 2017-07-16 16:21 - 000000000 ____D C:\Users\End User\AppData\Local\{53F665AA-775E-0912-1AC6-2CFA3EAED062}
2017-10-16 22:10 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-10-16 22:10 - 2016-07-16 03:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-10-15 04:34 - 2017-06-06 06:08 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-10-15 04:33 - 2017-03-21 18:03 - 001020536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.150904231284301
2017-10-15 04:33 - 2017-03-21 18:03 - 000587168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-10-15 04:33 - 2017-03-21 18:03 - 000363440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-10-15 04:33 - 2017-03-21 18:03 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-10-15 04:33 - 2017-03-21 18:03 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-10-15 04:33 - 2017-03-21 18:03 - 000201352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-10-15 04:33 - 2017-03-21 18:03 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-10-15 04:33 - 2017-03-21 18:03 - 000147776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-10-15 04:33 - 2017-03-21 18:03 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-10-15 04:33 - 2017-03-21 18:03 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-10-15 04:33 - 2017-03-21 18:03 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-10-15 04:33 - 2017-03-21 18:03 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-10-15 04:33 - 2017-03-21 18:01 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-13 17:20 - 2017-09-12 00:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-13 17:20 - 2017-03-21 17:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2017-07-15 06:43 - 2017-07-15 06:43 - 000001877 _____ () C:\Users\End User\AppData\Roaming\VPNMasterFreeVPN.pbk
2017-11-05 23:28 - 2017-11-05 23:28 - 000001947 _____ () C:\Users\End User\AppData\Local\recently-used.xbel
2017-10-30 17:17 - 2017-10-31 18:56 - 000002429 _____ () C:\Users\End User\AppData\Local\Temptoast_image.png
2017-10-16 19:04 - 2017-10-16 19:04 - 000000003 _____ () C:\Users\End User\AppData\Local\updater.log
2017-10-16 19:04 - 2017-10-16 19:23 - 000000059 _____ () C:\Users\End User\AppData\Local\UserProducts.xml
2017-10-17 21:44 - 2017-10-17 21:44 - 000000016 _____ () C:\ProgramData\mntemp
2017-10-17 21:44 - 2017-10-17 21:44 - 000005043 _____ () C:\ProgramData\nyuhbnxq.dbn

Some files in TEMP:
====================
2017-10-22 01:05 - 2017-10-22 01:05 - 000017408 ____N (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-1824039979282477099.dll
2017-10-16 20:42 - 2017-10-16 20:42 - 000017408 ____N (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-1841771878360055365.dll
2017-10-22 16:22 - 2017-10-22 16:22 - 000017408 ____N (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-1860264017614790008.dll
2017-10-16 20:55 - 2017-10-16 20:55 - 000017408 ____N (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-4684937291408308365.dll
2017-10-05 07:27 - 2017-10-05 07:27 - 000017408 ____N (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-6116305651743838919.dll
2017-10-09 18:00 - 2017-10-09 18:00 - 000017408 ____N (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-6158575806436120783.dll
2017-10-09 18:06 - 2017-10-09 18:06 - 000017408 _____ (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-6383363101561513427.dll
2017-10-05 07:32 - 2017-10-05 07:32 - 000017408 ____N (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-7055267989425488513.dll
2017-10-09 17:53 - 2017-10-09 17:53 - 000017408 ____N (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-7627470802349411030.dll
2017-10-05 07:09 - 2017-10-05 07:09 - 000017408 ____N (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-8988519932113076336.dll
2017-10-09 21:11 - 2017-10-09 21:11 - 000017408 _____ (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-9152667391966274605.dll
2017-10-13 11:54 - 2017-10-13 11:54 - 002885168 _____ () C:\Users\End User\AppData\Local\Temp\npp.7.5.1.Installer.exe
2017-08-30 02:26 - 2017-10-18 23:53 - 000106870 _____ () C:\Users\End User\AppData\Local\Temp\Uninstall.exe
2015-08-02 15:58 - 2015-08-02 15:58 - 000118784 _____ () C:\Users\End User\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-10 12:01

==================== End of FRST.txt ============================

 

Additional Log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by End User (12-11-2017 22:29:29)
Running from C:\Users\End User\Downloads
Windows 10 Pro Version 1703 15063.674 (X64) (2017-07-22 04:49:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3750219003-330135889-1696341922-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3750219003-330135889-1696341922-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3750219003-330135889-1696341922-1001 - Limited - Disabled) => C:\Users\defaultuser0
End User (S-1-5-21-3750219003-330135889-1696341922-1002 - Administrator - Enabled) => C:\Users\End User
Guest (S-1-5-21-3750219003-330135889-1696341922-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Alipay Cert Component 2.6.0.0 (HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\AlipayCert) (Version: 2.6.0.0 - Alipay.com Co., Ltd.)
AliSafeEngine 5.0.2 (HKLM-x32\...\AliSafeEngine) (Version: 5.0.2 - Alibaba, Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Application Verifier x64 External Package (HKLM\...\{0115F5D3-35C7-5EF3-0C93-87C92E678D76}) (Version: 10.1.14393.33 - Microsoft) Hidden
Assassin's Creed Syndicate (HKLM-x32\...\Uplay Install 1875) (Version: 1.51 - Ubisoft)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.3.3.1209 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandicam.com)
Blender (HKLM\...\{DEA73CCA-7EC9-41EA-8509-1041C1CABFD0}) (Version: 2.78.3 - Blender Foundation)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6499 - CDBurnerXP)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
FireAlpaca 1.7.5 (HKLM-x32\...\FireAlpaca_is1) (Version: 1.7.5 - firealpaca.com)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.89 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Color LaserJet Pro MFP M277 (HKLM-x32\...\{7ac49734-541c-48e7-99be-02f41e43e79d}) (Version: 14.0.15343.533 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPCLJProM277 (HKLM-x32\...\{9A337B35-06E3-4F9D-9B39-5AC9C2E7F82B}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPDXP (HKLM-x32\...\{D904ECC8-FBED-4618-8B6A-95F3F9352136}) (Version: 3.0.26.32 - HP) Hidden
HPLJUTCore (HKLM-x32\...\{AA9C0477-A064-4D76-A0C4-A3A5A11F1D4C}) (Version: 020.000.0001 - HP) Hidden
HPLJUTM277 (HKLM-x32\...\{1FE53D6E-05EA-4D03-BB77-740C9AF03574}) (Version: 014.000.0001 - HP) Hidden
hppLaserJetService (HKLM-x32\...\{0C4C3664-157A-4D69-B474-31EBF2EE1AE3}) (Version: 009.033.00926 - Hewlett-Packard) Hidden
hppM277LaserJetService (HKLM-x32\...\{3F43C468-BC22-4F88-8382-FF349E724317}) (Version: 001.034.00686 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{EACC40D7-58F4-4A7A-9786-953DC9A1850B}) (Version: 170.040.00259 - HP Development Company, L.P.) Hidden
hpStatusAlertsM277 (HKLM-x32\...\{651F24A4-7240-4598-BDA3-3F6F86005670}) (Version: 140.046.00129 - Hewlett-Packard) Hidden
Intel® Hardware Accelerated Execution Manager (HKLM\...\{557D160E-2085-4D38-BDA3-1D5D3F74A3A4}) (Version: 6.0.4 - Intel Corporation)
Intellisense Lang Pack Mobile Extension SDK 10.0.14393.0 (HKLM-x32\...\{26D23C60-AC47-46E5-8EDF-D19F41CAB666}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{76825BA0-C536-C284-BAA1-9DB7A2D30D54}) (Version: 10.1.14393.33 - Microsoft) Hidden
LJDXPHelperUI (HKLM-x32\...\{DEB23FB1-04FF-44AC-98B5-EEB243D65A28}) (Version: 140.069.007 - HP) Hidden
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 4.6.2 SDK (HKLM-x32\...\{39BEF607-44E6-472B-90C1-BD62AA2B7A3F}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 Targeting Pack (HKLM-x32\...\{C07B4BC7-A37D-46A8-B2A3-620CC569D149}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8528.2147 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version:  - )
Monosnap (HKLM-x32\...\{2CE96D70-718B-495D-9C58-C48CD89F7797}) (Version: 3.0.6.40 - Monosnap)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Firefox 56.0 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0 (x64 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
MSI Development Tools (HKLM-x32\...\{D4A10A5F-9300-3FF6-0906-71EBBDD68FDB}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8528.2147 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8528.2147 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8528.2147 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Paint Shop Pro 7 (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.2.0000 - Jasc Software Inc)
Paltalk (HKLM-x32\...\Paltalk) (Version:  - )
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Roblox Player for End User (HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Roblox Studio for End User (HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - Roblox Corporation)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
SDK Debuggers (HKLM-x32\...\{F894B529-9F16-1890-3474-0AA0AEAC6D67}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.82216 - TeamViewer)
TradeManager 2016 (HKLM-x32\...\TradeManager) (Version:  - Alibaba (China) Network Technology Co., Ltd.)
Unity Web Player (HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\UnityWebPlayer) (Version: 5.3.8f1 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{F6483AD1-9703-F95E-B07B-6BB7A3DA7B71}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{96FB0EE4-8F7E-595E-B5CF-BFCC6BF26014}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{302A9B8D-5111-6C51-BB99-FF394C4A4255}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{2D359C7E-59C8-79A9-5157-FE9E189F5E8A}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{71436CD5-3E63-CEE9-FC00-5124A5C9A931}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{87F42CC0-5403-3698-87D9-3C2A04E476E1}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 9.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Player (HKLM\...\{6D211A09-EB2A-4B83-ACCB-13B1BC12AF4E}) (Version: 12.5.2 - VMware, Inc.)
WinAppDeploy (HKLM-x32\...\{1182888E-EDC9-05C5-33BD-B61DA5B1F916}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{45D392D2-5956-4646-9CA6-83CBF67507B6}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.33 (HKLM-x32\...\{f23f94c5-8bba-4202-85ad-c83d4402cdc1}) (Version: 10.1.14393.33 - Microsoft Corporation)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{01F53182-F1C8-8A72-5C86-B6612BDD4815}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{2AC000E5-E5E6-75B7-7FC2-9ECA8C57CA98}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{6DF5B5E1-A8A0-B617-AADB-31C3709A3C41}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{1AAB8359-4433-FF39-D420-0AD429993AD7}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{CB7AC790-0E8B-D6C9-CE1E-655793E7D541}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{87775501-5259-6A7C-51A6-71C832DB7ABA}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{CFD0294B-945D-62E4-7959-9B22A160496F}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{F75FD5E5-1F33-AE2B-715A-F829F8A8F51D}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WPT Redistributables (HKLM-x32\...\{6704BD92-2F42-FE2F-AF4E-5C9D6666C75E}) (Version: 10.1.14393.33 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{3F61608E-AB68-04B1-82FF-95799F5D01CA}) (Version: 10.1.14393.33 - Microsoft) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3750219003-330135889-1696341922-1002_Classes\CLSID\{08D512D2-7D97-4E22-B7DB-82791106C086}\InprocServer32 -> C:\Users\End User\AppData\Roaming\alipay\cf\alicdo_x64.dll (Alipay)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-15] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-15] (AVAST Software)
ContextMenuHandlers1-x32: [OpenFolder] -> {0DE1378D-F811-40E6-B60A-1CC56F57D3E9} => C:\Program Files (x86)\TradeManager\AliIMExt.dll [2017-03-19] (Alibaba (China) Co., Ltd.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2016-11-11] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2016-11-11] (VMware, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-15] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-15] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {278D6157-A2C5-4AEB-9EBE-B918E05AEE2E} - System32\Tasks\SafeZone scheduled Autoupdate 1490148307 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {40324733-9A22-4517-9636-CBCD682F0C48} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {6050961C-3B5C-44D5-95A0-05665180A6C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {6C6044FD-2DC9-4AB7-86BE-7C8E2602DCE4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-18] (Google Inc.)
Task: {6FEC5449-64E8-4A23-A7F7-822F2FBD3D83} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {83C11B1E-7889-4D30-B023-1B14BDBAC767} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {873638CA-E6E9-4D63-9B06-A1FF88D12E99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-18] (Google Inc.)
Task: {8F9B1332-1C78-4579-BFCF-BC212507E5B6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-10-29] (Microsoft Corporation)
Task: {B6B33DDE-B1E4-4746-A555-27D6E2DFD752} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-23] (Microsoft Corporation)
Task: {B6C4C5CD-BAF8-4534-9682-AF05D5EC97EE} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2015-12-05] (HP Development Company, L.P.)
Task: {C8997D64-E863-4676-B0D1-F78997E042B2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-10-29] (Microsoft Corporation)
Task: {C9C1995D-EDD8-4882-8B35-2696BAFB600E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-23] (Microsoft Corporation)
Task: {DC752881-6525-4249-AD07-22B68613A2B5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {E5548106-4BC3-48C0-AC02-7B66E68E2CBA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-15] (AVAST Software)
Task: {FF1C8AAF-A95D-46ED-8C63-1BFFF09A5276} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-10-29] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\End User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat ()

==================== Loaded Modules (Whitelisted) ==============

2017-03-18 12:58 - 2017-03-18 12:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2009-03-07 12:02 - 2009-03-07 12:02 - 000102912 _____ () \\?\C:\Program Files (x86)\Monosnap\mgames2\easyhook64.dll
2013-07-04 15:21 - 2013-07-04 15:21 - 000118272 _____ () C:\Program Files (x86)\Monosnap\mgames2\saver11_64.dll
2017-11-09 16:48 - 2017-11-09 16:49 - 000022016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-11-09 16:48 - 2017-11-09 16:49 - 055109120 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-03 15:53 - 2017-10-03 15:54 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-11-09 16:48 - 2017-11-09 16:49 - 000164864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-10-03 15:53 - 2017-10-03 15:54 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-11-09 16:48 - 2017-11-09 16:49 - 003740160 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-11-09 16:48 - 2017-11-09 16:49 - 002051584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2017-11-09 16:48 - 2017-11-09 16:49 - 020759040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-11-09 16:48 - 2017-11-09 16:49 - 003607040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-11-09 16:48 - 2017-11-09 16:49 - 003150848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-08-28 16:12 - 2017-08-28 16:12 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-09 16:48 - 2017-11-09 16:49 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-11-09 16:48 - 2017-11-09 16:49 - 002493440 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.People.AutoSuggest.dll
2017-11-09 16:48 - 2017-11-09 16:49 - 000919040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.People.PeoplePicker.dll
2017-11-09 16:48 - 2017-11-09 16:49 - 001363968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-11-09 16:48 - 2017-11-09 16:49 - 000084480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngineVideoDataProvider.UWP.dll
2014-11-14 21:17 - 2014-11-14 21:17 - 001428992 _____ () C:\Program Files (x86)\Monosnap\Monosnap.exe
2017-10-18 15:28 - 2017-10-18 15:28 - 025741312 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-10-18 15:28 - 2017-10-18 15:28 - 009257984 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 06:43 - 2017-09-26 06:43 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-18 15:28 - 2017-10-18 15:28 - 011255296 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\EntPlat.dll
2017-10-15 04:33 - 2017-10-15 04:33 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-11-06 15:21 - 2017-11-05 01:12 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libglesv2.dll
2017-11-06 15:21 - 2017-11-05 01:12 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libegl.dll
2017-11-11 11:26 - 2017-11-11 11:27 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-11 11:26 - 2017-11-11 11:27 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-11 11:26 - 2017-11-11 11:27 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-06 21:55 - 2017-11-06 21:55 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
2017-03-21 18:15 - 2017-10-20 11:51 - 008929464 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-18 12:59 - 2017-03-18 18:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-15 04:33 - 2017-10-15 04:33 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-15 04:33 - 2017-10-15 04:33 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-07-11 15:14 - 2017-07-11 15:14 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-10-15 04:33 - 2017-10-15 04:33 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-15 04:33 - 2017-10-15 04:33 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-15 04:33 - 2017-10-15 04:33 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-10-25 04:34 - 2017-10-25 04:34 - 000703336 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-03-21 18:16 - 2017-10-17 02:17 - 001444560 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\ClientTelemetry.dll
2017-03-21 18:13 - 2017-10-20 11:50 - 000279224 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\IEAWSDC.DLL
2017-03-21 18:14 - 2017-10-20 11:51 - 008928952 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\1033\GrooveIntlResource.dll
2015-02-27 12:13 - 2015-02-27 12:13 - 006916096 _____ () C:\Program Files (x86)\Monosnap\Monosnap.Native.7.dll
2013-01-01 00:00 - 2013-01-01 00:00 - 003536896 _____ () C:\Users\End User\AppData\Local\Roblox\Versions\version-a184d7ab177f46d9\qtnribbon4.dll
2013-01-01 00:00 - 2013-01-01 00:00 - 000890368 _____ () C:\Users\End User\AppData\Local\Roblox\Versions\version-a184d7ab177f46d9\sgCore.dll
2013-01-01 00:00 - 2013-01-01 00:00 - 001237504 _____ () C:\Users\End User\AppData\Local\Roblox\Versions\version-a184d7ab177f46d9\libGLESv2.dll
2013-01-01 00:00 - 2013-01-01 00:00 - 000012800 _____ () C:\Users\End User\AppData\Local\Roblox\Versions\version-a184d7ab177f46d9\libEGL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\taobao.com -> hxxp://taobao.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 03:47 - 2017-10-15 09:03 - 000000002 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3750219003-330135889-1696341922-1002\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Malwarebytes TrayApp"
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\StartupApproved\StartupFolder: => "OrbitumUpdate.lnk"
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\StartupApproved\Run: => "Orbitum Update"
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\StartupApproved\Run: => "Paltalk"
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\StartupApproved\Run: => "VPN Unlimited"
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{902A9B73-417D-4D9F-A6BC-93AF1CB98239}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{44D97AC5-B51D-4FDE-AA0C-78D521B81F31}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{7CB3FB7C-27DE-4E8F-93F4-D0D144D5BA9E}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{97C6833A-C1CB-4C33-9DE7-ED2CBACF42AD}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{B346AFFE-2146-46C0-9092-60E1F4902102}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{4C38802E-C0F4-47D6-9F10-50184C106328}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{1F63DE8C-9D9E-4945-A54C-33126540B522}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{C322FCB7-1B8D-4E5B-BA82-ABC45C1A4E8A}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{C15CF72C-026A-47CE-B723-9BF70DDA0463}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{06E76F56-8C31-49D6-AFFD-0B3A9E98F089}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{AEDD792C-5C66-4FEB-9FA5-B054701E0930}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{5E7A57C3-C53C-41C7-8D43-5D5F0D30544B}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{215098C5-DF60-4A32-86C8-E9998882A5C9}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{9A74EA1E-CC90-475A-B92C-C90C32E488F2}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{ABAA83EF-9662-46FC-8B10-0C7F904C625D}] => (Allow) C:\Users\End User\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{751444BA-D95B-4A71-A0BD-E7073D18096B}] => (Allow) C:\Users\End User\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [UDP Query User{4C4348CA-722E-4FB8-A322-DA78FCC86419}C:\minecraft!\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\minecraft!\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{4CDF1827-0BFC-44F1-9537-9F555AB9BE5D}C:\minecraft!\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\minecraft!\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E5AFF5C8-2875-4E8D-BB17-040C464ADB4D}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{26477CB2-C655-4E12-873E-2DBB9C9BAA56}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{0DEDA733-CB4B-4A40-AD53-602B267747CD}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{A4A73CCC-DD7F-4A68-99AA-F620EE7CAB2B}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{4E7544A7-F09A-4D32-8359-BCC61B241A5C}] => (Allow) C:\Users\End User\Desktop\Yossi's folder\Yossi's game folder\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7E724920-788E-4A63-A150-999E22492D32}] => (Allow) C:\Users\End User\Desktop\Yossi's folder\Yossi's game folder\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2442B13B-42F4-4070-BD72-CDEC3E72B0A0}] => (Allow) C:\Users\End User\Desktop\Yossi's folder\Yossi's game folder\Steam.exe
FirewallRules: [{F2976043-F834-4EF3-90EB-44D14993D874}] => (Allow) C:\Users\End User\Desktop\Yossi's folder\Yossi's game folder\Steam.exe
FirewallRules: [UDP Query User{9C8AE5BA-C2A3-4997-9786-F3A8E5692E13}C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe
FirewallRules: [TCP Query User{FE5CAD8A-4000-4E2D-B81C-D1F9CEA9675C}C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe
FirewallRules: [UDP Query User{BBB6FA7E-C34C-4601-B0A2-7A71DE3CBEE1}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{3E6C8F6D-7F6F-4878-86CF-0C06EB3DF436}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{63261836-85E2-4283-BD4B-FE6A872A149B}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{D81B5D71-C036-4CB2-9A64-7C67491E1E90}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{02C73162-6424-4F34-AEF7-394DD0D4EACF}C:\users\end user\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe] => (Allow) C:\users\end user\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe
FirewallRules: [TCP Query User{A4F5026E-E7A2-421E-82B7-6ABCEB2EE5D9}C:\users\end user\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe] => (Allow) C:\users\end user\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe
FirewallRules: [UDP Query User{069C7524-8659-404F-9F35-B77A650E52C7}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{69A28995-4513-40F2-8AC7-53762EE25DAB}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{22B4A976-A0D4-4DA4-9BF4-59B8F34E11C5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6B17712C-5BDD-477D-9B8C-9CED70B7B1B7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{D9CF370D-24F2-423F-A6C6-FD31E8A1495B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{12E03021-20F7-4C8C-8A84-E11929575A45}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{47B9D4A3-FBD9-48F0-BCEA-771E3C77572C}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M277\bin\EWSProxy.exe
FirewallRules: [{53A2B3C8-266D-4F30-B833-DE9F2865CE28}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M277\bin\FaxApplications.exe
FirewallRules: [{2936A553-BF7B-473B-8DDB-E211EE1FEAA4}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M277\bin\DigitalWizards.exe
FirewallRules: [{C369613A-89CB-4DF1-9A73-583802BFBCFB}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M277\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D8B7B211-FFEA-4D77-BA7C-5A43D6B8E5A3}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M277\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{BEEC7106-BBC7-4AEC-A68F-329723D47A32}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M277\bin\FaxPrinterUtility.exe
FirewallRules: [{BB94DFB5-A1C6-4E87-AC28-55150E82A7B2}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M277\bin\SendAFax.exe
FirewallRules: [{4D338AC0-677B-4D48-8B9B-07833831A382}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{05C2CC11-B607-43F7-BC3C-5C0FF647345C}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{D7784FD2-2673-4488-B132-3D4C1F9B02C3}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{C44F2427-0E8B-4F0E-A79D-1E69023556AF}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{2B87D804-F25E-40E1-B261-FC14803F19C4}] => (Allow) C:\Program Files (x86)\TradeManager\AliIM.exe
FirewallRules: [{C90445FA-5328-4DF2-815F-54419A2AC3CB}] => (Allow) C:\Program Files (x86)\TradeManager\AliIM.exe
FirewallRules: [TCP Query User{3B44CDEC-F602-455B-9A58-050885584027}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Block) C:\programdata\wargaming.net\gamecenter\wgc.exe
FirewallRules: [UDP Query User{161C05CA-6E3D-4BC7-9017-79A72722654C}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Block) C:\programdata\wargaming.net\gamecenter\wgc.exe
FirewallRules: [{4C10D179-B5E4-49D4-BA17-D86ED6FCB246}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{7C3CBE79-9C7A-4C88-9107-51AABE7BBAB0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{5B2FA87A-739B-4546-9413-6E11360E49C7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6C0CFCD8-6DB1-4BE3-A555-5E6B1DA56DE0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{352D9215-D905-463A-86C4-A89B13E827D6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{01E38848-DD85-4FF1-A4A0-3F65D87EDD33}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{6EA0B09E-EAE5-4192-AA11-5F647B8B90E5}C:\users\end user\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\end user\appdata\local\warthunder\launcher.exe
FirewallRules: [UDP Query User{E9EEEC6B-F166-4012-A6ED-A7950951366A}C:\users\end user\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\end user\appdata\local\warthunder\launcher.exe
FirewallRules: [{23BE94CC-0F6C-4901-9C7E-C4902B0C3E24}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{4DDBB15D-E2A0-4797-9DB8-CD1343F07BBB}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{68599044-C434-4497-AB74-3551F5C30069}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [{551721E7-F13D-4C12-BFE4-D4F00A18DB70}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [TCP Query User{A7B3EAE8-592E-4DDB-817D-0CFCCEA3141F}C:\games\counter strike global offensive warzone\csgo.exe] => (Allow) C:\games\counter strike global offensive warzone\csgo.exe
FirewallRules: [UDP Query User{8EA3342A-4902-4C48-9D11-2F8FD3B61946}C:\games\counter strike global offensive warzone\csgo.exe] => (Allow) C:\games\counter strike global offensive warzone\csgo.exe
FirewallRules: [{6F398613-9D66-479A-BC53-6E0BC0655385}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{979E5704-4F9F-4AEC-BF6E-3CD5DF95CC79}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{97F70AE4-ED77-4429-A51A-EA61069639A0}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [TCP Query User{A3241165-FCEC-408B-9D3D-CAE8114E62F0}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [UDP Query User{768D0083-01FB-4395-8108-FC1758E57EA9}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [{4947B4A8-8C41-4C0C-9326-51504CE33AA5}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{44B7B547-2A44-4CDD-911D-0C5D11338781}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{84428EE6-5EE9-4C4E-9F5D-4A2C0DBDB9AE}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{5D2B8927-62F2-4EDC-80B5-0B88D4955E10}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{CEC3F83B-B27A-4651-A230-1E5CFB8632D5}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{F4BAB773-9262-4FD2-B107-4833C2A3A666}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{7E66B131-5B20-414D-8891-812950C04D9D}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed Syndicate\ACS.exe
FirewallRules: [{00888D0D-A4B2-412D-A954-F94C0D751143}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-11-2017 08:58:16 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2017 10:12:40 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (11/12/2017 10:12:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.15063.674 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: d34

Start Time: 01d35455b1888873

Termination Time: 54

Application Path: C:\Windows\explorer.exe

Report Id: dbae9a96-5271-47ca-a416-05e18657025f

Faulting package full name:

Faulting package-relative application ID:

Error: (11/12/2017 04:40:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\filetypeverifier.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2017 04:40:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\oleview.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2017 04:40:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm\signtool.exe.Manifest".
Dependent Assembly Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2017 04:40:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\signtool.exe.Manifest".
Dependent Assembly Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2017 04:38:59 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2017 04:38:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (11/12/2017 02:48:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 62.0.3202.89 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1f68

Start Time: 01d35b66e7880367

Termination Time: 105

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: d6b878c7-cc48-4f0a-ba73-6a9cd98a735c

Faulting package full name:

Faulting package-relative application ID:

Error: (11/11/2017 07:28:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 10.0.15063.608, time stamp: 0x326d78f0
Faulting module name: hpzjcd01.dll_unloaded, version: 6.1.7.0, time stamp: 0x47a39310
Exception code: 0xc0000094
Fault offset: 0x000000000001ea86
Faulting process id: 0x1cb0
Faulting application start time: 0x01d356ca2a387ab3
Faulting application path: C:\WINDOWS\System32\spoolsv.exe
Faulting module path: hpzjcd01.dll
Report Id: 2c3b9de3-0ac2-4694-841d-0d6d46956245
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (11/12/2017 06:37:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/12/2017 11:41:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/11/2017 07:34:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 12 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.

Error: (11/11/2017 07:34:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/11/2017 07:31:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/11/2017 07:29:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/11/2017 11:10:20 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (11/11/2017 11:09:50 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (11/11/2017 11:09:20 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (11/11/2017 11:08:50 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2017-11-08 22:16:29.007
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-11-08 20:59:26.282
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-08 20:59:26.281
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-08 20:59:26.189
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-08 20:59:26.188
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-08 20:59:25.957
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-08 20:59:25.955
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-08 20:16:36.369
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-08 20:16:36.367
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-08 20:16:36.365
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Xeon® CPU W3520 @ 2.67GHz
Percentage of memory in use: 69%
Total physical RAM: 6127.22 MB
Available physical RAM: 1865.66 MB
Total Virtual: 17796.8 MB
Available Virtual: 11522.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:307.84 GB) (Free:132.57 GB) NTFS
Drive i: (ACS Disc 2) (CDROM) (Total:7.94 GB) (Free:0 GB) UDF
Drive j: (Data) (Fixed) (Total:1554.69 GB) (Free:1231.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 90909090)
Partition 1: (Active) - (Size=494 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=307.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1554.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:10:59 PM

Posted 13 November 2017 - 02:34 AM

Hi MarshmallowMillicent,

Thank you for the logs. I am analyzing them now and will reply shortly with next steps. As I am in training, my replies must first be reviewed, so there will be a short delay in my responses.

As an aside, please use this topic from now on for any questions instead of your old thread.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#3 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:10:59 PM

Posted 15 November 2017 - 09:34 PM

Hi MarshmallowMillicent,

Thank you again for the logs and sorry for the delay. In order to make removing any malware faster, please remove any "cracks" or pirated software from your computer before following the below instructions. Once removed, please follow the below instructions.

Do note that the likely reason you have ended up infected is because of attempts to download (fake) cracks/generators for games, so removing these things will make removal much easier. Additionally, please avoid the use of any game hacks or modifications while we go through the removal steps.

:step1: a6csRll.pngMalwarebytes Anti-Rootkit Beta
  • Go to your Desktop and open the mbar folder. Open the mbar.exe file inside of it to re-launch Malwarebytes Anti-Rootkit Beta.
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while)
  • Once the scan is done, make sure that every item is checked, and click on the Cleanup button (a reboot might be required)
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt
  • Copy/paste the content of that log in your next reply
:step2: iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply, and keep FRST open for the next step!
:step3: iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below immediately after the previous step, and provide the logs in your next reply.
  • Click on the Scan button inside FRST
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply
:step4: CKScanner
  • Please download CKScanner and run it.
  • Click on Search For Files and let it run.
  • Once the scan completes, click on Save List to File.
  • A file named ckfiles.txt will have then been written to your Desktop. Please copy its contents into your next reply.

Attached Files


Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#4 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:10:59 PM

Posted 18 November 2017 - 07:07 AM

Hi MarshmallowMillicent,

I have not yet received a reply from you. Let me know if you need help following the instructions or if something has come up. This thread will be locked if five days pass without a reply.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#5 MarshmallowMillicent

MarshmallowMillicent
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 PM

Posted 19 November 2017 - 02:31 AM

I've attempted to remove them but they always reinstall



#6 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:10:59 PM

Posted 20 November 2017 - 04:15 PM

Hi MarshmallowMillicent,

Ok, please follow the steps provided without removing anything. Also, what exactly keeps reinstalling?

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#7 MarshmallowMillicent

MarshmallowMillicent
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 PM

Posted 20 November 2017 - 04:49 PM

Forge.exe and gravityswitch.exe are what I can confirm. I am sure there are others.



#8 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:10:59 PM

Posted 22 November 2017 - 09:48 PM

Hi MarshmallowMillicent,

Ok, we will remove those later. Please follow the instructions I previously gave you.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#9 MarshmallowMillicent

MarshmallowMillicent
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 PM

Posted 23 November 2017 - 05:20 AM

MBAR Logs:

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.11.23.04
  rootkit: v2017.10.14.01

Windows 10 x64 NTFS
Internet Explorer 11.726.15063.0
End User :: DESKTOP-DK32AUA [administrator]

11/23/2017 1:39:02 AM
mbar-log-2017-11-23 (01-39-02).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 358671
Time elapsed: 23 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\End User\Downloads\WoT_internet_install_na.exe (Adware.InstallCore) -> Delete on reboot. [f7f959acdecc1e18d82b82c425db8a76]
C:\Users\End User\Downloads\Check Cashed V3 (1).exe (Adware.InstallCore) -> Delete on reboot. [be325da8a1093ef857ac77cf48b8bc44]
C:\Users\End User\Downloads\Check Cashed V3.exe (Adware.InstallCore) -> Delete on reboot. [a050a65f159590a6aa5998aee61aa759]
C:\Users\End User\Downloads\gta_download.exe (Adware.InstallCore) -> Delete on reboot. [05eb81848822bc7a748f370fd22e5aa6]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

Farbar Logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-11-2017
Ran by End User (administrator) on DESKTOP-DK32AUA (23-11-2017 01:35:28)
Running from C:\Users\End User\Downloads
Loaded Profiles: End User (Available Profiles: defaultuser0 & End User)
Platform: Windows 10 Pro Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(阿里巴巴(中国)有限公司) C:\Program Files (x86)\AliSafeEngine\5.0.2\AliSafeEngine.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Alibaba (China) Co., LTD. All rights reserved.) C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe
(Alibaba Group) C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(阿里巴巴(中国)有限公司) C:\Users\End User\AppData\Roaming\TaobaoProtect\TaobaoProtect.exe
(阿里巴巴(中国)有限公司) C:\Program Files (x86)\AliSafeEngine\5.0.2\AliIMSafeUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\backgroundTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Alibaba (China) Co., Ltd.) C:\Program Files (x86)\TradeManager\AliIM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\TradeManager\AliApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\End User\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-21] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [329992 2015-06-17] (HP Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\Run: [aliim] => C:\Program Files (x86)\TradeManager\AliIM.exe [556472 2017-07-25] (Alibaba (China) Co., Ltd.)
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [21938608 2017-10-22] (AVM Software)
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{23665207-46fe-4776-8432-89de9c39ec12}: [DhcpNameServer] 10.208.0.1
Tcpip\..\Interfaces\{57eff3fd-30d2-4b9e-9e3d-900c15ab9dae}: [DhcpNameServer] 192.168.82.1
Tcpip\..\Interfaces\{85393695-9846-4e58-99b8-c276b92151de}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a877ee81-c160-4274-aa8e-724f3f20647b}: [DhcpNameServer] 172.18.11.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-16] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-10] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-20] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-10-03] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-03] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-10] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 7x8yzd2g.default-1510741561275
FF DefaultProfile: vslgaegu.default
FF ProfilePath: C:\Users\End User\AppData\Roaming\Mozilla\Firefox\Profiles\7x8yzd2g.default-1510741561275 [2017-11-23]
FF Extension: (Avast Online Security) - C:\Users\End User\AppData\Roaming\Mozilla\Firefox\Profiles\7x8yzd2g.default-1510741561275\Extensions\wrc@avast.com.xpi [2017-11-21]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\End User\AppData\Roaming\Mozilla\Firefox\Profiles\7x8yzd2g.default-1510741561275\features\{6cdd23a2-dcaa-45bf-ab19-1ba2982aae88}\disable-media-wmf-nv12@mozilla.org.xpi [2017-11-21] [Lagacy]
FF ProfilePath: C:\Users\End User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\vslgaegu.default [2017-10-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 -> C:\Program Files (x86)\TradeManager\nptrademanager.dll [2017-07-25] ( )
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\TradeManager\npwangwang.dll [2017-07-25] ( )
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-10-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-10-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3750219003-330135889-1696341922-1002: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll [2014-10-07] (Alibaba software (Shanghai) Corporation.)
FF Plugin HKU\S-1-5-21-3750219003-330135889-1696341922-1002: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File]
FF Plugin HKU\S-1-5-21-3750219003-330135889-1696341922-1002: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File]
FF Plugin HKU\S-1-5-21-3750219003-330135889-1696341922-1002: @alipay.com/npalicert -> C:\Users\End User\AppData\Roaming\alipay\cf\npalicdo.dll [2014-10-20] (alipay.com)
FF Plugin HKU\S-1-5-21-3750219003-330135889-1696341922-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\End User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-03-08] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://bcaokpbibfhmkadghnbiaebmppcofamm/product.html"
CHR Profile: C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default [2017-11-23]
CHR Extension: (Slides) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (VideoDownloadConverter) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcaokpbibfhmkadghnbiaebmppcofamm [2017-11-15]
CHR Extension: (Mobile Phone Gamers Ad) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkofpcennnhneapiikojlfeklbhahnln [2017-11-09]
CHR Extension: (YouTube) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-12]
CHR Extension: (Sheets) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (DownloadManagerNow) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhifapajpoibpajokkokaajalaincjli [2017-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-21]
CHR Extension: (Avast Online Security) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-09]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2017-09-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
CHR Extension: (Gmail) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-21]
CHR Extension: (Chrome Media Router) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-15]
CHR Profile: C:\Users\End User\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-10-16]
CHR Profile: C:\Users\End User\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-16]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - <no Path/update_url>
CHR HKU\S-1-5-21-3750219003-330135889-1696341922-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AliSafeEngine Service; C:\Program Files (x86)\AliSafeEngine\5.0.2\AliSafeEngine.exe [594080 2016-05-10] (阿里巴巴(中国)有限公司)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-21] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-21] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-11-02] (Microsoft Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-07-28] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (DEVGURU Co., LTD.)
R2 TBSecSvc; C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe [227296 2017-08-09] (Alibaba (China) Co., LTD. All rights reserved.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2016-07-27] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-17] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-21] (Microsoft Corporation)
R2 wwbizsrv; C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe [2909584 2017-03-10] (Alibaba Group)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-11-21] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-11-21] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-11-21] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-11-21] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-11-21] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-11-21] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-12] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-11-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-11-21] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-11-21] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-11-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-11-21] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-11-21] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-11-21] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2016-04-18] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-15] (Samsung Electronics Co., Ltd.)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2017-06-29] (LogMeIn Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-23] (Malwarebytes)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2017-10-05] (SoftEther Corporation)
S3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2017-06-23] (The OpenVPN Project)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2017-10-05] (SoftEther Corporation)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-06-13] (The OpenVPN Project)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-06-15] (Anchorfree Inc.)
R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [52288 2016-11-11] (VMware, Inc.)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-23 01:35 - 2017-11-23 01:35 - 000468480 _____ () C:\Users\End User\Downloads\CKScanner.exe
2017-11-23 01:33 - 2017-11-23 01:33 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-23 01:30 - 2017-11-23 01:30 - 000001604 _____ C:\Users\End User\Downloads\Fixlog.txt
2017-11-23 01:30 - 2017-11-23 01:26 - 000000495 ____R C:\Users\End User\Downloads\fixlist.txt
2017-11-23 01:28 - 2017-11-23 01:28 - 002391552 _____ (Farbar) C:\Users\End User\Downloads\FRST64(1).exe
2017-11-23 01:26 - 2017-11-23 01:26 - 014178840 _____ (Malwarebytes Corp.) C:\Users\End User\Downloads\mbar-1.10.3.1001.exe
2017-11-21 06:46 - 2017-11-21 06:46 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-11-21 06:44 - 2017-11-21 06:42 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-11-21 06:43 - 2017-11-21 06:42 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-11-20 13:53 - 2017-11-20 13:54 - 001318399 _____ C:\Users\End User\Downloads\ets_anxiety_brochure.pdf
2017-11-20 11:23 - 2017-11-20 11:23 - 001122731 _____ C:\Users\End User\Downloads\Reibleeph-Binah.pdf
2017-11-19 02:27 - 2017-11-19 02:27 - 001518192 _____ ( ) C:\Users\End User\Downloads\windowsrepair.exe
2017-11-19 02:27 - 2017-11-19 02:27 - 000322184 _____ C:\Users\End User\Downloads\windowsrepair (1).exe
2017-11-16 19:35 - 2017-11-16 19:35 - 000000000 ____D C:\Yossi Sands
2017-11-16 08:27 - 2017-11-23 01:32 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-16 08:27 - 2017-11-16 08:27 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-16 08:27 - 2017-11-16 08:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-16 08:27 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-16 08:26 - 2017-11-16 08:26 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-11-15 20:01 - 2017-11-15 20:01 - 000000000 _____ C:\WINDOWS\system32\last.dump
2017-11-15 04:11 - 2017-11-01 20:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-15 04:11 - 2017-11-01 20:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-15 04:10 - 2017-11-01 21:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 04:10 - 2017-11-01 20:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-15 04:10 - 2017-11-01 20:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-15 04:10 - 2017-11-01 20:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-15 04:10 - 2017-11-01 20:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-15 04:10 - 2017-11-01 20:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-15 04:10 - 2017-11-01 20:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 04:10 - 2017-11-01 20:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-15 04:10 - 2017-11-01 20:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-15 04:10 - 2017-11-01 20:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 04:10 - 2017-11-01 20:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-15 04:10 - 2017-11-01 20:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-15 04:10 - 2017-11-01 20:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-15 04:10 - 2017-11-01 20:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 04:10 - 2017-11-01 20:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-15 04:10 - 2017-11-01 20:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-15 04:10 - 2017-11-01 20:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 04:10 - 2017-11-01 20:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-15 04:10 - 2017-10-24 23:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 04:10 - 2017-10-15 07:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-15 04:10 - 2017-10-15 06:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-15 04:10 - 2017-10-15 06:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-15 04:10 - 2017-10-15 06:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-15 04:10 - 2017-10-15 06:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-15 04:09 - 2017-11-01 21:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-15 04:09 - 2017-11-01 20:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-15 04:09 - 2017-11-01 20:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-15 04:09 - 2017-11-01 20:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-15 04:09 - 2017-11-01 20:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-15 04:09 - 2017-11-01 20:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-15 04:09 - 2017-11-01 20:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-15 04:09 - 2017-11-01 20:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-15 04:09 - 2017-11-01 20:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 04:09 - 2017-11-01 20:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-15 04:09 - 2017-11-01 20:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-15 04:09 - 2017-11-01 20:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-15 04:09 - 2017-11-01 20:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 04:09 - 2017-11-01 20:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-15 04:09 - 2017-11-01 20:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-15 04:09 - 2017-11-01 20:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-15 04:09 - 2017-11-01 20:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-15 04:09 - 2017-11-01 20:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-15 04:09 - 2017-11-01 20:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 04:09 - 2017-11-01 20:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-15 04:09 - 2017-11-01 20:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 04:09 - 2017-11-01 20:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-15 04:09 - 2017-11-01 20:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-15 04:09 - 2017-11-01 20:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 04:09 - 2017-11-01 20:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-15 04:09 - 2017-11-01 20:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-15 04:09 - 2017-11-01 20:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-15 04:09 - 2017-11-01 20:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 04:09 - 2017-11-01 20:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 04:09 - 2017-10-15 07:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-15 04:09 - 2017-10-15 07:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-15 04:09 - 2017-10-15 06:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-15 04:09 - 2017-10-15 06:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-15 04:09 - 2017-10-15 06:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-15 04:09 - 2017-10-15 06:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-15 04:09 - 2017-10-15 06:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-15 04:09 - 2017-10-15 06:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-15 04:09 - 2017-10-15 06:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-15 04:00 - 2017-11-01 21:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-15 04:00 - 2017-11-01 20:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-15 04:00 - 2017-11-01 20:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-15 04:00 - 2017-11-01 20:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-15 04:00 - 2017-11-01 20:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-15 04:00 - 2017-11-01 20:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 04:00 - 2017-11-01 20:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-15 03:59 - 2017-11-01 21:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 03:59 - 2017-11-01 21:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-15 03:59 - 2017-11-01 21:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-15 03:59 - 2017-11-01 20:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-15 03:59 - 2017-11-01 20:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-15 03:59 - 2017-11-01 20:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-15 03:59 - 2017-11-01 20:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-15 03:59 - 2017-11-01 20:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-15 03:59 - 2017-11-01 20:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-15 03:59 - 2017-11-01 20:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-15 03:59 - 2017-11-01 20:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-15 03:59 - 2017-11-01 20:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-15 03:59 - 2017-11-01 20:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-15 03:59 - 2017-11-01 20:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 03:59 - 2017-11-01 20:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 03:59 - 2017-11-01 20:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 03:59 - 2017-10-15 06:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-15 03:59 - 2017-10-15 06:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-15 03:59 - 2017-10-15 06:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-15 03:59 - 2017-10-15 06:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-15 03:58 - 2017-11-01 21:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 03:58 - 2017-11-01 21:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 03:58 - 2017-11-01 21:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-15 03:58 - 2017-11-01 20:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-15 03:58 - 2017-11-01 20:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-15 03:58 - 2017-11-01 20:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-15 03:58 - 2017-11-01 20:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-15 03:58 - 2017-11-01 20:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-15 03:58 - 2017-11-01 20:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-15 03:58 - 2017-11-01 20:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-15 03:58 - 2017-11-01 20:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-15 03:58 - 2017-11-01 20:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-15 03:58 - 2017-11-01 20:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 03:58 - 2017-11-01 20:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-15 03:58 - 2017-11-01 20:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-15 03:58 - 2017-11-01 20:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-15 03:58 - 2017-11-01 20:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-15 03:58 - 2017-11-01 20:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 03:58 - 2017-11-01 20:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 03:58 - 2017-11-01 20:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-15 03:58 - 2017-11-01 20:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-15 03:58 - 2017-11-01 20:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 03:58 - 2017-10-15 06:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-15 03:58 - 2017-10-15 06:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-15 03:58 - 2017-10-15 06:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-15 03:57 - 2017-11-01 21:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-15 03:57 - 2017-11-01 21:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 03:57 - 2017-11-01 20:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-15 03:57 - 2017-11-01 20:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-15 03:57 - 2017-11-01 20:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-15 03:57 - 2017-11-01 20:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-15 03:57 - 2017-11-01 20:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-15 03:57 - 2017-11-01 20:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-15 03:57 - 2017-11-01 20:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-15 03:57 - 2017-11-01 20:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-15 03:57 - 2017-10-15 06:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-15 03:57 - 2017-10-15 06:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-15 03:57 - 2017-10-15 06:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-15 03:56 - 2017-11-01 21:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-15 03:56 - 2017-11-01 21:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 03:56 - 2017-11-01 21:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-15 03:56 - 2017-11-01 21:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-15 03:56 - 2017-11-01 21:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 03:56 - 2017-11-01 21:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-15 03:56 - 2017-11-01 20:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-15 03:56 - 2017-11-01 20:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 03:56 - 2017-11-01 20:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-15 03:56 - 2017-11-01 20:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 03:56 - 2017-11-01 20:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-15 03:56 - 2017-11-01 20:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 03:56 - 2017-10-15 06:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-15 03:56 - 2017-10-15 06:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-15 03:56 - 2017-10-15 06:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-15 03:56 - 2017-10-15 06:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-15 03:56 - 2017-10-15 06:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-15 03:56 - 2017-10-15 06:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-15 03:55 - 2017-11-01 21:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-15 03:55 - 2017-11-01 21:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-15 03:55 - 2017-11-01 21:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-15 03:55 - 2017-11-01 21:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-15 03:55 - 2017-11-01 21:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-15 03:55 - 2017-11-01 21:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-15 03:55 - 2017-11-01 21:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-15 03:55 - 2017-11-01 20:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-15 03:55 - 2017-11-01 20:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-15 03:55 - 2017-11-01 20:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-15 03:55 - 2017-11-01 20:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-15 03:55 - 2017-11-01 20:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-15 03:55 - 2017-11-01 20:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-15 03:55 - 2017-11-01 20:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-15 03:55 - 2017-11-01 20:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-15 03:55 - 2017-11-01 20:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-15 03:55 - 2017-11-01 20:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-15 03:55 - 2017-11-01 20:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 03:55 - 2017-11-01 20:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 03:55 - 2017-11-01 20:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-15 03:55 - 2017-11-01 20:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 03:55 - 2017-11-01 20:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-15 03:55 - 2017-11-01 20:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 03:55 - 2017-11-01 20:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-15 03:55 - 2017-11-01 20:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-15 03:55 - 2017-11-01 20:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-15 03:55 - 2017-10-15 06:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-15 03:55 - 2017-10-15 06:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-15 03:54 - 2017-11-01 21:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-15 03:54 - 2017-11-01 21:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-15 03:54 - 2017-11-01 21:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 03:54 - 2017-11-01 21:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-15 03:54 - 2017-11-01 21:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-15 03:54 - 2017-11-01 21:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-15 03:54 - 2017-11-01 21:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-15 03:54 - 2017-11-01 21:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 03:54 - 2017-11-01 21:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-15 03:54 - 2017-11-01 21:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-15 03:54 - 2017-11-01 21:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 03:54 - 2017-11-01 21:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-15 03:54 - 2017-11-01 21:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-15 03:54 - 2017-11-01 21:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-15 03:54 - 2017-11-01 21:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-15 03:54 - 2017-11-01 20:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-15 03:54 - 2017-11-01 20:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-15 03:54 - 2017-11-01 20:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-15 03:54 - 2017-11-01 20:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-15 03:54 - 2017-11-01 20:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-15 03:54 - 2017-10-15 06:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-15 03:54 - 2017-10-15 06:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-15 03:53 - 2017-11-01 21:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-15 03:53 - 2017-11-01 21:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-15 03:53 - 2017-11-01 21:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-15 03:53 - 2017-11-01 21:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-15 03:53 - 2017-11-01 21:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-15 03:53 - 2017-11-01 21:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-15 03:53 - 2017-11-01 21:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-15 03:53 - 2017-11-01 20:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-15 03:53 - 2017-10-15 06:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-15 03:53 - 2017-10-15 06:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-15 02:26 - 2017-11-15 02:26 - 000000000 ____D C:\Users\End User\Desktop\Old Firefox Data
2017-11-14 23:17 - 2017-11-15 19:13 - 000002476 _____ C:\Users\End User\Downloads\RobloxPlayerBeta.CT
2017-11-14 21:58 - 2017-11-14 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7
2017-11-14 21:58 - 2017-11-14 21:58 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.7
2017-11-14 21:48 - 2017-11-14 21:48 - 012140312 _____ (Cheat Engine ) C:\Users\End User\Downloads\CheatEngine67.exe
2017-11-14 02:00 - 2017-11-14 02:00 - 000000000 ____D C:\Windows.old
2017-11-13 22:50 - 2017-11-13 22:50 - 004299624 _____ (Wargaming.net ) C:\Users\End User\Downloads\_WoT_internet_install_na.exe
2017-11-13 22:49 - 2017-11-13 22:49 - 001531496 _____ ( ) C:\Users\End User\Downloads\WoT_internet_install_na.exe
2017-11-13 05:50 - 2017-11-13 05:50 - 011774086 _____ C:\Users\End User\Downloads\_Check Cashed V3 (1).rar
2017-11-13 05:50 - 2017-11-13 05:50 - 001581512 _____ ( ) C:\Users\End User\Downloads\Check Cashed V3 (1).exe
2017-11-13 05:48 - 2017-11-13 05:48 - 011774086 _____ C:\Users\End User\Downloads\Check Cashed V3.rar
2017-11-13 05:46 - 2017-11-13 05:46 - 011774086 _____ C:\Users\End User\Downloads\_Check Cashed V3.rar
2017-11-13 05:45 - 2017-11-13 05:45 - 001581512 _____ ( ) C:\Users\End User\Downloads\Check Cashed V3.exe
2017-11-12 22:29 - 2017-11-12 22:30 - 000057743 _____ C:\Users\End User\Downloads\Addition.txt
2017-11-12 22:28 - 2017-11-23 01:36 - 000021699 _____ C:\Users\End User\Downloads\FRST.txt
2017-11-12 22:27 - 2017-11-23 01:35 - 000000000 ____D C:\FRST
2017-11-12 22:26 - 2017-11-12 22:26 - 002392576 _____ (Farbar) C:\Users\End User\Downloads\FRST64.exe
2017-11-10 16:03 - 2017-11-10 16:03 - 000077909 _____ C:\Users\End User\Downloads\encoded.pdf
2017-11-09 00:35 - 2017-11-09 00:35 - 001581512 _____ ( ) C:\Users\End User\Downloads\gta_download.exe
2017-11-06 22:52 - 2017-11-06 22:52 - 000820792 _____ (Roblox Corporation) C:\Users\End User\Downloads\RobloxPlayerLauncher (2).exe
2017-11-06 22:12 - 2017-11-06 22:12 - 000002117 _____ C:\Users\End User\Downloads\jailbreak bank.txt
2017-11-05 23:28 - 2017-11-05 23:28 - 000001947 _____ C:\Users\End User\AppData\Local\recently-used.xbel
2017-11-04 06:36 - 2017-11-04 06:36 - 000126378 _____ C:\Users\End User\Downloads\Unconfirmed 491606.crdownload
2017-11-04 06:13 - 2017-11-04 06:13 - 000145376 _____ C:\Users\End User\Downloads\JJSploit (2).rar
2017-11-04 06:10 - 2017-11-04 06:10 - 000145376 _____ C:\Users\End User\Downloads\JJSploit (1).rar
2017-11-04 06:09 - 2017-11-04 06:09 - 000145376 _____ C:\Users\End User\Downloads\JJSploit.rar
2017-11-04 06:07 - 2017-11-04 06:07 - 000782336 _____ () C:\Users\End User\Downloads\Multiple ROBLOX.exe
2017-11-04 05:47 - 2017-11-04 05:48 - 000717824 _____ () C:\Users\End User\Downloads\Gravity-Switch.exe
2017-10-31 23:09 - 2017-10-31 23:09 - 177341504 _____ C:\Users\End User\Downloads\Gameshow.exe
2017-10-30 17:04 - 2017-10-30 17:04 - 000000000 ____D C:\Users\End User\AppData\Local\A.V.M
2017-10-30 17:03 - 2017-10-30 17:03 - 000001038 _____ C:\Users\End User\Desktop\Paltalk.lnk
2017-10-30 17:03 - 2017-10-30 17:03 - 000000000 ____D C:\Users\End User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk
2017-10-30 17:03 - 2017-10-30 17:03 - 000000000 ____D C:\Users\End User\AppData\Local\Paltalk
2017-10-30 16:57 - 2017-10-30 16:57 - 058935880 _____ (AVM Software Inc.) C:\Users\End User\Downloads\PaltalkSetup.exe
2017-10-30 13:12 - 2017-10-30 13:12 - 000060949 _____ C:\Users\End User\Downloads\Form.pdf
2017-10-30 09:48 - 2017-10-30 09:48 - 000000146 _____ C:\Users\End User\Desktop\Sound.lnk
2017-10-30 07:03 - 2017-10-30 07:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-10-30 07:01 - 2017-10-30 07:01 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2017-10-30 07:00 - 2017-10-30 07:04 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-10-30 07:00 - 2017-10-30 07:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-10-30 07:00 - 2017-10-30 07:00 - 000000000 ____D C:\Program Files\Application Verifier
2017-10-30 07:00 - 2017-10-30 07:00 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2017-10-30 07:00 - 2017-10-30 07:00 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2017-10-30 06:50 - 2017-10-30 06:50 - 000587776 _____ C:\Users\End User\Downloads\RoHackV3 (Part 2).dll
2017-10-30 06:50 - 2017-10-30 06:50 - 000272384 _____ C:\Users\End User\Downloads\RoHackV4.dll
2017-10-30 06:50 - 2017-10-30 06:50 - 000253952 _____ C:\Users\End User\Downloads\RoHackV2.dll
2017-10-30 06:49 - 2017-10-30 06:49 - 000064000 _____ C:\Users\End User\Downloads\RoHackV1.dll
2017-10-30 06:42 - 2017-10-30 06:42 - 002488843 _____ C:\Users\End User\Downloads\Unconfirmed 273819.crdownload
2017-10-30 06:42 - 2017-10-30 06:42 - 000000000 ____D C:\Users\End User\AppData\Local\NeonEcho_Slave_Company
2017-10-30 06:38 - 2017-10-30 06:38 - 004095488 _____ () C:\Users\End User\Downloads\Apocalypse Rising Infinite Ammo.exe
2017-10-30 06:34 - 2017-10-30 06:34 - 001574912 _____ (NeonEcho Slave Company) C:\Users\End User\Downloads\NeonEcho Injector.exe
2017-10-30 05:40 - 2017-10-30 05:40 - 000041191 _____ C:\Users\End User\Downloads\x86-binary_autodllinjector-1.0.0.1.zip
2017-10-30 05:30 - 2017-10-30 05:30 - 000139198 _____ C:\Users\End User\Downloads\AirCraze's RoHack RELOADED V2 (1).rar
2017-10-30 05:25 - 2017-10-30 05:25 - 000139198 _____ C:\Users\End User\Downloads\AirCraze's RoHack RELOADED V2.rar
2017-10-30 05:10 - 2017-10-30 05:10 - 000086117 _____ C:\Users\End User\Downloads\btools-1.1 (1).jar
2017-10-29 21:52 - 2017-11-14 21:58 - 000000000 ____D C:\Users\End User\Desktop\Game Screenshots
2017-10-28 06:05 - 2017-10-28 06:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-10-28 06:04 - 2017-10-28 06:04 - 000000000 ____D C:\ProgramData\Samsung
2017-10-28 06:04 - 2017-01-15 22:26 - 000131712 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys
2017-10-28 06:03 - 2017-10-28 06:05 - 000000000 ____D C:\Users\End User\AppData\Roaming\Samsung
2017-10-28 06:03 - 2017-10-28 06:04 - 000000000 ____D C:\Program Files (x86)\Samsung
2017-10-28 06:03 - 2016-12-09 08:04 - 000144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2017-10-28 06:02 - 2017-10-28 06:02 - 039799968 _____ (Samsung Electronics) C:\Users\End User\Downloads\Smart_Switch_PC_Setup.exe
2017-10-26 14:26 - 2017-10-26 14:29 - 003375420 _____ C:\Users\End User\Desktop\Rkill.txt
2017-10-26 14:26 - 2017-10-26 14:26 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\End User\Downloads\iExplore.exe
2017-10-24 20:42 - 2017-10-26 10:18 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-10-24 20:41 - 2017-10-26 13:48 - 000000000 ____D C:\Users\End User\Desktop\mbar
2017-10-24 20:41 - 2017-10-24 20:41 - 016563352 _____ (Malwarebytes Corp.) C:\Users\End User\Downloads\mbar-1.09.3.1001.exe
2017-10-24 20:33 - 2017-11-01 15:47 - 000043049 _____ C:\Users\End User\Downloads\MTB.txt
2017-10-24 20:32 - 2017-10-24 20:32 - 000892416 _____ (Farbar) C:\Users\End User\Downloads\MiniToolBox.exe
2017-10-24 20:31 - 2017-11-01 15:43 - 000002988 _____ C:\Users\End User\Downloads\FSS.txt
2017-10-24 20:30 - 2017-10-24 20:30 - 000899584 _____ (Farbar) C:\Users\End User\Downloads\FSS.exe
2017-10-24 20:24 - 2017-10-24 20:24 - 000852798 _____ C:\Users\End User\Downloads\SecurityCheck.exe
2017-10-24 05:30 - 2017-11-13 05:49 - 000000000 ____D C:\Users\End User\Downloads\AirCraze RoHack Tools (Version 3.0)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-23 01:34 - 2017-08-05 15:59 - 000000000 ____D C:\ProgramData\AliAntiVirusED
2017-11-23 01:34 - 2017-08-05 15:57 - 000000000 ____D C:\Program Files (x86)\TradeManager
2017-11-23 01:34 - 2017-03-21 17:45 - 000000000 ____D C:\Users\End User\AppData\LocalLow\Mozilla
2017-11-23 01:33 - 2017-08-05 15:58 - 000000000 ____D C:\Users\End User\AppData\Local\aef
2017-11-23 01:33 - 2017-07-02 14:38 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-11-23 01:31 - 2017-07-21 20:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-23 01:31 - 2017-07-21 20:30 - 000000000 ____D C:\Users\End User
2017-11-23 01:31 - 2017-07-21 20:30 - 000000000 ____D C:\Users\defaultuser0
2017-11-23 01:31 - 2017-03-18 03:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-11-23 01:30 - 2017-10-16 22:10 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-11-23 01:30 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-11-23 01:30 - 2016-07-16 03:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-11-23 01:17 - 2017-06-03 05:44 - 000000000 ____D C:\Users\End User\AppData\Local\Roblox
2017-11-23 01:06 - 2017-07-21 20:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-22 17:06 - 2017-03-21 17:37 - 000000000 ____D C:\Users\End User\AppData\Local\ClassicShell
2017-11-22 06:24 - 2017-03-18 13:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-22 06:24 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-21 19:48 - 2017-02-01 13:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-21 19:42 - 2017-10-10 19:06 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-21 19:41 - 2017-02-01 13:39 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-21 16:32 - 2017-07-21 20:46 - 001974006 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-21 07:37 - 2017-10-22 00:04 - 000000000 ____D C:\Users\End User\AppData\Roaming\.minecraft
2017-11-21 06:46 - 2017-03-21 18:03 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-11-21 06:45 - 2017-07-21 20:43 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-11-21 06:42 - 2017-03-21 18:03 - 000455384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys.151127559173403
2017-11-21 06:42 - 2017-03-21 18:03 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-11-21 06:42 - 2017-03-21 18:03 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-11-21 06:42 - 2017-03-21 18:03 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-11-21 06:42 - 2017-03-21 18:03 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-11-21 06:42 - 2017-03-21 18:03 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-11-21 06:42 - 2017-03-21 18:03 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-11-21 06:41 - 2017-03-21 18:03 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-11-21 06:41 - 2017-03-21 18:03 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-11-21 06:41 - 2017-03-21 18:03 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-11-21 06:41 - 2017-03-21 18:03 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-11-21 06:41 - 2017-03-21 18:03 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-11-18 19:20 - 2017-09-12 00:25 - 000001444 _____ C:\Users\End User\Desktop\Roblox Studio.lnk
2017-11-18 19:20 - 2017-09-12 00:25 - 000000000 ____D C:\Users\End User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-11-18 01:09 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-16 19:39 - 2017-03-18 13:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-16 19:38 - 2017-03-21 18:12 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-16 08:24 - 2017-02-01 13:18 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-16 06:48 - 2017-03-18 13:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-16 06:46 - 2017-07-21 20:26 - 000394192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-16 06:43 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-16 06:43 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-16 06:43 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-16 06:43 - 2017-03-18 13:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-16 06:43 - 2017-03-18 13:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-16 06:38 - 2017-09-12 00:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-16 06:38 - 2017-03-21 17:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-16 06:10 - 2017-03-21 17:44 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-16 06:10 - 2017-03-21 17:44 - 000000000 ____D C:\Users\End User\AppData\Roaming\Mozilla
2017-11-15 19:03 - 2017-09-12 00:25 - 000001432 _____ C:\Users\End User\Desktop\Roblox Player.lnk
2017-11-15 04:32 - 2017-03-18 12:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-14 23:53 - 2017-08-06 06:22 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2017-11-14 22:04 - 2017-07-21 20:43 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-14 22:04 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-14 22:04 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-14 21:59 - 2017-07-16 16:21 - 000000000 ____D C:\Users\End User\AppData\Local\{53F665AA-775E-0912-1AC6-2CFA3EAED062}
2017-11-14 20:00 - 2017-08-05 15:58 - 000000000 ____D C:\Users\End User\AppData\Roaming\TaobaoProtect
2017-11-14 10:21 - 2017-10-18 19:16 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 10:21 - 2017-10-18 19:16 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-14 04:02 - 2017-07-21 14:20 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-14 03:42 - 2017-07-21 20:47 - 000045723 _____ C:\WINDOWS\diagwrn.xml
2017-11-14 03:42 - 2017-07-21 20:47 - 000045723 _____ C:\WINDOWS\diagerr.xml
2017-11-14 03:16 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\Registration
2017-11-14 03:15 - 2017-09-29 07:05 - 000000000 ___HD C:\$WINDOWS.~BT
2017-11-13 22:51 - 2017-07-16 16:12 - 000000000 ____D C:\Games
2017-11-13 14:22 - 2017-10-18 19:16 - 000002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-13 14:22 - 2017-10-18 19:16 - 000002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-09 20:32 - 2017-06-18 12:42 - 000000000 ____D C:\Users\End User\.gimp-2.8
2017-11-05 23:28 - 2017-06-18 12:54 - 000000000 ____D C:\Users\End User\AppData\Local\gtk-2.0
2017-11-04 23:31 - 2017-07-31 16:34 - 000000000 ____D C:\!Urban
2017-11-04 17:40 - 2017-08-09 16:50 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 17:40 - 2017-08-09 16:50 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-03 21:55 - 2017-07-25 17:32 - 000003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3750219003-330135889-1696341922-1002
2017-11-03 21:55 - 2017-03-14 13:51 - 000002372 _____ C:\Users\End User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-03 21:55 - 2017-03-14 13:51 - 000000000 ___RD C:\Users\End User\OneDrive
2017-11-02 19:20 - 2017-04-06 20:33 - 000000000 ____D C:\Users\End User\AppData\Local\ElevatedDiagnostics
2017-11-02 01:27 - 2017-10-18 20:03 - 000000000 ____D C:\Users\End User\AppData\Local\Monosnap
2017-10-31 07:21 - 2017-07-02 14:31 - 000000000 ____D C:\Program Files (x86)\Paltalk Messenger
2017-10-31 07:21 - 2017-05-23 20:30 - 000000000 ____D C:\Program Files (x86)\Paltalk
2017-10-30 07:00 - 2017-07-21 20:29 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-28 06:03 - 2017-07-19 20:11 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-10-26 10:16 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\TAPI
2017-10-24 20:42 - 2017-10-18 15:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-24 10:48 - 2017-10-20 18:43 - 000000000 ____D C:\Users\End User\AppData\Local\Ubisoft Game Launcher

==================== Files in the root of some directories =======

2017-07-15 06:43 - 2017-07-15 06:43 - 000001877 _____ () C:\Users\End User\AppData\Roaming\VPNMasterFreeVPN.pbk
2017-11-05 23:28 - 2017-11-05 23:28 - 000001947 _____ () C:\Users\End User\AppData\Local\recently-used.xbel
2017-10-30 17:17 - 2017-10-31 18:56 - 000002429 _____ () C:\Users\End User\AppData\Local\Temptoast_image.png
2017-10-16 19:04 - 2017-10-16 19:04 - 000000003 _____ () C:\Users\End User\AppData\Local\updater.log
2017-10-16 19:04 - 2017-10-16 19:23 - 000000059 _____ () C:\Users\End User\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2017-10-22 01:05 - 2017-10-22 01:05 - 000017408 ____N (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-1824039979282477099.dll
2017-10-16 20:42 - 2017-10-16 20:42 - 000017408 ____N (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-1841771878360055365.dll
2017-10-22 16:22 - 2017-10-22 16:22 - 000017408 ____N (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-1860264017614790008.dll
2017-10-16 20:55 - 2017-10-16 20:55 - 000017408 ____N (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-4684937291408308365.dll
2017-10-05 07:27 - 2017-10-05 07:27 - 000017408 ____N (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-6116305651743838919.dll
2017-10-09 18:00 - 2017-10-09 18:00 - 000017408 ____N (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-6158575806436120783.dll
2017-10-09 18:06 - 2017-10-09 18:06 - 000017408 _____ (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-6383363101561513427.dll
2017-10-05 07:32 - 2017-10-05 07:32 - 000017408 ____N (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-7055267989425488513.dll
2017-10-09 17:53 - 2017-10-09 17:53 - 000017408 ____N (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-7627470802349411030.dll
2017-10-05 07:09 - 2017-10-05 07:09 - 000017408 ____N (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-8988519932113076336.dll
2017-10-09 21:11 - 2017-10-09 21:11 - 000017408 _____ (Red Hat®, Inc.) C:\Users\End User\AppData\Local\Temp\jansi-32-9152667391966274605.dll
2017-10-13 11:54 - 2017-10-13 11:54 - 002885168 _____ () C:\Users\End User\AppData\Local\Temp\npp.7.5.1.Installer.exe
2017-08-30 02:26 - 2017-10-18 23:53 - 000106870 _____ () C:\Users\End User\AppData\Local\Temp\Uninstall.exe
2015-08-02 15:58 - 2015-08-02 15:58 - 000118784 _____ () C:\Users\End User\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-20 09:59

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2017
Ran by End User (23-11-2017 01:37:04)
Running from C:\Users\End User\Downloads
Windows 10 Pro Version 1703 15063.726 (X64) (2017-07-22 04:49:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3750219003-330135889-1696341922-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3750219003-330135889-1696341922-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3750219003-330135889-1696341922-1001 - Limited - Disabled) => C:\Users\defaultuser0
End User (S-1-5-21-3750219003-330135889-1696341922-1002 - Administrator - Enabled) => C:\Users\End User
Guest (S-1-5-21-3750219003-330135889-1696341922-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Alipay Cert Component 2.6.0.0 (HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\AlipayCert) (Version: 2.6.0.0 - Alipay.com Co., Ltd.)
AliSafeEngine 5.0.2 (HKLM-x32\...\AliSafeEngine) (Version: 5.0.2 - Alibaba, Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Application Verifier x64 External Package (HKLM\...\{0115F5D3-35C7-5EF3-0C93-87C92E678D76}) (Version: 10.1.14393.33 - Microsoft) Hidden
Assassin's Creed Syndicate (HKLM-x32\...\Uplay Install 1875) (Version: 1.51 - Ubisoft)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.3.3.1209 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandicam.com)
Blender (HKLM\...\{DEA73CCA-7EC9-41EA-8509-1041C1CABFD0}) (Version: 2.78.3 - Blender Foundation)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6499 - CDBurnerXP)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
FireAlpaca 1.7.5 (HKLM-x32\...\FireAlpaca_is1) (Version: 1.7.5 - firealpaca.com)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP Color LaserJet Pro MFP M277 (HKLM-x32\...\{7ac49734-541c-48e7-99be-02f41e43e79d}) (Version: 14.0.15343.533 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPCLJProM277 (HKLM-x32\...\{9A337B35-06E3-4F9D-9B39-5AC9C2E7F82B}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPDXP (HKLM-x32\...\{D904ECC8-FBED-4618-8B6A-95F3F9352136}) (Version: 3.0.26.32 - HP) Hidden
HPLJUTCore (HKLM-x32\...\{AA9C0477-A064-4D76-A0C4-A3A5A11F1D4C}) (Version: 020.000.0001 - HP) Hidden
HPLJUTM277 (HKLM-x32\...\{1FE53D6E-05EA-4D03-BB77-740C9AF03574}) (Version: 014.000.0001 - HP) Hidden
hppLaserJetService (HKLM-x32\...\{0C4C3664-157A-4D69-B474-31EBF2EE1AE3}) (Version: 009.033.00926 - Hewlett-Packard) Hidden
hppM277LaserJetService (HKLM-x32\...\{3F43C468-BC22-4F88-8382-FF349E724317}) (Version: 001.034.00686 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{EACC40D7-58F4-4A7A-9786-953DC9A1850B}) (Version: 170.040.00259 - HP Development Company, L.P.) Hidden
hpStatusAlertsM277 (HKLM-x32\...\{651F24A4-7240-4598-BDA3-3F6F86005670}) (Version: 140.046.00129 - Hewlett-Packard) Hidden
Intel® Hardware Accelerated Execution Manager (HKLM\...\{557D160E-2085-4D38-BDA3-1D5D3F74A3A4}) (Version: 6.0.4 - Intel Corporation)
Intellisense Lang Pack Mobile Extension SDK 10.0.14393.0 (HKLM-x32\...\{26D23C60-AC47-46E5-8EDF-D19F41CAB666}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{76825BA0-C536-C284-BAA1-9DB7A2D30D54}) (Version: 10.1.14393.33 - Microsoft) Hidden
LJDXPHelperUI (HKLM-x32\...\{DEB23FB1-04FF-44AC-98B5-EEB243D65A28}) (Version: 140.069.007 - HP) Hidden
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.6.2 SDK (HKLM-x32\...\{39BEF607-44E6-472B-90C1-BD62AA2B7A3F}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 Targeting Pack (HKLM-x32\...\{C07B4BC7-A37D-46A8-B2A3-620CC569D149}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8625.2127 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version:  - )
Monosnap (HKLM-x32\...\{2CE96D70-718B-495D-9C58-C48CD89F7797}) (Version: 3.0.6.40 - Monosnap)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
MSI Development Tools (HKLM-x32\...\{D4A10A5F-9300-3FF6-0906-71EBBDD68FDB}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Paint Shop Pro 7 (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.2.0000 - Jasc Software Inc)
Paltalk (HKLM-x32\...\Paltalk) (Version:  - )
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Roblox Player for End User (HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Roblox Studio for End User (HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - Roblox Corporation)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
SDK Debuggers (HKLM-x32\...\{F894B529-9F16-1890-3474-0AA0AEAC6D67}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.82216 - TeamViewer)
TradeManager 2016 (HKLM-x32\...\TradeManager) (Version:  - Alibaba (China) Network Technology Co., Ltd.)
Unity Web Player (HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\UnityWebPlayer) (Version: 5.3.8f1 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{F6483AD1-9703-F95E-B07B-6BB7A3DA7B71}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{96FB0EE4-8F7E-595E-B5CF-BFCC6BF26014}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{302A9B8D-5111-6C51-BB99-FF394C4A4255}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{2D359C7E-59C8-79A9-5157-FE9E189F5E8A}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{71436CD5-3E63-CEE9-FC00-5124A5C9A931}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{87F42CC0-5403-3698-87D9-3C2A04E476E1}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 9.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Player (HKLM\...\{6D211A09-EB2A-4B83-ACCB-13B1BC12AF4E}) (Version: 12.5.2 - VMware, Inc.)
WinAppDeploy (HKLM-x32\...\{1182888E-EDC9-05C5-33BD-B61DA5B1F916}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{45D392D2-5956-4646-9CA6-83CBF67507B6}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.33 (HKLM-x32\...\{f23f94c5-8bba-4202-85ad-c83d4402cdc1}) (Version: 10.1.14393.33 - Microsoft Corporation)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{01F53182-F1C8-8A72-5C86-B6612BDD4815}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{2AC000E5-E5E6-75B7-7FC2-9ECA8C57CA98}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{6DF5B5E1-A8A0-B617-AADB-31C3709A3C41}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{1AAB8359-4433-FF39-D420-0AD429993AD7}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{CB7AC790-0E8B-D6C9-CE1E-655793E7D541}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{87775501-5259-6A7C-51A6-71C832DB7ABA}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{CFD0294B-945D-62E4-7959-9B22A160496F}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{F75FD5E5-1F33-AE2B-715A-F829F8A8F51D}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
World of Tanks (HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
WPT Redistributables (HKLM-x32\...\{6704BD92-2F42-FE2F-AF4E-5C9D6666C75E}) (Version: 10.1.14393.33 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{3F61608E-AB68-04B1-82FF-95799F5D01CA}) (Version: 10.1.14393.33 - Microsoft) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3750219003-330135889-1696341922-1002_Classes\CLSID\{08D512D2-7D97-4E22-B7DB-82791106C086}\InprocServer32 -> C:\Users\End User\AppData\Roaming\alipay\cf\alicdo_x64.dll (Alipay)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-21] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-21] (AVAST Software)
ContextMenuHandlers1-x32: [OpenFolder] -> {0DE1378D-F811-40E6-B60A-1CC56F57D3E9} => C:\Program Files (x86)\TradeManager\AliIMExt.dll [2017-03-19] (Alibaba (China) Co., Ltd.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2016-11-11] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2016-11-11] (VMware, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-21] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-21] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {055E2148-C859-4DC9-BE28-F2491FF4E794} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-21] (AVAST Software)
Task: {13A719F2-C189-43BB-AC2C-781CA5800647} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-02] (Microsoft Corporation)
Task: {1C5629BF-2B42-4227-ABDA-5A5D86ADD044} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {278D6157-A2C5-4AEB-9EBE-B918E05AEE2E} - System32\Tasks\SafeZone scheduled Autoupdate 1490148307 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {40324733-9A22-4517-9636-CBCD682F0C48} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {411E4AF9-9877-4A72-871E-3623510AB3E8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-02] (Microsoft Corporation)
Task: {6050961C-3B5C-44D5-95A0-05665180A6C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {6C6044FD-2DC9-4AB7-86BE-7C8E2602DCE4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-18] (Google Inc.)
Task: {873638CA-E6E9-4D63-9B06-A1FF88D12E99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-18] (Google Inc.)
Task: {8F9B1332-1C78-4579-BFCF-BC212507E5B6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-11-16] (Microsoft Corporation)
Task: {9EB6CE1C-F31E-4B0E-B56A-BC6D3137A792} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-16] (Microsoft Corporation)
Task: {A55A3155-6434-4579-993D-7B7E7EEA2098} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {AEFE362C-3395-45A6-9390-408B5D53F23B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-16] (Microsoft Corporation)
Task: {B6C4C5CD-BAF8-4534-9682-AF05D5EC97EE} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2015-12-05] (HP Development Company, L.P.)
Task: {DC752881-6525-4249-AD07-22B68613A2B5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\End User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat ()

==================== Loaded Modules (Whitelisted) ==============

2017-11-16 08:27 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-18 12:58 - 2017-03-18 12:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-21 18:15 - 2017-11-10 04:24 - 008931496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-18 12:59 - 2017-03-18 18:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-14 20:05 - 2017-11-14 20:05 - 033915904 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_34.35.13001.0_x64__8wekyb3d8bbwe\XboxApp.dll
2016-07-16 06:37 - 2016-07-16 06:37 - 000258560 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_34.35.13001.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-11-09 16:48 - 2017-11-09 16:48 - 000061952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-11-11 11:26 - 2017-11-11 11:27 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-11 11:26 - 2017-11-11 11:27 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-11 11:26 - 2017-11-11 11:27 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-06 21:55 - 2017-11-06 21:55 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
2017-03-19 22:27 - 2017-07-25 00:33 - 000121784 _____ () C:\Program Files (x86)\TradeManager\AliApp.exe
2016-05-10 01:14 - 2016-05-10 01:14 - 000404640 _____ () C:\Program Files (x86)\AliSafeEngine\5.0.2\ReportEnv.dll
2016-05-10 01:14 - 2016-05-10 01:14 - 000159392 _____ () C:\Program Files (x86)\AliSafeEngine\5.0.2\HealthCheck.dll
2017-08-05 15:58 - 2017-08-05 15:58 - 000698152 _____ () C:\Users\End User\AppData\Roaming\TaobaoProtect\AliBench\AlibenchDLL.dll
2017-03-19 22:27 - 2017-07-25 00:33 - 000121272 _____ () C:\Program Files (x86)\TradeManager\rv2log.dll
2017-03-19 22:27 - 2017-07-25 00:33 - 000328120 _____ () C:\Program Files (x86)\TradeManager\rv2core.dll
2017-03-19 22:27 - 2017-07-25 00:33 - 000286648 _____ () C:\Program Files (x86)\TradeManager\pcre.dll
2017-03-19 22:27 - 2017-07-25 00:33 - 042129848 _____ () C:\Program Files (x86)\TradeManager\aef.dll
2017-03-19 22:27 - 2017-07-25 00:33 - 000374712 _____ () C:\Program Files (x86)\TradeManager\rv2archive.dll
2017-03-19 22:27 - 2017-07-25 00:33 - 000042936 _____ () C:\Program Files (x86)\TradeManager\AliProtect.dll
2017-03-19 22:27 - 2017-07-25 00:33 - 000160696 _____ () C:\Program Files (x86)\TradeManager\PerfTrace.dll
2014-10-07 19:12 - 2014-10-07 19:12 - 001554888 _____ () C:\Program Files (x86)\TradeManager\LIBEAY32.dll
2017-03-19 22:27 - 2017-07-25 00:33 - 000594872 _____ () C:\Program Files (x86)\TradeManager\uacagent.dll
2014-10-07 19:12 - 2014-10-07 19:12 - 000072192 _____ () C:\Program Files (x86)\TradeManager\zlibwapi.dll
2015-01-07 10:00 - 2015-01-07 10:00 - 000437216 _____ () C:\Program Files (x86)\TradeManager\collina.dll
2017-03-19 22:27 - 2017-07-25 00:33 - 000584632 _____ () C:\Program Files (x86)\TradeManager\unifiedconfig.dll
2017-11-21 06:41 - 2017-11-21 06:41 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-21 06:41 - 2017-11-21 06:41 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-07-11 15:14 - 2017-07-11 15:14 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-21 06:42 - 2017-11-21 06:42 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-21 06:42 - 2017-11-21 06:42 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-21 06:41 - 2017-11-21 06:41 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\taobao.com -> hxxp://taobao.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 03:47 - 2017-10-15 09:03 - 000000002 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3750219003-330135889-1696341922-1002\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Malwarebytes TrayApp"
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\StartupApproved\StartupFolder: => "OrbitumUpdate.lnk"
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\StartupApproved\Run: => "Orbitum Update"
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\StartupApproved\Run: => "Paltalk"
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\StartupApproved\Run: => "VPN Unlimited"
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-3750219003-330135889-1696341922-1002\...\StartupApproved\Run: => "World of Tanks"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{902A9B73-417D-4D9F-A6BC-93AF1CB98239}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{44D97AC5-B51D-4FDE-AA0C-78D521B81F31}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{7CB3FB7C-27DE-4E8F-93F4-D0D144D5BA9E}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{97C6833A-C1CB-4C33-9DE7-ED2CBACF42AD}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{B346AFFE-2146-46C0-9092-60E1F4902102}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{4C38802E-C0F4-47D6-9F10-50184C106328}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{1F63DE8C-9D9E-4945-A54C-33126540B522}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{C322FCB7-1B8D-4E5B-BA82-ABC45C1A4E8A}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{C15CF72C-026A-47CE-B723-9BF70DDA0463}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{06E76F56-8C31-49D6-AFFD-0B3A9E98F089}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{AEDD792C-5C66-4FEB-9FA5-B054701E0930}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{5E7A57C3-C53C-41C7-8D43-5D5F0D30544B}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{215098C5-DF60-4A32-86C8-E9998882A5C9}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{9A74EA1E-CC90-475A-B92C-C90C32E488F2}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{ABAA83EF-9662-46FC-8B10-0C7F904C625D}] => (Allow) C:\Users\End User\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{751444BA-D95B-4A71-A0BD-E7073D18096B}] => (Allow) C:\Users\End User\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [UDP Query User{4C4348CA-722E-4FB8-A322-DA78FCC86419}C:\minecraft!\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\minecraft!\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{4CDF1827-0BFC-44F1-9537-9F555AB9BE5D}C:\minecraft!\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\minecraft!\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E5AFF5C8-2875-4E8D-BB17-040C464ADB4D}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{26477CB2-C655-4E12-873E-2DBB9C9BAA56}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{0DEDA733-CB4B-4A40-AD53-602B267747CD}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{A4A73CCC-DD7F-4A68-99AA-F620EE7CAB2B}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{4E7544A7-F09A-4D32-8359-BCC61B241A5C}] => (Allow) C:\Users\End User\Desktop\Yossi's folder\Yossi's game folder\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7E724920-788E-4A63-A150-999E22492D32}] => (Allow) C:\Users\End User\Desktop\Yossi's folder\Yossi's game folder\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2442B13B-42F4-4070-BD72-CDEC3E72B0A0}] => (Allow) C:\Users\End User\Desktop\Yossi's folder\Yossi's game folder\Steam.exe
FirewallRules: [{F2976043-F834-4EF3-90EB-44D14993D874}] => (Allow) C:\Users\End User\Desktop\Yossi's folder\Yossi's game folder\Steam.exe
FirewallRules: [UDP Query User{9C8AE5BA-C2A3-4997-9786-F3A8E5692E13}C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe
FirewallRules: [TCP Query User{FE5CAD8A-4000-4E2D-B81C-D1F9CEA9675C}C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe
FirewallRules: [UDP Query User{BBB6FA7E-C34C-4601-B0A2-7A71DE3CBEE1}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{3E6C8F6D-7F6F-4878-86CF-0C06EB3DF436}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{63261836-85E2-4283-BD4B-FE6A872A149B}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{D81B5D71-C036-4CB2-9A64-7C67491E1E90}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{02C73162-6424-4F34-AEF7-394DD0D4EACF}C:\users\end user\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe] => (Allow) C:\users\end user\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe
FirewallRules: [TCP Query User{A4F5026E-E7A2-421E-82B7-6ABCEB2EE5D9}C:\users\end user\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe] => (Allow) C:\users\end user\appdata\local\orbitum\application\orbitumupdater\orbitumupdater.exe
FirewallRules: [UDP Query User{069C7524-8659-404F-9F35-B77A650E52C7}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{69A28995-4513-40F2-8AC7-53762EE25DAB}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{22B4A976-A0D4-4DA4-9BF4-59B8F34E11C5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6B17712C-5BDD-477D-9B8C-9CED70B7B1B7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{D9CF370D-24F2-423F-A6C6-FD31E8A1495B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{12E03021-20F7-4C8C-8A84-E11929575A45}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{47B9D4A3-FBD9-48F0-BCEA-771E3C77572C}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M277\bin\EWSProxy.exe
FirewallRules: [{53A2B3C8-266D-4F30-B833-DE9F2865CE28}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M277\bin\FaxApplications.exe
FirewallRules: [{2936A553-BF7B-473B-8DDB-E211EE1FEAA4}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M277\bin\DigitalWizards.exe
FirewallRules: [{C369613A-89CB-4DF1-9A73-583802BFBCFB}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M277\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D8B7B211-FFEA-4D77-BA7C-5A43D6B8E5A3}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M277\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{BEEC7106-BBC7-4AEC-A68F-329723D47A32}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M277\bin\FaxPrinterUtility.exe
FirewallRules: [{BB94DFB5-A1C6-4E87-AC28-55150E82A7B2}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M277\bin\SendAFax.exe
FirewallRules: [{2B87D804-F25E-40E1-B261-FC14803F19C4}] => (Allow) C:\Program Files (x86)\TradeManager\AliIM.exe
FirewallRules: [{C90445FA-5328-4DF2-815F-54419A2AC3CB}] => (Allow) C:\Program Files (x86)\TradeManager\AliIM.exe
FirewallRules: [TCP Query User{3B44CDEC-F602-455B-9A58-050885584027}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Block) C:\programdata\wargaming.net\gamecenter\wgc.exe
FirewallRules: [UDP Query User{161C05CA-6E3D-4BC7-9017-79A72722654C}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Block) C:\programdata\wargaming.net\gamecenter\wgc.exe
FirewallRules: [{4C10D179-B5E4-49D4-BA17-D86ED6FCB246}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{7C3CBE79-9C7A-4C88-9107-51AABE7BBAB0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{5B2FA87A-739B-4546-9413-6E11360E49C7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6C0CFCD8-6DB1-4BE3-A555-5E6B1DA56DE0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{352D9215-D905-463A-86C4-A89B13E827D6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{01E38848-DD85-4FF1-A4A0-3F65D87EDD33}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{6EA0B09E-EAE5-4192-AA11-5F647B8B90E5}C:\users\end user\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\end user\appdata\local\warthunder\launcher.exe
FirewallRules: [UDP Query User{E9EEEC6B-F166-4012-A6ED-A7950951366A}C:\users\end user\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\end user\appdata\local\warthunder\launcher.exe
FirewallRules: [{23BE94CC-0F6C-4901-9C7E-C4902B0C3E24}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{4DDBB15D-E2A0-4797-9DB8-CD1343F07BBB}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{68599044-C434-4497-AB74-3551F5C30069}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [{551721E7-F13D-4C12-BFE4-D4F00A18DB70}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [TCP Query User{A7B3EAE8-592E-4DDB-817D-0CFCCEA3141F}C:\games\counter strike global offensive warzone\csgo.exe] => (Allow) C:\games\counter strike global offensive warzone\csgo.exe
FirewallRules: [UDP Query User{8EA3342A-4902-4C48-9D11-2F8FD3B61946}C:\games\counter strike global offensive warzone\csgo.exe] => (Allow) C:\games\counter strike global offensive warzone\csgo.exe
FirewallRules: [{6F398613-9D66-479A-BC53-6E0BC0655385}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{979E5704-4F9F-4AEC-BF6E-3CD5DF95CC79}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{97F70AE4-ED77-4429-A51A-EA61069639A0}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [TCP Query User{A3241165-FCEC-408B-9D3D-CAE8114E62F0}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [UDP Query User{768D0083-01FB-4395-8108-FC1758E57EA9}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [{4947B4A8-8C41-4C0C-9326-51504CE33AA5}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{44B7B547-2A44-4CDD-911D-0C5D11338781}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{84428EE6-5EE9-4C4E-9F5D-4A2C0DBDB9AE}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{5D2B8927-62F2-4EDC-80B5-0B88D4955E10}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{CEC3F83B-B27A-4651-A230-1E5CFB8632D5}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{F4BAB773-9262-4FD2-B107-4833C2A3A666}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{7E66B131-5B20-414D-8891-812950C04D9D}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed Syndicate\ACS.exe
FirewallRules: [{B4EC5E12-D22B-48C4-AF46-BCC894F3AC3F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D869B383-E132-4D4A-98AD-F3543F928328}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{54F3B9CA-208F-467B-97BF-A1E5181C0857}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{9B70CE25-EC4E-455E-AEAF-788C6B5F7F69}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{F3F4BAE2-1366-4612-9623-73DCD1CF6554}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe

==================== Restore Points =========================

16-11-2017 23:50:51 Scheduled Checkpoint
21-11-2017 19:40:25 Windows Update

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/23/2017 01:20:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 57.0.0.6525 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2e84

Start Time: 01d36328dd6c8ceb

Termination Time: 4294967295

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 51d947c5-9629-4956-a0a1-118d9314ba15

Faulting package full name:

Faulting package-relative application ID:

Error: (11/23/2017 01:09:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DK32AUA)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/22/2017 11:25:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-DK32AUA)
Description: Package Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (11/22/2017 11:10:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-DK32AUA)
Description: Package Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (11/22/2017 09:58:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-DK32AUA)
Description: Package Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (11/22/2017 09:04:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DK32AUA)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/22/2017 09:04:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-DK32AUA)
Description: Package Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (11/22/2017 08:34:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DK32AUA)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/22/2017 08:23:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-DK32AUA)
Description: Package Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (11/22/2017 03:27:20 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (11/23/2017 01:31:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (11/23/2017 01:19:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/23/2017 01:16:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/23/2017 01:10:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/22/2017 09:40:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/22/2017 09:04:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DK32AUA)
Description: The server Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (11/22/2017 08:22:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/22/2017 06:38:41 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (11/22/2017 06:38:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/22/2017 06:38:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.


CodeIntegrity:
===================================
  Date: 2017-11-23 01:11:07.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-23 01:11:06.895
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-23 00:20:55.005
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-23 00:20:54.799
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-23 00:14:34.634
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-23 00:14:33.979
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-23 00:14:33.655
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-22 23:40:13.107
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-22 23:40:12.878
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-22 23:34:52.479
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Monosnap\mgames2\msnapcap64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Xeon® CPU W3520 @ 2.67GHz
Percentage of memory in use: 44%
Total physical RAM: 6127.22 MB
Available physical RAM: 3420.59 MB
Total Virtual: 13551.22 MB
Available Virtual: 10816.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:307.84 GB) (Free:97.86 GB) NTFS
Drive i: (ACS Disc 2) (CDROM) (Total:7.94 GB) (Free:0 GB) UDF
Drive j: (Data) (Fixed) (Total:1554.69 GB) (Free:1222.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 90909090)
Partition 1: (Active) - (Size=494 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=307.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1554.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Fix Result From Farbar:

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-11-2017
Ran by End User (23-11-2017 01:30:08) Run:1
Running from C:\Users\End User\Downloads
Loaded Profiles: defaultuser0 & End User (Available Profiles: defaultuser0 & End User)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Extension: (DownloadManagerNow) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhifapajpoibpajokkokaajalaincjli [2017-11-09]
*****************

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSuggestURL => removed successfully
CHR Extension: (DownloadManagerNow) - C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhifapajpoibpajokkokaajalaincjli [2017-11-09] => Error: No automatic fix found for this entry.


The system needed a reboot.

==== End of Fixlog 01:30:09 ====

 

CKscanner log:

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\blender foundation\blender\2.78\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
scanner sequence 3.ED.11.QSNAGZ
 ----- EOF -----
 



#10 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:10:59 PM

Posted 27 November 2017 - 01:35 AM

Hi MarshmallowMillicent,

Sorry for the delay in replying. Just to update you, I should have a reply for you tomorrow.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#11 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:10:59 PM

Posted 27 November 2017 - 11:41 PM

Hi MarshmallowMillicent,

It appears some of the logs you provided to me were modified before they were posted. Can you please provide me an unmodified version of these logs?

If you need to collect another set of logs, the CKScanner and FRST scans can be safely re-run, but please do not re-run the FRST fix or MBAR.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#12 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:10:59 PM

Posted 02 December 2017 - 06:36 PM

Hi MarshmallowMillicent,

I have not yet received a reply from you. Let me know if you need help following the instructions or if something has come up. This thread will be locked if five days pass without a reply.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:59 PM

Posted 05 December 2017 - 10:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users