Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ASUS RT-AC68U Router Exploit/Backdoor_CMD_EXE/WEB_Brute_Force/Code_EXE


  • This topic is locked This topic is locked
13 replies to this topic

#1 Titan-man

Titan-man

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 06 December 2017 - 04:29 AM

The screen shots kinda say it all. Asus support thus far is a joke. This an inside job? Agencies at play? Any help here would be great and hopefully something learned for the greater good? I don't know however approximately the same time I started getting some nasty redirects on bogus post of my products I innovated and manufacturer for powerless cooking and water storage. A week ago I received a Square_Up money request from a guy worked for me for three days who called himself the Wizard. He claimed doing some stuff like the redirects running up to an election a couple years back. I am not able to get any WiFi connectivity if I have auto connect for VPN enabled on wireless ie phone/tablet. 

 

I know he is the redirects but the router also or bigger problems? Thanks in advance and if I mis-post, my bad. Please advise.

 

Ok I am unable to attach anymore so I will post and try to add.

 

I'm not sure whats happening but after the three I get a red box Saying "Error No file was selected for upload" both uploaders...

 

Attached File  Inkedasus4_LI.jpg   117.49KB   1 downloads

Attached File  Inkedasus 10_LI.jpg   120.8KB   0 downloads

Attached File  Inkedasus external attacks and client device infected 11.30.17 19.09.31_LI.jpg   153.21KB   0 downloads


Edited by Titan-man, 06 December 2017 - 05:51 AM.


BC AdBot (Login to Remove)

 


#2 Titan-man

Titan-man
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 06 December 2017 - 04:51 AM

Attached File  Inkedasus7_LI.jpg   100.37KB   0 downloadsAttached File  Inkedasus6_LI.jpg   99.13KB   0 downloadsAttached File  Inkedasus5_LI.jpg   75.28KB   0 downloadsAttached File  Inkedasus3_LI.jpg   61.31KB   0 downloadsAttached File  Inkedasus after update 11.30.17 3_LI.jpg   52.56KB   0 downloads

Attached File  Inkedasus after update 11.30.17 4_LI.jpg   55.5KB   0 downloadsAttached File  Inkedasus after update 11.30.17 5_LI.jpg   53.43KB   0 downloads

Attached File  Inkedasus after update 11.30.17 6_LI.jpg   54.38KB   0 downloadsAttached File  Inkedasus after update 11.30.17_LI.jpg   53.71KB   0 downloads

Attached File  Inked192.168.1.1.manifest.appcache_LI.jpg   21.37KB   0 downloadsAttached File  Inked192.168.1.1.manifest.appcache2_LI.jpg   38.24KB   0 downloadsAttached File  Inkedasus remote access from wan_LI.jpg   165.97KB   0 downloadsAttached File  Inkedasus9_LI.jpg   117.39KB   0 downloadsAttached File  InkedAsus1_LI.jpg   62.63KB   0 downloadsAttached File  Inkedasus8_LI.jpg   114.05KB   0 downloadsAttached File  InkedAusu 12.4.17 23.48 Two way IPS after Remote access from wan turned on_LI.jpg   157.36KB   0 downloadsAttached File  InkedAusu 12.4.17 23.48 Two way IPS DDNS active_LI.jpg   127.12KB   0 downloadsAttached File  Inkedconnections 11.30.17 19.25_LI.jpg   118.16KB   0 downloadsAttached File  Inkedport forwarding 11.30.17 19.23_LI.jpg   125.53KB   0 downloadsAttached File  InkedInkedasus after update 11.30.17 2_LI.jpg   54.4KB   0 downloads

Attached Files



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 11 December 2017 - 04:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/664648 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Titan-man

Titan-man
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 19 December 2017 - 07:33 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by fast (administrator) on ANONYMOUS-FAST (19-12-2017 11:24:08)
Running from C:\Users\fast\Downloads
Loaded Profiles: fast (Available Profiles: fast & Administrator & DefaultAppPool)
Platform: Windows 10 Pro Version 1703 15063.786 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> dwm.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
Failed to access process -> WUDFHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
Failed to access process -> WmiPrvSE.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
Failed to access process -> dasHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Failed to access process -> GoogleCrashHandler.exe
() C:\Program Files\pia_manager\pia_manager.exe
Failed to access process -> GoogleCrashHandler64.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(hxxp://www.ruby-lang.org/) C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\bin\rubyw.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Sysinternals - www.sysinternals.com) C:\Users\fast\Desktop\SysinternalsSuite (1)\procexp64.exe
(hxxp://www.ruby-lang.org/) C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\bin\rubyw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
() C:\Program Files\pia_manager\openvpn.exe
(Sysinternals - www.sysinternals.com) C:\Users\fast\Desktop\SysinternalsSuite (1)\Procmon.exe
(Sysinternals - www.sysinternals.com) C:\Users\fast\AppData\Local\Temp\Procmon64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files (x86)\DVR Soft\DvrClient\DvrClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [497824 2016-08-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-05] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-15] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [651560 2015-11-10] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6814192 2016-08-10] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-11-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2017-11-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-01] (Piriform Ltd)
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\Run: [GoogleChromeAutoLaunch_23E43E3C36DDE0630C2BD1E0DE7890D8] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2017-12-05] (Google Inc.)
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5406672 2017-12-11] (SecureMix LLC)
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\RunOnce: [Application Restart #2] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2017-11-18] (The NWJS Community)
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\RunOnce: [Application Restart #4] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2017-11-18] (The NWJS Community)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2017-07-06]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2017-07-06]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2017-07-06]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2017\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\fast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2017-04-27]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\fast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-12-01]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk /m /f \Device\HarddiskVolume7autocheck autochk * 
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{211c2bae-e460-407f-80fb-35d10f7f60da}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e0106f02-9145-4a8e-9079-7e700132504c}: [DhcpNameServer] 209.222.18.222 209.222.18.218
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3271275025-2158743644-2568987073-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
Handler-x32: intu-help-qb10 - {E795042F-8A29-42E4-B265-2C7AB38E8AEE} - C:\Program Files (x86)\Intuit\QuickBooks 2017\HelpAsyncPluggableProtocol.dll [2017-10-04] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: exvgfd5v.default
FF ProfilePath: C:\Users\fast\AppData\Roaming\Mozilla\Firefox\Profiles\exvgfd5v.default [2017-12-19]
FF Homepage: Mozilla\Firefox\Profiles\exvgfd5v.default -> about:home
FF Extension: (DuckDuckGo Plus) - C:\Users\fast\AppData\Roaming\Mozilla\Firefox\Profiles\exvgfd5v.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2017-12-01]
FF Extension: (LastPass: Free Password Manager) - C:\Users\fast\AppData\Roaming\Mozilla\Firefox\Profiles\exvgfd5v.default\Extensions\support@lastpass.com.xpi [2017-11-29]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-30] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default [2017-12-19]
CHR Extension: (Slides) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-19]
CHR Extension: (YouTube) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-19]
CHR Extension: (Cleanflight - Blackbox Explorer) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahpidddaimdojnddnahjpnefajpheep [2017-03-29]
CHR Extension: (Alexa Traffic Rank) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2016-12-26]
CHR Extension: (Adobe Acrobat) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-25]
CHR Extension: (Cleanflight - Configurator) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\enacoimjcgeinfnnnpajinjgmkahmfgb [2017-07-30]
CHR Extension: (Sheets) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-19]
CHR Extension: (Open SEO Stats(Formerly: PageRank Status)) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn [2017-04-11]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-11-17]
CHR Extension: (Vortex - Configurator) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jelolponpnnidoojekihdojjdjphdeog [2017-11-09]
CHR Extension: (Private Internet Access) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplnlifepflhkbkgonidnobkakhmpnmh [2017-11-17]
CHR Extension: (Betaflight - Configurator) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdaghagfopacdngbohiknlhcocjccjao [2017-12-12]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2017-10-12]
CHR Extension: (Quick SEO - PageRank, Backlinks & Alexa Tool) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mimhmidgldhoghjoehfigallmmndjkef [2016-12-26]
CHR Extension: (Wikibuy) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-12-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-19]
CHR Extension: (Chrome Media Router) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-24]
CHR Profile: C:\Users\fast\AppData\Local\Google\Chrome\User Data\System Profile [2017-12-19]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1135088 2016-08-10] ()
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [121344 2017-02-21] (Dassault Systèmes) [File not signed]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4327376 2017-12-11] (SecureMix LLC)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [38328 2017-09-26] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-12-04] (SurfRight B.V.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4935304 2017-12-04] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation)
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2016-08-22] (Intuit Inc.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [339808 2017-01-05] (Acronis International GmbH)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [290528 2017-12-05] (SurfRight B.V.)
R3 hmpnet; C:\WINDOWS\system32\drivers\hmpnet.sys [93800 2017-12-05] (SurfRight B.V.)
U5 iaStorV; C:\Windows\System32\Drivers\iaStorV.sys [412064 2017-03-18] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-03-18] (Qualcomm Atheros, Inc.)
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [52832 2017-09-11] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-19] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R1 MpKsl40f36782; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E03983D-FED3-4D75-912D-E0AA5B992A82}\MpKsl40f36782.sys [58120 2017-12-19] (Microsoft Corporation)
S3 NMgamingmsFltr; C:\WINDOWS\system32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92992 2017-12-19] (Sysinternals - www.sysinternals.com)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 STTub30; C:\WINDOWS\System32\Drivers\STTub30.sys [44184 2012-07-20] (STMicroelectronics)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1049432 2017-01-05] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [202592 2017-01-05] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [581464 2017-01-05] (Acronis International GmbH)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [301408 2017-01-05] (Acronis International GmbH)
S3 vuhub; C:\WINDOWS\System32\drivers\vuhub.sys [47616 2007-12-16] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S3 cpuz140; \??\C:\Users\fast\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-19 11:23 - 2017-12-19 11:23 - 002392064 _____ (Farbar) C:\Users\fast\Downloads\FRST64.exe
2017-12-19 11:12 - 2017-12-19 11:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-12-19 10:13 - 2017-12-19 10:13 - 000998184 _____ C:\Users\fast\Downloads\LabelDownloadServlet (5).pdf
2017-12-19 02:24 - 2017-12-19 02:24 - 000001102 _____ C:\Users\fast\Downloads\WDSync_1.3.5949.26210 (1).zip - Shortcut.lnk
2017-12-19 02:00 - 2017-12-19 10:15 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-12-19 02:00 - 2017-12-19 02:00 - 000165725 _____ C:\Users\fast\Downloads\NewbergPavingBillInsertJuly20171sheet002 (1).pdf
2017-12-18 16:16 - 2017-12-18 16:16 - 000002310 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 11.lnk
2017-12-18 16:16 - 2017-12-18 16:16 - 000001290 _____ C:\Users\Public\Desktop\Adobe Premiere Elements 11.lnk
2017-12-18 16:04 - 2017-12-18 16:13 - 1252444663 _____ C:\Users\fast\Downloads\PremiereElements_11_WWEFDJ_win64 (1).7z
2017-12-18 16:00 - 2017-12-18 16:00 - 001270024 _____ (Adobe Systems Incorporated) C:\Users\fast\Downloads\PremiereElements_11_WWEFDJ_win64 (1).exe
2017-12-18 15:52 - 2017-12-19 03:05 - 000000000 ____D C:\Users\fast\Desktop\Adobe Premiere Elements Auto-Save (1)
2017-12-18 15:42 - 2017-12-18 15:50 - 079845118 _____ C:\Users\fast\Desktop\mike drive by and chase 12.12.17 12.18.17 - Copy.rar
2017-12-18 15:40 - 2017-12-18 15:37 - 145525181 _____ C:\Users\fast\Desktop\mike drive by and chase 12.12.17 12.18.17 - Copy.mp4
2017-12-18 15:11 - 2017-12-18 15:37 - 145525181 _____ C:\Users\fast\Desktop\mike drive by and chase 12.12.17 12.18.17.mp4
2017-12-18 14:11 - 2017-12-18 14:11 - 007515555 _____ C:\Users\fast\Downloads\2017_Catalog_1.0 (1).pdf
2017-12-18 11:17 - 2017-12-18 11:17 - 007515555 _____ C:\Users\fast\Downloads\2017_Catalog_1.0.pdf
2017-12-17 17:10 - 2017-12-17 17:10 - 000000000 ____D C:\Users\fast\AppData\Local\GlassWire
2017-12-17 13:35 - 2017-12-17 13:35 - 000001974 _____ C:\Users\Public\Desktop\GlassWire.lnk
2017-12-17 13:35 - 2017-12-17 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2017-12-17 13:35 - 2015-05-28 20:30 - 000008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2017-12-17 13:35 - 2015-05-28 20:15 - 000033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2017-12-17 13:34 - 2017-12-17 13:35 - 000000000 ____D C:\Program Files (x86)\GlassWire
2017-12-17 13:34 - 2017-12-17 13:34 - 000000000 ____D C:\ProgramData\GlassWire
2017-12-17 13:31 - 2017-12-17 13:31 - 035121240 _____ (SecureMix LLC) C:\Users\fast\Downloads\GlassWireSetup.exe
2017-12-17 02:23 - 2017-12-17 02:23 - 000326553 _____ C:\Users\fast\Downloads\LEO1 1 Kik_s Guide for Law Enforcement_November2017.pdf
2017-12-16 08:06 - 2017-12-17 19:56 - 000000000 ____D C:\Users\fast\Desktop\SysinternalsSuite (1)
2017-12-15 23:00 - 2017-12-17 08:25 - 000000000 ____D C:\WINDOWS\Panther
2017-12-15 14:39 - 2017-12-15 14:39 - 035121240 _____ (SecureMix LLC) C:\Users\fast\Downloads\GlassWireSetup (6).exe
2017-12-15 00:31 - 2017-12-15 00:31 - 000002025 _____ C:\Users\fast\Downloads\ca.rsa.2048 (2).crt
2017-12-15 00:11 - 2017-12-15 00:11 - 000001395 _____ C:\Users\fast\Downloads\ca.crt
2017-12-13 18:53 - 2017-12-13 18:53 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-12-13 09:56 - 2017-11-29 19:33 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-13 09:56 - 2017-11-29 19:33 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-13 09:56 - 2017-11-29 19:33 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-12-13 09:56 - 2017-11-29 19:29 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-13 09:56 - 2017-11-29 19:26 - 002647216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-13 09:56 - 2017-11-29 19:24 - 000870896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-13 09:56 - 2017-11-29 19:23 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-13 09:56 - 2017-11-29 19:23 - 001194248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-12-13 09:56 - 2017-11-29 19:00 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-13 09:56 - 2017-11-29 18:59 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-13 09:56 - 2017-11-29 18:58 - 006763128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-13 09:56 - 2017-11-29 18:58 - 000702032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-13 09:56 - 2017-11-29 18:57 - 001123968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-12-13 09:56 - 2017-11-29 18:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-12-13 09:56 - 2017-11-29 18:44 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-13 09:56 - 2017-11-29 18:44 - 019334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-13 09:56 - 2017-11-29 18:44 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-13 09:56 - 2017-11-29 18:44 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-13 09:56 - 2017-11-29 18:43 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-13 09:56 - 2017-11-29 18:43 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-12-13 09:56 - 2017-11-29 18:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-13 09:56 - 2017-11-29 18:42 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-13 09:56 - 2017-11-29 18:42 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-13 09:56 - 2017-11-29 18:42 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-13 09:56 - 2017-11-29 18:42 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-13 09:56 - 2017-11-29 18:42 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-13 09:56 - 2017-11-29 18:41 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-12-13 09:56 - 2017-11-29 18:41 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-13 09:56 - 2017-11-29 18:40 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-13 09:56 - 2017-11-29 18:40 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-13 09:56 - 2017-11-29 18:40 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-13 09:56 - 2017-11-29 18:40 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-13 09:56 - 2017-11-29 18:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-13 09:56 - 2017-11-29 18:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-13 09:56 - 2017-11-29 18:39 - 003206656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-13 09:56 - 2017-11-29 18:39 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-13 09:56 - 2017-11-29 18:38 - 008195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-13 09:56 - 2017-11-29 18:38 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-12-13 09:56 - 2017-11-29 18:38 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-12-13 09:56 - 2017-11-29 18:38 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-13 09:56 - 2017-11-29 18:37 - 006252544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-13 09:56 - 2017-11-29 18:37 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-13 09:56 - 2017-11-29 18:37 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-13 09:56 - 2017-11-29 18:36 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-12-13 09:56 - 2017-11-29 18:36 - 004726784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-13 09:56 - 2017-11-29 18:36 - 003652096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-13 09:56 - 2017-11-29 18:36 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-13 09:56 - 2017-11-29 18:36 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-12-13 09:56 - 2017-11-29 18:36 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-13 09:56 - 2017-11-29 18:36 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-13 09:56 - 2017-11-29 18:35 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-13 09:56 - 2017-11-29 18:34 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-12-13 09:56 - 2017-11-17 01:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-12-13 09:56 - 2017-11-17 01:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-12-13 09:56 - 2017-11-17 01:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-12-13 09:56 - 2017-11-17 01:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-13 09:56 - 2017-11-17 01:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-13 09:56 - 2017-11-17 01:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-12-13 09:56 - 2017-11-17 01:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-13 09:56 - 2017-11-17 01:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-13 09:56 - 2017-11-17 00:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-12-13 09:56 - 2017-11-17 00:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-13 09:55 - 2017-11-29 18:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-13 09:55 - 2017-11-29 18:44 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-13 09:55 - 2017-11-29 18:43 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-13 09:55 - 2017-11-29 18:42 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-12-13 09:55 - 2017-11-29 18:42 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-13 09:55 - 2017-11-29 18:41 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-12-13 09:55 - 2017-11-29 18:41 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-13 09:55 - 2017-11-29 18:41 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-13 09:55 - 2017-11-29 18:39 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-12-13 09:55 - 2017-11-29 18:38 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-13 09:55 - 2017-11-29 18:37 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-12-13 09:55 - 2017-11-29 18:36 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-12-13 09:55 - 2017-11-17 01:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-12-13 09:55 - 2017-11-17 01:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-12-13 03:29 - 2017-12-13 03:29 - 000002025 _____ C:\Users\fast\Downloads\ca.rsa.2048 (3).crt
2017-12-13 03:29 - 2017-12-13 03:29 - 000002025 _____ C:\Users\fast\Downloads\ca.rsa.2048 (1).crt
2017-12-13 03:22 - 2017-12-13 03:22 - 000002025 _____ C:\Users\fast\Downloads\ca.rsa.2048.crt
2017-12-12 11:07 - 2017-12-12 11:07 - 000424524 _____ C:\Users\fast\Downloads\syslog (20).txt
2017-12-12 05:30 - 2017-12-12 06:09 - 1312722531 _____ C:\Users\fast\Desktop\three different login psge shortcuts pages changed while compairing them 12.12.17 3.mp4
2017-12-12 05:30 - 2017-12-12 05:30 - 000029616 _____ C:\Users\fast\Desktop\ice_video_20171212-053012.mp4
2017-12-12 05:25 - 2017-12-12 05:25 - 000066300 _____ C:\Users\fast\Desktop\ice_video_20171212-052517.mp4
2017-12-12 04:41 - 2017-12-12 05:22 - 787741411 _____ C:\Users\fast\Desktop\Three login shortcuts chrome 2.mp4
2017-12-12 04:25 - 2017-12-12 04:32 - 367461900 _____ C:\Users\fast\Desktop\Three different asus login shoortcuts on chrome 12.12.17 1 .mp4
2017-12-12 00:07 - 2017-12-12 00:07 - 000393863 _____ C:\Users\fast\Downloads\syslog (19).txt
2017-12-11 23:58 - 2017-12-11 23:58 - 000008947 _____ C:\Users\fast\Desktop\ice_video_20171211-235829.mp4
2017-12-11 23:57 - 2017-12-11 23:58 - 048449771 _____ C:\Users\fast\Desktop\ice_video_20171211-235723.mp4
2017-12-11 11:36 - 2017-12-11 11:36 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-12-11 11:36 - 2017-12-11 11:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-12-11 11:36 - 2017-12-11 11:36 - 000000000 ____D C:\Program Files\iPod
2017-12-10 16:35 - 2017-12-10 16:35 - 000276615 _____ C:\Users\fast\Desktop\Installation - DD-WRT Wiki.pdf
2017-12-10 16:23 - 2017-12-10 21:38 - 000000000 ____D C:\Users\fast\Desktop\dd-wrt
2017-12-10 06:31 - 2017-12-10 06:31 - 000477381 _____ C:\Users\fast\Downloads\HERO5Session_UM_ENG_REVD_WEB.pdf
2017-12-10 06:04 - 2017-12-10 06:04 - 000000876 _____ C:\Users\Public\Desktop\Quik.lnk
2017-12-10 06:04 - 2017-12-10 06:04 - 000000000 ____D C:\Program Files\GoPro
2017-12-10 06:02 - 2017-12-10 06:02 - 163906312 _____ (GoPro, Inc.) C:\Users\fast\Downloads\GoPro_Quik-WinInstaller-2.5.0.290.exe
2017-12-10 05:49 - 2017-12-10 05:50 - 000000000 ____D C:\Users\fast\Desktop\100MEDIA
2017-12-09 14:12 - 2017-12-09 14:12 - 027582464 _____ C:\Users\fast\Downloads\asus_rt-ac68u-firmware.trx
2017-12-08 10:43 - 2017-12-08 10:43 - 004850531 _____ C:\Users\fast\Downloads\LabelDownloadServlet (4).pdf
2017-12-06 05:24 - 2017-12-06 05:24 - 460046224 _____ C:\Users\fast\Desktop\2 trees Ray's 12.6.17.rar
2017-12-06 05:22 - 2017-12-06 05:23 - 591918839 _____ C:\Users\fast\Desktop\2 trees Ray's 12.6.17.zip
2017-12-06 04:51 - 2017-12-06 05:08 - 772372902 _____ C:\Users\fast\Desktop\2 trees Ray's 12.6.17.mp4
2017-12-06 02:30 - 2017-12-06 02:30 - 000000290 _____ C:\Users\fast\Desktop\US West.ovpn
2017-12-06 02:25 - 2017-12-06 02:25 - 000015896 _____ C:\Users\fast\Downloads\openvpn-strong (1).zip
2017-12-05 15:44 - 2017-12-05 15:45 - 066642556 _____ C:\Users\fast\Desktop\google redirects.mp4
2017-12-05 05:36 - 2017-12-05 05:36 - 000020007 _____ C:\Users\fast\Downloads\syslog (18).txt
2017-12-05 05:08 - 2017-12-05 05:06 - 465481705 _____ C:\Users\fast\Desktop\12.05.17 UQF N.Grant W.Sheridan 04.44 - Copy.mp4
2017-12-05 04:58 - 2017-12-05 05:06 - 465481705 _____ C:\Users\fast\Desktop\12.05.17 UQF N.Grant W.Sheridan 04.44.mp4
2017-12-05 04:57 - 2017-12-05 04:58 - 023388107 _____ C:\Users\fast\Desktop\ice_video_20171205-045738.mp4
2017-12-05 04:18 - 2016-07-06 05:32 - 040280064 _____ C:\Users\fast\Desktop\RT-AC68U_3.0.0.4_380_3831-g93dfe8c.trx
2017-12-05 02:53 - 2017-12-05 02:53 - 007430358 _____ C:\Users\fast\Downloads\E9183_RT_AC68U_Manual (3).zip
2017-12-05 02:45 - 2017-12-05 02:45 - 000055658 _____ C:\Users\fast\Downloads\syslog (17).txt
2017-12-05 02:12 - 2017-12-05 02:12 - 000052336 _____ C:\Users\fast\Downloads\syslog (16).txt
2017-12-05 01:49 - 2017-12-05 01:49 - 000050477 _____ C:\Users\fast\Desktop\Defogger.exe
2017-12-05 00:04 - 2017-12-12 06:17 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-12-05 00:00 - 2017-12-19 11:23 - 000000000 ____D C:\WINDOWS\CryptoGuard
2017-12-05 00:00 - 2017-12-19 11:12 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2017-12-05 00:00 - 2017-12-05 00:00 - 001183368 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll
2017-12-05 00:00 - 2017-12-05 00:00 - 000829576 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll
2017-12-05 00:00 - 2017-12-05 00:00 - 000760528 _____ (Threatstar B.V.) C:\Users\fast\Downloads\hmpalert-test.exe
2017-12-05 00:00 - 2017-12-05 00:00 - 000290528 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys
2017-12-05 00:00 - 2017-12-05 00:00 - 000093800 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpnet.sys
2017-12-05 00:00 - 2017-12-05 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2017-12-05 00:00 - 2017-12-05 00:00 - 000000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2017-12-04 23:59 - 2017-12-04 23:59 - 004935304 _____ (SurfRight B.V.) C:\Users\fast\Downloads\hmpalert3.exe
2017-12-04 23:50 - 2017-12-06 03:58 - 000000000 ____D C:\Program Files\HitmanPro
2017-12-04 23:50 - 2017-12-04 23:55 - 000001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-12-04 23:50 - 2017-12-04 23:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-12-04 23:49 - 2017-12-19 11:11 - 000000000 ____D C:\ProgramData\HitmanPro
2017-12-04 23:49 - 2017-12-04 23:49 - 011584088 _____ (SurfRight B.V.) C:\Users\fast\Downloads\HitmanPro_x64.exe
2017-12-04 22:26 - 2017-12-04 23:10 - 1308589182 _____ C:\Users\fast\Desktop\ice_video_20171204-222626.m4a
2017-12-04 17:12 - 2017-12-04 17:15 - 000000000 ____D C:\Users\fast\Desktop\iphone
2017-12-04 17:12 - 2017-12-04 17:12 - 000000000 ____D C:\Users\fast\Desktop\New folder (8)
2017-12-03 23:44 - 2017-12-03 23:44 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2017-12-02 21:42 - 2017-12-02 21:42 - 000000016 _____ C:\Users\fast\Desktop\rout.txt
2017-12-02 13:51 - 2017-12-02 13:51 - 000000000 ____D C:\Users\fast\AppData\Local\nwjs
2017-12-01 04:04 - 2017-12-01 04:04 - 000000025 _____ C:\Users\fast\Desktop\r.txt
2017-12-01 02:30 - 2017-12-01 02:30 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3271275025-2158743644-2568987073-1000
2017-12-01 01:15 - 2017-12-01 01:15 - 000000004 _____ C:\Users\fast\Downloads\ftpquota
2017-11-30 22:45 - 2017-11-30 22:45 - 000440413 _____ C:\Users\fast\Downloads\syslog (15).txt
2017-11-30 19:20 - 2017-11-30 19:20 - 000426473 _____ C:\Users\fast\Downloads\syslog (14).txt
2017-11-30 18:12 - 2017-11-30 18:13 - 078346672 _____ (Malwarebytes ) C:\Users\fast\Downloads\mb3-setup-consumer-3.3.1.2183 (1).exe
2017-11-30 18:10 - 2017-12-19 11:12 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-30 18:10 - 2017-12-09 17:41 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-30 18:10 - 2017-11-30 18:10 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-30 18:10 - 2017-11-30 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-30 18:10 - 2017-11-30 18:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-30 18:10 - 2017-11-30 18:10 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-28 23:44 - 2017-11-28 23:44 - 000014052 _____ C:\Users\fast\Downloads\class-wp-hook (2).php
2017-11-28 23:43 - 2017-11-28 23:43 - 000014052 _____ C:\Users\fast\Downloads\class-wp-hook.php
2017-11-28 23:43 - 2017-11-28 23:43 - 000014052 _____ C:\Users\fast\Downloads\class-wp-hook (1).php
2017-11-28 23:34 - 2017-11-28 23:34 - 007306661 _____ C:\Users\fast\Downloads\error_log
2017-11-28 16:41 - 2017-11-28 16:41 - 000000000 ____D C:\Users\fast\AppData\Local\SolidDocuments
2017-11-28 14:30 - 2017-11-28 14:30 - 000048817 _____ C:\Users\fast\Desktop\Herc oven.pdf
2017-11-25 18:20 - 2017-11-25 18:27 - 351364500 _____ C:\Users\fast\Desktop\Mike yelling 11.25.17.mp4
2017-11-24 11:57 - 2017-11-24 11:57 - 003953096 _____ C:\Users\fast\Downloads\LabelDownloadServlet (3).pdf
2017-11-24 05:01 - 2017-11-24 05:01 - 000000000 ____D C:\Users\fast\AppData\Local\NVIDIA
2017-11-23 09:55 - 2017-11-23 09:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-11-23 09:55 - 2017-11-23 09:55 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-23 09:55 - 2017-10-27 08:06 - 000136312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-11-23 09:55 - 2017-09-13 15:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-11-23 09:55 - 2017-09-13 15:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-11-23 09:55 - 2017-09-13 15:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-11-23 09:55 - 2017-09-13 15:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-11-22 15:46 - 2017-11-23 03:34 - 000000000 ____D C:\Users\fast\Downloads\SysinternalsSuite (1)
2017-11-22 15:45 - 2017-11-22 15:45 - 023671636 _____ C:\Users\fast\Downloads\SysinternalsSuite (1).zip
2017-11-22 15:45 - 2017-11-22 15:45 - 000000000 _____ C:\Users\fast\Downloads\live.pdf
2017-11-22 15:34 - 2017-11-22 15:34 - 000000000 ____D C:\Users\fast\AppData\Local\Zemana
2017-11-22 15:34 - 2017-11-22 15:34 - 000000000 ____D C:\Users\fast\AppData\Local\AntiLogger Free
2017-11-22 05:13 - 2017-11-22 05:13 - 000002625 _____ C:\Users\fast\Downloads\FSS.txt
2017-11-22 05:03 - 2017-11-22 05:03 - 000035702 _____ C:\Users\fast\Downloads\MTB.txt
2017-11-22 04:55 - 2017-11-22 04:55 - 000291606 _____ C:\Users\fast\Downloads\TCPView (1).zip
2017-11-22 02:45 - 2017-11-22 02:45 - 000278436 _____ C:\Users\fast\Downloads\syslog (13).txt
2017-11-21 17:38 - 2017-11-21 17:38 - 000455721 _____ C:\Users\fast\Downloads\syslog (12).txt
2017-11-19 23:24 - 2017-11-19 23:24 - 007430358 _____ C:\Users\fast\Downloads\E9183_RT_AC68U_Manual (2).zip
2017-11-19 15:22 - 2017-11-19 15:22 - 000447489 _____ C:\Users\fast\Downloads\syslog (11).txt
2017-11-19 15:22 - 2017-11-19 15:22 - 000447310 _____ C:\Users\fast\Downloads\syslog (10).txt
2017-11-19 05:50 - 2017-11-19 05:57 - 000000000 ____D C:\Users\fast\Desktop\jenny text
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-19 11:24 - 2017-05-07 22:11 - 000027719 _____ C:\Users\fast\Downloads\FRST.txt
2017-12-19 11:24 - 2015-06-26 03:09 - 000000000 ____D C:\FRST
2017-12-19 11:16 - 2017-05-15 15:44 - 000946450 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-19 11:14 - 2017-02-06 01:55 - 000092992 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2017-12-19 11:12 - 2017-05-15 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-19 11:12 - 2017-05-15 15:40 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-12-19 11:12 - 2017-02-24 01:31 - 000008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2017-12-19 11:12 - 2016-12-19 03:32 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-19 11:11 - 2017-03-18 03:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-12-19 11:00 - 2017-05-15 15:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-19 02:48 - 2017-06-30 04:16 - 000000000 ____D C:\Users\fast\AppData\Roaming\vlc
2017-12-19 02:39 - 2017-02-14 02:14 - 000000000 ____D C:\Users\fast\AppData\Local\CrashDumps
2017-12-19 02:35 - 2017-03-18 13:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-19 02:34 - 2017-03-18 13:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-19 02:33 - 2016-12-19 15:26 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-19 02:11 - 2017-05-15 15:39 - 008049312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-19 02:00 - 2016-12-26 23:00 - 000000000 ____D C:\Users\fast\AppData\Local\Adobe
2017-12-18 16:06 - 2017-05-09 14:02 - 000000000 ____D C:\Users\fast\Desktop\Adobe Premiere Elements 11
2017-12-18 16:03 - 2017-11-16 07:40 - 000000000 ____D C:\Users\fast\Desktop\11.16.17 sum funny
2017-12-18 15:04 - 2017-05-15 15:45 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{70FAAAED-09CA-45C8-87FA-CE8ED3DED6FC}
2017-12-17 19:53 - 2017-03-18 13:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-17 19:53 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-17 19:53 - 2016-12-19 04:12 - 000000000 ____D C:\Users\fast\AppData\Local\Packages
2017-12-17 08:24 - 2017-03-18 03:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-12-17 08:22 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\registration
2017-12-17 08:21 - 2017-05-15 15:45 - 000017148 _____ C:\WINDOWS\diagwrn.xml
2017-12-17 08:21 - 2017-05-15 15:45 - 000017148 _____ C:\WINDOWS\diagerr.xml
2017-12-17 08:19 - 2017-09-29 07:05 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-17 03:26 - 2015-09-10 08:32 - 000000000 ___RD C:\Users\fast\OneDrive
2017-12-17 03:23 - 2017-01-09 05:06 - 000007628 _____ C:\Users\fast\AppData\Local\Resmon.ResmonCfg
2017-12-17 03:21 - 2017-05-11 16:09 - 000000000 ____D C:\Program Files\UNP
2017-12-16 20:54 - 2016-12-19 04:37 - 000000000 ____D C:\Users\fast\AppData\Roaming\Video Client
2017-12-16 18:03 - 2015-06-29 05:50 - 000000000 ____D C:\VIPRERESCUE
2017-12-16 13:21 - 2017-11-03 10:47 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-12-16 13:21 - 2017-01-05 06:37 - 000000000 ____D C:\Program Files\CCleaner
2017-12-16 08:01 - 2017-10-24 22:07 - 000000000 ____D C:\Users\fast\Desktop\jenny folder of folders
2017-12-16 07:25 - 2017-06-11 02:32 - 000000000 ____D C:\Program Files (x86)\ShadowExplorer
2017-12-15 23:35 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-15 10:01 - 2017-06-15 23:37 - 000004596 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-15 10:01 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-15 10:01 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-14 17:54 - 2016-12-11 02:00 - 000000000 ____D C:\Users\fast\AppData\LocalLow\Mozilla
2017-12-14 11:18 - 2017-06-07 02:06 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-14 11:18 - 2017-06-07 02:06 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-13 19:40 - 2015-09-10 08:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-13 19:09 - 2017-03-18 12:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-13 18:53 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-13 09:59 - 2016-12-19 13:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-13 09:57 - 2017-10-10 21:15 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-13 09:57 - 2016-12-19 13:31 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-11 15:13 - 2017-05-07 22:12 - 000062517 _____ C:\Users\fast\Downloads\Addition.txt
2017-12-11 11:36 - 2017-06-24 17:27 - 000000000 ____D C:\Program Files\iTunes
2017-12-10 06:04 - 2017-07-30 18:14 - 000000000 ____D C:\Users\fast\AppData\Local\GoPro
2017-12-10 06:04 - 2017-07-30 18:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
2017-12-10 06:04 - 2016-12-25 13:04 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-07 05:42 - 2017-11-12 19:16 - 000002650 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-12-05 15:52 - 2016-12-19 04:25 - 000000000 ____D C:\Users\fast\AppData\Local\ElevatedDiagnostics
2017-12-04 17:36 - 2017-04-30 09:18 - 000000000 ____D C:\Users\fast\Desktop\jenny bishop
2017-12-04 17:11 - 2017-01-11 10:27 - 000000000 ____D C:\Users\fast\Desktop\Dean Reese Attachments
2017-12-04 17:10 - 2016-12-25 13:06 - 000000000 ____D C:\Users\fast\AppData\Local\Wide Angle Software
2017-12-02 21:43 - 2016-12-19 22:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-02 21:43 - 2016-12-19 22:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-01 18:25 - 2017-03-18 13:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-01 18:25 - 2017-03-18 13:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-01 13:52 - 2016-12-19 22:20 - 000000000 ____D C:\Users\fast\AppData\Roaming\Mozilla
2017-12-01 13:51 - 2016-12-19 22:20 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-01 02:01 - 2017-02-24 06:52 - 000000000 ____D C:\Users\fast\Desktop\CP210x_Windows_Drivers (3)
2017-11-29 14:27 - 2017-01-18 00:49 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-11-24 08:47 - 2017-07-03 05:12 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-23 09:55 - 2017-05-15 15:40 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-23 09:54 - 2017-05-15 15:40 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-23 09:50 - 2016-12-19 13:32 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-23 06:21 - 2016-07-13 11:31 - 013499843 _____ C:\Users\fast\Desktop\Hydrant zip.rar
2017-11-23 03:35 - 2017-05-15 15:40 - 000000000 ____D C:\Users\fast
2017-11-23 03:34 - 2017-05-15 15:40 - 000000000 ____D C:\Users\DefaultAppPool
2017-11-23 03:34 - 2017-05-15 15:40 - 000000000 ____D C:\Users\Administrator
2017-11-23 03:34 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\Help
2017-11-23 03:33 - 2017-05-15 15:40 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-11-22 05:17 - 2017-05-07 22:12 - 000085666 _____ C:\Users\fast\Downloads\Shortcut.txt
 
==================== Files in the root of some directories =======
 
2015-08-28 12:31 - 2015-08-28 12:31 - 016790552 _____ (LastPass) C:\Users\fast\lastpass_x64 (1).exe
2015-08-28 11:30 - 2015-08-28 11:30 - 016790552 _____ (LastPass) C:\Users\fast\lastpass_x64.exe
2016-12-19 04:39 - 2016-12-19 04:39 - 000000000 _____ () C:\Users\fast\AppData\Roaming\RSDevID.fig
2016-12-19 04:39 - 2016-12-19 04:39 - 000000000 _____ () C:\Users\fast\AppData\Roaming\RSIpAndPort.fig
2017-01-09 05:06 - 2017-12-17 03:23 - 000007628 _____ () C:\Users\fast\AppData\Local\Resmon.ResmonCfg
2017-06-02 09:54 - 2017-06-02 09:54 - 000000000 _____ () C:\Users\fast\AppData\Local\{064075C5-F94F-49B1-8F47-1C81D5D7D483}
 
Some files in TEMP:
====================
2017-12-19 11:13 - 2017-12-19 11:13 - 001174688 ____H (Sysinternals - www.sysinternals.com) C:\Users\fast\AppData\Local\Temp\Procmon64.exe
2017-12-18 16:16 - 2017-12-18 16:14 - 000111104 _____ () C:\Users\fast\AppData\Local\Temp\readSTILog.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-12-18 16:09
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by fast (19-12-2017 11:24:56)
Running from C:\Users\fast\Downloads
Windows 10 Pro Version 1703 15063.786 (X64) (2017-05-15 23:47:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3271275025-2158743644-2568987073-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3271275025-2158743644-2568987073-503 - Limited - Disabled)
fast (S-1-5-21-3271275025-2158743644-2568987073-1000 - Administrator - Enabled) => C:\Users\fast
Guest (S-1-5-21-3271275025-2158743644-2568987073-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3271275025-2158743644-2568987073-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acronis True Image WD Edition (HKLM-x32\...\{2827436B-605A-4DF5-AE1D-41486BE4FEF7}) (Version: 19.0.32 - Acronis)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (HKLM\...\{66CF1DF9-1715-4325-89BC-76B1CA2EE3BE}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F1D83CEA-2855-4224-9935-D981785AA75D}) (Version: 6.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{E2A6344A-45BF-47A0-9AE1-848325E7FD88}) (Version: 6.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Cleanflight Blackbox Explorer 1.2.1 (only current user) (HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\ef86af50-7bb5-54f9-bc93-d0c9b5f3046c) (Version: 1.2.1 - Nicholas Sherlock)
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DraftSight 2017 SP1 x64 (HKLM\...\{B1574FBB-7FFA-47A8-8AB9-8819E5B05277}) (Version: 17.1.0096 - Dassault Systemes)
DvrClient (HKLM-x32\...\{3B25FE53-D528-42E7-83D8-226C8D81A276}) (Version: 1.2.43 - DVR Soft)
Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.25.1 (HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\FileZilla Client) (Version: 3.25.1 - Tim Kosse)
GitHub (HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\5f7eb300e2ea4ebf) (Version: 3.3.4.0 - GitHub, Inc.)
GlassWire 2.0 (remove only) (HKLM-x32\...\GlassWire 2.0) (Version: 2.0.78 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoPro Studio (HKLM-x32\...\{BE06FF1A-83A0-42F2-913E-6E405393145C}) (Version: 5.12.5383 - GoPro, Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.7.1.723 - SurfRight B.V.)
HP Officejet Pro 8620 Basic Device Software (HKLM\...\{A977D10D-989A-40D4-B0B1-450954516543}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Help (HKLM-x32\...\{9A4D71AB-9C68-4702-A4A2-A4DB7B0FE270}) (Version: 32.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.8.47.1 - HP Inc.)
Icecream Screen Recorder version 4.58 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 4.58 - Icecream Apps)
ImmersionRCTools (HKLM-x32\...\{05DC77D4-5AAE-4A45-A421-92250D43A61A}) (Version: 1.42.5 - ImmersionRC)
iTunes (HKLM\...\{BE8F64BA-7E51-4FB8-AE03-04C7200043A2}) (Version: 12.7.2.58 - Apple Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{7FFF0385-BD04-4047-AA1D-6146A391FD0A}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{8CE29F52-8FAF-4CFD-89E8-B2D61A6800B1}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
MSIChecker (HKLM-x32\...\{C9D43B38-34AD-4EC2-B696-46F42D49D174}) (Version: 20.00.0000 - UPS) Hidden
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
OpenTX Companion 2.1 (HKLM-x32\...\OpenTX Companion 2.1) (Version:  - OpenTX)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PRE11 STI 64Installer (HKLM-x32\...\{B614E5FA-6DA4-45A1-845C-52F870240A89}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickBooks (HKLM-x32\...\{B52E01F1-D34E-4381-B590-28DFF3C0B647}) (Version: 27.0.4007.2702 - Intuit Inc.) Hidden
QuickBooks Pro 2017 (HKLM-x32\...\{82F55A7D-6BEB-436B-A1DC-586E113782D7}) (Version: 27.0.4001.2702 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Quik (HKLM\...\{D6D98E38-D75D-4E9C-916E-F68ED43A1F2F}) (Version: 0.1.290 - GoPro, Inc.) Hidden
Quik (HKLM-x32\...\{ed4c22dc-8424-496a-8732-a71d56b4b1cd}) (Version: 2.5.0.290 - GoPro, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncFileSetup (x86) (HKLM-x32\...\{04848A0A-02B1-4703-B15D-6E7DCF95FB84}) (Version: 1.3.5949.26210 - Western Digital Technologies, Inc) Hidden
System (HKLM-x32\...\{DB2C58E0-6284-4B48-97F2-22A980B6360B}) (Version: 20.00.0000 - UPS) Hidden
TouchCopy 16 (HKLM\...\{D1690886-FD6E-4218-8270-8EDC82E1EBB5}) (Version: 16.26 - Wide Angle Software) Hidden
TouchCopy 16 (HKLM\...\TouchCopy 16 16.26) (Version: 16.26 - Wide Angle Software)
UPSVC2013MM (HKLM-x32\...\{D99432A9-099D-4DF0-B3BA-41562C3F8B4C}) (Version: 19.00.0000 - Your Company Name) Hidden
Video Player (HKLM-x32\...\{A47656D1-D0BA-4179-A964-152F7A0BB960}) (Version: 1.2.14 - DVR Soft) <==== ATTENTION
Virtual Com port driver V1.4.0 (HKLM-x32\...\{AF0ACDD1-3842-47C7-B153-B8DB92CDA42D}) (Version: 1.4.0 - STMicroelectronics)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WD Access (HKLM-x32\...\{046643f7-6206-46bb-8968-92c37fee39e0}) (Version: 1.4.5949.29996 - Western Digital Technologies, Inc.)
WD Access (HKLM-x32\...\{C0624809-D60D-4AFF-8AF3-9452125AF4C1}) (Version: 1.4.5949.29996 - Western Digital Technologies, Inc) Hidden
WD Quick View (HKLM-x32\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{515B34CA-1229-4EDA-AE7C-53CBA68B8A7A}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD Sync (HKLM-x32\...\{0d591303-bbc5-4645-a03b-1c3f75f1a762}) (Version: 1.3.5949.26210 - Western Digital Technologies, Inc.)
Windows Driver Package - ImmersionRC (MCHPUSB) CustomUSBDevices  (12/19/2011 2.0.0.0) (HKLM\...\86A4AFE28A0BA839E95EB2F74FBA6D10DFE543AF) (Version: 12/19/2011 2.0.0.0 - ImmersionRC)
Windows Driver Package - ImmersionRC.com (usbser) Ports  (03/03/2013 6.0.2600.9) (HKLM\...\DC2FFDD64E548051DF8A03BF6C48B818B69FB4C2) (Version: 03/03/2013 6.0.2600.9 - ImmersionRC.com)
Windows Driver Package - STMicroelectronics (usbser) Ports  (08/02/2013 1.4.0) (HKLM\...\04B4996F06620A7ECFBFE8F9BCC458F9761E39F7) (Version: 08/02/2013 1.4.0 - STMicroelectronics)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3271275025-2158743644-2568987073-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-EBAC60ACEF87}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3271275025-2158743644-2568987073-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [HitmanPro] -> {D7CF1AF8-E2AD-4DA4-ACE5-77F8A58AB71D} => C:\Program Files\HitmanPro\hmpshext.dll [2017-12-06] (SurfRight B.V.)
ContextMenuHandlers1-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [2015-11-11] (Acronis)
ContextMenuHandlers1-x32: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers1-x32: [WDSyncContextMenuHandler] -> {5A51BDCB-F8C2-4698-B79C-A77DF0AA466B} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} =>  -> No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers4: [HitmanPro] -> {D7CF1AF8-E2AD-4DA4-ACE5-77F8A58AB71D} => C:\Program Files\HitmanPro\hmpshext.dll [2017-12-06] (SurfRight B.V.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
ContextMenuHandlers6-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [2015-11-11] (Acronis)
ContextMenuHandlers6-x32: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers6-x32: [WDSyncContextMenuHandler] -> {5A51BDCB-F8C2-4698-B79C-A77DF0AA466B} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14DF0ECA-A827-4EA1-86C3-BDC0DCD491AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {1CA14838-3A52-4157-8516-9CAB9997D42F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {1D4614E7-F1B4-4D2E-8468-4C699C91786B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {1ECFD12B-C0B6-473B-A31C-5C7FB5D2EA3C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {27A5DD99-469D-4F67-9D93-37EE52DB097C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {28A6A04B-7AFD-4750-9EF6-B532C8AE77D1} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2017-11-18] ()
Task: {3477EEEB-89D8-4917-836B-68776CCE9633} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-07] (Google Inc.)
Task: {386ED653-3AA0-4B67-BEE4-303C38DF94F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {49E7E4C2-3CD2-488B-AA7B-ED57DEFDBE6E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-01] (Piriform Ltd)
Task: {5635F39D-CFFC-49B9-B1DD-B85393735A80} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {59C5D6DE-C346-4459-BDBB-8AEC6AE19924} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {7BFF4012-A8D3-476E-970A-F66A228D6F29} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-19] (Microsoft Corporation)
Task: {8376EF4F-2A27-4DA3-B514-00E1EB76D1F5} - System32\Tasks\AdobeAAMUpdater-1.0-ANONYMOUS-FAST-fast => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {978DB967-EC90-4AC1-A918-8F8C8FF26A0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-07] (Google Inc.)
Task: {9BEF0ABA-923D-485C-B1FA-0A3099C060F9} - System32\Tasks\S-1-5-21-3271275025-2158743644-2568987073-1000\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-11-01] (Microsoft Corporation)
Task: {A92F4478-64D0-439C-86B6-74A9FB50C155} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe [2017-03-07] ()
Task: {B4CE6523-9447-4F0E-95DC-FA006727F9E1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-28] (AVAST Software)
Task: {BE728943-3C22-4B43-82FE-B59010342A64} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {C201A2AA-22D7-426D-AE49-CB76A2218BB2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {D106FB94-D9D0-43DB-9AFF-B711FEC31385} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-15] (Adobe Systems Incorporated)
Task: {E8B8A34F-AA85-4F7A-851C-0FC021A8E347} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-15] (Adobe Systems Incorporated)
Task: {E9B10837-6614-4991-B188-24AF2224216C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {F2C59882-B771-4DEB-8475-2EBBB425CEC6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {F7233865-5847-40EB-924E-86D40910F630} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\fast\Desktop\Anoncloud - Shortcut.lnk -> hxxp://192.168.1.4
 
ShortcutWithArgument: C:\Users\fast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\82b5a7cb74201c3\Betaflight - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kdaghagfopacdngbohiknlhcocjccjao
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-18 12:58 - 2017-03-18 12:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-12-19 12:47 - 2017-11-18 01:16 - 008327811 _____ () C:\Program Files\pia_manager\pia_manager.exe
2016-10-25 08:57 - 2016-10-25 08:57 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-03-18 12:59 - 2017-03-18 18:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-28 01:45 - 2017-11-28 01:45 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll
2016-12-19 12:47 - 2017-11-18 01:16 - 000693248 _____ () C:\Program Files\pia_manager\openvpn.exe
2016-12-19 12:47 - 2017-11-18 01:16 - 000196383 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2016-12-19 12:47 - 2017-11-18 01:16 - 000110946 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2016-12-19 12:47 - 2017-11-18 01:16 - 000144896 _____ () C:\Program Files\pia_manager\pia-openvpn.dll
2013-03-23 10:14 - 2013-03-23 10:14 - 002993664 _____ () C:\Program Files (x86)\DVR Soft\DvrClient\DvrClient.exe
2017-12-14 11:18 - 2017-12-05 20:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
2017-12-14 11:18 - 2017-12-05 20:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
2017-12-11 05:05 - 2017-12-11 05:05 - 000180688 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
2017-12-19 11:12 - 2017-12-19 11:12 - 000012800 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000010240 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000014848 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000028672 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000094208 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\src\bin\rgloader\rgloader193.mswin.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000124416 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000009216 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000131584 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000088576 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000016896 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000127316 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\bin\libffi-6.dll
2017-12-19 11:12 - 2017-12-19 11:12 - 000009216 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000013824 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000095744 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000028672 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.3-universal-mingw32\lib\win32\ruby19\win32\api.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000012800 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000010240 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000014848 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000028672 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000094208 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\src\bin\rgloader\rgloader193.mswin.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000124416 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000071680 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000091648 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\bin\zlib1.dll
2017-12-19 11:12 - 2017-12-19 11:12 - 000287744 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000016384 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000008192 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000009216 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000024576 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000009216 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000009216 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000008704 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000008704 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000040960 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000131584 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000088576 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000016896 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000127316 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\bin\libffi-6.dll
2017-12-19 11:12 - 2017-12-19 11:12 - 000013824 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000095744 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000028672 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.3-universal-mingw32\lib\win32\ruby19\win32\api.so
2017-11-18 01:16 - 2017-11-18 01:16 - 000939520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\ffmpeg.dll
2017-11-18 01:16 - 2017-11-18 01:16 - 003115520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\node.dll
2013-03-22 18:11 - 2013-03-22 18:11 - 000177664 _____ () C:\Program Files (x86)\DVR Soft\DvrClient\RSNet.dll
2013-03-22 18:12 - 2013-03-22 18:12 - 000528384 _____ () C:\Program Files (x86)\DVR Soft\DvrClient\RSPlay.dll
2013-01-15 16:31 - 2013-01-15 16:31 - 001089630 _____ () C:\Program Files (x86)\DVR Soft\DvrClient\PlayCtrl.dll
2013-01-15 16:31 - 2013-01-15 16:31 - 000802866 _____ () C:\Program Files (x86)\DVR Soft\DvrClient\HCNetSDK.dll
2013-01-15 16:31 - 2013-01-15 16:31 - 000151607 _____ () C:\Program Files (x86)\DVR Soft\DvrClient\hpr.dll
2013-01-15 16:31 - 2013-01-15 16:31 - 000376832 _____ () C:\Program Files (x86)\DVR Soft\DvrClient\hi_h264dec_w1.dll
2013-01-15 16:31 - 2013-01-15 16:31 - 000100366 _____ () C:\Program Files (x86)\DVR Soft\DvrClient\avutil-51.dll
2013-01-15 16:31 - 2013-01-15 16:31 - 001053198 _____ () C:\Program Files (x86)\DVR Soft\DvrClient\avcodec-53.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\fast\AppData\Local\0L2VQURo:1JGpo4JofK1mMUuAoR5zhtHF9m8 [1854]
AlternateDataStreams: C:\Users\fast\AppData\Local\Temp:V0NCD0ePsaXR2hCOnU7d [2316]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-12-19 03:27 - 2017-11-12 19:15 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\fast\Desktop\igor-10january1720433943-2.gif
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "GoPro Tray App"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "WDAppManager"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKLM\...\StartupApproved\Run32: => "CA MDM Offline Schedule Monitor"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "MMTray"
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\StartupApproved\Run: => "OPENVPN-GUI"
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\StartupApproved\Run: => "HP Officejet Pro 8620 (NET)"
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{94A54FB5-E18C-4752-9624-EFBD3A51AA1C}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{6254649C-6F2D-40AB-A1AA-12E857B409F7}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [TCP Query User{1B135060-92D8-4D3F-8685-E67B5BC8B51D}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{A72282AD-4905-4A25-8EB7-5F21E27631FD}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{75DEC741-316E-4D94-B14F-F76C59AFB31B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{51C40D3F-0ACD-47ED-9A59-E48B23CE56EF}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{CA40DE20-74FA-4F30-AB44-7D5E44AABEC3}] => (Allow) c:\program files (x86)\glasswire\gwctlsrv.exe
FirewallRules: [{CCF5EDB8-DF1D-4622-9F16-C6E29C7EF6F4}] => (Allow) c:\program files (x86)\glasswire\gwctlsrv.exe
FirewallRules: [{282D2600-F509-4BCD-9B64-35DF5F9CE1A8}] => (Allow) c:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{71F39C51-7697-44B4-8AE7-7ACF7442D4C3}] => (Allow) c:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{0295E121-A20B-4CEF-8AED-58EF7FF76241}] => (Allow) c:\program files (x86)\hitmanpro.alert\hmpalert.exe
FirewallRules: [{267519BA-7DAD-4DA1-8CBB-E4F1A71D5488}] => (Allow) c:\program files (x86)\hitmanpro.alert\hmpalert.exe
FirewallRules: [{1F8BFE44-7230-4D35-8FA6-A6A37B0C9853}] => (Allow) c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe
FirewallRules: [{4A3E19EA-23EE-4DDA-B7E9-532CB2799374}] => (Allow) c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe
FirewallRules: [{8B7A1D33-DD06-49AA-90EA-75A3FC9F05A2}] => (Allow) c:\users\fast\appdata\local\temp\ocrf8d6.tmp\bin\rubyw.exe
FirewallRules: [{BA5B47E3-A675-41DF-B8C5-2701EE0A73D7}] => (Allow) c:\users\fast\appdata\local\temp\ocrf8d6.tmp\bin\rubyw.exe
FirewallRules: [{6DF2385F-88FB-4547-932E-C06C55F4D6D2}] => (Allow) c:\windows\system32\msfeedssync.exe
FirewallRules: [{D60A12AE-15FC-40DC-81D8-F41A576FA95C}] => (Allow) c:\windows\system32\msfeedssync.exe
FirewallRules: [{A1FE2AD4-FAC0-49E2-9015-B8C9273D3404}] => (Allow) c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe
FirewallRules: [{B79D581F-2CB3-45DC-9C17-BFA8E350D846}] => (Allow) c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe
FirewallRules: [{A64786C1-E7BC-4BAC-BFE2-F4BDB57D3375}] => (Allow) c:\windows\system32\wifitask.exe
FirewallRules: [{003178EE-08A0-4E11-ABC0-CD89F7A3E25B}] => (Allow) c:\windows\system32\wifitask.exe
FirewallRules: [{40F61951-6CC7-4D94-B824-590C3F5098B9}] => (Allow) c:\program files\malwarebytes\anti-malware\mbamservice.exe
FirewallRules: [{E5B9D5D0-EC03-4366-9270-43805483D038}] => (Allow) c:\program files\malwarebytes\anti-malware\mbamservice.exe
FirewallRules: [{C58E43C2-C010-4240-A91A-6F52B65B7347}] => (Allow) c:\program files\bonjour\mdnsresponder.exe
FirewallRules: [{C92BED38-26B9-49E0-A867-037FD521C616}] => (Allow) c:\program files\bonjour\mdnsresponder.exe
FirewallRules: [{F48C014E-62A7-4B70-ACE9-003B02BAD446}] => (Block) c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
FirewallRules: [{42DC8570-6030-4DEB-A16D-8915A8B2F74E}] => (Block) c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
FirewallRules: [{1708CF57-C573-4039-AA1F-527BB4D9D04C}] => (Allow) c:\program files\pia_manager\openvpn.exe
FirewallRules: [{7CE0D480-4BC2-41BF-90CF-058A1339DE7B}] => (Allow) c:\program files\pia_manager\openvpn.exe
FirewallRules: [{5B9447D5-E5A9-45A8-A8DC-47738FF5B351}] => (Allow) c:\program files (x86)\dvr soft\dvrclient\dvrclient.exe
FirewallRules: [{0028A325-55E7-437D-BD36-AF2359CA108F}] => (Allow) c:\program files (x86)\dvr soft\dvrclient\dvrclient.exe
FirewallRules: [{26455615-BC4B-4B19-B971-57C51D637C27}] => (Allow) c:\windows\system32\backgroundtaskhost.exe
FirewallRules: [{0D089758-B002-4970-9864-AB3D96D24C04}] => (Allow) c:\windows\system32\backgroundtaskhost.exe
FirewallRules: [{3CFE0CCD-7607-43B7-AAF0-BCF6ACBB5C15}] => (Block) c:\program files (x86)\google\update\googleupdate.exe
FirewallRules: [{C6B22704-E3F3-4C87-86AD-659E04FE1C65}] => (Block) c:\program files (x86)\google\update\googleupdate.exe
FirewallRules: [{60444B47-E6E2-40EE-AB86-AFFDC5E65262}] => (Allow) c:\windows\system32\wermgr.exe
FirewallRules: [{501933BB-9BCD-49D3-AEBE-42E4F2627A97}] => (Allow) c:\windows\system32\wermgr.exe
FirewallRules: [{1B33FE94-DF82-432D-B1C3-D32B4D6DBD42}] => (Allow) c:\program files\malwarebytes\anti-malware\mbamtray.exe
FirewallRules: [{FD140982-7BC2-454D-9823-309DDCB49471}] => (Allow) c:\program files\malwarebytes\anti-malware\mbamtray.exe
FirewallRules: [{785D488A-F3FC-4EFF-ABC0-06624F887BFF}] => (Allow) c:\program files (x86)\microsoft office\root\office16\outlook.exe
FirewallRules: [{D75131B0-69EC-4CD0-AFAD-F32F1A9B78DF}] => (Allow) c:\program files (x86)\microsoft office\root\office16\outlook.exe
FirewallRules: [{AF98F1C2-C90B-4605-9175-0B93D8B2779F}] => (Allow) c:\windows\syswow64\searchprotocolhost.exe
FirewallRules: [{A59309B8-D973-4504-9965-A182BF2D8F85}] => (Allow) c:\windows\syswow64\searchprotocolhost.exe
FirewallRules: [{59A9C38B-EC02-428A-A027-D8C312D08B5F}] => (Allow) c:\users\fast\appdata\local\temp\ocr8ecf.tmp\bin\rubyw.exe
FirewallRules: [{C1B197DC-732A-4A28-86A2-19890470FD4F}] => (Allow) c:\users\fast\appdata\local\temp\ocr8ecf.tmp\bin\rubyw.exe
FirewallRules: [{A74521F9-4DA6-4280-B6B4-0140B098C75F}] => (Allow) c:\program files\hitmanpro\hitmanpro.exe
FirewallRules: [{3B646189-34E4-4661-82EC-453D7124F5BB}] => (Allow) c:\program files\hitmanpro\hitmanpro.exe
FirewallRules: [{1EAAD780-03C9-4B54-AC2A-A5AB9B124325}] => (Allow) c:\program files\ccleaner\ccleaner64.exe
FirewallRules: [{C908CDC5-4737-42E3-802E-8DC3C1748574}] => (Allow) c:\program files\ccleaner\ccleaner64.exe
FirewallRules: [{A56E0672-3691-448B-A08B-F780E3669484}] => (Allow) c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe
FirewallRules: [{1F99CAF1-6080-49A9-9477-089494544162}] => (Allow) c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe
FirewallRules: [{FD7E13B0-33DC-4CDC-86B2-91670CF340AD}] => (Allow) c:\program files\winrar\winrar.exe
FirewallRules: [{7EC85604-A7AB-442A-B113-DB78985E3791}] => (Allow) c:\program files\winrar\winrar.exe
FirewallRules: [{5420682C-4018-4DEE-B9C2-EB14AC62F8E0}] => (Allow) c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe
FirewallRules: [{7C201274-DA34-4335-A1AA-73E23497A3F4}] => (Allow) c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe
FirewallRules: [{E4EFA8F0-B238-4C8E-A76B-6E7359A8EA89}] => (Allow) c:\users\fast\desktop\sysinternalssuite (1)\procexp64.exe
FirewallRules: [{BF789FD6-E8F6-49B7-83A1-F462B8130E0E}] => (Allow) c:\users\fast\desktop\sysinternalssuite (1)\procexp64.exe
FirewallRules: [{A84D47A6-5CCA-4F71-98CC-148E5C49539A}] => (Allow) c:\windows\system32\sihclient.exe
FirewallRules: [{60C24B97-50F0-45FC-A81D-A6D329DA0AE1}] => (Allow) c:\windows\system32\sihclient.exe
FirewallRules: [{D02CD6F1-AFB1-429A-AB28-BEB4F22CE4FA}] => (Allow) c:\windows\system32\compattelrunner.exe
FirewallRules: [{EC66000A-6411-445E-95C8-0B01E973AAA3}] => (Allow) c:\windows\system32\compattelrunner.exe
FirewallRules: [{C4AA7F04-6156-4263-8A39-19EBD0063D9E}] => (Allow) c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\aam updates notifier.exe
FirewallRules: [{BA74D374-8904-478A-B901-0F281FE7E6B9}] => (Allow) c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\aam updates notifier.exe
FirewallRules: [{615C01D4-55D7-402E-A726-C01EAC1BFC52}] => (Allow) c:\program files (x86)\common files\adobe\adobegcclient\adobegcclient.exe
FirewallRules: [{76C776A5-0CB0-4F98-A23B-91114ABA160D}] => (Allow) c:\program files (x86)\common files\adobe\adobegcclient\adobegcclient.exe
FirewallRules: [{1B97D468-C1FB-46B2-B389-2FFFFF4C6621}] => (Allow) c:\windows\system32\speech_onecore\common\speechmodeldownload.exe
FirewallRules: [{FF59BF08-9C5B-4DCA-B43B-EC9286672647}] => (Allow) c:\windows\system32\speech_onecore\common\speechmodeldownload.exe
FirewallRules: [{7C4795F0-9C87-4012-BD81-27FCCE383BE4}] => (Allow) c:\windows\system32\apphostregistrationverifier.exe
FirewallRules: [{103EF07A-4745-49AA-A625-9884D08A8AC2}] => (Allow) c:\windows\system32\apphostregistrationverifier.exe
FirewallRules: [{ACD993FB-3206-4219-B3AB-B547A2AE6CB2}] => (Allow) c:\program files (x86)\adobe\acrobat dc\acrobat\acrobat.exe
FirewallRules: [{6D808016-10C2-4688-8503-9A665581F345}] => (Allow) c:\program files (x86)\adobe\acrobat dc\acrobat\acrobat.exe
FirewallRules: [{426A7165-C243-4A5D-8554-38F02FE36EBA}] => (Allow) c:\program files (x86)\common files\adobe\oobe\pdapp\p7\adobe_licutil.exe
FirewallRules: [{0290E52A-67DF-4B8A-89EE-7F1B0EF0D7EB}] => (Allow) c:\program files (x86)\common files\adobe\oobe\pdapp\p7\adobe_licutil.exe
FirewallRules: [{B0B36AAD-D6F2-470E-ADC6-0A16AE8D5FF5}] => (Allow) c:\program files (x86)\adobe\acrobat dc\acrobat\adobecollabsync.exe
FirewallRules: [{77EA652D-6CE1-4639-BE99-20F686DDF2F7}] => (Allow) c:\program files (x86)\adobe\acrobat dc\acrobat\adobecollabsync.exe
FirewallRules: [{AE5F924E-75EB-4B89-986F-34B5749322DE}] => (Allow) c:\program files (x86)\adobe\acrobat dc\acrobat\logtransport2.exe
FirewallRules: [{99CFB3E7-C2A4-4F13-B4BE-F5D0D1FB4736}] => (Allow) c:\program files (x86)\adobe\acrobat dc\acrobat\logtransport2.exe
FirewallRules: [{14F1A1BA-8E48-4FC6-9995-B3447701351B}] => (Allow) c:\windows\system32\backgroundtransferhost.exe
FirewallRules: [{7D383B11-4565-4255-A79F-81138800F8F4}] => (Allow) c:\windows\system32\backgroundtransferhost.exe
FirewallRules: [{BE4273BB-5A05-4F43-B482-376CDB331DE2}] => (Allow) c:\programdata\microsoft\windows defender\platform\4.12.17007.17123-0\msmpeng.exe
FirewallRules: [{10830FDD-5C03-4AE7-A361-AFD90ED79C31}] => (Allow) c:\programdata\microsoft\windows defender\platform\4.12.17007.17123-0\msmpeng.exe
FirewallRules: [{EB98B94E-430B-4B99-8DF1-7E536433EB90}] => (Allow) c:\program files\windowsapps\microsoft.windows.photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\microsoft.photos.exe
FirewallRules: [{B9D79DA6-C088-4E0D-8417-F3A23FFD3998}] => (Allow) c:\program files\windowsapps\microsoft.windows.photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\microsoft.photos.exe
FirewallRules: [{BF08FE88-F1DC-4055-BD23-3312FFC1C51A}] => (Block) c:\program files (x86)\apple software update\softwareupdate.exe
FirewallRules: [{0288A220-F002-4423-A6D3-8EF88FD4FAD9}] => (Block) c:\program files (x86)\apple software update\softwareupdate.exe
FirewallRules: [{D03B7A49-3CFC-4408-8F13-C4377BDA7FDA}] => (Allow) c:\program files (x86)\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\olicenseheartbeat.exe
FirewallRules: [{26AFCAF4-A290-4999-B67B-72576265C9A9}] => (Allow) c:\program files (x86)\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\olicenseheartbeat.exe
FirewallRules: [{883E4402-6B4D-457B-99DF-7402F5E4EA68}] => (Allow) c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
FirewallRules: [{B0766097-B1CB-4EB0-AC03-6521370BBA9F}] => (Allow) c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
FirewallRules: [{B0CBAB16-A1E9-4895-A7F4-9B74920E75CE}] => (Allow) c:\windows\syswow64\werfault.exe
FirewallRules: [{8A399781-587C-44FF-B9C2-1D6478F32B68}] => (Allow) c:\windows\syswow64\werfault.exe
FirewallRules: [{953A96D0-3E0B-4E45-9376-4AAF05B10AF0}] => (Allow) c:\program files\hp\hp officejet pro 8620\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{BE9A2458-3D77-4CB7-BCBD-7AAFA73BE2AC}] => (Allow) c:\program files\hp\hp officejet pro 8620\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{3B29D78B-79FA-4D5F-9C3A-21824AB51BF3}] => (Allow) c:\program files (x86)\icecream screen recorder\recorder.exe
FirewallRules: [{428511EF-3AC1-4C34-BA28-A9E0999AA07A}] => (Allow) c:\program files (x86)\icecream screen recorder\recorder.exe
FirewallRules: [{DF4BE730-CCED-45E1-B1AA-8C97A8BFDF6C}] => (Allow) c:\windows\syswow64\fixmapi.exe
FirewallRules: [{07AB6701-2507-4B16-A34B-77DA85180840}] => (Allow) c:\windows\syswow64\fixmapi.exe
FirewallRules: [{18A0ED8B-8336-4F8F-AB98-E8277DBDBFF9}] => (Allow) c:\windows\system32\werfault.exe
FirewallRules: [{77074AF0-CAE8-4BB3-BBFA-896DBB106730}] => (Allow) c:\windows\system32\werfault.exe
FirewallRules: [{1A8AF96C-B88E-4D22-ABF9-CB9C98D126D0}] => (Allow) c:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{BAD8E11C-0CE4-48D0-BBC0-1A919C61CCB2}] => (Allow) c:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{97D5020D-4EBE-4CFC-AC8C-606B98532FC6}] => (Allow) c:\program files\internet explorer\iexplore.exe
FirewallRules: [{613E6231-D287-4734-ABD3-D9ECCD8DA689}] => (Allow) c:\program files\internet explorer\iexplore.exe
FirewallRules: [{A090A6FF-5D6D-4D2B-9A78-FCB1845D3893}] => (Allow) c:\windows\system32\smartscreen.exe
FirewallRules: [{9D981D28-2561-4B57-BF44-08F9B87317AF}] => (Allow) c:\windows\system32\smartscreen.exe
FirewallRules: [{C352B04D-C579-4EE0-BE07-E4E36E0CF04E}] => (Allow) c:\program files\adobe\adobe premiere elements 11\adobe premiere elements.exe
FirewallRules: [{E506955B-0102-49D4-91DB-DFDE63CA1B95}] => (Allow) c:\program files\adobe\adobe premiere elements 11\adobe premiere elements.exe
FirewallRules: [{BDBB4ACD-756A-4A4E-A0F8-3DADAF016940}] => (Allow) c:\programdata\microsoft\windows defender\platform\4.12.17007.17123-0\mpcmdrun.exe
FirewallRules: [{B84368F1-BE0A-4859-98AE-7FA324137A1A}] => (Allow) c:\programdata\microsoft\windows defender\platform\4.12.17007.17123-0\mpcmdrun.exe
FirewallRules: [{9456F2D3-EF45-4358-AFB4-C2090E02F527}] => (Allow) c:\program files\ccleaner\ccupdate.exe
FirewallRules: [{310CA0ED-0B03-41F1-ABAC-80E278CC57BB}] => (Allow) c:\program files\ccleaner\ccupdate.exe
FirewallRules: [{ADACCCED-6590-44B9-842E-B6AF01859A16}] => (Allow) c:\program files (x86)\western digital\wd smartware\wdbackupengine.exe
FirewallRules: [{CD299A85-A1C1-48C2-8801-2E0D450C4C8D}] => (Allow) c:\program files (x86)\western digital\wd smartware\wdbackupengine.exe
FirewallRules: [{67CC1779-D679-42EF-ADE9-E5FB77B5F018}] => (Allow) c:\users\fast\appdata\local\temp\ocrc832.tmp\bin\rubyw.exe
FirewallRules: [{7D4FD703-69A1-432E-B350-4A7FA5C8248A}] => (Allow) c:\users\fast\appdata\local\temp\ocrc832.tmp\bin\rubyw.exe
FirewallRules: [{99298A6B-F836-475B-B031-F325A343E33C}] => (Allow) c:\program files\common files\microsoft shared\clicktorun\updates\16.0.8730.2127\officeclicktorun.exe
FirewallRules: [{13514AA3-E4E9-4AA1-A7F9-9BF7A94092ED}] => (Allow) c:\program files\common files\microsoft shared\clicktorun\updates\16.0.8730.2127\officeclicktorun.exe
FirewallRules: [{36224733-787E-464B-BCE4-3B5312B52565}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{7AC9AF87-F2F9-41F9-9497-B4515E48BAF4}] => (Allow) c:\program files (x86)\adobe\photoshop elements 11\photoshopelementseditor.exe
FirewallRules: [{6447C038-9A30-41AA-8574-26B5EAB21239}] => (Allow) c:\program files (x86)\adobe\photoshop elements 11\photoshopelementseditor.exe
FirewallRules: [{0A94C742-3E66-4616-B5A7-E7EAD3B84AA2}] => (Allow) c:\users\fast\appdata\local\temp\ocr99af.tmp\bin\rubyw.exe
FirewallRules: [{DAA4CCE3-428A-412B-A712-C8229ED87FCC}] => (Allow) c:\users\fast\appdata\local\temp\ocr99af.tmp\bin\rubyw.exe
FirewallRules: [{58EC2AEC-FFD8-465F-A263-07BB83361732}] => (Allow) c:\users\fast\downloads\frst64.exe
FirewallRules: [{3D1C22A3-D73E-46EC-82F9-FDB815365C73}] => (Allow) c:\users\fast\downloads\frst64.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/19/2017 11:11:20 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANONYMOUS-FAST)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/19/2017 11:11:20 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANONYMOUS-FAST)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/19/2017 11:11:20 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANONYMOUS-FAST)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/19/2017 02:39:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotoshopElementsEditor.exe, version: 11.0.0.0, time stamp: 0x505d12ab
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x802f667e
Exception code: 0xc0000409
Fault offset: 0x0002be72
Faulting process id: 0x4fc
Faulting application start time: 0x01d378b5a9596465
Faulting application path: C:\Program Files (x86)\Adobe\Photoshop Elements 11\PhotoshopElementsEditor.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e60ec614-321c-4472-a698-0011b5c29fa1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/19/2017 02:11:34 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (12/19/2017 02:11:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (12/19/2017 02:11:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (12/19/2017 02:10:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANONYMOUS-FAST)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/19/2017 02:10:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANONYMOUS-FAST)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/19/2017 02:10:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANONYMOUS-FAST)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (12/19/2017 11:12:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WMPNetworkSvc service terminated with the following error: 
An attempt was made to reference a token that does not exist.
 
Error: (12/19/2017 11:12:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error: 
A device attached to the system is not functioning.
 
Error: (12/19/2017 11:12:02 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (12/19/2017 11:12:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (12/19/2017 11:11:20 AM) (Source: DCOM) (EventID: 10010) (User: ANONYMOUS-FAST)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 did not register with DCOM within the required timeout.
 
Error: (12/19/2017 11:11:20 AM) (Source: DCOM) (EventID: 10010) (User: ANONYMOUS-FAST)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 did not register with DCOM within the required timeout.
 
Error: (12/19/2017 11:11:20 AM) (Source: DCOM) (EventID: 10010) (User: ANONYMOUS-FAST)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 did not register with DCOM within the required timeout.
 
Error: (12/19/2017 02:11:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error: 
An attempt was made to reference a token that does not exist.
 
Error: (12/19/2017 02:11:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error: 
A device attached to the system is not functioning.
 
Error: (12/19/2017 02:11:30 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
 
CodeIntegrity:
===================================
  Date: 2017-12-07 11:10:44.619
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-07 11:10:44.617
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-22 15:34:27.215
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-22 15:34:26.670
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-12 19:38:31.915
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-12 19:38:31.914
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-12 19:23:26.613
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-12 19:23:26.612
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-12 19:08:18.707
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-12 19:08:18.704
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 16%
Total physical RAM: 32719.64 MB
Available physical RAM: 27177.95 MB
Total Virtual: 37583.64 MB
Available Virtual: 31268.67 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.22 GB) (Free:6.43 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1863.01 GB) (Free:131.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D0687E57)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 71618412)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
 
 
 


#5 Titan-man

Titan-man
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 19 December 2017 - 07:33 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by fast (administrator) on ANONYMOUS-FAST (19-12-2017 11:24:08)
Running from C:\Users\fast\Downloads
Loaded Profiles: fast (Available Profiles: fast & Administrator & DefaultAppPool)
Platform: Windows 10 Pro Version 1703 15063.786 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> dwm.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
Failed to access process -> WUDFHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
Failed to access process -> WmiPrvSE.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
Failed to access process -> dasHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Failed to access process -> GoogleCrashHandler.exe
() C:\Program Files\pia_manager\pia_manager.exe
Failed to access process -> GoogleCrashHandler64.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(hxxp://www.ruby-lang.org/) C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\bin\rubyw.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Sysinternals - www.sysinternals.com) C:\Users\fast\Desktop\SysinternalsSuite (1)\procexp64.exe
(hxxp://www.ruby-lang.org/) C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\bin\rubyw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
() C:\Program Files\pia_manager\openvpn.exe
(Sysinternals - www.sysinternals.com) C:\Users\fast\Desktop\SysinternalsSuite (1)\Procmon.exe
(Sysinternals - www.sysinternals.com) C:\Users\fast\AppData\Local\Temp\Procmon64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files (x86)\DVR Soft\DvrClient\DvrClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [497824 2016-08-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-05] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-15] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [651560 2015-11-10] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6814192 2016-08-10] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-11-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2017-11-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-01] (Piriform Ltd)
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\Run: [GoogleChromeAutoLaunch_23E43E3C36DDE0630C2BD1E0DE7890D8] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2017-12-05] (Google Inc.)
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5406672 2017-12-11] (SecureMix LLC)
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\RunOnce: [Application Restart #2] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2017-11-18] (The NWJS Community)
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\RunOnce: [Application Restart #4] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2017-11-18] (The NWJS Community)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2017-07-06]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2017-07-06]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2017-07-06]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2017\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\fast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2017-04-27]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\fast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-12-01]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk /m /f \Device\HarddiskVolume7autocheck autochk * 
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{211c2bae-e460-407f-80fb-35d10f7f60da}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e0106f02-9145-4a8e-9079-7e700132504c}: [DhcpNameServer] 209.222.18.222 209.222.18.218
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3271275025-2158743644-2568987073-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
Handler-x32: intu-help-qb10 - {E795042F-8A29-42E4-B265-2C7AB38E8AEE} - C:\Program Files (x86)\Intuit\QuickBooks 2017\HelpAsyncPluggableProtocol.dll [2017-10-04] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: exvgfd5v.default
FF ProfilePath: C:\Users\fast\AppData\Roaming\Mozilla\Firefox\Profiles\exvgfd5v.default [2017-12-19]
FF Homepage: Mozilla\Firefox\Profiles\exvgfd5v.default -> about:home
FF Extension: (DuckDuckGo Plus) - C:\Users\fast\AppData\Roaming\Mozilla\Firefox\Profiles\exvgfd5v.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2017-12-01]
FF Extension: (LastPass: Free Password Manager) - C:\Users\fast\AppData\Roaming\Mozilla\Firefox\Profiles\exvgfd5v.default\Extensions\support@lastpass.com.xpi [2017-11-29]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-30] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default [2017-12-19]
CHR Extension: (Slides) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-19]
CHR Extension: (YouTube) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-19]
CHR Extension: (Cleanflight - Blackbox Explorer) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahpidddaimdojnddnahjpnefajpheep [2017-03-29]
CHR Extension: (Alexa Traffic Rank) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2016-12-26]
CHR Extension: (Adobe Acrobat) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-25]
CHR Extension: (Cleanflight - Configurator) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\enacoimjcgeinfnnnpajinjgmkahmfgb [2017-07-30]
CHR Extension: (Sheets) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-19]
CHR Extension: (Open SEO Stats(Formerly: PageRank Status)) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn [2017-04-11]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-11-17]
CHR Extension: (Vortex - Configurator) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jelolponpnnidoojekihdojjdjphdeog [2017-11-09]
CHR Extension: (Private Internet Access) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplnlifepflhkbkgonidnobkakhmpnmh [2017-11-17]
CHR Extension: (Betaflight - Configurator) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdaghagfopacdngbohiknlhcocjccjao [2017-12-12]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2017-10-12]
CHR Extension: (Quick SEO - PageRank, Backlinks & Alexa Tool) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mimhmidgldhoghjoehfigallmmndjkef [2016-12-26]
CHR Extension: (Wikibuy) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-12-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-19]
CHR Extension: (Chrome Media Router) - C:\Users\fast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-24]
CHR Profile: C:\Users\fast\AppData\Local\Google\Chrome\User Data\System Profile [2017-12-19]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1135088 2016-08-10] ()
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [121344 2017-02-21] (Dassault Systèmes) [File not signed]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4327376 2017-12-11] (SecureMix LLC)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [38328 2017-09-26] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-12-04] (SurfRight B.V.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4935304 2017-12-04] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation)
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2016-08-22] (Intuit Inc.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [339808 2017-01-05] (Acronis International GmbH)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [290528 2017-12-05] (SurfRight B.V.)
R3 hmpnet; C:\WINDOWS\system32\drivers\hmpnet.sys [93800 2017-12-05] (SurfRight B.V.)
U5 iaStorV; C:\Windows\System32\Drivers\iaStorV.sys [412064 2017-03-18] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-03-18] (Qualcomm Atheros, Inc.)
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [52832 2017-09-11] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-19] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R1 MpKsl40f36782; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E03983D-FED3-4D75-912D-E0AA5B992A82}\MpKsl40f36782.sys [58120 2017-12-19] (Microsoft Corporation)
S3 NMgamingmsFltr; C:\WINDOWS\system32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92992 2017-12-19] (Sysinternals - www.sysinternals.com)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 STTub30; C:\WINDOWS\System32\Drivers\STTub30.sys [44184 2012-07-20] (STMicroelectronics)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1049432 2017-01-05] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [202592 2017-01-05] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [581464 2017-01-05] (Acronis International GmbH)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [301408 2017-01-05] (Acronis International GmbH)
S3 vuhub; C:\WINDOWS\System32\drivers\vuhub.sys [47616 2007-12-16] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S3 cpuz140; \??\C:\Users\fast\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-19 11:23 - 2017-12-19 11:23 - 002392064 _____ (Farbar) C:\Users\fast\Downloads\FRST64.exe
2017-12-19 11:12 - 2017-12-19 11:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-12-19 10:13 - 2017-12-19 10:13 - 000998184 _____ C:\Users\fast\Downloads\LabelDownloadServlet (5).pdf
2017-12-19 02:24 - 2017-12-19 02:24 - 000001102 _____ C:\Users\fast\Downloads\WDSync_1.3.5949.26210 (1).zip - Shortcut.lnk
2017-12-19 02:00 - 2017-12-19 10:15 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-12-19 02:00 - 2017-12-19 02:00 - 000165725 _____ C:\Users\fast\Downloads\NewbergPavingBillInsertJuly20171sheet002 (1).pdf
2017-12-18 16:16 - 2017-12-18 16:16 - 000002310 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 11.lnk
2017-12-18 16:16 - 2017-12-18 16:16 - 000001290 _____ C:\Users\Public\Desktop\Adobe Premiere Elements 11.lnk
2017-12-18 16:04 - 2017-12-18 16:13 - 1252444663 _____ C:\Users\fast\Downloads\PremiereElements_11_WWEFDJ_win64 (1).7z
2017-12-18 16:00 - 2017-12-18 16:00 - 001270024 _____ (Adobe Systems Incorporated) C:\Users\fast\Downloads\PremiereElements_11_WWEFDJ_win64 (1).exe
2017-12-18 15:52 - 2017-12-19 03:05 - 000000000 ____D C:\Users\fast\Desktop\Adobe Premiere Elements Auto-Save (1)
2017-12-18 15:42 - 2017-12-18 15:50 - 079845118 _____ C:\Users\fast\Desktop\mike drive by and chase 12.12.17 12.18.17 - Copy.rar
2017-12-18 15:40 - 2017-12-18 15:37 - 145525181 _____ C:\Users\fast\Desktop\mike drive by and chase 12.12.17 12.18.17 - Copy.mp4
2017-12-18 15:11 - 2017-12-18 15:37 - 145525181 _____ C:\Users\fast\Desktop\mike drive by and chase 12.12.17 12.18.17.mp4
2017-12-18 14:11 - 2017-12-18 14:11 - 007515555 _____ C:\Users\fast\Downloads\2017_Catalog_1.0 (1).pdf
2017-12-18 11:17 - 2017-12-18 11:17 - 007515555 _____ C:\Users\fast\Downloads\2017_Catalog_1.0.pdf
2017-12-17 17:10 - 2017-12-17 17:10 - 000000000 ____D C:\Users\fast\AppData\Local\GlassWire
2017-12-17 13:35 - 2017-12-17 13:35 - 000001974 _____ C:\Users\Public\Desktop\GlassWire.lnk
2017-12-17 13:35 - 2017-12-17 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2017-12-17 13:35 - 2015-05-28 20:30 - 000008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2017-12-17 13:35 - 2015-05-28 20:15 - 000033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2017-12-17 13:34 - 2017-12-17 13:35 - 000000000 ____D C:\Program Files (x86)\GlassWire
2017-12-17 13:34 - 2017-12-17 13:34 - 000000000 ____D C:\ProgramData\GlassWire
2017-12-17 13:31 - 2017-12-17 13:31 - 035121240 _____ (SecureMix LLC) C:\Users\fast\Downloads\GlassWireSetup.exe
2017-12-17 02:23 - 2017-12-17 02:23 - 000326553 _____ C:\Users\fast\Downloads\LEO1 1 Kik_s Guide for Law Enforcement_November2017.pdf
2017-12-16 08:06 - 2017-12-17 19:56 - 000000000 ____D C:\Users\fast\Desktop\SysinternalsSuite (1)
2017-12-15 23:00 - 2017-12-17 08:25 - 000000000 ____D C:\WINDOWS\Panther
2017-12-15 14:39 - 2017-12-15 14:39 - 035121240 _____ (SecureMix LLC) C:\Users\fast\Downloads\GlassWireSetup (6).exe
2017-12-15 00:31 - 2017-12-15 00:31 - 000002025 _____ C:\Users\fast\Downloads\ca.rsa.2048 (2).crt
2017-12-15 00:11 - 2017-12-15 00:11 - 000001395 _____ C:\Users\fast\Downloads\ca.crt
2017-12-13 18:53 - 2017-12-13 18:53 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-12-13 09:56 - 2017-11-29 19:33 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-13 09:56 - 2017-11-29 19:33 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-13 09:56 - 2017-11-29 19:33 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-12-13 09:56 - 2017-11-29 19:29 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-13 09:56 - 2017-11-29 19:26 - 002647216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-13 09:56 - 2017-11-29 19:24 - 000870896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-13 09:56 - 2017-11-29 19:23 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-13 09:56 - 2017-11-29 19:23 - 001194248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-12-13 09:56 - 2017-11-29 19:00 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-13 09:56 - 2017-11-29 18:59 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-13 09:56 - 2017-11-29 18:58 - 006763128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-13 09:56 - 2017-11-29 18:58 - 000702032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-13 09:56 - 2017-11-29 18:57 - 001123968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-12-13 09:56 - 2017-11-29 18:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-12-13 09:56 - 2017-11-29 18:44 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-13 09:56 - 2017-11-29 18:44 - 019334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-13 09:56 - 2017-11-29 18:44 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-13 09:56 - 2017-11-29 18:44 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-13 09:56 - 2017-11-29 18:43 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-13 09:56 - 2017-11-29 18:43 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-12-13 09:56 - 2017-11-29 18:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-13 09:56 - 2017-11-29 18:42 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-13 09:56 - 2017-11-29 18:42 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-13 09:56 - 2017-11-29 18:42 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-13 09:56 - 2017-11-29 18:42 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-13 09:56 - 2017-11-29 18:42 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-13 09:56 - 2017-11-29 18:41 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-12-13 09:56 - 2017-11-29 18:41 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-13 09:56 - 2017-11-29 18:40 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-13 09:56 - 2017-11-29 18:40 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-13 09:56 - 2017-11-29 18:40 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-13 09:56 - 2017-11-29 18:40 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-13 09:56 - 2017-11-29 18:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-13 09:56 - 2017-11-29 18:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-13 09:56 - 2017-11-29 18:39 - 003206656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-13 09:56 - 2017-11-29 18:39 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-13 09:56 - 2017-11-29 18:38 - 008195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-13 09:56 - 2017-11-29 18:38 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-12-13 09:56 - 2017-11-29 18:38 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-12-13 09:56 - 2017-11-29 18:38 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-13 09:56 - 2017-11-29 18:37 - 006252544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-13 09:56 - 2017-11-29 18:37 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-13 09:56 - 2017-11-29 18:37 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-13 09:56 - 2017-11-29 18:36 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-12-13 09:56 - 2017-11-29 18:36 - 004726784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-13 09:56 - 2017-11-29 18:36 - 003652096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-13 09:56 - 2017-11-29 18:36 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-13 09:56 - 2017-11-29 18:36 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-12-13 09:56 - 2017-11-29 18:36 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-13 09:56 - 2017-11-29 18:36 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-13 09:56 - 2017-11-29 18:35 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-13 09:56 - 2017-11-29 18:34 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-12-13 09:56 - 2017-11-17 01:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-12-13 09:56 - 2017-11-17 01:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-12-13 09:56 - 2017-11-17 01:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-12-13 09:56 - 2017-11-17 01:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-13 09:56 - 2017-11-17 01:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-13 09:56 - 2017-11-17 01:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-12-13 09:56 - 2017-11-17 01:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-13 09:56 - 2017-11-17 01:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-13 09:56 - 2017-11-17 00:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-12-13 09:56 - 2017-11-17 00:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-13 09:55 - 2017-11-29 18:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-13 09:55 - 2017-11-29 18:44 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-13 09:55 - 2017-11-29 18:43 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-13 09:55 - 2017-11-29 18:42 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-12-13 09:55 - 2017-11-29 18:42 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-13 09:55 - 2017-11-29 18:41 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-12-13 09:55 - 2017-11-29 18:41 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-13 09:55 - 2017-11-29 18:41 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-13 09:55 - 2017-11-29 18:39 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-12-13 09:55 - 2017-11-29 18:38 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-13 09:55 - 2017-11-29 18:37 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-12-13 09:55 - 2017-11-29 18:36 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-12-13 09:55 - 2017-11-17 01:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-12-13 09:55 - 2017-11-17 01:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-12-13 09:55 - 2017-11-17 01:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-12-13 03:29 - 2017-12-13 03:29 - 000002025 _____ C:\Users\fast\Downloads\ca.rsa.2048 (3).crt
2017-12-13 03:29 - 2017-12-13 03:29 - 000002025 _____ C:\Users\fast\Downloads\ca.rsa.2048 (1).crt
2017-12-13 03:22 - 2017-12-13 03:22 - 000002025 _____ C:\Users\fast\Downloads\ca.rsa.2048.crt
2017-12-12 11:07 - 2017-12-12 11:07 - 000424524 _____ C:\Users\fast\Downloads\syslog (20).txt
2017-12-12 05:30 - 2017-12-12 06:09 - 1312722531 _____ C:\Users\fast\Desktop\three different login psge shortcuts pages changed while compairing them 12.12.17 3.mp4
2017-12-12 05:30 - 2017-12-12 05:30 - 000029616 _____ C:\Users\fast\Desktop\ice_video_20171212-053012.mp4
2017-12-12 05:25 - 2017-12-12 05:25 - 000066300 _____ C:\Users\fast\Desktop\ice_video_20171212-052517.mp4
2017-12-12 04:41 - 2017-12-12 05:22 - 787741411 _____ C:\Users\fast\Desktop\Three login shortcuts chrome 2.mp4
2017-12-12 04:25 - 2017-12-12 04:32 - 367461900 _____ C:\Users\fast\Desktop\Three different asus login shoortcuts on chrome 12.12.17 1 .mp4
2017-12-12 00:07 - 2017-12-12 00:07 - 000393863 _____ C:\Users\fast\Downloads\syslog (19).txt
2017-12-11 23:58 - 2017-12-11 23:58 - 000008947 _____ C:\Users\fast\Desktop\ice_video_20171211-235829.mp4
2017-12-11 23:57 - 2017-12-11 23:58 - 048449771 _____ C:\Users\fast\Desktop\ice_video_20171211-235723.mp4
2017-12-11 11:36 - 2017-12-11 11:36 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-12-11 11:36 - 2017-12-11 11:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-12-11 11:36 - 2017-12-11 11:36 - 000000000 ____D C:\Program Files\iPod
2017-12-10 16:35 - 2017-12-10 16:35 - 000276615 _____ C:\Users\fast\Desktop\Installation - DD-WRT Wiki.pdf
2017-12-10 16:23 - 2017-12-10 21:38 - 000000000 ____D C:\Users\fast\Desktop\dd-wrt
2017-12-10 06:31 - 2017-12-10 06:31 - 000477381 _____ C:\Users\fast\Downloads\HERO5Session_UM_ENG_REVD_WEB.pdf
2017-12-10 06:04 - 2017-12-10 06:04 - 000000876 _____ C:\Users\Public\Desktop\Quik.lnk
2017-12-10 06:04 - 2017-12-10 06:04 - 000000000 ____D C:\Program Files\GoPro
2017-12-10 06:02 - 2017-12-10 06:02 - 163906312 _____ (GoPro, Inc.) C:\Users\fast\Downloads\GoPro_Quik-WinInstaller-2.5.0.290.exe
2017-12-10 05:49 - 2017-12-10 05:50 - 000000000 ____D C:\Users\fast\Desktop\100MEDIA
2017-12-09 14:12 - 2017-12-09 14:12 - 027582464 _____ C:\Users\fast\Downloads\asus_rt-ac68u-firmware.trx
2017-12-08 10:43 - 2017-12-08 10:43 - 004850531 _____ C:\Users\fast\Downloads\LabelDownloadServlet (4).pdf
2017-12-06 05:24 - 2017-12-06 05:24 - 460046224 _____ C:\Users\fast\Desktop\2 trees Ray's 12.6.17.rar
2017-12-06 05:22 - 2017-12-06 05:23 - 591918839 _____ C:\Users\fast\Desktop\2 trees Ray's 12.6.17.zip
2017-12-06 04:51 - 2017-12-06 05:08 - 772372902 _____ C:\Users\fast\Desktop\2 trees Ray's 12.6.17.mp4
2017-12-06 02:30 - 2017-12-06 02:30 - 000000290 _____ C:\Users\fast\Desktop\US West.ovpn
2017-12-06 02:25 - 2017-12-06 02:25 - 000015896 _____ C:\Users\fast\Downloads\openvpn-strong (1).zip
2017-12-05 15:44 - 2017-12-05 15:45 - 066642556 _____ C:\Users\fast\Desktop\google redirects.mp4
2017-12-05 05:36 - 2017-12-05 05:36 - 000020007 _____ C:\Users\fast\Downloads\syslog (18).txt
2017-12-05 05:08 - 2017-12-05 05:06 - 465481705 _____ C:\Users\fast\Desktop\12.05.17 UQF N.Grant W.Sheridan 04.44 - Copy.mp4
2017-12-05 04:58 - 2017-12-05 05:06 - 465481705 _____ C:\Users\fast\Desktop\12.05.17 UQF N.Grant W.Sheridan 04.44.mp4
2017-12-05 04:57 - 2017-12-05 04:58 - 023388107 _____ C:\Users\fast\Desktop\ice_video_20171205-045738.mp4
2017-12-05 04:18 - 2016-07-06 05:32 - 040280064 _____ C:\Users\fast\Desktop\RT-AC68U_3.0.0.4_380_3831-g93dfe8c.trx
2017-12-05 02:53 - 2017-12-05 02:53 - 007430358 _____ C:\Users\fast\Downloads\E9183_RT_AC68U_Manual (3).zip
2017-12-05 02:45 - 2017-12-05 02:45 - 000055658 _____ C:\Users\fast\Downloads\syslog (17).txt
2017-12-05 02:12 - 2017-12-05 02:12 - 000052336 _____ C:\Users\fast\Downloads\syslog (16).txt
2017-12-05 01:49 - 2017-12-05 01:49 - 000050477 _____ C:\Users\fast\Desktop\Defogger.exe
2017-12-05 00:04 - 2017-12-12 06:17 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-12-05 00:00 - 2017-12-19 11:23 - 000000000 ____D C:\WINDOWS\CryptoGuard
2017-12-05 00:00 - 2017-12-19 11:12 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2017-12-05 00:00 - 2017-12-05 00:00 - 001183368 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll
2017-12-05 00:00 - 2017-12-05 00:00 - 000829576 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll
2017-12-05 00:00 - 2017-12-05 00:00 - 000760528 _____ (Threatstar B.V.) C:\Users\fast\Downloads\hmpalert-test.exe
2017-12-05 00:00 - 2017-12-05 00:00 - 000290528 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys
2017-12-05 00:00 - 2017-12-05 00:00 - 000093800 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpnet.sys
2017-12-05 00:00 - 2017-12-05 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2017-12-05 00:00 - 2017-12-05 00:00 - 000000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2017-12-04 23:59 - 2017-12-04 23:59 - 004935304 _____ (SurfRight B.V.) C:\Users\fast\Downloads\hmpalert3.exe
2017-12-04 23:50 - 2017-12-06 03:58 - 000000000 ____D C:\Program Files\HitmanPro
2017-12-04 23:50 - 2017-12-04 23:55 - 000001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-12-04 23:50 - 2017-12-04 23:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-12-04 23:49 - 2017-12-19 11:11 - 000000000 ____D C:\ProgramData\HitmanPro
2017-12-04 23:49 - 2017-12-04 23:49 - 011584088 _____ (SurfRight B.V.) C:\Users\fast\Downloads\HitmanPro_x64.exe
2017-12-04 22:26 - 2017-12-04 23:10 - 1308589182 _____ C:\Users\fast\Desktop\ice_video_20171204-222626.m4a
2017-12-04 17:12 - 2017-12-04 17:15 - 000000000 ____D C:\Users\fast\Desktop\iphone
2017-12-04 17:12 - 2017-12-04 17:12 - 000000000 ____D C:\Users\fast\Desktop\New folder (8)
2017-12-03 23:44 - 2017-12-03 23:44 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2017-12-02 21:42 - 2017-12-02 21:42 - 000000016 _____ C:\Users\fast\Desktop\rout.txt
2017-12-02 13:51 - 2017-12-02 13:51 - 000000000 ____D C:\Users\fast\AppData\Local\nwjs
2017-12-01 04:04 - 2017-12-01 04:04 - 000000025 _____ C:\Users\fast\Desktop\r.txt
2017-12-01 02:30 - 2017-12-01 02:30 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3271275025-2158743644-2568987073-1000
2017-12-01 01:15 - 2017-12-01 01:15 - 000000004 _____ C:\Users\fast\Downloads\ftpquota
2017-11-30 22:45 - 2017-11-30 22:45 - 000440413 _____ C:\Users\fast\Downloads\syslog (15).txt
2017-11-30 19:20 - 2017-11-30 19:20 - 000426473 _____ C:\Users\fast\Downloads\syslog (14).txt
2017-11-30 18:12 - 2017-11-30 18:13 - 078346672 _____ (Malwarebytes ) C:\Users\fast\Downloads\mb3-setup-consumer-3.3.1.2183 (1).exe
2017-11-30 18:10 - 2017-12-19 11:12 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-30 18:10 - 2017-12-09 17:41 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-30 18:10 - 2017-11-30 18:10 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-30 18:10 - 2017-11-30 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-30 18:10 - 2017-11-30 18:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-30 18:10 - 2017-11-30 18:10 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-28 23:44 - 2017-11-28 23:44 - 000014052 _____ C:\Users\fast\Downloads\class-wp-hook (2).php
2017-11-28 23:43 - 2017-11-28 23:43 - 000014052 _____ C:\Users\fast\Downloads\class-wp-hook.php
2017-11-28 23:43 - 2017-11-28 23:43 - 000014052 _____ C:\Users\fast\Downloads\class-wp-hook (1).php
2017-11-28 23:34 - 2017-11-28 23:34 - 007306661 _____ C:\Users\fast\Downloads\error_log
2017-11-28 16:41 - 2017-11-28 16:41 - 000000000 ____D C:\Users\fast\AppData\Local\SolidDocuments
2017-11-28 14:30 - 2017-11-28 14:30 - 000048817 _____ C:\Users\fast\Desktop\Herc oven.pdf
2017-11-25 18:20 - 2017-11-25 18:27 - 351364500 _____ C:\Users\fast\Desktop\Mike yelling 11.25.17.mp4
2017-11-24 11:57 - 2017-11-24 11:57 - 003953096 _____ C:\Users\fast\Downloads\LabelDownloadServlet (3).pdf
2017-11-24 05:01 - 2017-11-24 05:01 - 000000000 ____D C:\Users\fast\AppData\Local\NVIDIA
2017-11-23 09:55 - 2017-11-23 09:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-11-23 09:55 - 2017-11-23 09:55 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-23 09:55 - 2017-10-27 08:06 - 000136312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-11-23 09:55 - 2017-09-13 15:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-11-23 09:55 - 2017-09-13 15:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-11-23 09:55 - 2017-09-13 15:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-11-23 09:55 - 2017-09-13 15:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-11-22 15:46 - 2017-11-23 03:34 - 000000000 ____D C:\Users\fast\Downloads\SysinternalsSuite (1)
2017-11-22 15:45 - 2017-11-22 15:45 - 023671636 _____ C:\Users\fast\Downloads\SysinternalsSuite (1).zip
2017-11-22 15:45 - 2017-11-22 15:45 - 000000000 _____ C:\Users\fast\Downloads\live.pdf
2017-11-22 15:34 - 2017-11-22 15:34 - 000000000 ____D C:\Users\fast\AppData\Local\Zemana
2017-11-22 15:34 - 2017-11-22 15:34 - 000000000 ____D C:\Users\fast\AppData\Local\AntiLogger Free
2017-11-22 05:13 - 2017-11-22 05:13 - 000002625 _____ C:\Users\fast\Downloads\FSS.txt
2017-11-22 05:03 - 2017-11-22 05:03 - 000035702 _____ C:\Users\fast\Downloads\MTB.txt
2017-11-22 04:55 - 2017-11-22 04:55 - 000291606 _____ C:\Users\fast\Downloads\TCPView (1).zip
2017-11-22 02:45 - 2017-11-22 02:45 - 000278436 _____ C:\Users\fast\Downloads\syslog (13).txt
2017-11-21 17:38 - 2017-11-21 17:38 - 000455721 _____ C:\Users\fast\Downloads\syslog (12).txt
2017-11-19 23:24 - 2017-11-19 23:24 - 007430358 _____ C:\Users\fast\Downloads\E9183_RT_AC68U_Manual (2).zip
2017-11-19 15:22 - 2017-11-19 15:22 - 000447489 _____ C:\Users\fast\Downloads\syslog (11).txt
2017-11-19 15:22 - 2017-11-19 15:22 - 000447310 _____ C:\Users\fast\Downloads\syslog (10).txt
2017-11-19 05:50 - 2017-11-19 05:57 - 000000000 ____D C:\Users\fast\Desktop\jenny text
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-19 11:24 - 2017-05-07 22:11 - 000027719 _____ C:\Users\fast\Downloads\FRST.txt
2017-12-19 11:24 - 2015-06-26 03:09 - 000000000 ____D C:\FRST
2017-12-19 11:16 - 2017-05-15 15:44 - 000946450 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-19 11:14 - 2017-02-06 01:55 - 000092992 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2017-12-19 11:12 - 2017-05-15 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-19 11:12 - 2017-05-15 15:40 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-12-19 11:12 - 2017-02-24 01:31 - 000008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2017-12-19 11:12 - 2016-12-19 03:32 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-19 11:11 - 2017-03-18 03:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-12-19 11:00 - 2017-05-15 15:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-19 02:48 - 2017-06-30 04:16 - 000000000 ____D C:\Users\fast\AppData\Roaming\vlc
2017-12-19 02:39 - 2017-02-14 02:14 - 000000000 ____D C:\Users\fast\AppData\Local\CrashDumps
2017-12-19 02:35 - 2017-03-18 13:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-19 02:34 - 2017-03-18 13:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-19 02:33 - 2016-12-19 15:26 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-19 02:11 - 2017-05-15 15:39 - 008049312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-19 02:00 - 2016-12-26 23:00 - 000000000 ____D C:\Users\fast\AppData\Local\Adobe
2017-12-18 16:06 - 2017-05-09 14:02 - 000000000 ____D C:\Users\fast\Desktop\Adobe Premiere Elements 11
2017-12-18 16:03 - 2017-11-16 07:40 - 000000000 ____D C:\Users\fast\Desktop\11.16.17 sum funny
2017-12-18 15:04 - 2017-05-15 15:45 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{70FAAAED-09CA-45C8-87FA-CE8ED3DED6FC}
2017-12-17 19:53 - 2017-03-18 13:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-17 19:53 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-17 19:53 - 2016-12-19 04:12 - 000000000 ____D C:\Users\fast\AppData\Local\Packages
2017-12-17 08:24 - 2017-03-18 03:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-12-17 08:22 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\registration
2017-12-17 08:21 - 2017-05-15 15:45 - 000017148 _____ C:\WINDOWS\diagwrn.xml
2017-12-17 08:21 - 2017-05-15 15:45 - 000017148 _____ C:\WINDOWS\diagerr.xml
2017-12-17 08:19 - 2017-09-29 07:05 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-17 03:26 - 2015-09-10 08:32 - 000000000 ___RD C:\Users\fast\OneDrive
2017-12-17 03:23 - 2017-01-09 05:06 - 000007628 _____ C:\Users\fast\AppData\Local\Resmon.ResmonCfg
2017-12-17 03:21 - 2017-05-11 16:09 - 000000000 ____D C:\Program Files\UNP
2017-12-16 20:54 - 2016-12-19 04:37 - 000000000 ____D C:\Users\fast\AppData\Roaming\Video Client
2017-12-16 18:03 - 2015-06-29 05:50 - 000000000 ____D C:\VIPRERESCUE
2017-12-16 13:21 - 2017-11-03 10:47 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-12-16 13:21 - 2017-01-05 06:37 - 000000000 ____D C:\Program Files\CCleaner
2017-12-16 08:01 - 2017-10-24 22:07 - 000000000 ____D C:\Users\fast\Desktop\jenny folder of folders
2017-12-16 07:25 - 2017-06-11 02:32 - 000000000 ____D C:\Program Files (x86)\ShadowExplorer
2017-12-15 23:35 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-15 10:01 - 2017-06-15 23:37 - 000004596 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-15 10:01 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-15 10:01 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-14 17:54 - 2016-12-11 02:00 - 000000000 ____D C:\Users\fast\AppData\LocalLow\Mozilla
2017-12-14 11:18 - 2017-06-07 02:06 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-14 11:18 - 2017-06-07 02:06 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-13 19:40 - 2015-09-10 08:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-13 19:09 - 2017-03-18 12:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-13 18:53 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-13 09:59 - 2016-12-19 13:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-13 09:57 - 2017-10-10 21:15 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-13 09:57 - 2016-12-19 13:31 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-11 15:13 - 2017-05-07 22:12 - 000062517 _____ C:\Users\fast\Downloads\Addition.txt
2017-12-11 11:36 - 2017-06-24 17:27 - 000000000 ____D C:\Program Files\iTunes
2017-12-10 06:04 - 2017-07-30 18:14 - 000000000 ____D C:\Users\fast\AppData\Local\GoPro
2017-12-10 06:04 - 2017-07-30 18:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
2017-12-10 06:04 - 2016-12-25 13:04 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-07 05:42 - 2017-11-12 19:16 - 000002650 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-12-05 15:52 - 2016-12-19 04:25 - 000000000 ____D C:\Users\fast\AppData\Local\ElevatedDiagnostics
2017-12-04 17:36 - 2017-04-30 09:18 - 000000000 ____D C:\Users\fast\Desktop\jenny bishop
2017-12-04 17:11 - 2017-01-11 10:27 - 000000000 ____D C:\Users\fast\Desktop\Dean Reese Attachments
2017-12-04 17:10 - 2016-12-25 13:06 - 000000000 ____D C:\Users\fast\AppData\Local\Wide Angle Software
2017-12-02 21:43 - 2016-12-19 22:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-02 21:43 - 2016-12-19 22:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-01 18:25 - 2017-03-18 13:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-01 18:25 - 2017-03-18 13:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-01 13:52 - 2016-12-19 22:20 - 000000000 ____D C:\Users\fast\AppData\Roaming\Mozilla
2017-12-01 13:51 - 2016-12-19 22:20 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-01 02:01 - 2017-02-24 06:52 - 000000000 ____D C:\Users\fast\Desktop\CP210x_Windows_Drivers (3)
2017-11-29 14:27 - 2017-01-18 00:49 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-11-24 08:47 - 2017-07-03 05:12 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-23 09:55 - 2017-05-15 15:40 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-23 09:54 - 2017-05-15 15:40 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-23 09:50 - 2016-12-19 13:32 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-23 06:21 - 2016-07-13 11:31 - 013499843 _____ C:\Users\fast\Desktop\Hydrant zip.rar
2017-11-23 03:35 - 2017-05-15 15:40 - 000000000 ____D C:\Users\fast
2017-11-23 03:34 - 2017-05-15 15:40 - 000000000 ____D C:\Users\DefaultAppPool
2017-11-23 03:34 - 2017-05-15 15:40 - 000000000 ____D C:\Users\Administrator
2017-11-23 03:34 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\Help
2017-11-23 03:33 - 2017-05-15 15:40 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-11-22 05:17 - 2017-05-07 22:12 - 000085666 _____ C:\Users\fast\Downloads\Shortcut.txt
 
==================== Files in the root of some directories =======
 
2015-08-28 12:31 - 2015-08-28 12:31 - 016790552 _____ (LastPass) C:\Users\fast\lastpass_x64 (1).exe
2015-08-28 11:30 - 2015-08-28 11:30 - 016790552 _____ (LastPass) C:\Users\fast\lastpass_x64.exe
2016-12-19 04:39 - 2016-12-19 04:39 - 000000000 _____ () C:\Users\fast\AppData\Roaming\RSDevID.fig
2016-12-19 04:39 - 2016-12-19 04:39 - 000000000 _____ () C:\Users\fast\AppData\Roaming\RSIpAndPort.fig
2017-01-09 05:06 - 2017-12-17 03:23 - 000007628 _____ () C:\Users\fast\AppData\Local\Resmon.ResmonCfg
2017-06-02 09:54 - 2017-06-02 09:54 - 000000000 _____ () C:\Users\fast\AppData\Local\{064075C5-F94F-49B1-8F47-1C81D5D7D483}
 
Some files in TEMP:
====================
2017-12-19 11:13 - 2017-12-19 11:13 - 001174688 ____H (Sysinternals - www.sysinternals.com) C:\Users\fast\AppData\Local\Temp\Procmon64.exe
2017-12-18 16:16 - 2017-12-18 16:14 - 000111104 _____ () C:\Users\fast\AppData\Local\Temp\readSTILog.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-12-18 16:09
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by fast (19-12-2017 11:24:56)
Running from C:\Users\fast\Downloads
Windows 10 Pro Version 1703 15063.786 (X64) (2017-05-15 23:47:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3271275025-2158743644-2568987073-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3271275025-2158743644-2568987073-503 - Limited - Disabled)
fast (S-1-5-21-3271275025-2158743644-2568987073-1000 - Administrator - Enabled) => C:\Users\fast
Guest (S-1-5-21-3271275025-2158743644-2568987073-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3271275025-2158743644-2568987073-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acronis True Image WD Edition (HKLM-x32\...\{2827436B-605A-4DF5-AE1D-41486BE4FEF7}) (Version: 19.0.32 - Acronis)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (HKLM\...\{66CF1DF9-1715-4325-89BC-76B1CA2EE3BE}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F1D83CEA-2855-4224-9935-D981785AA75D}) (Version: 6.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{E2A6344A-45BF-47A0-9AE1-848325E7FD88}) (Version: 6.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Cleanflight Blackbox Explorer 1.2.1 (only current user) (HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\ef86af50-7bb5-54f9-bc93-d0c9b5f3046c) (Version: 1.2.1 - Nicholas Sherlock)
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DraftSight 2017 SP1 x64 (HKLM\...\{B1574FBB-7FFA-47A8-8AB9-8819E5B05277}) (Version: 17.1.0096 - Dassault Systemes)
DvrClient (HKLM-x32\...\{3B25FE53-D528-42E7-83D8-226C8D81A276}) (Version: 1.2.43 - DVR Soft)
Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.25.1 (HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\FileZilla Client) (Version: 3.25.1 - Tim Kosse)
GitHub (HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\5f7eb300e2ea4ebf) (Version: 3.3.4.0 - GitHub, Inc.)
GlassWire 2.0 (remove only) (HKLM-x32\...\GlassWire 2.0) (Version: 2.0.78 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoPro Studio (HKLM-x32\...\{BE06FF1A-83A0-42F2-913E-6E405393145C}) (Version: 5.12.5383 - GoPro, Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.7.1.723 - SurfRight B.V.)
HP Officejet Pro 8620 Basic Device Software (HKLM\...\{A977D10D-989A-40D4-B0B1-450954516543}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Help (HKLM-x32\...\{9A4D71AB-9C68-4702-A4A2-A4DB7B0FE270}) (Version: 32.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.8.47.1 - HP Inc.)
Icecream Screen Recorder version 4.58 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 4.58 - Icecream Apps)
ImmersionRCTools (HKLM-x32\...\{05DC77D4-5AAE-4A45-A421-92250D43A61A}) (Version: 1.42.5 - ImmersionRC)
iTunes (HKLM\...\{BE8F64BA-7E51-4FB8-AE03-04C7200043A2}) (Version: 12.7.2.58 - Apple Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{7FFF0385-BD04-4047-AA1D-6146A391FD0A}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{8CE29F52-8FAF-4CFD-89E8-B2D61A6800B1}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
MSIChecker (HKLM-x32\...\{C9D43B38-34AD-4EC2-B696-46F42D49D174}) (Version: 20.00.0000 - UPS) Hidden
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
OpenTX Companion 2.1 (HKLM-x32\...\OpenTX Companion 2.1) (Version:  - OpenTX)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PRE11 STI 64Installer (HKLM-x32\...\{B614E5FA-6DA4-45A1-845C-52F870240A89}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickBooks (HKLM-x32\...\{B52E01F1-D34E-4381-B590-28DFF3C0B647}) (Version: 27.0.4007.2702 - Intuit Inc.) Hidden
QuickBooks Pro 2017 (HKLM-x32\...\{82F55A7D-6BEB-436B-A1DC-586E113782D7}) (Version: 27.0.4001.2702 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Quik (HKLM\...\{D6D98E38-D75D-4E9C-916E-F68ED43A1F2F}) (Version: 0.1.290 - GoPro, Inc.) Hidden
Quik (HKLM-x32\...\{ed4c22dc-8424-496a-8732-a71d56b4b1cd}) (Version: 2.5.0.290 - GoPro, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncFileSetup (x86) (HKLM-x32\...\{04848A0A-02B1-4703-B15D-6E7DCF95FB84}) (Version: 1.3.5949.26210 - Western Digital Technologies, Inc) Hidden
System (HKLM-x32\...\{DB2C58E0-6284-4B48-97F2-22A980B6360B}) (Version: 20.00.0000 - UPS) Hidden
TouchCopy 16 (HKLM\...\{D1690886-FD6E-4218-8270-8EDC82E1EBB5}) (Version: 16.26 - Wide Angle Software) Hidden
TouchCopy 16 (HKLM\...\TouchCopy 16 16.26) (Version: 16.26 - Wide Angle Software)
UPSVC2013MM (HKLM-x32\...\{D99432A9-099D-4DF0-B3BA-41562C3F8B4C}) (Version: 19.00.0000 - Your Company Name) Hidden
Video Player (HKLM-x32\...\{A47656D1-D0BA-4179-A964-152F7A0BB960}) (Version: 1.2.14 - DVR Soft) <==== ATTENTION
Virtual Com port driver V1.4.0 (HKLM-x32\...\{AF0ACDD1-3842-47C7-B153-B8DB92CDA42D}) (Version: 1.4.0 - STMicroelectronics)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WD Access (HKLM-x32\...\{046643f7-6206-46bb-8968-92c37fee39e0}) (Version: 1.4.5949.29996 - Western Digital Technologies, Inc.)
WD Access (HKLM-x32\...\{C0624809-D60D-4AFF-8AF3-9452125AF4C1}) (Version: 1.4.5949.29996 - Western Digital Technologies, Inc) Hidden
WD Quick View (HKLM-x32\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{515B34CA-1229-4EDA-AE7C-53CBA68B8A7A}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD Sync (HKLM-x32\...\{0d591303-bbc5-4645-a03b-1c3f75f1a762}) (Version: 1.3.5949.26210 - Western Digital Technologies, Inc.)
Windows Driver Package - ImmersionRC (MCHPUSB) CustomUSBDevices  (12/19/2011 2.0.0.0) (HKLM\...\86A4AFE28A0BA839E95EB2F74FBA6D10DFE543AF) (Version: 12/19/2011 2.0.0.0 - ImmersionRC)
Windows Driver Package - ImmersionRC.com (usbser) Ports  (03/03/2013 6.0.2600.9) (HKLM\...\DC2FFDD64E548051DF8A03BF6C48B818B69FB4C2) (Version: 03/03/2013 6.0.2600.9 - ImmersionRC.com)
Windows Driver Package - STMicroelectronics (usbser) Ports  (08/02/2013 1.4.0) (HKLM\...\04B4996F06620A7ECFBFE8F9BCC458F9761E39F7) (Version: 08/02/2013 1.4.0 - STMicroelectronics)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3271275025-2158743644-2568987073-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-EBAC60ACEF87}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3271275025-2158743644-2568987073-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [HitmanPro] -> {D7CF1AF8-E2AD-4DA4-ACE5-77F8A58AB71D} => C:\Program Files\HitmanPro\hmpshext.dll [2017-12-06] (SurfRight B.V.)
ContextMenuHandlers1-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [2015-11-11] (Acronis)
ContextMenuHandlers1-x32: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers1-x32: [WDSyncContextMenuHandler] -> {5A51BDCB-F8C2-4698-B79C-A77DF0AA466B} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} =>  -> No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers4: [HitmanPro] -> {D7CF1AF8-E2AD-4DA4-ACE5-77F8A58AB71D} => C:\Program Files\HitmanPro\hmpshext.dll [2017-12-06] (SurfRight B.V.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
ContextMenuHandlers6-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [2015-11-11] (Acronis)
ContextMenuHandlers6-x32: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers6-x32: [WDSyncContextMenuHandler] -> {5A51BDCB-F8C2-4698-B79C-A77DF0AA466B} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14DF0ECA-A827-4EA1-86C3-BDC0DCD491AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {1CA14838-3A52-4157-8516-9CAB9997D42F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {1D4614E7-F1B4-4D2E-8468-4C699C91786B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {1ECFD12B-C0B6-473B-A31C-5C7FB5D2EA3C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {27A5DD99-469D-4F67-9D93-37EE52DB097C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {28A6A04B-7AFD-4750-9EF6-B532C8AE77D1} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2017-11-18] ()
Task: {3477EEEB-89D8-4917-836B-68776CCE9633} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-07] (Google Inc.)
Task: {386ED653-3AA0-4B67-BEE4-303C38DF94F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {49E7E4C2-3CD2-488B-AA7B-ED57DEFDBE6E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-01] (Piriform Ltd)
Task: {5635F39D-CFFC-49B9-B1DD-B85393735A80} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {59C5D6DE-C346-4459-BDBB-8AEC6AE19924} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {7BFF4012-A8D3-476E-970A-F66A228D6F29} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-19] (Microsoft Corporation)
Task: {8376EF4F-2A27-4DA3-B514-00E1EB76D1F5} - System32\Tasks\AdobeAAMUpdater-1.0-ANONYMOUS-FAST-fast => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {978DB967-EC90-4AC1-A918-8F8C8FF26A0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-07] (Google Inc.)
Task: {9BEF0ABA-923D-485C-B1FA-0A3099C060F9} - System32\Tasks\S-1-5-21-3271275025-2158743644-2568987073-1000\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-11-01] (Microsoft Corporation)
Task: {A92F4478-64D0-439C-86B6-74A9FB50C155} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe [2017-03-07] ()
Task: {B4CE6523-9447-4F0E-95DC-FA006727F9E1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-28] (AVAST Software)
Task: {BE728943-3C22-4B43-82FE-B59010342A64} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {C201A2AA-22D7-426D-AE49-CB76A2218BB2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {D106FB94-D9D0-43DB-9AFF-B711FEC31385} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-15] (Adobe Systems Incorporated)
Task: {E8B8A34F-AA85-4F7A-851C-0FC021A8E347} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-15] (Adobe Systems Incorporated)
Task: {E9B10837-6614-4991-B188-24AF2224216C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {F2C59882-B771-4DEB-8475-2EBBB425CEC6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {F7233865-5847-40EB-924E-86D40910F630} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\fast\Desktop\Anoncloud - Shortcut.lnk -> hxxp://192.168.1.4
 
ShortcutWithArgument: C:\Users\fast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\82b5a7cb74201c3\Betaflight - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kdaghagfopacdngbohiknlhcocjccjao
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-18 12:58 - 2017-03-18 12:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-12-19 12:47 - 2017-11-18 01:16 - 008327811 _____ () C:\Program Files\pia_manager\pia_manager.exe
2016-10-25 08:57 - 2016-10-25 08:57 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-03-18 12:59 - 2017-03-18 18:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-28 01:45 - 2017-11-28 01:45 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll
2016-12-19 12:47 - 2017-11-18 01:16 - 000693248 _____ () C:\Program Files\pia_manager\openvpn.exe
2016-12-19 12:47 - 2017-11-18 01:16 - 000196383 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2016-12-19 12:47 - 2017-11-18 01:16 - 000110946 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2016-12-19 12:47 - 2017-11-18 01:16 - 000144896 _____ () C:\Program Files\pia_manager\pia-openvpn.dll
2013-03-23 10:14 - 2013-03-23 10:14 - 002993664 _____ () C:\Program Files (x86)\DVR Soft\DvrClient\DvrClient.exe
2017-12-14 11:18 - 2017-12-05 20:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
2017-12-14 11:18 - 2017-12-05 20:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
2017-12-11 05:05 - 2017-12-11 05:05 - 000180688 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
2017-12-19 11:12 - 2017-12-19 11:12 - 000012800 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000010240 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000014848 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000028672 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000094208 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\src\bin\rgloader\rgloader193.mswin.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000124416 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000009216 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000131584 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000088576 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000016896 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000127316 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\bin\libffi-6.dll
2017-12-19 11:12 - 2017-12-19 11:12 - 000009216 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000013824 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000095744 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000028672 _____ () C:\Users\fast\AppData\Local\Temp\ocr4AD4.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.3-universal-mingw32\lib\win32\ruby19\win32\api.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000012800 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000010240 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000014848 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000028672 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000094208 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\src\bin\rgloader\rgloader193.mswin.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000124416 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000071680 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000091648 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\bin\zlib1.dll
2017-12-19 11:12 - 2017-12-19 11:12 - 000287744 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000016384 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000008192 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000009216 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000024576 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000009216 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000009216 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000008704 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000008704 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000040960 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000131584 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000088576 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000016896 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000127316 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\bin\libffi-6.dll
2017-12-19 11:12 - 2017-12-19 11:12 - 000013824 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000095744 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2017-12-19 11:12 - 2017-12-19 11:12 - 000028672 _____ () C:\Users\fast\AppData\Local\Temp\ocr99AF.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.3-universal-mingw32\lib\win32\ruby19\win32\api.so
2017-11-18 01:16 - 2017-11-18 01:16 - 000939520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\ffmpeg.dll
2017-11-18 01:16 - 2017-11-18 01:16 - 003115520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\node.dll
2013-03-22 18:11 - 2013-03-22 18:11 - 000177664 _____ () C:\Program Files (x86)\DVR Soft\DvrClient\RSNet.dll
2013-03-22 18:12 - 2013-03-22 18:12 - 000528384 _____ () C:\Program Files (x86)\DVR Soft\DvrClient\RSPlay.dll
2013-01-15 16:31 - 2013-01-15 16:31 - 001089630 _____ () C:\Program Files (x86)\DVR Soft\DvrClient\PlayCtrl.dll
2013-01-15 16:31 - 2013-01-15 16:31 - 000802866 _____ () C:\Program Files (x86)\DVR Soft\DvrClient\HCNetSDK.dll
2013-01-15 16:31 - 2013-01-15 16:31 - 000151607 _____ () C:\Program Files (x86)\DVR Soft\DvrClient\hpr.dll
2013-01-15 16:31 - 2013-01-15 16:31 - 000376832 _____ () C:\Program Files (x86)\DVR Soft\DvrClient\hi_h264dec_w1.dll
2013-01-15 16:31 - 2013-01-15 16:31 - 000100366 _____ () C:\Program Files (x86)\DVR Soft\DvrClient\avutil-51.dll
2013-01-15 16:31 - 2013-01-15 16:31 - 001053198 _____ () C:\Program Files (x86)\DVR Soft\DvrClient\avcodec-53.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\fast\AppData\Local\0L2VQURo:1JGpo4JofK1mMUuAoR5zhtHF9m8 [1854]
AlternateDataStreams: C:\Users\fast\AppData\Local\Temp:V0NCD0ePsaXR2hCOnU7d [2316]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-12-19 03:27 - 2017-11-12 19:15 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\fast\Desktop\igor-10january1720433943-2.gif
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "GoPro Tray App"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "WDAppManager"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKLM\...\StartupApproved\Run32: => "CA MDM Offline Schedule Monitor"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "MMTray"
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\StartupApproved\Run: => "OPENVPN-GUI"
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\StartupApproved\Run: => "HP Officejet Pro 8620 (NET)"
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-3271275025-2158743644-2568987073-1000\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{94A54FB5-E18C-4752-9624-EFBD3A51AA1C}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{6254649C-6F2D-40AB-A1AA-12E857B409F7}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [TCP Query User{1B135060-92D8-4D3F-8685-E67B5BC8B51D}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{A72282AD-4905-4A25-8EB7-5F21E27631FD}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{75DEC741-316E-4D94-B14F-F76C59AFB31B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{51C40D3F-0ACD-47ED-9A59-E48B23CE56EF}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{CA40DE20-74FA-4F30-AB44-7D5E44AABEC3}] => (Allow) c:\program files (x86)\glasswire\gwctlsrv.exe
FirewallRules: [{CCF5EDB8-DF1D-4622-9F16-C6E29C7EF6F4}] => (Allow) c:\program files (x86)\glasswire\gwctlsrv.exe
FirewallRules: [{282D2600-F509-4BCD-9B64-35DF5F9CE1A8}] => (Allow) c:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{71F39C51-7697-44B4-8AE7-7ACF7442D4C3}] => (Allow) c:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{0295E121-A20B-4CEF-8AED-58EF7FF76241}] => (Allow) c:\program files (x86)\hitmanpro.alert\hmpalert.exe
FirewallRules: [{267519BA-7DAD-4DA1-8CBB-E4F1A71D5488}] => (Allow) c:\program files (x86)\hitmanpro.alert\hmpalert.exe
FirewallRules: [{1F8BFE44-7230-4D35-8FA6-A6A37B0C9853}] => (Allow) c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe
FirewallRules: [{4A3E19EA-23EE-4DDA-B7E9-532CB2799374}] => (Allow) c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe
FirewallRules: [{8B7A1D33-DD06-49AA-90EA-75A3FC9F05A2}] => (Allow) c:\users\fast\appdata\local\temp\ocrf8d6.tmp\bin\rubyw.exe
FirewallRules: [{BA5B47E3-A675-41DF-B8C5-2701EE0A73D7}] => (Allow) c:\users\fast\appdata\local\temp\ocrf8d6.tmp\bin\rubyw.exe
FirewallRules: [{6DF2385F-88FB-4547-932E-C06C55F4D6D2}] => (Allow) c:\windows\system32\msfeedssync.exe
FirewallRules: [{D60A12AE-15FC-40DC-81D8-F41A576FA95C}] => (Allow) c:\windows\system32\msfeedssync.exe
FirewallRules: [{A1FE2AD4-FAC0-49E2-9015-B8C9273D3404}] => (Allow) c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe
FirewallRules: [{B79D581F-2CB3-45DC-9C17-BFA8E350D846}] => (Allow) c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe
FirewallRules: [{A64786C1-E7BC-4BAC-BFE2-F4BDB57D3375}] => (Allow) c:\windows\system32\wifitask.exe
FirewallRules: [{003178EE-08A0-4E11-ABC0-CD89F7A3E25B}] => (Allow) c:\windows\system32\wifitask.exe
FirewallRules: [{40F61951-6CC7-4D94-B824-590C3F5098B9}] => (Allow) c:\program files\malwarebytes\anti-malware\mbamservice.exe
FirewallRules: [{E5B9D5D0-EC03-4366-9270-43805483D038}] => (Allow) c:\program files\malwarebytes\anti-malware\mbamservice.exe
FirewallRules: [{C58E43C2-C010-4240-A91A-6F52B65B7347}] => (Allow) c:\program files\bonjour\mdnsresponder.exe
FirewallRules: [{C92BED38-26B9-49E0-A867-037FD521C616}] => (Allow) c:\program files\bonjour\mdnsresponder.exe
FirewallRules: [{F48C014E-62A7-4B70-ACE9-003B02BAD446}] => (Block) c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
FirewallRules: [{42DC8570-6030-4DEB-A16D-8915A8B2F74E}] => (Block) c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
FirewallRules: [{1708CF57-C573-4039-AA1F-527BB4D9D04C}] => (Allow) c:\program files\pia_manager\openvpn.exe
FirewallRules: [{7CE0D480-4BC2-41BF-90CF-058A1339DE7B}] => (Allow) c:\program files\pia_manager\openvpn.exe
FirewallRules: [{5B9447D5-E5A9-45A8-A8DC-47738FF5B351}] => (Allow) c:\program files (x86)\dvr soft\dvrclient\dvrclient.exe
FirewallRules: [{0028A325-55E7-437D-BD36-AF2359CA108F}] => (Allow) c:\program files (x86)\dvr soft\dvrclient\dvrclient.exe
FirewallRules: [{26455615-BC4B-4B19-B971-57C51D637C27}] => (Allow) c:\windows\system32\backgroundtaskhost.exe
FirewallRules: [{0D089758-B002-4970-9864-AB3D96D24C04}] => (Allow) c:\windows\system32\backgroundtaskhost.exe
FirewallRules: [{3CFE0CCD-7607-43B7-AAF0-BCF6ACBB5C15}] => (Block) c:\program files (x86)\google\update\googleupdate.exe
FirewallRules: [{C6B22704-E3F3-4C87-86AD-659E04FE1C65}] => (Block) c:\program files (x86)\google\update\googleupdate.exe
FirewallRules: [{60444B47-E6E2-40EE-AB86-AFFDC5E65262}] => (Allow) c:\windows\system32\wermgr.exe
FirewallRules: [{501933BB-9BCD-49D3-AEBE-42E4F2627A97}] => (Allow) c:\windows\system32\wermgr.exe
FirewallRules: [{1B33FE94-DF82-432D-B1C3-D32B4D6DBD42}] => (Allow) c:\program files\malwarebytes\anti-malware\mbamtray.exe
FirewallRules: [{FD140982-7BC2-454D-9823-309DDCB49471}] => (Allow) c:\program files\malwarebytes\anti-malware\mbamtray.exe
FirewallRules: [{785D488A-F3FC-4EFF-ABC0-06624F887BFF}] => (Allow) c:\program files (x86)\microsoft office\root\office16\outlook.exe
FirewallRules: [{D75131B0-69EC-4CD0-AFAD-F32F1A9B78DF}] => (Allow) c:\program files (x86)\microsoft office\root\office16\outlook.exe
FirewallRules: [{AF98F1C2-C90B-4605-9175-0B93D8B2779F}] => (Allow) c:\windows\syswow64\searchprotocolhost.exe
FirewallRules: [{A59309B8-D973-4504-9965-A182BF2D8F85}] => (Allow) c:\windows\syswow64\searchprotocolhost.exe
FirewallRules: [{59A9C38B-EC02-428A-A027-D8C312D08B5F}] => (Allow) c:\users\fast\appdata\local\temp\ocr8ecf.tmp\bin\rubyw.exe
FirewallRules: [{C1B197DC-732A-4A28-86A2-19890470FD4F}] => (Allow) c:\users\fast\appdata\local\temp\ocr8ecf.tmp\bin\rubyw.exe
FirewallRules: [{A74521F9-4DA6-4280-B6B4-0140B098C75F}] => (Allow) c:\program files\hitmanpro\hitmanpro.exe
FirewallRules: [{3B646189-34E4-4661-82EC-453D7124F5BB}] => (Allow) c:\program files\hitmanpro\hitmanpro.exe
FirewallRules: [{1EAAD780-03C9-4B54-AC2A-A5AB9B124325}] => (Allow) c:\program files\ccleaner\ccleaner64.exe
FirewallRules: [{C908CDC5-4737-42E3-802E-8DC3C1748574}] => (Allow) c:\program files\ccleaner\ccleaner64.exe
FirewallRules: [{A56E0672-3691-448B-A08B-F780E3669484}] => (Allow) c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe
FirewallRules: [{1F99CAF1-6080-49A9-9477-089494544162}] => (Allow) c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe
FirewallRules: [{FD7E13B0-33DC-4CDC-86B2-91670CF340AD}] => (Allow) c:\program files\winrar\winrar.exe
FirewallRules: [{7EC85604-A7AB-442A-B113-DB78985E3791}] => (Allow) c:\program files\winrar\winrar.exe
FirewallRules: [{5420682C-4018-4DEE-B9C2-EB14AC62F8E0}] => (Allow) c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe
FirewallRules: [{7C201274-DA34-4335-A1AA-73E23497A3F4}] => (Allow) c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe
FirewallRules: [{E4EFA8F0-B238-4C8E-A76B-6E7359A8EA89}] => (Allow) c:\users\fast\desktop\sysinternalssuite (1)\procexp64.exe
FirewallRules: [{BF789FD6-E8F6-49B7-83A1-F462B8130E0E}] => (Allow) c:\users\fast\desktop\sysinternalssuite (1)\procexp64.exe
FirewallRules: [{A84D47A6-5CCA-4F71-98CC-148E5C49539A}] => (Allow) c:\windows\system32\sihclient.exe
FirewallRules: [{60C24B97-50F0-45FC-A81D-A6D329DA0AE1}] => (Allow) c:\windows\system32\sihclient.exe
FirewallRules: [{D02CD6F1-AFB1-429A-AB28-BEB4F22CE4FA}] => (Allow) c:\windows\system32\compattelrunner.exe
FirewallRules: [{EC66000A-6411-445E-95C8-0B01E973AAA3}] => (Allow) c:\windows\system32\compattelrunner.exe
FirewallRules: [{C4AA7F04-6156-4263-8A39-19EBD0063D9E}] => (Allow) c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\aam updates notifier.exe
FirewallRules: [{BA74D374-8904-478A-B901-0F281FE7E6B9}] => (Allow) c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\aam updates notifier.exe
FirewallRules: [{615C01D4-55D7-402E-A726-C01EAC1BFC52}] => (Allow) c:\program files (x86)\common files\adobe\adobegcclient\adobegcclient.exe
FirewallRules: [{76C776A5-0CB0-4F98-A23B-91114ABA160D}] => (Allow) c:\program files (x86)\common files\adobe\adobegcclient\adobegcclient.exe
FirewallRules: [{1B97D468-C1FB-46B2-B389-2FFFFF4C6621}] => (Allow) c:\windows\system32\speech_onecore\common\speechmodeldownload.exe
FirewallRules: [{FF59BF08-9C5B-4DCA-B43B-EC9286672647}] => (Allow) c:\windows\system32\speech_onecore\common\speechmodeldownload.exe
FirewallRules: [{7C4795F0-9C87-4012-BD81-27FCCE383BE4}] => (Allow) c:\windows\system32\apphostregistrationverifier.exe
FirewallRules: [{103EF07A-4745-49AA-A625-9884D08A8AC2}] => (Allow) c:\windows\system32\apphostregistrationverifier.exe
FirewallRules: [{ACD993FB-3206-4219-B3AB-B547A2AE6CB2}] => (Allow) c:\program files (x86)\adobe\acrobat dc\acrobat\acrobat.exe
FirewallRules: [{6D808016-10C2-4688-8503-9A665581F345}] => (Allow) c:\program files (x86)\adobe\acrobat dc\acrobat\acrobat.exe
FirewallRules: [{426A7165-C243-4A5D-8554-38F02FE36EBA}] => (Allow) c:\program files (x86)\common files\adobe\oobe\pdapp\p7\adobe_licutil.exe
FirewallRules: [{0290E52A-67DF-4B8A-89EE-7F1B0EF0D7EB}] => (Allow) c:\program files (x86)\common files\adobe\oobe\pdapp\p7\adobe_licutil.exe
FirewallRules: [{B0B36AAD-D6F2-470E-ADC6-0A16AE8D5FF5}] => (Allow) c:\program files (x86)\adobe\acrobat dc\acrobat\adobecollabsync.exe
FirewallRules: [{77EA652D-6CE1-4639-BE99-20F686DDF2F7}] => (Allow) c:\program files (x86)\adobe\acrobat dc\acrobat\adobecollabsync.exe
FirewallRules: [{AE5F924E-75EB-4B89-986F-34B5749322DE}] => (Allow) c:\program files (x86)\adobe\acrobat dc\acrobat\logtransport2.exe
FirewallRules: [{99CFB3E7-C2A4-4F13-B4BE-F5D0D1FB4736}] => (Allow) c:\program files (x86)\adobe\acrobat dc\acrobat\logtransport2.exe
FirewallRules: [{14F1A1BA-8E48-4FC6-9995-B3447701351B}] => (Allow) c:\windows\system32\backgroundtransferhost.exe
FirewallRules: [{7D383B11-4565-4255-A79F-81138800F8F4}] => (Allow) c:\windows\system32\backgroundtransferhost.exe
FirewallRules: [{BE4273BB-5A05-4F43-B482-376CDB331DE2}] => (Allow) c:\programdata\microsoft\windows defender\platform\4.12.17007.17123-0\msmpeng.exe
FirewallRules: [{10830FDD-5C03-4AE7-A361-AFD90ED79C31}] => (Allow) c:\programdata\microsoft\windows defender\platform\4.12.17007.17123-0\msmpeng.exe
FirewallRules: [{EB98B94E-430B-4B99-8DF1-7E536433EB90}] => (Allow) c:\program files\windowsapps\microsoft.windows.photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\microsoft.photos.exe
FirewallRules: [{B9D79DA6-C088-4E0D-8417-F3A23FFD3998}] => (Allow) c:\program files\windowsapps\microsoft.windows.photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\microsoft.photos.exe
FirewallRules: [{BF08FE88-F1DC-4055-BD23-3312FFC1C51A}] => (Block) c:\program files (x86)\apple software update\softwareupdate.exe
FirewallRules: [{0288A220-F002-4423-A6D3-8EF88FD4FAD9}] => (Block) c:\program files (x86)\apple software update\softwareupdate.exe
FirewallRules: [{D03B7A49-3CFC-4408-8F13-C4377BDA7FDA}] => (Allow) c:\program files (x86)\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\olicenseheartbeat.exe
FirewallRules: [{26AFCAF4-A290-4999-B67B-72576265C9A9}] => (Allow) c:\program files (x86)\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\olicenseheartbeat.exe
FirewallRules: [{883E4402-6B4D-457B-99DF-7402F5E4EA68}] => (Allow) c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
FirewallRules: [{B0766097-B1CB-4EB0-AC03-6521370BBA9F}] => (Allow) c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
FirewallRules: [{B0CBAB16-A1E9-4895-A7F4-9B74920E75CE}] => (Allow) c:\windows\syswow64\werfault.exe
FirewallRules: [{8A399781-587C-44FF-B9C2-1D6478F32B68}] => (Allow) c:\windows\syswow64\werfault.exe
FirewallRules: [{953A96D0-3E0B-4E45-9376-4AAF05B10AF0}] => (Allow) c:\program files\hp\hp officejet pro 8620\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{BE9A2458-3D77-4CB7-BCBD-7AAFA73BE2AC}] => (Allow) c:\program files\hp\hp officejet pro 8620\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{3B29D78B-79FA-4D5F-9C3A-21824AB51BF3}] => (Allow) c:\program files (x86)\icecream screen recorder\recorder.exe
FirewallRules: [{428511EF-3AC1-4C34-BA28-A9E0999AA07A}] => (Allow) c:\program files (x86)\icecream screen recorder\recorder.exe
FirewallRules: [{DF4BE730-CCED-45E1-B1AA-8C97A8BFDF6C}] => (Allow) c:\windows\syswow64\fixmapi.exe
FirewallRules: [{07AB6701-2507-4B16-A34B-77DA85180840}] => (Allow) c:\windows\syswow64\fixmapi.exe
FirewallRules: [{18A0ED8B-8336-4F8F-AB98-E8277DBDBFF9}] => (Allow) c:\windows\system32\werfault.exe
FirewallRules: [{77074AF0-CAE8-4BB3-BBFA-896DBB106730}] => (Allow) c:\windows\system32\werfault.exe
FirewallRules: [{1A8AF96C-B88E-4D22-ABF9-CB9C98D126D0}] => (Allow) c:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{BAD8E11C-0CE4-48D0-BBC0-1A919C61CCB2}] => (Allow) c:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{97D5020D-4EBE-4CFC-AC8C-606B98532FC6}] => (Allow) c:\program files\internet explorer\iexplore.exe
FirewallRules: [{613E6231-D287-4734-ABD3-D9ECCD8DA689}] => (Allow) c:\program files\internet explorer\iexplore.exe
FirewallRules: [{A090A6FF-5D6D-4D2B-9A78-FCB1845D3893}] => (Allow) c:\windows\system32\smartscreen.exe
FirewallRules: [{9D981D28-2561-4B57-BF44-08F9B87317AF}] => (Allow) c:\windows\system32\smartscreen.exe
FirewallRules: [{C352B04D-C579-4EE0-BE07-E4E36E0CF04E}] => (Allow) c:\program files\adobe\adobe premiere elements 11\adobe premiere elements.exe
FirewallRules: [{E506955B-0102-49D4-91DB-DFDE63CA1B95}] => (Allow) c:\program files\adobe\adobe premiere elements 11\adobe premiere elements.exe
FirewallRules: [{BDBB4ACD-756A-4A4E-A0F8-3DADAF016940}] => (Allow) c:\programdata\microsoft\windows defender\platform\4.12.17007.17123-0\mpcmdrun.exe
FirewallRules: [{B84368F1-BE0A-4859-98AE-7FA324137A1A}] => (Allow) c:\programdata\microsoft\windows defender\platform\4.12.17007.17123-0\mpcmdrun.exe
FirewallRules: [{9456F2D3-EF45-4358-AFB4-C2090E02F527}] => (Allow) c:\program files\ccleaner\ccupdate.exe
FirewallRules: [{310CA0ED-0B03-41F1-ABAC-80E278CC57BB}] => (Allow) c:\program files\ccleaner\ccupdate.exe
FirewallRules: [{ADACCCED-6590-44B9-842E-B6AF01859A16}] => (Allow) c:\program files (x86)\western digital\wd smartware\wdbackupengine.exe
FirewallRules: [{CD299A85-A1C1-48C2-8801-2E0D450C4C8D}] => (Allow) c:\program files (x86)\western digital\wd smartware\wdbackupengine.exe
FirewallRules: [{67CC1779-D679-42EF-ADE9-E5FB77B5F018}] => (Allow) c:\users\fast\appdata\local\temp\ocrc832.tmp\bin\rubyw.exe
FirewallRules: [{7D4FD703-69A1-432E-B350-4A7FA5C8248A}] => (Allow) c:\users\fast\appdata\local\temp\ocrc832.tmp\bin\rubyw.exe
FirewallRules: [{99298A6B-F836-475B-B031-F325A343E33C}] => (Allow) c:\program files\common files\microsoft shared\clicktorun\updates\16.0.8730.2127\officeclicktorun.exe
FirewallRules: [{13514AA3-E4E9-4AA1-A7F9-9BF7A94092ED}] => (Allow) c:\program files\common files\microsoft shared\clicktorun\updates\16.0.8730.2127\officeclicktorun.exe
FirewallRules: [{36224733-787E-464B-BCE4-3B5312B52565}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{7AC9AF87-F2F9-41F9-9497-B4515E48BAF4}] => (Allow) c:\program files (x86)\adobe\photoshop elements 11\photoshopelementseditor.exe
FirewallRules: [{6447C038-9A30-41AA-8574-26B5EAB21239}] => (Allow) c:\program files (x86)\adobe\photoshop elements 11\photoshopelementseditor.exe
FirewallRules: [{0A94C742-3E66-4616-B5A7-E7EAD3B84AA2}] => (Allow) c:\users\fast\appdata\local\temp\ocr99af.tmp\bin\rubyw.exe
FirewallRules: [{DAA4CCE3-428A-412B-A712-C8229ED87FCC}] => (Allow) c:\users\fast\appdata\local\temp\ocr99af.tmp\bin\rubyw.exe
FirewallRules: [{58EC2AEC-FFD8-465F-A263-07BB83361732}] => (Allow) c:\users\fast\downloads\frst64.exe
FirewallRules: [{3D1C22A3-D73E-46EC-82F9-FDB815365C73}] => (Allow) c:\users\fast\downloads\frst64.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/19/2017 11:11:20 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANONYMOUS-FAST)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/19/2017 11:11:20 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANONYMOUS-FAST)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/19/2017 11:11:20 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANONYMOUS-FAST)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/19/2017 02:39:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotoshopElementsEditor.exe, version: 11.0.0.0, time stamp: 0x505d12ab
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x802f667e
Exception code: 0xc0000409
Fault offset: 0x0002be72
Faulting process id: 0x4fc
Faulting application start time: 0x01d378b5a9596465
Faulting application path: C:\Program Files (x86)\Adobe\Photoshop Elements 11\PhotoshopElementsEditor.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e60ec614-321c-4472-a698-0011b5c29fa1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/19/2017 02:11:34 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (12/19/2017 02:11:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (12/19/2017 02:11:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (12/19/2017 02:10:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANONYMOUS-FAST)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/19/2017 02:10:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANONYMOUS-FAST)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/19/2017 02:10:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANONYMOUS-FAST)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (12/19/2017 11:12:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WMPNetworkSvc service terminated with the following error: 
An attempt was made to reference a token that does not exist.
 
Error: (12/19/2017 11:12:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error: 
A device attached to the system is not functioning.
 
Error: (12/19/2017 11:12:02 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (12/19/2017 11:12:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (12/19/2017 11:11:20 AM) (Source: DCOM) (EventID: 10010) (User: ANONYMOUS-FAST)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 did not register with DCOM within the required timeout.
 
Error: (12/19/2017 11:11:20 AM) (Source: DCOM) (EventID: 10010) (User: ANONYMOUS-FAST)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 did not register with DCOM within the required timeout.
 
Error: (12/19/2017 11:11:20 AM) (Source: DCOM) (EventID: 10010) (User: ANONYMOUS-FAST)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 did not register with DCOM within the required timeout.
 
Error: (12/19/2017 02:11:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error: 
An attempt was made to reference a token that does not exist.
 
Error: (12/19/2017 02:11:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error: 
A device attached to the system is not functioning.
 
Error: (12/19/2017 02:11:30 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
 
CodeIntegrity:
===================================
  Date: 2017-12-07 11:10:44.619
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-12-07 11:10:44.617
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-22 15:34:27.215
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-22 15:34:26.670
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-12 19:38:31.915
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-12 19:38:31.914
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-12 19:23:26.613
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-12 19:23:26.612
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-12 19:08:18.707
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-12 19:08:18.704
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 16%
Total physical RAM: 32719.64 MB
Available physical RAM: 27177.95 MB
Total Virtual: 37583.64 MB
Available Virtual: 31268.67 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.22 GB) (Free:6.43 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1863.01 GB) (Free:131.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D0687E57)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 71618412)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
 
 
 


#6 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 AM

Posted 20 December 2017 - 09:00 AM

Hi Titan-man and
Welcome to the Bleeping Computer! :)

My name is Slurppa and I will be handling your log(s) to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.


Please familiarize yourself with the following guidelines:
  • Complete all the steps in their given order.
  • Update me about the current state of your computer.
  • If you have any problems or questions please let me know. If your are unsure how to continue please let me know.
  • Do not run any other fixes/programs that I have not instructed.
  • Copy and paste all logs into your post directly unless otherwise instructed. Don't attach logs.
  • Lack of symptoms does not mean the computer is clean. Please stick with me until I give you green light.

Member of the Bleeping Computer A.I.I. early response team!


#7 Titan-man

Titan-man
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 20 December 2017 - 09:27 AM

Hey Slurppa,

 

I got a response from ASUS support and they told me to clean install current firmware and disable the security picking up the backdoor exploit. So, I flashed DD-WRT Kong build and got the hell away from Asus. I have a ton of stuff and there were some crazy tracking cookies attached to the router including cookies logging my cell phone traffic. Possibly related as it hit the same time is that the products I manufacture, someone is posting bogus (copy and paste from legit post) with redirects. I am pretty sure I know who is doing that. An ex employee of mine says I owe him money. Thanks for your help on this...  



#8 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 AM

Posted 22 December 2017 - 03:51 AM

Hi

Are you still having redirect issues after updating your router?
If so could you explain exactly what type of redirects are we talking about.

We need to run a fix with FRST:

Please copy and paste the fix I have placed in below to a text file and save it to the same location as FRST with name fixlist.txt

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\fast\AppData\Local\0L2VQURo:1JGpo4JofK1mMUuAoR5zhtHF9m8 [1854]
AlternateDataStreams: C:\Users\fast\AppData\Local\Temp:V0NCD0ePsaXR2hCOnU7d [2316]

ExportKey: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}
ExportKey: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C9D43B38-34AD-4EC2-B696-46F42D49D174}
ExportKey: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{185F9795-9663-4F13-9EF9-307A282ADB5A}
ExportKey: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DB2C58E0-6284-4B48-97F2-22A980B6360B}
ExportKey: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D99432A9-099D-4DF0-B3BA-41562C3F8B4C}

cmd: gpresult /v
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

Member of the Bleeping Computer A.I.I. early response team!


#9 Titan-man

Titan-man
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 23 December 2017 - 08:16 AM

Deleted

Attached Files

  • Attached File  BP3.JPG   85.73KB   0 downloads
  • Attached File  BP2.JPG   79.01KB   0 downloads
  • Attached File  bp1.JPG   102.44KB   0 downloads

Edited by Titan-man, 23 December 2017 - 10:03 AM.


#10 Titan-man

Titan-man
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 23 December 2017 - 09:57 AM

It will not let me edit so lets try this and thanks man...

 

Slurppa,
 
 
 
WTF. This does not look like it was good. Educate me here please. At first I didn't think it was in my machine however I just now realized something about the redirects. They only came from the "Google Alerts" links, Google emails me when my products keywords hit the public web and not any other links or browser (included screenshots). It wasn't limited to my computer as the Google Alerts link would redirect from my iPhone 7 running latest OS. Here is the thing I just thought about... I also have a Mention account and Mention never triggered an alert. I just went back through emails and I looks like it could have started Sept. 6, 2017 and there were a lot more than I thought. Hundreds of Google link emails and only a handful of legit post Mention & Google both alerts picked up equally. They usually trigger equally or close to Google Alerts & Mention. When they first started they would always go to the same 1 porn site "snapbleep" for about two weeks and google got the sites down faster each day. Then they switched to Alibaba for a week and then by the time I was getting the alert it has been what you see below. Where should I host screenshot video for you to see? I have both clicking the link then the bogus post that was copy-paste of blogger post to Snapbleep. Also video of the "Inspect" LMK. Here is the fixlog and screenshots of google alert links below that.
 
 
 
Thanks 
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by fast (23-12-2017 01:53:08) Run:3
Running from C:\Users\fast\Desktop\FIRST
Loaded Profiles: fast (Available Profiles: fast & Administrator & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\fast\AppData\Local\0L2VQURo:1JGpo4JofK1mMUuAoR5zhtHF9m8 [1854]
AlternateDataStreams: C:\Users\fast\AppData\Local\Temp:V0NCD0ePsaXR2hCOnU7d [2316]
 
ExportKey: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}
ExportKey: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C9D43B38-34AD-4EC2-B696-46F42D49D174}
ExportKey: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{185F9795-9663-4F13-9EF9-307A282ADB5A}
ExportKey: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DB2C58E0-6284-4B48-97F2-22A980B6360B}
ExportKey: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D99432A9-099D-4DF0-B3BA-41562C3F8B4C}
 
cmd: gpresult /v
*****************
 
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
C:\Users\fast\AppData\Local\0L2VQURo => ":1JGpo4JofK1mMUuAoR5zhtHF9m8" ADS removed successfully
"C:\Users\fast\AppData\Local\Temp" => ":V0NCD0ePsaXR2hCOnU7d" ADS not found.
================== ExportKey: ===================
 
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}]
"SystemComponent"="1"
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="1.0.0"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20161231"
"InstallLocation"="C:\Program Files (x86)\My Company Name\My Product Name\"
"InstallSource"="D:\FOLDERS\Adobe\Adobe CS6 Master Collection\payloads\SonicWrappers_bl6.0-mul\"
"ModifyPath"="MsiExec.exe /I{2A075BB4-E976-4278-BF3F-E5C6945D84C0}"
"Publisher"="Your Company Name"
"Readme"=""
"Size"=""
"EstimatedSize"="170"
"UninstallString"="MsiExec.exe /I{2A075BB4-E976-4278-BF3F-E5C6945D84C0}"
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"="1"
"VersionMinor"="0"
"WindowsInstaller"="1"
"Version"="16777216"
"Language"="1033"
"DisplayName"="bl"
"sEstimatedSize2"="85"
 
=== End of ExportKey ===
================== ExportKey: ===================
 
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C9D43B38-34AD-4EC2-B696-46F42D49D174}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="20.00.0000"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20170712"
"InstallLocation"=""
"InstallSource"="C:\Users\Public\UPS\WSTD\INSTALLATION_20_0_14_0\MSICHECKER\"
"ModifyPath"="MsiExec.exe /I{C9D43B38-34AD-4EC2-B696-46F42D49D174}"
"Publisher"="UPS"
"Readme"=""
"Size"=""
"EstimatedSize"="2464"
"SystemComponent"="1"
"UninstallString"="MsiExec.exe /I{C9D43B38-34AD-4EC2-B696-46F42D49D174}"
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"="20"
"VersionMinor"="0"
"WindowsInstaller"="1"
"Version"="335544320"
"Language"="1033"
"DisplayName"="MSIChecker"
"sEstimatedSize2"="1232"
 
=== End of ExportKey ===
================== ExportKey: ===================
 
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{185F9795-9663-4F13-9EF9-307A282ADB5A}]
"SystemComponent"="1"
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="1.0.0"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20161231"
"InstallLocation"="C:\Program Files (x86)\My Company Name\My Product Name\"
"InstallSource"="D:\FOLDERS\Adobe\Adobe CS6 Master Collection\payloads\SonicWrappers_ph6.0-mul\"
"ModifyPath"="MsiExec.exe /I{185F9795-9663-4F13-9EF9-307A282ADB5A}"
"Publisher"="Your Company Name"
"Readme"=""
"Size"=""
"EstimatedSize"="1162"
"UninstallString"="MsiExec.exe /I{185F9795-9663-4F13-9EF9-307A282ADB5A}"
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"="1"
"VersionMinor"="0"
"WindowsInstaller"="1"
"Version"="16777216"
"Language"="1033"
"DisplayName"="ph"
"sEstimatedSize2"="581"
 
=== End of ExportKey ===
================== ExportKey: ===================
 
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DB2C58E0-6284-4B48-97F2-22A980B6360B}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="20.00.0000"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20170712"
"InstallLocation"=""
"InstallSource"="C:\Users\Public\UPS\WSTD\INSTALLATION_20_0_14_0\SYSTEM\"
"ModifyPath"="MsiExec.exe /I{DB2C58E0-6284-4B48-97F2-22A980B6360B}"
"Publisher"="UPS"
"Readme"=""
"Size"=""
"EstimatedSize"="19346"
"SystemComponent"="1"
"UninstallString"="MsiExec.exe /I{DB2C58E0-6284-4B48-97F2-22A980B6360B}"
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"="20"
"VersionMinor"="0"
"WindowsInstaller"="1"
"Version"="335544320"
"Language"="1033"
"DisplayName"="System"
"sEstimatedSize2"="13945"
 
=== End of ExportKey ===
================== ExportKey: ===================
 
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D99432A9-099D-4DF0-B3BA-41562C3F8B4C}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="19.00.0000"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20170712"
"InstallLocation"="C:\PROGRAM FILES (X86)\UPS\WSTD\"
"InstallSource"="C:\Users\Public\UPS\WSTD\INSTALLATION_20_0_14_0\MSICHECKER\"
"ModifyPath"="MsiExec.exe /I{D99432A9-099D-4DF0-B3BA-41562C3F8B4C}"
"Publisher"="Your Company Name"
"Readme"=""
"Size"=""
"EstimatedSize"="14880"
"SystemComponent"="1"
"UninstallString"="MsiExec.exe /I{D99432A9-099D-4DF0-B3BA-41562C3F8B4C}"
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"="19"
"VersionMinor"="0"
"WindowsInstaller"="1"
"Version"="318767104"
"Language"="1033"
"DisplayName"="UPSVC2013MM"
"sEstimatedSize2"="11552"
 
=== End of ExportKey ===
 
========= gpresult /v =========
 
 
Microsoft ® Windows ® Operating System Group Policy Result tool v2.0
c 2017 Microsoft Corporation. All rights reserved.
 
Created on ?12/?23/?2017 at 01:53:15
 
 
 
RSOP data for ANONYMOUS-FAST\fast on ANONYMOUS-FAST : Logging Mode
-------------------------------------------------------------------
 
OS Configuration:            Standalone Workstation
OS Version:                  10.0.16299
Site Name:                   N/A
Roaming Profile:             N/A
Local Profile:               C:\Users\fast
Connected over a slow link?: No
 
 
COMPUTER SETTINGS
------------------
    
    Last time Group Policy was applied: 12/23/2017 at 01:45:47
    Group Policy was applied from:      N/A
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        ANONYMOUS-FAST
    Domain Type:                        <Local Computer>
 
    Applied Group Policy Objects
    -----------------------------
        Local Group Policy
 
    The computer is a part of the following security groups
    -------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        NT AUTHORITY\Authenticated Users
        System Mandatory Level
        
    Resultant Set Of Policies for Computer
    ---------------------------------------
 
        Software Installations
        ----------------------
            N/A
 
        Startup Scripts
        ---------------
            N/A
 
        Shutdown Scripts
        ----------------
            N/A
 
        Account Policies
        ----------------
            N/A
 
        Audit Policy
        ------------
            N/A
 
        User Rights
        -----------
            N/A
 
        Security Options
        ----------------
            N/A
 
            N/A
 
        Event Log Settings
        ------------------
            N/A
 
        Restricted Groups
        -----------------
            N/A
 
        System Services
        ---------------
            N/A
 
        Registry Settings
        -----------------
            N/A
 
        File System Settings
        --------------------
            N/A
 
        Public Key Policies
        -------------------
            N/A
 
        Administrative Templates
        ------------------------
            GPO: Local Group Policy
                Folder Id: SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\010103000F0000F0020000000F0000F0ABA0226144020107D469B778399BF3083A7EBB37586084F5B7A71A633E24B5AF\Category
                Value:       0, 0, 0, 0
                State:       Enabled
 
            GPO: Local Group Policy
                Folder Id: SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSystemRestore
                Value:       1, 0, 0, 0
                State:       Enabled
 
            GPO: Local Group Policy
                Folder Id: SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\010103000F0000F0010000000F0000F0C967A3643C3AD745950DA7859209176EF5B87C875FA20DF21951640E807D7C24\Category
                Value:       0, 0, 0, 0
                State:       Enabled
 
            GPO: Local Group Policy
                Folder Id: SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\010103000F0000F0080000000F0000F022F0C0990C2D9D6BDFD2E146CD06565CCB3F4F569C900D9C088FB0C902CD5840\IconReadOnly
                Value:       0, 0, 0, 0
                State:       Enabled
 
            GPO: Local Group Policy
                Folder Id: SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\010103000F0000F0080000000F0000F022F0C0990C2D9D6BDFD2E146CD06565CCB3F4F569C900D9C088FB0C902CD5840\Category
                Value:       1, 0, 0, 0
                State:       Enabled
 
            GPO: Local Group Policy
                Folder Id: SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\010103000F0000F0010000000F0000F0C967A3643C3AD745950DA7859209176EF5B87C875FA20DF21951640E807D7C24\CategoryReadOnly
                Value:       0, 0, 0, 0
                State:       Enabled
 
            GPO: Local Group Policy
                Folder Id: SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\010103000F0000F0080000000F0000F022F0C0990C2D9D6BDFD2E146CD06565CCB3F4F569C900D9C088FB0C902CD5840\NameReadOnly
                Value:       0, 0, 0, 0
                State:       Enabled
 
            GPO: Local Group Policy
                Folder Id: SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\EveryNetwork\NameReadOnly
                Value:       0, 0, 0, 0
                State:       Enabled
 
            GPO: Local Group Policy
                Folder Id: SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\010103000F0000F0080000000F0000F022F0C0990C2D9D6BDFD2E146CD06565CCB3F4F569C900D9C088FB0C902CD5840\CategoryReadOnly
                Value:       0, 0, 0, 0
                State:       Enabled
 
            GPO: Local Group Policy
                Folder Id: SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\EveryNetwork\CategoryReadOnly
                Value:       0, 0, 0, 0
                State:       Enabled
 
            GPO: Local Group Policy
                Folder Id: SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\EveryNetwork\IconReadOnly
                Value:       0, 0, 0, 0
                State:       Enabled
 
 
USER SETTINGS
--------------
    
    Last time Group Policy was applied: 12/23/2017 at 01:45:47
    Group Policy was applied from:      N/A
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        ANONYMOUS-FAST
    Domain Type:                        <Local Computer>
    
    Applied Group Policy Objects
    -----------------------------
        N/A
 
    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)
 
    The user is a part of the following security groups
    ---------------------------------------------------
        None
        Everyone
        Local account and member of Administrators group
        HomeUsers
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        Local account
        LOCAL
        NTLM Authentication
        High Mandatory Level
        
    The user has the following security privileges
    ----------------------------------------------
 
        Manage auditing and security log
        Back up files and directories
        Change the system time
        Shut down the system
        Force shutdown from a remote system
        Take ownership of files or other objects
        Modify firmware environment values
        Profile system performance
        Profile single process
        Increase scheduling priority
        Load and unload device drivers
        Create a pagefile
        Adjust memory quotas for a process
        Bypass traverse checking
        Remove computer from docking station
        Perform volume maintenance tasks
        Impersonate a client after authentication
        Create global objects
        Change the time zone
        Create symbolic links
        Restore files and directories
        Increase a process working set
 
    Resultant Set Of Policies for User
    -----------------------------------
 
        Software Installations
        ----------------------
            N/A
 
        Logon Scripts
        -------------
            N/A
 
        Logoff Scripts
        --------------
            N/A
 
        Public Key Policies
        -------------------
            N/A
 
        Administrative Templates
        ------------------------
            N/A
 
        Folder Redirection
        ------------------
            N/A
 
        Internet Explorer Browser User Interface
        ----------------------------------------
            N/A
 
        Internet Explorer Connection
        ----------------------------
            N/A
 
        Internet Explorer URLs
        ----------------------
            N/A
 
        Internet Explorer Security
        --------------------------
            N/A
 
        Internet Explorer Programs
        --------------------------
            N/A
 
========= End of CMD: =========
 
 
==== End of Fixlog 01:53:24 ====
 
Attached File  bp1.JPG   102.44KB   0 downloadsAttached File  BP2.JPG   79.01KB   0 downloadsAttached File  BP3.JPG   85.73KB   0 downloads


#11 Titan-man

Titan-man
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 23 December 2017 - 10:05 AM

Slurppa,

 

Is there a forum here for DD-WRT? I'm getting something on the system log. 



#12 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 AM

Posted 24 December 2017 - 10:38 AM

Hi

We don't have a DD-WRT specific forum but you could try posting to Networking
You can post a video to Youtube.

Your logs look clean so this doesn't seem to be a malware issue. You mentioned that these redirects happen only links send by Google Alert. I don't have experience with that service but the links look good to me. These are normal google redirect links. What type of links are you expecting As I understand you will receive an email notification that contains a link when your keywords get a hit in Google search. As such the links can be of malicious sites so I advice you to be careful when you access them. You can see the real address(highlighted in the example below) in the url copied to Notepad.

For example:
htxxs://www.google.com/url?rct&sa=t&url=htxx://alm.voyagemedicalcare.com...


Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

Member of the Bleeping Computer A.I.I. early response team!


#13 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 AM

Posted 27 December 2017 - 06:29 AM

Hi Titan-man

Are you still with me?

Member of the Bleeping Computer A.I.I. early response team!


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:57 AM

Posted 29 December 2017 - 03:53 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users