Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown user names and files appear and cannot be deleted


  • This topic is locked This topic is locked
40 replies to this topic

#1 antonio831

antonio831

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 03 January 2018 - 10:42 AM

For the last 6 months I have had random user names show up in the user file. I also get folders that were not created by me or anyone who has used this computer appear on my C drive.

I can delete the names and files but new ones will appear almost immediately. The folders all contain 10 files of various types (.docx, .txt, .rtf, .xls, .jpeg, and others). None of these files can be opened. Instead there is an error message about the file being corrupted or too large or something else. An example of one of these folders can be found on my C drive is labeled Xdates87. This folder contains the files Brooklyn-skros.docx, central.mail.whereby.averse.doc, complement detergent domestic ninteeth.mdb, doctor.requirements.suggestion.technique.rtf, howmoldexternalarthur.pem,looks_preliminary_introduce_founded.xls and 4 more.

There are also a $WINDOWS.~Q, $RECYCLE.BIN, and $INPLACE.~TR files on my C drive and I have no idea what they are. The recycle.bin folder will change each time I delete one of the weird files.

I am running Win 7 Home Premium with SP1 on this computer. I have run Malwarebytes, Hitman Pro, Kaspersky On-line virus scan, Emisoft Anti-malware, Ad-Aware, Sysclean, Rkill, and some others I no longer remember.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018

Ran by Tony (administrator) on JAM831 (03-01-2018 09:40:33)

Running from C:\Users\Tony\Desktop

Loaded Profiles: Tony (Available Profiles: Tony & UpdatusUser & Guest)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: "C:\Program Files\Slimjet\slimjet.exe" -- "%1")

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe

(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe

(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe

(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe

(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe

(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe

(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe

(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe

(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe

(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe

(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe

(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe

(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-22] (AVAST Software)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\Policies\Explorer: [NoSecurityTab] 1

HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1

HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1

GroupPolicy: Restriction <==== ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Tcpip\..\Interfaces\{09C8274D-EEF0-429D-85D1-E4B019BFC200}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Tcpip\..\Interfaces\{730E25AF-6D30-4813-934C-E8C9D976A346}: [DhcpNameServer] 10.12.0.1

Tcpip\..\Interfaces\{8CAC7D09-D7B0-46E7-BBB5-71197B51D29A}: [DhcpNameServer] 192.168.1.1

 

Internet Explorer:

==================

HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {2B782333-9951-4628-AF27-5F0379224BE5} URL =

SearchScopes: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> DefaultScope {B97C571B-18F9-443C-9429-EDDE4EDA3874} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> {71CCAEEA-E518-4E25-A1CF-9EE8CBDC11D8} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8

SearchScopes: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> {B97C571B-18F9-443C-9429-EDDE4EDA3874} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

BHO: No Name -> -{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File

BHO: No Name -> -{B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-10] (AVAST Software)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-10] (AVAST Software)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

Toolbar: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> No Name - {1AEC5771-FCD6-4537-A6B7-5F1935FD527C} -  No File

Toolbar: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> No Name - {94000A61-AF9A-4247-8DB6-A949FADB0354} -  No File

DPF: HKLM-x32 {10000000-1000-1000-1000-100000000000} hxxp://cdn.betteradvertising.com/ghostery/addons/ie/WebInstall/ghostery.cab

DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.dell.com/systemprofiler/SysProExe.CAB

DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: HKLM-x32 {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab

DPF: HKLM-x32 {A3256902-51FA-45A0-8A97-FC1143C169D9} hxxp://support.microsoft.com/mats/DiagWebControl.cab

Handler: WSAllMyTubechrome - No CLSID Value

 

FireFox:

========

FF DefaultProfile: 8btycwpw.default

FF ProfilePath: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default [2017-12-23]

FF Homepage: Mozilla\Firefox\Profiles\8btycwpw.default -> hxxps://www.google.com

FF Extension: (AdBlocker Ultimate) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\adblockultimate@adblockultimate.net.xpi [2017-12-13]

FF Extension: (Click&Clean) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\clickclean@hotcleaner.com [2016-04-30] [Legacy]

FF Extension: (OneTab) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\extension@one-tab.com.xpi [2017-11-08] [Legacy]

FF Extension: (YouTube™ Flash® Player) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2017-10-08]

FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-30] [Legacy]

FF Extension: (Avast SafePrice) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\sp@avast.com.xpi [2017-12-13]

FF Extension: (Avast Online Security) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\wrc@avast.com.xpi [2017-10-25]

FF Extension: (Flash and Video Download) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2017-12-23]

FF ProfilePath: C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default [2013-02-18]

FF Extension: (CSS Stylesheet Editor) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\csseditor@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (EyeDropper) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\eyedropper@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (FontSquirrel Manager) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\fs@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Fullscreen) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\fullscreen@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Google Font Directory Manager) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\gfd@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Czech (CZ) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-cs@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-de@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (English (US) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Español (España) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Suomenkielinen (FI) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-fi@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Français Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-fr@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Hebrew (IL) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-he@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Magyar (HU) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-hu@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Italiano (IT) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-it@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Japanese Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-ja@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Korean (KR) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-ko@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Nederlands (NL) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-nl@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Polski Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-pl@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Slovenski jezik Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-sl@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (српски (sr) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-sr@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Svenska (SE) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (MathML) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\mathml@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Snippets) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\snippets@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (SVG-edit) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\svg-edit@googlegroups.com.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Table Layouts) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\tablelayout@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (One-click Templates) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\templatesManager@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Thumbnailer) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\thumbnailer@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]

FF Extension: (Tip of the Day) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\tipoftheday@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-29] [Legacy] [not signed]

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-17] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-17] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)

FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-18] (RocketLife, LLP)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1957349403-1563706759-2450246291-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tony\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-1957349403-1563706759-2450246291-1000: @talk.google.com/O1DPlugin -> C:\Users\Tony\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-1957349403-1563706759-2450246291-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)

FF Plugin HKU\S-1-5-21-1957349403-1563706759-2450246291-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Tony\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Tony\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)

 

Chrome:

=======

CHR DefaultProfile: Profile 1

CHR HomePage: Profile 1 -> hxxp://google.com/

CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"

CHR DefaultSearchURL: Profile 1 -> hxxps://duckduckgo.com/?t=lm&q={searchTerms}

CHR DefaultSearchKeyword: Profile 1 -> duckduckgo.com

CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default [2017-12-17]

CHR Extension: (Angry Birds) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-01-27]

CHR Extension: (Google Docs) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]

CHR Extension: (Google Drive) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]

CHR Extension: (Rapport) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-03-07]

CHR Extension: (YouTube) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]

CHR Extension: (OneTab) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-06-06]

CHR Extension: (Google Search) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]

CHR Extension: (VTchromizer) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2016-01-31]

CHR Extension: (Google Docs Offline) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-13]

CHR Extension: (Click&Clean) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2016-09-19]

CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-09-04]

CHR Extension: (Avast Online Security) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-25]

CHR Extension: (Protect My Choices) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2016-09-19]

CHR Extension: (Chromebook Recovery Utility) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2016-03-07]

CHR Extension: (Ghostery) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-09-07]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]

CHR Extension: (Gmail) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

CHR Extension: (Chrome Media Router) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-17]

CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-02-12]

CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-12-18]

CHR Extension: (Slides) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]

CHR Extension: (Docs) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]

CHR Extension: (Google Drive) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-14]

CHR Extension: (Rapport) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-09-14]

CHR Extension: (YouTube) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-14]

CHR Extension: (DuckDuckGo for Chrome) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2017-10-14]

CHR Extension: (Avast SafePrice) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-14]

CHR Extension: (Sheets) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]

CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2016-09-20]

CHR Extension: (Google Docs Offline) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-19]

CHR Extension: (Click&Clean) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2017-10-14]

CHR Extension: (Avast Online Security) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-14]

CHR Extension: (Protect My Choices) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2017-10-14]

CHR Extension: (Ghostery) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-10-14]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-14]

CHR Extension: (Click&Clean App) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-10-14]

CHR Extension: (Gmail) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-14]

CHR Extension: (Chrome Media Router) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-14]

CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-12]

CHR HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-22] (AVAST Software)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-22] (AVAST Software)

R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [13312 2017-01-09] (Cybereason) [File not signed]

S3 EASEUS Agent; C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [56200 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

S4 HPSLPSVC; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)

S4 HPSLPSVC; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)

R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)

S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)

S4 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]

R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2259224 2016-01-03] (IBM Corp.)

R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)

S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2017-12-22] (AVAST Software)

R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2017-12-22] (AVAST Software)

R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2017-12-22] (AVAST Software)

R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2017-12-22] (AVAST Software)

R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2017-12-22] (AVAST Software)

R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2017-12-22] (AVAST Software)

S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2017-12-22] (AVAST Software)

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-02] (AVAST Software)

R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146664 2017-12-22] (AVAST Software)

R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2017-12-22] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2017-12-22] (AVAST Software)

R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2017-12-22] (AVAST Software)

R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457400 2017-12-22] (AVAST Software)

R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2017-12-22] (AVAST Software)

R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2017-12-22] (AVAST Software)

R3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [199032 2015-12-09] (Intel Corporation)

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]

S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]

R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [36232 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [42888 2011-04-22] () [File not signed]

R3 EUDISK; C:\Windows\system32\drivers\eudisk.sys [193928 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [17800 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

R0 EUFS; C:\Windows\System32\drivers\eufs.sys [26504 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]

S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]

S3 G311N6; C:\Windows\System32\DRIVERS\G311N6.sys [347680 2010-05-05] (Netgear)

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-12-17] ()

R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-09] (REALiX™)

R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)

R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [27048 2017-06-13] (IObit.com)

S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2014-04-01] (HandSet Incorporated)

R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-23] (Malwarebytes)

R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)

S3 PSVolAcc; no ImagePath

R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()

R1 RapportCerberus_1507079; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507079.sys [961880 2016-01-17] (IBM Corp.)

R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [503320 2016-01-03] (IBM Corp.)

R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [141304 2016-01-03] (IBM Corp.)

R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [396152 2016-01-03] (IBM Corp.)

R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [496408 2016-01-03] (IBM Corp.)

S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [52736 2009-07-24] (Realtek Semiconductor Corporation )

R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27136 2007-02-05] (Windows ® Codename Longhorn DDK provider)

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]

S3 AndnetBus; system32\DRIVERS\lgandnetbus64.sys [X]

S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]

S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]

S3 cpuz138; \??\C:\Users\Tony\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION

S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-01-03 09:40 - 2018-01-03 09:42 - 000034318 _____ C:\Users\Tony\Desktop\FRST.txt

2018-01-03 09:38 - 2018-01-03 09:38 - 002393088 _____ (Farbar) C:\Users\Tony\Desktop\FRST64.exe

2018-01-03 05:47 - 2018-01-03 05:47 - 000002892 _____ C:\Windows\System32\Tasks\AutoKMS

2018-01-03 05:47 - 2018-01-03 05:47 - 000000262 _____ C:\Windows\Tasks\AutoKMS.job

2018-01-03 05:38 - 2018-01-03 05:38 - 000519246 _____ C:\Users\Akc77\exclusive_communism_cautious.xlsx

2018-01-03 05:38 - 2018-01-03 05:38 - 000516940 _____ C:\Users\V8glcYl\secret_constitute.xlsx

2018-01-03 05:38 - 2018-01-03 05:38 - 000231597 _____ C:\Users\V8glcYl\interval.excess.mdb

2018-01-03 05:38 - 2018-01-03 05:38 - 000204942 _____ C:\Users\Akc77\person-demonstrate-maturity.mdb

2018-01-03 05:38 - 2018-01-03 05:38 - 000063209 _____ C:\Users\Akc77\belief observed goes made.xls

2018-01-03 05:38 - 2018-01-03 05:38 - 000062099 _____ C:\Users\V8glcYl\PzNKLJKdY7H.xls

2018-01-03 05:38 - 2018-01-03 05:38 - 000057598 _____ C:\Users\V8glcYl\bombers.fortunately.pem

2018-01-03 05:38 - 2018-01-03 05:38 - 000055735 _____ C:\Users\Akc77\KSmj.pem

2018-01-03 05:38 - 2018-01-03 05:38 - 000027454 _____ C:\Users\V8glcYl\cHKPcW8Pa2Q.txt

2018-01-03 05:38 - 2018-01-03 05:38 - 000027176 _____ C:\Users\Akc77\amuse.dilemma.mail.txt

2018-01-03 05:38 - 2018-01-03 05:38 - 000015032 _____ C:\Users\V8glcYl\mTJHwesp9o.sql

2018-01-03 05:38 - 2018-01-03 05:38 - 000011065 _____ C:\Users\Akc77\campus-hypothesis-insult.sql

2018-01-03 05:38 - 2018-01-03 05:38 - 000000000 __SHD C:\Users\Tony\Desktop\ This folder protects against Ransomware. Just leave it here

2018-01-03 05:38 - 2018-01-03 05:38 - 000000000 ___HD C:\Users\V8glcYl

2018-01-03 05:38 - 2018-01-03 05:38 - 000000000 ___HD C:\Users\Tony\Documents\Xselect248

2018-01-03 05:38 - 2018-01-03 05:38 - 000000000 ___HD C:\Users\Tony\Documents\Alcache186

2018-01-03 05:38 - 2018-01-03 05:38 - 000000000 ___HD C:\Users\Akc77

2018-01-03 05:38 - 2018-01-03 05:38 - 000000000 ____D C:\Xlog219

2018-01-03 05:38 - 2018-01-03 05:38 - 000000000 ____D C:\Acvalue27

2018-01-03 04:57 - 2018-01-03 04:57 - 000000000 ____D C:\Users\Tony\AppData\Roaming\dvdcss

2017-12-23 09:53 - 2017-12-23 09:53 - 000000000 ____D C:\ProgramData\SWCUTemp

2017-12-23 09:21 - 2017-11-16 23:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2017-12-23 09:21 - 2017-11-14 20:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2017-12-23 09:21 - 2017-11-14 19:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2017-12-23 09:21 - 2017-11-13 22:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2017-12-23 09:21 - 2017-11-13 22:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2017-12-23 09:21 - 2017-11-13 22:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2017-12-23 09:21 - 2017-11-13 22:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2017-12-23 09:21 - 2017-11-13 22:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2017-12-23 09:21 - 2017-11-13 22:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2017-12-23 09:21 - 2017-11-13 22:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2017-12-23 09:21 - 2017-11-13 22:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2017-12-23 09:21 - 2017-11-13 22:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2017-12-23 09:21 - 2017-11-13 22:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2017-12-23 09:21 - 2017-11-13 22:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2017-12-23 09:21 - 2017-11-13 22:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2017-12-23 09:21 - 2017-11-13 22:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2017-12-23 09:21 - 2017-11-13 22:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2017-12-23 09:21 - 2017-11-13 22:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2017-12-23 09:21 - 2017-11-13 22:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2017-12-23 09:21 - 2017-11-13 22:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2017-12-23 09:21 - 2017-11-13 22:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2017-12-23 09:21 - 2017-11-13 22:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2017-12-23 09:21 - 2017-11-13 22:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2017-12-23 09:21 - 2017-11-13 22:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2017-12-23 09:21 - 2017-11-13 22:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2017-12-23 09:21 - 2017-11-13 22:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2017-12-23 09:21 - 2017-11-13 22:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2017-12-23 09:21 - 2017-11-13 22:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2017-12-23 09:21 - 2017-11-13 21:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2017-12-23 09:21 - 2017-11-13 21:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2017-12-23 09:21 - 2017-11-13 21:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2017-12-23 09:21 - 2017-11-13 21:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2017-12-23 09:21 - 2017-11-13 21:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2017-12-23 09:21 - 2017-11-13 21:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2017-12-23 09:21 - 2017-11-13 21:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2017-12-23 09:21 - 2017-11-13 21:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2017-12-23 09:21 - 2017-11-13 21:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2017-12-23 09:21 - 2017-11-13 21:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2017-12-23 09:21 - 2017-11-13 20:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2017-12-23 09:21 - 2017-11-13 20:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2017-12-23 09:21 - 2017-11-13 20:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2017-12-23 09:21 - 2017-11-13 20:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2017-12-23 09:21 - 2017-11-13 20:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2017-12-23 09:21 - 2017-11-13 19:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2017-12-23 09:21 - 2017-11-13 19:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2017-12-23 09:21 - 2017-11-07 15:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2017-12-23 09:21 - 2017-11-07 15:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2017-12-23 09:21 - 2017-11-07 15:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2017-12-23 09:21 - 2017-11-07 15:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2017-12-23 09:21 - 2017-11-07 15:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2017-12-23 09:21 - 2017-11-07 15:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2017-12-23 09:21 - 2017-11-07 15:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2017-12-23 09:21 - 2017-11-07 15:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2017-12-23 09:21 - 2017-11-07 15:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2017-12-23 09:21 - 2017-11-07 15:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2017-12-23 09:21 - 2017-11-07 15:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2017-12-23 09:21 - 2017-11-07 15:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2017-12-23 09:21 - 2017-11-07 15:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2017-12-23 09:21 - 2017-11-07 15:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2017-12-23 09:21 - 2017-11-07 15:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2017-12-23 09:21 - 2017-11-07 15:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2017-12-23 09:21 - 2017-11-07 15:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2017-12-23 09:21 - 2017-11-07 15:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2017-12-23 09:21 - 2017-11-07 15:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2017-12-23 09:21 - 2017-11-07 15:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2017-12-23 09:21 - 2017-11-07 15:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2017-12-23 09:21 - 2017-11-07 15:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2017-12-23 09:21 - 2017-11-07 15:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2017-12-23 09:21 - 2017-11-07 14:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2017-12-23 09:21 - 2017-11-07 11:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2017-12-23 09:21 - 2017-11-07 11:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2017-12-23 09:21 - 2017-11-04 10:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll

2017-12-23 09:21 - 2017-11-04 10:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll

2017-12-23 09:21 - 2017-11-04 10:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll

2017-12-23 09:21 - 2017-11-04 10:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll

2017-12-23 09:21 - 2017-11-02 11:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll

2017-12-23 09:21 - 2017-11-02 11:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll

2017-12-23 09:21 - 2017-11-02 11:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll

2017-12-23 09:21 - 2017-11-02 11:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll

2017-12-23 09:21 - 2017-11-02 10:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll

2017-12-23 09:21 - 2017-11-02 10:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll

2017-12-23 09:21 - 2017-11-02 10:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll

2017-12-23 09:21 - 2017-11-02 09:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll

2017-12-23 09:21 - 2017-10-16 18:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll

2017-12-23 09:21 - 2017-10-16 17:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll

2017-12-23 09:21 - 2017-10-11 19:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys

2017-12-23 08:53 - 2017-12-23 08:53 - 000000000 ____D C:\Users\Tony\AppData\Roaming\HPPSDr

2017-12-22 19:58 - 2017-12-22 19:56 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys

2017-12-22 19:57 - 2017-12-22 19:57 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2017-12-17 13:48 - 2017-12-17 14:14 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2017-12-17 13:48 - 2017-12-17 13:48 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\2737DD3A.sys

2017-12-17 13:27 - 2017-12-17 13:29 - 000220974 _____ C:\TDSSKiller.3.1.0.15_17.12.2017_13.27.42_log.txt

2017-12-10 06:16 - 2017-12-17 14:20 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys

2017-12-10 05:13 - 2017-12-10 05:13 - 000001829 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2017-12-10 05:13 - 2017-12-10 05:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2017-12-10 05:13 - 2017-12-10 05:13 - 000000000 ____D C:\ProgramData\MB2Migration

2017-12-10 05:13 - 2017-12-10 05:13 - 000000000 ____D C:\Program Files\Malwarebytes

2017-12-10 05:13 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys

2017-12-10 04:47 - 2017-12-10 04:49 - 000217466 _____ C:\TDSSKiller.3.1.0.15_10.12.2017_04.47.45_log.txt

2017-12-10 04:37 - 2017-12-17 14:20 - 000215376 _____ C:\Windows\ntbtlog.txt

2017-12-08 19:55 - 2017-10-17 21:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2017-12-08 19:55 - 2017-10-17 21:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2017-12-08 19:55 - 2017-10-17 21:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2017-12-08 19:55 - 2017-10-17 21:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2017-12-08 19:55 - 2017-10-17 21:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2017-12-08 19:55 - 2017-10-17 21:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2017-12-08 19:55 - 2017-10-17 21:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2017-12-08 19:55 - 2017-10-16 18:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2017-12-08 19:55 - 2017-10-16 16:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll

2017-12-08 19:55 - 2017-10-11 19:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2017-12-08 19:55 - 2017-10-11 19:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2017-12-08 19:55 - 2017-10-11 19:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2017-12-08 19:55 - 2017-10-11 19:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll

2017-12-08 19:55 - 2017-10-11 19:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll

2017-12-08 19:55 - 2017-10-11 19:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll

2017-12-08 19:55 - 2017-10-11 19:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll

2017-12-08 19:55 - 2017-10-11 19:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll

2017-12-08 19:55 - 2017-10-11 19:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll

2017-12-08 19:55 - 2017-10-11 19:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll

2017-12-08 19:55 - 2017-10-11 19:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll

2017-12-08 19:55 - 2017-10-11 19:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2017-12-08 19:55 - 2017-10-11 19:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll

2017-12-08 19:55 - 2017-10-11 19:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll

2017-12-08 19:55 - 2017-10-11 19:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2017-12-08 19:55 - 2017-10-11 19:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2017-12-08 19:55 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll

2017-12-08 19:55 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2017-12-08 19:55 - 2017-10-11 19:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2017-12-08 19:55 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2017-12-08 19:55 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2017-12-08 19:55 - 2017-10-11 19:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2017-12-08 19:55 - 2017-10-11 19:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe

2017-12-08 19:55 - 2017-10-11 19:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe

2017-12-08 19:55 - 2017-10-11 19:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe

2017-12-08 19:55 - 2017-10-11 19:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2017-12-08 19:55 - 2017-10-11 19:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2017-12-08 19:55 - 2017-10-11 19:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll

2017-12-08 19:55 - 2017-10-11 19:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll

2017-12-08 19:55 - 2017-10-11 19:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll

2017-12-08 19:55 - 2017-10-11 19:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll

2017-12-08 19:55 - 2017-10-11 19:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll

2017-12-08 19:55 - 2017-10-11 19:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll

2017-12-08 19:55 - 2017-10-11 19:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll

2017-12-08 19:55 - 2017-10-11 19:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll

2017-12-08 19:55 - 2017-10-11 19:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2017-12-08 19:55 - 2017-10-11 19:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll

2017-12-08 19:55 - 2017-10-11 19:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll

2017-12-08 19:55 - 2017-10-11 19:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2017-12-08 19:55 - 2017-10-11 19:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2017-12-08 19:55 - 2017-10-11 19:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe

2017-12-08 19:55 - 2017-10-11 19:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe

2017-12-08 19:55 - 2017-10-11 19:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe

2017-12-08 19:55 - 2017-10-11 19:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll

2017-12-08 19:55 - 2017-10-11 19:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2017-12-08 19:55 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2017-12-08 19:55 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2017-12-08 19:55 - 2017-10-11 19:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys

2017-12-08 19:55 - 2017-10-11 19:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll

2017-12-08 19:55 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll

2017-12-06 08:33 - 2017-12-06 08:33 - 000000000 ____D C:\Program Files\Common Files\Avast Software

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-01-03 09:40 - 2017-09-22 03:15 - 000000000 ____D C:\FRST

2018-01-03 07:31 - 2009-11-29 17:45 - 000019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2018-01-03 07:31 - 2009-11-29 17:45 - 000019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2018-01-03 05:47 - 2015-08-05 02:53 - 000000000 ____D C:\Windows\AutoKMS

2018-01-03 05:12 - 2013-05-10 21:28 - 000000000 ____D C:\Users\Tony\AppData\Roaming\vlc

2018-01-03 05:10 - 2010-03-05 22:07 - 000000079 _____ C:\Users\Tony\AppData\default.pls

2018-01-01 09:51 - 2017-05-23 02:09 - 000000000 ____D C:\Program Files\Slimjet

2017-12-31 20:33 - 2014-05-15 18:11 - 000000000 ____D C:\Program Files (x86)\LG Electronics

2017-12-31 20:33 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf

2017-12-31 20:33 - 2009-06-11 16:18 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2017-12-27 15:43 - 2009-07-14 00:32 - 000000000 ____D C:\Windows\system32\FxsTmp

2017-12-23 09:58 - 2009-07-14 00:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI

2017-12-23 09:52 - 2015-09-11 18:44 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys

2017-12-23 09:50 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2017-12-23 09:50 - 2009-07-13 23:45 - 000425304 _____ C:\Windows\system32\FNTCACHE.DAT

2017-12-23 09:44 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\Setup

2017-12-23 09:44 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\Setup

2017-12-23 09:34 - 2013-07-25 05:16 - 000000000 ____D C:\Windows\system32\MRT

2017-12-23 09:25 - 2017-10-17 22:42 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe

2017-12-23 09:25 - 2009-12-09 07:26 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2017-12-23 08:52 - 2014-01-19 19:15 - 000000000 ____D C:\Program Files (x86)\HP

2017-12-23 08:52 - 2014-01-19 19:13 - 000000000 ____D C:\Users\Tony\AppData\Local\HP

2017-12-23 08:39 - 2013-03-30 01:41 - 000000000 ____D C:\Users\Tony\AppData\Local\ElevatedDiagnostics

2017-12-22 19:58 - 2017-02-14 16:38 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update

2017-12-22 19:57 - 2017-11-10 20:33 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys

2017-12-22 19:57 - 2014-05-04 02:25 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

2017-12-22 19:57 - 2014-01-11 17:39 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2017-12-22 19:57 - 2013-03-28 09:16 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2017-12-22 19:57 - 2013-03-28 09:16 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2017-12-22 19:57 - 2013-03-28 09:16 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2017-12-22 19:57 - 2013-03-22 10:16 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys

2017-12-22 19:57 - 2013-03-22 10:16 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

2017-12-22 19:56 - 2017-02-14 16:38 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys

2017-12-22 19:56 - 2017-02-14 16:38 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys

2017-12-22 19:56 - 2017-02-14 16:38 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys

2017-12-22 19:56 - 2017-02-14 16:38 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys

2017-12-22 19:56 - 2013-03-28 09:16 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2017-12-17 18:55 - 2013-11-28 08:52 - 000000000 ____D C:\ProgramData\ProductData

2017-12-17 18:55 - 2013-05-10 16:50 - 000000000 ____D C:\ProgramData\IObit

2017-12-17 18:17 - 2017-03-04 21:49 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2017-12-17 18:17 - 2016-05-09 01:50 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2017-12-17 18:17 - 2016-05-09 01:50 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2017-12-17 18:17 - 2011-11-22 14:02 - 000000000 ____D C:\Windows\system32\Macromed

2017-12-17 18:17 - 2009-06-11 16:08 - 000000000 ____D C:\Windows\SysWOW64\Macromed

2017-12-17 18:13 - 2015-01-27 16:29 - 000002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-12-17 18:00 - 2017-01-28 09:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

2017-12-17 17:57 - 2010-05-29 17:33 - 000001189 _____ C:\Users\Tony\AppData\Roaming\vso_ts_preview.xml

2017-12-17 17:57 - 2009-12-01 19:24 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Vso

2017-12-17 14:19 - 2017-02-12 05:14 - 000000000 ____D C:\AdwCleaner

2017-12-10 06:08 - 2009-08-29 23:48 - 000000000 ____D C:\Users\Tony\AppData\Roaming\IObit

2017-12-10 05:13 - 2015-09-11 18:44 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2017-12-10 05:13 - 2009-08-08 10:07 - 000000000 ____D C:\ProgramData\Malwarebytes

2017-12-10 05:09 - 2006-11-02 10:15 - 000000000 ____D C:\Windows\WindowsMobile

2017-12-10 04:35 - 2009-07-14 00:08 - 000032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2017-12-07 19:39 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration

2017-12-06 08:33 - 2015-12-03 18:18 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software

 

==================== Files in the root of some directories =======

 

2015-08-06 07:25 - 2015-08-06 07:25 - 000000068 _____ () C:\Program Files\.directory

2015-08-06 06:55 - 2015-08-06 06:55 - 000000068 _____ () C:\Users\Tony\AppData\Roaming\.directory

2012-08-23 13:25 - 2012-08-23 13:37 - 000000408 _____ () C:\Users\Tony\AppData\Roaming\Checksum.ini

2011-12-11 23:27 - 2011-12-11 23:27 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\Galactic Static

2011-12-11 23:54 - 2011-12-11 23:54 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\Guides

2011-12-11 23:54 - 2011-12-11 23:54 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\Guitar

2011-12-11 23:54 - 2011-12-11 23:54 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\Guitars

2009-12-01 19:24 - 2013-08-04 13:19 - 000099384 _____ () C:\Users\Tony\AppData\Roaming\inst.exe

2009-12-01 19:24 - 2013-08-04 13:19 - 000007859 _____ () C:\Users\Tony\AppData\Roaming\pcouffin.cat

2009-12-01 19:24 - 2013-08-04 13:19 - 000001167 _____ () C:\Users\Tony\AppData\Roaming\pcouffin.inf

2009-12-01 19:24 - 2013-08-04 13:19 - 000082816 _____ (VSO Software) C:\Users\Tony\AppData\Roaming\pcouffin.sys

2012-05-12 14:01 - 2012-05-13 08:52 - 000002035 _____ () C:\Users\Tony\AppData\Roaming\SAS7_000.DAT

2016-06-05 07:59 - 2016-06-05 08:00 - 000017144 _____ () C:\Users\Tony\AppData\Roaming\UserTile.png

2010-05-29 17:33 - 2017-12-17 17:57 - 000001189 _____ () C:\Users\Tony\AppData\Roaming\vso_ts_preview.xml

2013-07-26 23:50 - 2014-04-29 23:50 - 000000039 _____ () C:\Users\Tony\AppData\Roaming\WB.CFG

2013-07-13 10:50 - 2014-01-28 01:50 - 000000005 _____ () C:\Users\Tony\AppData\Roaming\WBPU-TTL.DAT

2011-01-16 23:57 - 2015-06-07 06:47 - 000000504 _____ () C:\Users\Tony\AppData\Roaming\wklnhst.dat

2015-08-06 06:44 - 2015-08-06 06:44 - 000000068 _____ () C:\Users\Tony\AppData\Local\.directory

2014-04-18 14:25 - 2015-07-12 14:54 - 000000600 _____ () C:\Users\Tony\AppData\Local\PUTTY.RND

2010-01-24 08:04 - 2017-09-22 02:59 - 000007604 _____ () C:\Users\Tony\AppData\Local\resmon.resmoncfg

2009-11-29 18:12 - 2009-11-29 18:27 - 000001297 _____ () C:\Users\Tony\AppData\Local\Win7_tmp1.htm

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2017-12-29 00:37

 

==================== End of FRST.txt ============================


Edited by Chris Cosgrove, 03 January 2018 - 10:57 AM.
Duplicated topic deleted


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:08 PM

Posted 03 January 2018 - 06:11 PM

Greetings antonio831 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please copy and paste the contents of the Addition.txt in your reply. That document that should be on your desktop.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:08 PM

Posted 06 January 2018 - 01:05 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:08 PM

Posted 08 January 2018 - 12:05 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:08 PM

Posted 12 January 2018 - 09:48 AM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 antonio831

antonio831
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 13 January 2018 - 04:34 PM

Here is the addition log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Tony (03-01-2018 10:48:24)
Running from C:\Users\Tony\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-11-29 23:10:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1957349403-1563706759-2450246291-500 - Administrator - Disabled)
Guest (S-1-5-21-1957349403-1563706759-2450246291-501 - Limited - Enabled) => C:\Users\Guest
Tony (S-1-5-21-1957349403-1563706759-2450246291-1000 - Administrator - Enabled) => C:\Users\Tony
UpdatusUser (S-1-5-21-1957349403-1563706759-2450246291-1021 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Active@ Disk Image 7.0 (HKLM\...\{9567EC70-0294-4782-BE75-FA9CF50F1078}_is1) (Version: 7.0 - LSoft Technologies Inc)
Active@ File Recovery Professional 11 (HKLM-x32\...\{C34F36E0-4D8B-42E8-90AD-50C76E1AE282}_is1) (Version: 11 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
AMR to MP3 Converter 1.4 (HKLM-x32\...\{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1) (Version:  - www.amrtomp3converter.com)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.50.854.0 - Logitech) Hidden
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Cybereason RansomFree 2.2.5.0 (HKLM-x32\...\{4A79F8E4-F22D-4F66-9D52-D84F5AFA830E}) (Version: 2.2.5.0 - Cybereason Inc.)
EASEUS Data Recovery Wizard Professional 5.5.1 (HKLM-x32\...\EASEUS Data Recovery Wizard Professional 5.5.1_is1) (Version:  - EASEUS)
EASEUS Partition Master 9.1.0 Professional (HKLM-x32\...\EASEUS Partition Master Professional Edition_is1) (Version:  - EASEUS)
EASEUS Todo Backup Professional 2.5 (HKLM-x32\...\EASEUS Todo Backup Professional 2.5_is1) (Version: 2.5.0.1 - CHENGDU YIWO Tech Development Co., Ltd)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 14.0.8.0 - FlashPeak Inc.)
FlashPeak Slimjet 64bit (HKLM\...\Slimjet) (Version: 14.0.9.0 - FlashPeak Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
HashCalc 2.02 (HKLM-x32\...\HashCalc_is1) (Version:  - SlavaSoft Inc.)
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\HP Photo Creations) (Version: 1.0.0.19662 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.0.2.49 - IObit)
iSpy (64 bit) (HKLM\...\{79AAFB4D-30FF-4999-9A16-322C4BB61E7C}) (Version: 5.5.8 - iSpy)
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.14350.0 - Linksys LLC)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (HKLM\...\{138A4072-9E64-46BD-B5F9-DB2BB395391F}) (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 56.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0.2 (x64 en-US)) (Version: 56.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.2.6506 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}) (Version: 7.03.1152 - Nero AG)
NETGEAR GA311 Gigabit Adapter (HKLM-x32\...\{9E7300DD-08A3-4B3F-AEE1-1450843FE86E}) (Version: 1.00.0000 - Netgear)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.2.1 - Nikon)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenVPN 2.3.6-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.3.0 - Nikon)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1507.113 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Seagate Manager Installer (HKLM-x32\...\{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SUABnR (HKLM-x32\...\{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.104 - Trusteer)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{2BC6BC08-9E31-4B36-8715-E170F6173942}) (Version: 2.16.0404 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{54F10727-0D7A-4B24-9D8E-F4BB59CB9148}) (Version: 2.16.0307 - Samsung Electronics Co., Ltd.)
ViewNX 2 (HKLM-x32\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.2.3 - Nikon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows 7 Manager (HKLM\...\{FC48E554-7BCA-4CE1-8E09-67EAA9B52218}) (Version: 4.2.4 - Yamicsoft)
Windows Driver Package - XBCD Project HID  (16/05/2008 1.1.0) (HKLM\...\C6DCA6D8EFAB374E8F91A705567555FF4DAF025D) (Version: 16/05/2008 1.1.0 - XBCD Project)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-19] ()
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-19] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-02-03] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-19] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0074757A-D886-4692-8795-9CC27C6B07D4} - System32\Tasks\SafeZone scheduled Autoupdate 1458746355 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {21EC5BC1-CE0B-4BC5-A014-285719268AD9} - \Microsoft\Windows\WindowsBackup\AutomaticBackup -> No File <==== ATTENTION
Task: {24F35CF8-8C11-450C-9F17-8B55EF04B5F4} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-01-09] (Cybereason)
Task: {2865CB60-EB8A-4C05-87CD-22D3246E6CBA} - System32\Tasks\{8E518E75-6CBA-40C5-9354-CEAC37027171} => C:\Windows\system32\pcalua.exe -a J:\Downloads\Nero7_chm_Enu.exe -d J:\Downloads
Task: {2C4ACAF2-D2A2-4D4F-BF00-144C1803652A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2F3179C0-CA89-4E19-B1BC-E0E073E38286} - System32\Tasks\avastBCLRestartS-1-5-21-1957349403-1563706759-2450246291-1000 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
Task: {3F19B905-C54B-4ADF-B542-EECFDCE41CE3} - System32\Tasks\{07B67644-76BF-444E-84AA-78FFDD3BF190} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {50003D87-481A-4CA9-B932-69935AD466C8} - System32\Tasks\{EE77AA10-E4A1-4596-97E6-56EB8A066A67} => C:\Windows\system32\pcalua.exe -a "J:\Temp Downloads\AdobeAIRInstaller.exe" -d "J:\Temp Downloads"
Task: {71438543-4EEC-48FC-A33A-892562460CAC} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-01-09] (Cybereason)
Task: {74381286-936E-4590-93E3-0BF0F59645FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {755F5200-23A7-49AC-B427-137947C99B7C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-22] (AVAST Software)
Task: {7A176829-9947-4C04-B3D0-88507F9C5AD8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-17] (Adobe Systems Incorporated)
Task: {7F5BF15B-8FCE-4B9E-B065-D206F9C22929} - System32\Tasks\Uninstaller_SkipUac_Tony => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-09-15] (IObit)
Task: {823E62E4-AD3F-43B0-8C2E-00AB7AC59D42} - System32\Tasks\{AD861A28-AFC5-4B73-B8CE-E8F7F62FF34B} => C:\Windows\system32\pcalua.exe -a "J:\Program set up files\Total Video Converter 3.61 Wth Crack Working Perfect\Total Video Converter 3.61 Wth Crack Working Perfect\Keygen.exe" -d "J:\Program set up files\Total Video Converter 3.61 Wth Crack Working Perfect\Total Video Converter 3.61 Wth Crack Working Perfect"
Task: {89CEFB49-26E4-45A3-90A2-E8375F5AB836} - System32\Tasks\{E3AE040E-77B5-468B-A2AB-A0C0B0B3DAEF} => C:\Windows\system32\pcalua.exe -a C:\Users\Tony\Downloads\HPSupportSolutionsFramework-12.3.11.29.exe -d C:\Users\Tony\Downloads
Task: {A67D34DE-C169-49C9-BE0A-3B68205BFA7F} - System32\Tasks\{3A786032-8B0D-4958-99DC-20019AE195B1} => C:\Windows\system32\pcalua.exe -a J:\Downloads\cjxp32se\cjxp32se\cjxp32se\SETUPWIN.EXE -d J:\Downloads\cjxp32se\cjxp32se\cjxp32se
Task: {AE6D4662-C3FE-4F4E-A2B5-9F5DD22810A4} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-12-06] (AVAST Software)
Task: {BD890FD2-8567-46FA-B093-6B79DEACF335} - System32\Tasks\{4F6098E7-ABFA-4ACE-A0FA-E426ED48F30C} => C:\Windows\system32\pcalua.exe -a "J:\Program set up files\drivers\Setup.exe" -d "J:\Program set up files\drivers"
Task: {BEA33DD9-F576-40B1-90C1-BC881B5690DB} - \Microsoft\Windows\WindowsBackup\Windows Backup Monitor -> No File <==== ATTENTION
Task: {DBD4E11B-0450-45F0-BDD0-2B3C79FE8753} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2018-01-03] ()
Task: {E2201713-5486-4693-9629-A608B8B96EC3} - System32\Tasks\{817229F7-96E5-4452-B525-A8D05D295367} => C:\Windows\system32\pcalua.exe -a "J:\Downloads\Advanced SystemCare Pro 5.0.0.152 Setup + KeyGen\Advanced SystemCare Pro 5.0.0.152.exe" -d "J:\Downloads\Advanced SystemCare Pro 5.0.0.152 Setup + KeyGen"
Task: {E459DA13-D802-4BF0-9C10-1642B78D23DA} - System32\Tasks\{E3923907-03E2-410A-88C1-44C7346AC9A7} => C:\Windows\system32\pcalua.exe -a "J:\Temp Downloads\setup.exe" -d "J:\Temp Downloads"
Task: {E74C066C-7023-4A42-B0A9-47D526032C45} - System32\Tasks\{A2C7E219-765C-4E69-902F-05A2ECD96DCE} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {E7FD8111-CC79-4A03-BB97-BB25751E7F5D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {F0E6F1C0-45BF-4E29-89F5-7BA6B6D3450A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F7CCBBFC-8BCE-420C-ABA4-88919D9260E9} - System32\Tasks\{D41E13DD-1EEE-4F01-AF01-2B29EDE2735E} => C:\Windows\system32\pcalua.exe -a F:\Yamicsoft.Windows.7.Manager.v1.1.2.Incl.Keymaker-ROGUE\windows7manager.exe -d F:\Yamicsoft.Windows.7.Manager.v1.1.2.Incl.Keymaker-ROGUE
Task: {FB4EF8BC-3E4F-44A9-B8FC-5D52CD910AB4} - System32\Tasks\{84E26F55-EAAD-4B03-A4F9-0857E874890E} => C:\Windows\system32\pcalua.exe -a C:\Users\Tony\Downloads\R220849\Setup.exe -d C:\Users\Tony\Downloads\R220849
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chromebook Recovery Utility.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jndclpdbaamdhonoechobihbbiimdgai
ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fccac19b89f69350\Click&Clean.lnk -> C:\Program Files\Slimjet\slimjet.exe (FlashPeak Inc.) -> --profile-directory="Profile 1" --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\dea50c82368084a9\Tony - Slimjet.lnk -> C:\Program Files\Slimjet\slimjet.exe (FlashPeak Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5137ab5c18cdb8e7\Tony - Slimjet.lnk -> C:\Program Files\Slimjet\slimjet.exe (FlashPeak Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-12-10 05:13 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000067920 _____ () c:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000067984 _____ () C:\Program Files\AVAST Software\Avast\x64\dll_loader.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000236840 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000902824 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000349568 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000337096 _____ () C:\Program Files\AVAST Software\Avast\x64\tasks_core.dll
2013-07-01 22:18 - 2015-02-03 21:21 - 000115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-04-30 17:12 - 2008-06-19 23:41 - 000062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2017-05-23 02:09 - 2017-12-30 17:09 - 004196352 _____ () C:\Program Files\Slimjet\libglesv2.dll
2017-05-23 02:09 - 2017-12-30 17:09 - 000092672 _____ () C:\Program Files\Slimjet\libegl.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-12-23 06:25 - 2017-12-23 06:25 - 005767312 _____ () C:\Program Files\AVAST Software\Avast\defs\17122300\algo.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000293944 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-12-28 06:02 - 2017-12-28 06:02 - 005767312 _____ () C:\Program Files\AVAST Software\Avast\defs\17122800\algo.dll
2018-01-01 10:11 - 2018-01-01 10:11 - 005767312 _____ () C:\Program Files\AVAST Software\Avast\defs\18010102\algo.dll
2018-01-03 06:15 - 2018-01-03 06:15 - 005767312 _____ () C:\Program Files\AVAST Software\Avast\defs\18010300\algo.dll
2017-07-28 08:52 - 2017-07-28 08:52 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-23 01:58 - 2017-05-22 10:16 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-05-23 01:58 - 2017-05-22 10:16 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-05-23 01:58 - 2017-05-22 10:16 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-09-22 04:05 - 2017-05-22 10:17 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-05-23 01:58 - 2017-05-23 17:57 - 000631584 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2017-05-23 01:58 - 2017-05-22 10:16 - 000524064 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:0CE7F3C9 [118]
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [374]
AlternateDataStreams: C:\ProgramData\Temp:661DFA1C [140]
AlternateDataStreams: C:\ProgramData\Temp:9E00596C [192]
AlternateDataStreams: C:\ProgramData\Temp:ADF211B1 [100]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com
 
There are 4791 more sites.
 
IE trusted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\google.com -> hxxps://www.google.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4793 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 07:34 - 2017-05-22 23:53 - 000000761 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^Users^Tony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => 
MSCONFIG\startupreg: DellComms => 
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => 
MSCONFIG\startupreg: ISUSPM => 
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LogitechCommunicationsManager => 
MSCONFIG\startupreg: LogitechQuickCamRibbon => 
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Nikon Message Center 2 => 
MSCONFIG\startupreg: PDVDDXSrv => 
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
MSCONFIG\startupreg: Skytel => 
MSCONFIG\startupreg: SunJavaUpdateSched => 
MSCONFIG\startupreg: TkBellExe => 
MSCONFIG\startupreg: UpdateLBPShortCut => 
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{74E40A56-742D-46F2-8193-EEFA33F10665}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{E446CBD0-4863-437D-82C0-AAF6D52B88EB}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{DC492E1D-E454-4E30-8B7F-285A5C270565}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{AC7B9E33-C1E0-4290-9895-6583EFEE8281}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{9DE884D4-22E2-4866-A9B1-B29A74DBD535}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{97057C91-6E5E-4197-8330-DB73613475C5}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{23E4C109-9B02-4C20-96E9-36A3A23A1890}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe] => (Block) C:\program files (x86)\nero\nero 7\nero home\nerohome.exe
FirewallRules: [UDP Query User{359617B2-5482-4033-AC95-A3E2413FEB69}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe] => (Block) C:\program files (x86)\nero\nero 7\nero home\nerohome.exe
FirewallRules: [{359D0683-9EC1-481A-BAF4-E886DBE62A2D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4DB2D65F-7275-4CAA-A206-CC6FF8463399}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{F6B9594D-F52B-406C-B4AB-894E3C73ACC6}C:\program files\ispy\ispy (64 bit)\ispy.exe] => (Allow) C:\program files\ispy\ispy (64 bit)\ispy.exe
FirewallRules: [UDP Query User{092FC93F-E4E5-4A58-A8F7-6CDE0D56FB76}C:\program files\ispy\ispy (64 bit)\ispy.exe] => (Allow) C:\program files\ispy\ispy (64 bit)\ispy.exe
FirewallRules: [{B609F1B3-F387-444A-BCA2-B8905580D17E}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{E2F87AB7-3CFD-4BA0-827D-9F2A215FC29C}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{C96F0E2A-0D89-45D8-AB96-86F4F2DE6B7F}] => (Allow) LPort=7000
FirewallRules: [{E6D3AC38-9F20-40AA-BC9B-0C29FE9EA585}] => (Allow) LPort=7000
FirewallRules: [{628E9DCC-308C-4A7E-939B-5606738205AD}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{DB463335-75AB-4DB3-BBF6-B064545A8582}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{669C5215-6015-4441-9104-AC37E3B763D6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{2BE0CBCE-2A44-412E-B0B6-05D8B32E8DE7}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{A1D4EEAC-9B17-4205-8F4A-71F019CCF5DB}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{75C6BCEB-04A4-41FB-97C3-FFA1A2A3E1D5}C:\windows\ehome\wow\ehexthost32.exe] => (Allow) C:\windows\ehome\wow\ehexthost32.exe
FirewallRules: [UDP Query User{118100C7-353A-40E1-959B-3EACD3351BE3}C:\windows\ehome\wow\ehexthost32.exe] => (Allow) C:\windows\ehome\wow\ehexthost32.exe
FirewallRules: [{97E4DFB8-A462-4D43-BFA9-F002763457D1}] => (Block) C:\windows\ehome\wow\ehexthost32.exe
FirewallRules: [{0F0991FC-9C72-4241-B6C8-B007980261E0}] => (Block) C:\windows\ehome\wow\ehexthost32.exe
FirewallRules: [TCP Query User{0311AA18-3D40-475D-B20E-ACEB2924BA75}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{4438734C-6C20-4E58-B291-C33185AF5A8D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{81E3BC7A-A792-4D8F-A1FA-17240781FBDF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6D6001B1-C0EA-4154-882E-2ADF0C51CFBD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7CC958FB-9A6B-49F4-A5D3-940F52C10E2C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D2E537E0-161E-4420-89B1-3B27B96720CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B6B026C5-B957-4053-B28E-19E223FE6B2E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B2CF6CAC-BAF1-4A08-B5B5-2428D571B545}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{58B770DD-5039-4216-A131-6621A2EC7DBE}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{8A2FE490-A557-4867-9D16-EECADF931B60}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{2F185DC4-9E25-427D-89E2-52C2DA48D150}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{5F3081E6-1823-40F6-B703-18E72AA9B658}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{0AEAC2BC-D308-48D3-B112-04B5623D9C2B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{8B6D4902-7BDB-4211-B957-8DEB093CBC06}C:\program files\slimjet\slimjet.exe] => (Allow) C:\program files\slimjet\slimjet.exe
FirewallRules: [UDP Query User{9FC6D495-6ED1-4494-8BC1-8FE7796773A8}C:\program files\slimjet\slimjet.exe] => (Allow) C:\program files\slimjet\slimjet.exe
FirewallRules: [TCP Query User{B7E3DC3E-A35F-40B7-BFF5-85584119B9D4}C:\program files\slimjet\slimjet.exe] => (Allow) C:\program files\slimjet\slimjet.exe
FirewallRules: [UDP Query User{147263A1-A4CE-4342-8CAF-27AA92893F16}C:\program files\slimjet\slimjet.exe] => (Allow) C:\program files\slimjet\slimjet.exe
 
==================== Restore Points =========================
 
26-10-2017 23:00:01 Scheduled Checkpoint
02-11-2017 23:00:01 Scheduled Checkpoint
10-11-2017 00:00:01 Scheduled Checkpoint
10-11-2017 20:36:48 Windows Update
11-11-2017 09:25:40 Installed Rapport
19-11-2017 00:00:01 Scheduled Checkpoint
25-11-2017 20:15:34 Installed Rapport
03-12-2017 00:00:01 Scheduled Checkpoint
08-12-2017 19:57:05 Windows Update
10-12-2017 01:21:26 Installed Rapport
17-12-2017 20:50:40 Scheduled Checkpoint
23-12-2017 09:23:14 Windows Update
23-12-2017 09:53:07 Installed Rapport
31-12-2017 00:00:01 Scheduled Checkpoint
31-12-2017 20:32:06 Removed LG Mobile Driver
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/23/2017 09:51:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/23/2017 09:45:43 AM) (Source: Service1) (EventID: 0) (User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at WinServiceHost.RFServiceHost.StopRansomFreeService()
   at WinServiceHost.RFServiceHost.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (12/17/2017 06:08:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/17/2017 02:56:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hitmanpro_x64.exe, version: 3.7.20.286, time stamp: 0x58e5ec3b
Faulting module name: hitmanpro_x64.exe, version: 3.7.20.286, time stamp: 0x58e5ec3b
Exception code: 0xc0000005
Fault offset: 0x00000000002bfb49
Faulting process id: 0x87c
Faulting application start time: 0x01d3776c0921d1cf
Faulting application path: C:\Users\Tony\Desktop\hitmanpro_x64.exe
Faulting module path: C:\Users\Tony\Desktop\hitmanpro_x64.exe
Report Id: 4f6a7203-e364-11e7-9a8d-0002b3a92da8
 
Error: (12/17/2017 01:38:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/17/2017 01:34:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/17/2017 01:29:44 PM) (Source: Service1) (EventID: 0) (User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at WinServiceHost.RFServiceHost.StopRansomFreeService()
   at WinServiceHost.RFServiceHost.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (12/13/2017 11:30:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotoSnap.exe, version: 1.2.0.25, time stamp: 0x46265336
Faulting module name: PhotoSnap.exe, version: 1.2.0.25, time stamp: 0x46265336
Exception code: 0xc0000005
Fault offset: 0x0001920a
Faulting process id: 0x1f18
Faulting application start time: 0x01d3749430153ead
Faulting application path: C:\Program Files (x86)\Nero\Nero 7\Nero PhotoSnap\PhotoSnap.exe
Faulting module path: C:\Program Files (x86)\Nero\Nero 7\Nero PhotoSnap\PhotoSnap.exe
Report Id: 739b2063-e087-11e7-9d29-0002b3a92da8
 
Error: (12/10/2017 07:08:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/10/2017 06:35:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (01/03/2018 05:12:34 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:12:26 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:12:17 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:08:10 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:08:02 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:07:53 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:07:44 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:07:35 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:07:27 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:07:18 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
 
CodeIntegrity:
===================================
  Date: 2016-12-25 22:17:20.082
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_c02db572165f9ab0\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-25 22:17:19.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_c02db572165f9ab0\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-25 22:17:19.677
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_c02db572165f9ab0\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-25 21:55:25.639
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-25 21:55:25.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-25 21:55:25.265
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-25 21:55:25.031
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-25 21:55:24.844
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-25 21:55:24.641
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-11 11:50:14.270
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_c02db572165f9ab0\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 59%
Total physical RAM: 4095.05 MB
Available physical RAM: 1668.52 MB
Total Virtual: 8188.24 MB
Available Virtual: 4664.68 MB
 
==================== Drives ================================
 
Drive a: (OS) (Network) (Total:110.3 GB) (Free:13.75 GB) NTFS
Drive c: (OS) (Fixed) (Total:110.3 GB) (Free:13.75 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.84 GB) NTFS
Drive j: (Data Storage) (Fixed) (Total:471.18 GB) (Free:314.11 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 70811D92)
Partition 1: (Not Active) - (Size=39 MB) - (Type=1E)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=110.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=471.2 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:08 PM

Posted 13 January 2018 - 10:26 PM

My apologies. Since this report is 10 days old could you run another Scan please.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 antonio831

antonio831
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 15 January 2018 - 07:46 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.01.2018
Ran by Tony (administrator) on JAM831 (15-01-2018 19:40:54)
Running from C:\Users\Tony\Desktop
Loaded Profiles: Tony (Available Profiles: Tony & UpdatusUser & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Slimjet\slimjet.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-22] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{09C8274D-EEF0-429D-85D1-E4B019BFC200}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{730E25AF-6D30-4813-934C-E8C9D976A346}: [DhcpNameServer] 10.12.0.1
Tcpip\..\Interfaces\{8CAC7D09-D7B0-46E7-BBB5-71197B51D29A}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {2B782333-9951-4628-AF27-5F0379224BE5} URL = 
SearchScopes: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> DefaultScope {B97C571B-18F9-443C-9429-EDDE4EDA3874} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> {71CCAEEA-E518-4E25-A1CF-9EE8CBDC11D8} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> {B97C571B-18F9-443C-9429-EDDE4EDA3874} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: No Name -> -{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> -{B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-10] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-10] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> No Name - {1AEC5771-FCD6-4537-A6B7-5F1935FD527C} -  No File
Toolbar: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> No Name - {94000A61-AF9A-4247-8DB6-A949FADB0354} -  No File
DPF: HKLM-x32 {10000000-1000-1000-1000-100000000000} hxxp://cdn.betteradvertising.com/ghostery/addons/ie/WebInstall/ghostery.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: HKLM-x32 {A3256902-51FA-45A0-8A97-FC1143C169D9} hxxp://support.microsoft.com/mats/DiagWebControl.cab
Handler: WSAllMyTubechrome - No CLSID Value
 
FireFox:
========
FF DefaultProfile: 8btycwpw.default
FF ProfilePath: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default [2018-01-15]
FF Homepage: Mozilla\Firefox\Profiles\8btycwpw.default -> hxxps://www.google.com
FF Extension: (AdBlocker Ultimate) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\adblockultimate@adblockultimate.net.xpi [2017-12-13]
FF Extension: (Click&Clean) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\clickclean@hotcleaner.com [2016-04-30] [Legacy]
FF Extension: (OneTab) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\extension@one-tab.com.xpi [2018-01-15]
FF Extension: (YouTube™ Flash® Player) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2017-10-08]
FF Extension: (Avast SafePrice) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\sp@avast.com.xpi [2017-12-13]
FF Extension: (Avast Online Security) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\wrc@avast.com.xpi [2017-10-25]
FF Extension: (Flash and Video Download) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-01-15]
FF ProfilePath: C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default [2013-02-18]
FF Extension: (CSS Stylesheet Editor) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\csseditor@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (EyeDropper) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\eyedropper@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (FontSquirrel Manager) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\fs@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Fullscreen) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\fullscreen@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Google Font Directory Manager) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\gfd@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-cs@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-de@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (English (US) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Español (España) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Suomenkielinen (FI) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-fi@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Français Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-fr@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-he@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-hu@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-it@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Japanese Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-ja@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Korean (KR) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-ko@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-nl@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Polski Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-pl@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-sl@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (српски (sr) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-sr@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (MathML) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\mathml@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Snippets) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\snippets@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (SVG-edit) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\svg-edit@googlegroups.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Table Layouts) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\tablelayout@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (One-click Templates) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\templatesManager@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Thumbnailer) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\thumbnailer@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Tip of the Day) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\tipoftheday@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-29] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-18] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1957349403-1563706759-2450246291-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tony\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1957349403-1563706759-2450246291-1000: @talk.google.com/O1DPlugin -> C:\Users\Tony\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1957349403-1563706759-2450246291-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1957349403-1563706759-2450246291-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Tony\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Tony\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://google.com/
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Profile 1 -> hxxps://duckduckgo.com/?t=lm&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> duckduckgo.com
CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default [2017-12-17]
CHR Extension: (Angry Birds) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-01-27]
CHR Extension: (Google Docs) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Rapport) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-03-07]
CHR Extension: (YouTube) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (OneTab) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-06-06]
CHR Extension: (Google Search) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (VTchromizer) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2016-01-31]
CHR Extension: (Google Docs Offline) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-13]
CHR Extension: (Click&Clean) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2016-09-19]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-09-04]
CHR Extension: (Avast Online Security) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-25]
CHR Extension: (Protect My Choices) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2016-09-19]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2016-03-07]
CHR Extension: (Ghostery) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR Extension: (Gmail) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-17]
CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-02-12]
CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-12-18]
CHR Extension: (Slides) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-14]
CHR Extension: (Rapport) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-09-14]
CHR Extension: (YouTube) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-14]
CHR Extension: (DuckDuckGo for Chrome) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2017-10-14]
CHR Extension: (Avast SafePrice) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-14]
CHR Extension: (Sheets) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2016-09-20]
CHR Extension: (Google Docs Offline) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-19]
CHR Extension: (Click&Clean) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2017-10-14]
CHR Extension: (Avast Online Security) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-14]
CHR Extension: (Protect My Choices) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2017-10-14]
CHR Extension: (Ghostery) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-10-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-14]
CHR Extension: (Click&Clean App) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-10-14]
CHR Extension: (Gmail) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-14]
CHR Extension: (Chrome Media Router) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-14]
CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-12]
CHR HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-22] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-22] (AVAST Software)
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [13312 2017-01-09] (Cybereason) [File not signed]
S3 EASEUS Agent; C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [56200 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S4 HPSLPSVC; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S4 HPSLPSVC; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
S4 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2259224 2016-01-03] (IBM Corp.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2017-12-22] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2017-12-22] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2017-12-22] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2017-12-22] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2017-12-22] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2017-12-22] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2017-12-22] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-10] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2017-12-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2017-12-22] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2017-12-22] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-10] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2017-12-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2017-12-22] (AVAST Software)
R3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [199032 2015-12-09] (Intel Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [36232 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [42888 2011-04-22] () [File not signed]
R3 EUDISK; C:\Windows\system32\drivers\eudisk.sys [193928 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [17800 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUFS; C:\Windows\System32\drivers\eufs.sys [26504 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
S3 G311N6; C:\Windows\System32\DRIVERS\G311N6.sys [347680 2010-05-05] (Netgear)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-12-17] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-09] (REALiX™)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [27048 2017-06-13] (IObit.com)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2014-04-01] (HandSet Incorporated)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-23] (Malwarebytes)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 PSVolAcc; no ImagePath
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 RapportCerberus_1507079; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507079.sys [961880 2016-01-17] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [503320 2016-01-03] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [141304 2016-01-03] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [396152 2016-01-03] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [496408 2016-01-03] (IBM Corp.)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [52736 2009-07-24] (Realtek Semiconductor Corporation )
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27136 2007-02-05] (Windows ® Codename Longhorn DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 AndnetBus; system32\DRIVERS\lgandnetbus64.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 cpuz138; \??\C:\Users\Tony\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-15 19:40 - 2018-01-15 19:42 - 000034144 _____ C:\Users\Tony\Desktop\FRST.txt
2018-01-15 19:40 - 2018-01-15 19:40 - 000000000 ____D C:\Users\Tony\Desktop\FRST-OlderVersion
2018-01-15 09:52 - 2018-01-15 09:52 - 000516950 _____ C:\Users\V8zgul\completedservedfranklin.xlsx
2018-01-15 09:52 - 2018-01-15 09:52 - 000504857 _____ C:\Users\Akhux6ih\generalbegungayfish.xlsx
2018-01-15 09:52 - 2018-01-15 09:52 - 000212868 _____ C:\Users\Akhux6ih\conform_enhance.mdb
2018-01-15 09:52 - 2018-01-15 09:52 - 000200175 _____ C:\Users\V8zgul\fence refused.mdb
2018-01-15 09:52 - 2018-01-15 09:52 - 000072491 _____ C:\Users\Akhux6ih\LXQMVgULND6k.xls
2018-01-15 09:52 - 2018-01-15 09:52 - 000065974 _____ C:\Users\V8zgul\wake apparatus party fertile.xls
2018-01-15 09:52 - 2018-01-15 09:52 - 000056547 _____ C:\Users\V8zgul\5VQHNijMF.pem
2018-01-15 09:52 - 2018-01-15 09:52 - 000052231 _____ C:\Users\Akhux6ih\complaint medicine influential nervous.pem
2018-01-15 09:52 - 2018-01-15 09:52 - 000040384 _____ C:\Users\Akhux6ih\pilotpublicitycheesenegroes.txt
2018-01-15 09:52 - 2018-01-15 09:52 - 000022731 _____ C:\Users\Akhux6ih\depression-entire.sql
2018-01-15 09:52 - 2018-01-15 09:52 - 000018025 _____ C:\Users\V8zgul\opening.passengers.legislative.tone.sql
2018-01-15 09:52 - 2018-01-15 09:52 - 000013829 _____ C:\Users\V8zgul\stimulate incident inspired.txt
2018-01-15 09:52 - 2018-01-15 09:52 - 000000000 __SHD C:\Users\Tony\Desktop\ This folder protects against Ransomware. Just leave it here
2018-01-15 09:52 - 2018-01-15 09:52 - 000000000 ___HD C:\Users\V8zgul
2018-01-15 09:52 - 2018-01-15 09:52 - 000000000 ___HD C:\Users\Tony\Documents\Xdate59
2018-01-15 09:52 - 2018-01-15 09:52 - 000000000 ___HD C:\Users\Tony\Documents\Aldocuments82
2018-01-15 09:52 - 2018-01-15 09:52 - 000000000 ___HD C:\Users\Akhux6ih
2018-01-15 09:52 - 2018-01-15 09:52 - 000000000 ____D C:\Xcaches123
2018-01-15 09:52 - 2018-01-15 09:52 - 000000000 ____D C:\Aclog132
2018-01-12 06:16 - 2018-01-12 06:16 - 002451912 _____ (IObit ) C:\Users\Tony\Downloads\unlocker-setup.exe
2018-01-12 06:16 - 2018-01-12 06:16 - 000001146 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk
2018-01-12 06:16 - 2018-01-12 06:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2018-01-12 05:12 - 2018-01-12 05:12 - 000000000 ____D C:\Users\Tony\Downloads\ProcessMonitor
2018-01-12 05:01 - 2018-01-12 05:02 - 000000000 ____D C:\Users\Tony\Downloads\TCPView
2018-01-12 05:00 - 2018-01-12 05:01 - 000291606 _____ C:\Users\Tony\Downloads\TCPView.zip
2018-01-12 04:47 - 2017-05-01 07:31 - 002724512 ____N (Sysinternals - www.sysinternals.com) C:\Users\Tony\Downloads\procexp.exe
2018-01-12 04:47 - 2017-05-01 07:25 - 001458856 ____N (Sysinternals - www.sysinternals.com) C:\Users\Tony\Downloads\procexp64.exe
2018-01-12 04:47 - 2017-05-01 07:19 - 000072154 ____N C:\Users\Tony\Downloads\procexp.chm
2018-01-12 04:47 - 2017-03-13 09:14 - 000007490 ____N C:\Users\Tony\Downloads\Eula.txt
2018-01-03 09:38 - 2018-01-15 19:40 - 002393088 _____ (Farbar) C:\Users\Tony\Desktop\FRST64.exe
2018-01-03 05:47 - 2018-01-15 05:47 - 000002896 _____ C:\Windows\System32\Tasks\AutoKMS
2018-01-03 05:47 - 2018-01-15 05:47 - 000000266 _____ C:\Windows\Tasks\AutoKMS.job
2018-01-03 04:57 - 2018-01-03 04:57 - 000000000 ____D C:\Users\Tony\AppData\Roaming\dvdcss
2017-12-23 09:53 - 2017-12-23 09:53 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-12-23 09:21 - 2017-11-16 23:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-12-23 09:21 - 2017-11-14 20:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-12-23 09:21 - 2017-11-14 19:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-12-23 09:21 - 2017-11-13 22:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-12-23 09:21 - 2017-11-13 22:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-12-23 09:21 - 2017-11-13 22:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-12-23 09:21 - 2017-11-13 22:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-12-23 09:21 - 2017-11-13 22:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-12-23 09:21 - 2017-11-13 22:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-12-23 09:21 - 2017-11-13 22:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-12-23 09:21 - 2017-11-13 22:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-12-23 09:21 - 2017-11-13 22:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-12-23 09:21 - 2017-11-13 22:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-12-23 09:21 - 2017-11-13 22:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-12-23 09:21 - 2017-11-13 22:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-12-23 09:21 - 2017-11-13 22:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-12-23 09:21 - 2017-11-13 22:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-12-23 09:21 - 2017-11-13 22:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-12-23 09:21 - 2017-11-13 22:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-12-23 09:21 - 2017-11-13 22:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-12-23 09:21 - 2017-11-13 22:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-12-23 09:21 - 2017-11-13 22:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-12-23 09:21 - 2017-11-13 22:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-12-23 09:21 - 2017-11-13 22:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-12-23 09:21 - 2017-11-13 22:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-12-23 09:21 - 2017-11-13 22:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-12-23 09:21 - 2017-11-13 22:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-12-23 09:21 - 2017-11-13 22:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-12-23 09:21 - 2017-11-13 21:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-12-23 09:21 - 2017-11-13 21:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-12-23 09:21 - 2017-11-13 21:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-12-23 09:21 - 2017-11-13 21:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-12-23 09:21 - 2017-11-13 21:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-12-23 09:21 - 2017-11-13 21:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-12-23 09:21 - 2017-11-13 21:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-12-23 09:21 - 2017-11-13 21:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-12-23 09:21 - 2017-11-13 21:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-12-23 09:21 - 2017-11-13 21:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-12-23 09:21 - 2017-11-13 20:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-12-23 09:21 - 2017-11-13 20:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-12-23 09:21 - 2017-11-13 20:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-12-23 09:21 - 2017-11-13 20:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-12-23 09:21 - 2017-11-13 20:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-12-23 09:21 - 2017-11-13 19:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-12-23 09:21 - 2017-11-13 19:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-12-23 09:21 - 2017-11-07 15:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-12-23 09:21 - 2017-11-07 15:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-12-23 09:21 - 2017-11-07 15:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-12-23 09:21 - 2017-11-07 15:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-12-23 09:21 - 2017-11-07 15:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-12-23 09:21 - 2017-11-07 15:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-12-23 09:21 - 2017-11-07 15:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-12-23 09:21 - 2017-11-07 15:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-12-23 09:21 - 2017-11-07 15:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-12-23 09:21 - 2017-11-07 15:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-12-23 09:21 - 2017-11-07 15:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-12-23 09:21 - 2017-11-07 15:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-12-23 09:21 - 2017-11-07 15:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-12-23 09:21 - 2017-11-07 15:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-12-23 09:21 - 2017-11-07 15:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-12-23 09:21 - 2017-11-07 15:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-12-23 09:21 - 2017-11-07 15:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-12-23 09:21 - 2017-11-07 15:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-12-23 09:21 - 2017-11-07 15:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-12-23 09:21 - 2017-11-07 15:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-12-23 09:21 - 2017-11-07 15:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-12-23 09:21 - 2017-11-07 15:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-12-23 09:21 - 2017-11-07 15:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-12-23 09:21 - 2017-11-07 14:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-12-23 09:21 - 2017-11-07 11:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-12-23 09:21 - 2017-11-07 11:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-23 09:21 - 2017-11-04 10:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2017-12-23 09:21 - 2017-11-04 10:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2017-12-23 09:21 - 2017-11-04 10:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2017-12-23 09:21 - 2017-11-04 10:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-23 09:21 - 2017-11-02 11:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-12-23 09:21 - 2017-11-02 11:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2017-12-23 09:21 - 2017-11-02 11:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2017-12-23 09:21 - 2017-11-02 11:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2017-12-23 09:21 - 2017-11-02 10:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-23 09:21 - 2017-11-02 10:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2017-12-23 09:21 - 2017-11-02 10:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2017-12-23 09:21 - 2017-11-02 09:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2017-12-23 09:21 - 2017-10-16 18:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2017-12-23 09:21 - 2017-10-16 17:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2017-12-23 09:21 - 2017-10-11 19:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-12-23 08:53 - 2017-12-23 08:53 - 000000000 ____D C:\Users\Tony\AppData\Roaming\HPPSDr
2017-12-22 19:58 - 2017-12-22 19:56 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2017-12-22 19:57 - 2017-12-22 19:57 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-12-17 13:48 - 2017-12-17 14:14 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-17 13:48 - 2017-12-17 13:48 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\2737DD3A.sys
2017-12-17 13:27 - 2017-12-17 13:29 - 000220974 _____ C:\TDSSKiller.3.1.0.15_17.12.2017_13.27.42_log.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-15 19:40 - 2017-09-22 03:15 - 000000000 ____D C:\FRST
2018-01-15 17:35 - 2016-11-20 07:13 - 000000000 ____D C:\Users\Tony\AppData\LocalLow\Mozilla
2018-01-15 11:45 - 2009-11-29 17:45 - 000019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-15 11:45 - 2009-11-29 17:45 - 000019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-15 10:29 - 2017-01-28 09:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-01-15 10:29 - 2016-02-07 02:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-15 10:29 - 2015-06-05 09:53 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Mozilla
2018-01-14 01:52 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-01-13 16:07 - 2017-02-14 16:38 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-01-12 06:16 - 2017-05-23 01:57 - 000000000 ____D C:\Program Files (x86)\IObit
2018-01-12 06:16 - 2013-05-10 16:50 - 000000000 ____D C:\ProgramData\IObit
2018-01-10 19:58 - 2013-03-28 09:16 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-01-10 19:58 - 2013-03-28 09:16 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-01-09 15:21 - 2017-03-04 21:49 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-01-09 15:21 - 2016-05-09 01:50 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-09 15:21 - 2016-05-09 01:50 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-09 15:21 - 2011-11-22 14:02 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-09 15:21 - 2009-06-11 16:08 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-04 18:11 - 2015-01-27 16:29 - 000002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-03 05:47 - 2015-08-05 02:53 - 000000000 ____D C:\Windows\AutoKMS
2018-01-03 05:12 - 2013-05-10 21:28 - 000000000 ____D C:\Users\Tony\AppData\Roaming\vlc
2018-01-03 05:10 - 2010-03-05 22:07 - 000000079 _____ C:\Users\Tony\AppData\default.pls
2018-01-01 09:51 - 2017-05-23 02:09 - 000000000 ____D C:\Program Files\Slimjet
2017-12-31 20:33 - 2014-05-15 18:11 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2017-12-31 20:33 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-12-31 20:33 - 2009-06-11 16:18 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-12-27 15:43 - 2009-07-14 00:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-12-23 09:58 - 2009-07-14 00:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-23 09:52 - 2015-09-11 18:44 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-23 09:50 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-23 09:50 - 2009-07-13 23:45 - 000425304 _____ C:\Windows\system32\FNTCACHE.DAT
2017-12-23 09:44 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2017-12-23 09:44 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\Setup
2017-12-23 09:34 - 2013-07-25 05:16 - 000000000 ____D C:\Windows\system32\MRT
2017-12-23 09:25 - 2017-10-17 22:42 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-23 09:25 - 2009-12-09 07:26 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-12-23 08:52 - 2014-01-19 19:15 - 000000000 ____D C:\Program Files (x86)\HP
2017-12-23 08:52 - 2014-01-19 19:13 - 000000000 ____D C:\Users\Tony\AppData\Local\HP
2017-12-23 08:39 - 2013-03-30 01:41 - 000000000 ____D C:\Users\Tony\AppData\Local\ElevatedDiagnostics
2017-12-22 19:57 - 2017-11-10 20:33 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2017-12-22 19:57 - 2014-05-04 02:25 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-12-22 19:57 - 2014-01-11 17:39 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-12-22 19:57 - 2013-03-28 09:16 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys.151563231235401
2017-12-22 19:57 - 2013-03-28 09:16 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys.151563231235401
2017-12-22 19:57 - 2013-03-28 09:16 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-12-22 19:57 - 2013-03-22 10:16 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-12-22 19:57 - 2013-03-22 10:16 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-12-22 19:56 - 2017-02-14 16:38 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2017-12-22 19:56 - 2017-02-14 16:38 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-12-22 19:56 - 2017-02-14 16:38 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2017-12-22 19:56 - 2017-02-14 16:38 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2017-12-22 19:56 - 2013-03-28 09:16 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-12-17 18:55 - 2013-11-28 08:52 - 000000000 ____D C:\ProgramData\ProductData
2017-12-17 17:57 - 2010-05-29 17:33 - 000001189 _____ C:\Users\Tony\AppData\Roaming\vso_ts_preview.xml
2017-12-17 17:57 - 2009-12-01 19:24 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Vso
2017-12-17 14:20 - 2017-12-10 06:16 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-12-17 14:20 - 2017-12-10 04:37 - 000215376 _____ C:\Windows\ntbtlog.txt
2017-12-17 14:19 - 2017-02-12 05:14 - 000000000 ____D C:\AdwCleaner
 
==================== Files in the root of some directories =======
 
2015-08-06 07:25 - 2015-08-06 07:25 - 000000068 _____ () C:\Program Files\.directory
2015-08-06 06:55 - 2015-08-06 06:55 - 000000068 _____ () C:\Users\Tony\AppData\Roaming\.directory
2012-08-23 13:25 - 2012-08-23 13:37 - 000000408 _____ () C:\Users\Tony\AppData\Roaming\Checksum.ini
2011-12-11 23:27 - 2011-12-11 23:27 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\Galactic Static
2011-12-11 23:54 - 2011-12-11 23:54 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\Guides
2011-12-11 23:54 - 2011-12-11 23:54 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\Guitar
2011-12-11 23:54 - 2011-12-11 23:54 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\Guitars
2009-12-01 19:24 - 2013-08-04 13:19 - 000099384 _____ () C:\Users\Tony\AppData\Roaming\inst.exe
2009-12-01 19:24 - 2013-08-04 13:19 - 000007859 _____ () C:\Users\Tony\AppData\Roaming\pcouffin.cat
2009-12-01 19:24 - 2013-08-04 13:19 - 000001167 _____ () C:\Users\Tony\AppData\Roaming\pcouffin.inf
2009-12-01 19:24 - 2013-08-04 13:19 - 000082816 _____ (VSO Software) C:\Users\Tony\AppData\Roaming\pcouffin.sys
2012-05-12 14:01 - 2012-05-13 08:52 - 000002035 _____ () C:\Users\Tony\AppData\Roaming\SAS7_000.DAT
2016-06-05 07:59 - 2016-06-05 08:00 - 000017144 _____ () C:\Users\Tony\AppData\Roaming\UserTile.png
2010-05-29 17:33 - 2017-12-17 17:57 - 000001189 _____ () C:\Users\Tony\AppData\Roaming\vso_ts_preview.xml
2013-07-26 23:50 - 2014-04-29 23:50 - 000000039 _____ () C:\Users\Tony\AppData\Roaming\WB.CFG
2013-07-13 10:50 - 2014-01-28 01:50 - 000000005 _____ () C:\Users\Tony\AppData\Roaming\WBPU-TTL.DAT
2011-01-16 23:57 - 2015-06-07 06:47 - 000000504 _____ () C:\Users\Tony\AppData\Roaming\wklnhst.dat
2015-08-06 06:44 - 2015-08-06 06:44 - 000000068 _____ () C:\Users\Tony\AppData\Local\.directory
2014-04-18 14:25 - 2015-07-12 14:54 - 000000600 _____ () C:\Users\Tony\AppData\Local\PUTTY.RND
2010-01-24 08:04 - 2017-09-22 02:59 - 000007604 _____ () C:\Users\Tony\AppData\Local\resmon.resmoncfg
2009-11-29 18:12 - 2009-11-29 18:27 - 000001297 _____ () C:\Users\Tony\AppData\Local\Win7_tmp1.htm
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-01-08 00:00
 
==================== End of FRST.txt ============================


#9 antonio831

antonio831
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 15 January 2018 - 07:47 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.01.2018
Ran by Tony (15-01-2018 19:43:14)
Running from C:\Users\Tony\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-11-29 23:10:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1957349403-1563706759-2450246291-500 - Administrator - Disabled)
Guest (S-1-5-21-1957349403-1563706759-2450246291-501 - Limited - Enabled) => C:\Users\Guest
Tony (S-1-5-21-1957349403-1563706759-2450246291-1000 - Administrator - Enabled) => C:\Users\Tony
UpdatusUser (S-1-5-21-1957349403-1563706759-2450246291-1021 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Active@ Disk Image 7.0 (HKLM\...\{9567EC70-0294-4782-BE75-FA9CF50F1078}_is1) (Version: 7.0 - LSoft Technologies Inc)
Active@ File Recovery Professional 11 (HKLM-x32\...\{C34F36E0-4D8B-42E8-90AD-50C76E1AE282}_is1) (Version: 11 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
AMR to MP3 Converter 1.4 (HKLM-x32\...\{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1) (Version:  - www.amrtomp3converter.com)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.50.854.0 - Logitech) Hidden
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Cybereason RansomFree 2.2.5.0 (HKLM-x32\...\{4A79F8E4-F22D-4F66-9D52-D84F5AFA830E}) (Version: 2.2.5.0 - Cybereason Inc.)
EASEUS Data Recovery Wizard Professional 5.5.1 (HKLM-x32\...\EASEUS Data Recovery Wizard Professional 5.5.1_is1) (Version:  - EASEUS)
EASEUS Partition Master 9.1.0 Professional (HKLM-x32\...\EASEUS Partition Master Professional Edition_is1) (Version:  - EASEUS)
EASEUS Todo Backup Professional 2.5 (HKLM-x32\...\EASEUS Todo Backup Professional 2.5_is1) (Version: 2.5.0.1 - CHENGDU YIWO Tech Development Co., Ltd)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 14.0.8.0 - FlashPeak Inc.)
FlashPeak Slimjet 64bit (HKLM\...\Slimjet) (Version: 14.0.9.0 - FlashPeak Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\HP Photo Creations) (Version: 1.0.0.19662 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.0.2.49 - IObit)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
iSpy (64 bit) (HKLM\...\{79AAFB4D-30FF-4999-9A16-322C4BB61E7C}) (Version: 5.5.8 - iSpy)
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.14350.0 - Linksys LLC)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (HKLM\...\{138A4072-9E64-46BD-B5F9-DB2BB395391F}) (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 57.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}) (Version: 7.03.1152 - Nero AG)
NETGEAR GA311 Gigabit Adapter (HKLM-x32\...\{9E7300DD-08A3-4B3F-AEE1-1450843FE86E}) (Version: 1.00.0000 - Netgear)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.2.1 - Nikon)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenVPN 2.3.6-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.3.0 - Nikon)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1507.113 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Seagate Manager Installer (HKLM-x32\...\{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SUABnR (HKLM-x32\...\{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.104 - Trusteer)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{2BC6BC08-9E31-4B36-8715-E170F6173942}) (Version: 2.16.0404 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{54F10727-0D7A-4B24-9D8E-F4BB59CB9148}) (Version: 2.16.0307 - Samsung Electronics Co., Ltd.)
ViewNX 2 (HKLM-x32\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.2.3 - Nikon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows 7 Manager (HKLM\...\{FC48E554-7BCA-4CE1-8E09-67EAA9B52218}) (Version: 4.2.4 - Yamicsoft)
Windows Driver Package - XBCD Project HID  (16/05/2008 1.1.0) (HKLM\...\C6DCA6D8EFAB374E8F91A705567555FF4DAF025D) (Version: 16/05/2008 1.1.0 - XBCD Project)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-19] ()
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-19] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-02-03] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-19] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0074757A-D886-4692-8795-9CC27C6B07D4} - System32\Tasks\SafeZone scheduled Autoupdate 1458746355 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {21EC5BC1-CE0B-4BC5-A014-285719268AD9} - \Microsoft\Windows\WindowsBackup\AutomaticBackup -> No File <==== ATTENTION
Task: {24F35CF8-8C11-450C-9F17-8B55EF04B5F4} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-01-09] (Cybereason)
Task: {2865CB60-EB8A-4C05-87CD-22D3246E6CBA} - System32\Tasks\{8E518E75-6CBA-40C5-9354-CEAC37027171} => C:\Windows\system32\pcalua.exe -a J:\Downloads\Nero7_chm_Enu.exe -d J:\Downloads
Task: {2C4ACAF2-D2A2-4D4F-BF00-144C1803652A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2F3179C0-CA89-4E19-B1BC-E0E073E38286} - System32\Tasks\avastBCLRestartS-1-5-21-1957349403-1563706759-2450246291-1000 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
Task: {3F19B905-C54B-4ADF-B542-EECFDCE41CE3} - System32\Tasks\{07B67644-76BF-444E-84AA-78FFDD3BF190} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {50003D87-481A-4CA9-B932-69935AD466C8} - System32\Tasks\{EE77AA10-E4A1-4596-97E6-56EB8A066A67} => C:\Windows\system32\pcalua.exe -a "J:\Temp Downloads\AdobeAIRInstaller.exe" -d "J:\Temp Downloads"
Task: {71438543-4EEC-48FC-A33A-892562460CAC} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-01-09] (Cybereason)
Task: {74381286-936E-4590-93E3-0BF0F59645FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {755F5200-23A7-49AC-B427-137947C99B7C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-22] (AVAST Software)
Task: {7A176829-9947-4C04-B3D0-88507F9C5AD8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {7F5BF15B-8FCE-4B9E-B065-D206F9C22929} - System32\Tasks\Uninstaller_SkipUac_Tony => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-09-15] (IObit)
Task: {823E62E4-AD3F-43B0-8C2E-00AB7AC59D42} - System32\Tasks\{AD861A28-AFC5-4B73-B8CE-E8F7F62FF34B} => C:\Windows\system32\pcalua.exe -a "J:\Program set up files\Total Video Converter 3.61 Wth Crack Working Perfect\Total Video Converter 3.61 Wth Crack Working Perfect\Keygen.exe" -d "J:\Program set up files\Total Video Converter 3.61 Wth Crack Working Perfect\Total Video Converter 3.61 Wth Crack Working Perfect"
Task: {89CEFB49-26E4-45A3-90A2-E8375F5AB836} - System32\Tasks\{E3AE040E-77B5-468B-A2AB-A0C0B0B3DAEF} => C:\Windows\system32\pcalua.exe -a C:\Users\Tony\Downloads\HPSupportSolutionsFramework-12.3.11.29.exe -d C:\Users\Tony\Downloads
Task: {A67D34DE-C169-49C9-BE0A-3B68205BFA7F} - System32\Tasks\{3A786032-8B0D-4958-99DC-20019AE195B1} => C:\Windows\system32\pcalua.exe -a J:\Downloads\cjxp32se\cjxp32se\cjxp32se\SETUPWIN.EXE -d J:\Downloads\cjxp32se\cjxp32se\cjxp32se
Task: {AE6D4662-C3FE-4F4E-A2B5-9F5DD22810A4} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-12-06] (AVAST Software)
Task: {BD890FD2-8567-46FA-B093-6B79DEACF335} - System32\Tasks\{4F6098E7-ABFA-4ACE-A0FA-E426ED48F30C} => C:\Windows\system32\pcalua.exe -a "J:\Program set up files\drivers\Setup.exe" -d "J:\Program set up files\drivers"
Task: {BEA33DD9-F576-40B1-90C1-BC881B5690DB} - \Microsoft\Windows\WindowsBackup\Windows Backup Monitor -> No File <==== ATTENTION
Task: {DBD4E11B-0450-45F0-BDD0-2B3C79FE8753} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2018-01-03] ()
Task: {E2201713-5486-4693-9629-A608B8B96EC3} - System32\Tasks\{817229F7-96E5-4452-B525-A8D05D295367} => C:\Windows\system32\pcalua.exe -a "J:\Downloads\Advanced SystemCare Pro 5.0.0.152 Setup + KeyGen\Advanced SystemCare Pro 5.0.0.152.exe" -d "J:\Downloads\Advanced SystemCare Pro 5.0.0.152 Setup + KeyGen"
Task: {E459DA13-D802-4BF0-9C10-1642B78D23DA} - System32\Tasks\{E3923907-03E2-410A-88C1-44C7346AC9A7} => C:\Windows\system32\pcalua.exe -a "J:\Temp Downloads\setup.exe" -d "J:\Temp Downloads"
Task: {E74C066C-7023-4A42-B0A9-47D526032C45} - System32\Tasks\{A2C7E219-765C-4E69-902F-05A2ECD96DCE} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {E7FD8111-CC79-4A03-BB97-BB25751E7F5D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {F0E6F1C0-45BF-4E29-89F5-7BA6B6D3450A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F7CCBBFC-8BCE-420C-ABA4-88919D9260E9} - System32\Tasks\{D41E13DD-1EEE-4F01-AF01-2B29EDE2735E} => C:\Windows\system32\pcalua.exe -a F:\Yamicsoft.Windows.7.Manager.v1.1.2.Incl.Keymaker-ROGUE\windows7manager.exe -d F:\Yamicsoft.Windows.7.Manager.v1.1.2.Incl.Keymaker-ROGUE
Task: {FB4EF8BC-3E4F-44A9-B8FC-5D52CD910AB4} - System32\Tasks\{84E26F55-EAAD-4B03-A4F9-0857E874890E} => C:\Windows\system32\pcalua.exe -a C:\Users\Tony\Downloads\R220849\Setup.exe -d C:\Users\Tony\Downloads\R220849
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chromebook Recovery Utility.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jndclpdbaamdhonoechobihbbiimdgai
ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fccac19b89f69350\Click&Clean.lnk -> C:\Program Files\Slimjet\slimjet.exe (FlashPeak Inc.) -> --profile-directory="Profile 1" --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\dea50c82368084a9\Tony - Slimjet.lnk -> C:\Program Files\Slimjet\slimjet.exe (FlashPeak Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5137ab5c18cdb8e7\Tony - Slimjet.lnk -> C:\Program Files\Slimjet\slimjet.exe (FlashPeak Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-12-10 05:13 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000067920 _____ () c:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000067984 _____ () C:\Program Files\AVAST Software\Avast\x64\dll_loader.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000236840 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000902824 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000349568 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000337096 _____ () C:\Program Files\AVAST Software\Avast\x64\tasks_core.dll
2013-07-01 22:18 - 2015-02-03 21:21 - 000115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-04-30 17:12 - 2008-06-19 23:41 - 000062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2017-05-23 02:09 - 2017-12-30 17:09 - 004196352 _____ () C:\Program Files\Slimjet\libglesv2.dll
2017-05-23 02:09 - 2017-12-30 17:09 - 000092672 _____ () C:\Program Files\Slimjet\libegl.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000293944 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-01-07 10:23 - 2018-01-07 10:23 - 005768336 _____ () C:\Program Files\AVAST Software\Avast\defs\18010700\algo.dll
2018-01-15 12:36 - 2018-01-15 12:36 - 005768336 _____ () C:\Program Files\AVAST Software\Avast\defs\18011504\algo.dll
2017-07-28 08:52 - 2017-07-28 08:52 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-23 01:58 - 2017-05-22 10:16 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-05-23 01:58 - 2017-05-22 10:16 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-05-23 01:58 - 2017-05-22 10:16 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-09-22 04:05 - 2017-05-22 10:17 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-05-23 01:58 - 2017-05-23 17:57 - 000631584 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2017-05-23 01:58 - 2017-05-22 10:16 - 000524064 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:0CE7F3C9 [118]
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [374]
AlternateDataStreams: C:\ProgramData\Temp:661DFA1C [140]
AlternateDataStreams: C:\ProgramData\Temp:9E00596C [192]
AlternateDataStreams: C:\ProgramData\Temp:ADF211B1 [100]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com
 
There are 4791 more sites.
 
IE trusted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\google.com -> hxxps://www.google.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4793 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 07:34 - 2017-05-22 23:53 - 000000761 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^Users^Tony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => 
MSCONFIG\startupreg: DellComms => 
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => 
MSCONFIG\startupreg: ISUSPM => 
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LogitechCommunicationsManager => 
MSCONFIG\startupreg: LogitechQuickCamRibbon => 
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Nikon Message Center 2 => 
MSCONFIG\startupreg: PDVDDXSrv => 
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
MSCONFIG\startupreg: Skytel => 
MSCONFIG\startupreg: SunJavaUpdateSched => 
MSCONFIG\startupreg: TkBellExe => 
MSCONFIG\startupreg: UpdateLBPShortCut => 
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{74E40A56-742D-46F2-8193-EEFA33F10665}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{E446CBD0-4863-437D-82C0-AAF6D52B88EB}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{DC492E1D-E454-4E30-8B7F-285A5C270565}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{AC7B9E33-C1E0-4290-9895-6583EFEE8281}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{9DE884D4-22E2-4866-A9B1-B29A74DBD535}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{97057C91-6E5E-4197-8330-DB73613475C5}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{23E4C109-9B02-4C20-96E9-36A3A23A1890}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe] => (Block) C:\program files (x86)\nero\nero 7\nero home\nerohome.exe
FirewallRules: [UDP Query User{359617B2-5482-4033-AC95-A3E2413FEB69}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe] => (Block) C:\program files (x86)\nero\nero 7\nero home\nerohome.exe
FirewallRules: [{359D0683-9EC1-481A-BAF4-E886DBE62A2D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4DB2D65F-7275-4CAA-A206-CC6FF8463399}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{F6B9594D-F52B-406C-B4AB-894E3C73ACC6}C:\program files\ispy\ispy (64 bit)\ispy.exe] => (Allow) C:\program files\ispy\ispy (64 bit)\ispy.exe
FirewallRules: [UDP Query User{092FC93F-E4E5-4A58-A8F7-6CDE0D56FB76}C:\program files\ispy\ispy (64 bit)\ispy.exe] => (Allow) C:\program files\ispy\ispy (64 bit)\ispy.exe
FirewallRules: [{B609F1B3-F387-444A-BCA2-B8905580D17E}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{E2F87AB7-3CFD-4BA0-827D-9F2A215FC29C}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{C96F0E2A-0D89-45D8-AB96-86F4F2DE6B7F}] => (Allow) LPort=7000
FirewallRules: [{E6D3AC38-9F20-40AA-BC9B-0C29FE9EA585}] => (Allow) LPort=7000
FirewallRules: [{628E9DCC-308C-4A7E-939B-5606738205AD}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{DB463335-75AB-4DB3-BBF6-B064545A8582}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{669C5215-6015-4441-9104-AC37E3B763D6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{2BE0CBCE-2A44-412E-B0B6-05D8B32E8DE7}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{A1D4EEAC-9B17-4205-8F4A-71F019CCF5DB}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{75C6BCEB-04A4-41FB-97C3-FFA1A2A3E1D5}C:\windows\ehome\wow\ehexthost32.exe] => (Allow) C:\windows\ehome\wow\ehexthost32.exe
FirewallRules: [UDP Query User{118100C7-353A-40E1-959B-3EACD3351BE3}C:\windows\ehome\wow\ehexthost32.exe] => (Allow) C:\windows\ehome\wow\ehexthost32.exe
FirewallRules: [{97E4DFB8-A462-4D43-BFA9-F002763457D1}] => (Block) C:\windows\ehome\wow\ehexthost32.exe
FirewallRules: [{0F0991FC-9C72-4241-B6C8-B007980261E0}] => (Block) C:\windows\ehome\wow\ehexthost32.exe
FirewallRules: [TCP Query User{0311AA18-3D40-475D-B20E-ACEB2924BA75}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{4438734C-6C20-4E58-B291-C33185AF5A8D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{81E3BC7A-A792-4D8F-A1FA-17240781FBDF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6D6001B1-C0EA-4154-882E-2ADF0C51CFBD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7CC958FB-9A6B-49F4-A5D3-940F52C10E2C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D2E537E0-161E-4420-89B1-3B27B96720CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B6B026C5-B957-4053-B28E-19E223FE6B2E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B2CF6CAC-BAF1-4A08-B5B5-2428D571B545}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{58B770DD-5039-4216-A131-6621A2EC7DBE}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{8A2FE490-A557-4867-9D16-EECADF931B60}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{2F185DC4-9E25-427D-89E2-52C2DA48D150}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{5F3081E6-1823-40F6-B703-18E72AA9B658}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [TCP Query User{8B6D4902-7BDB-4211-B957-8DEB093CBC06}C:\program files\slimjet\slimjet.exe] => (Allow) C:\program files\slimjet\slimjet.exe
FirewallRules: [UDP Query User{9FC6D495-6ED1-4494-8BC1-8FE7796773A8}C:\program files\slimjet\slimjet.exe] => (Allow) C:\program files\slimjet\slimjet.exe
FirewallRules: [TCP Query User{B7E3DC3E-A35F-40B7-BFF5-85584119B9D4}C:\program files\slimjet\slimjet.exe] => (Allow) C:\program files\slimjet\slimjet.exe
FirewallRules: [UDP Query User{147263A1-A4CE-4342-8CAF-27AA92893F16}C:\program files\slimjet\slimjet.exe] => (Allow) C:\program files\slimjet\slimjet.exe
FirewallRules: [{D3495DAB-3BDD-4898-8FDF-88835084A25B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
10-11-2017 00:00:01 Scheduled Checkpoint
10-11-2017 20:36:48 Windows Update
11-11-2017 09:25:40 Installed Rapport
19-11-2017 00:00:01 Scheduled Checkpoint
25-11-2017 20:15:34 Installed Rapport
03-12-2017 00:00:01 Scheduled Checkpoint
08-12-2017 19:57:05 Windows Update
10-12-2017 01:21:26 Installed Rapport
17-12-2017 20:50:40 Scheduled Checkpoint
23-12-2017 09:23:14 Windows Update
23-12-2017 09:53:07 Installed Rapport
31-12-2017 00:00:01 Scheduled Checkpoint
31-12-2017 20:32:06 Removed LG Mobile Driver
08-01-2018 00:00:02 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: TAP-Windows Adapter V9 #2
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/23/2017 09:51:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/23/2017 09:45:43 AM) (Source: Service1) (EventID: 0) (User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at WinServiceHost.RFServiceHost.StopRansomFreeService()
   at WinServiceHost.RFServiceHost.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (12/17/2017 06:08:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/17/2017 02:56:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hitmanpro_x64.exe, version: 3.7.20.286, time stamp: 0x58e5ec3b
Faulting module name: hitmanpro_x64.exe, version: 3.7.20.286, time stamp: 0x58e5ec3b
Exception code: 0xc0000005
Fault offset: 0x00000000002bfb49
Faulting process id: 0x87c
Faulting application start time: 0x01d3776c0921d1cf
Faulting application path: C:\Users\Tony\Desktop\hitmanpro_x64.exe
Faulting module path: C:\Users\Tony\Desktop\hitmanpro_x64.exe
Report Id: 4f6a7203-e364-11e7-9a8d-0002b3a92da8
 
Error: (12/17/2017 01:38:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/17/2017 01:34:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/17/2017 01:29:44 PM) (Source: Service1) (EventID: 0) (User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at WinServiceHost.RFServiceHost.StopRansomFreeService()
   at WinServiceHost.RFServiceHost.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (12/13/2017 11:30:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotoSnap.exe, version: 1.2.0.25, time stamp: 0x46265336
Faulting module name: PhotoSnap.exe, version: 1.2.0.25, time stamp: 0x46265336
Exception code: 0xc0000005
Fault offset: 0x0001920a
Faulting process id: 0x1f18
Faulting application start time: 0x01d3749430153ead
Faulting application path: C:\Program Files (x86)\Nero\Nero 7\Nero PhotoSnap\PhotoSnap.exe
Faulting module path: C:\Program Files (x86)\Nero\Nero 7\Nero PhotoSnap\PhotoSnap.exe
Report Id: 739b2063-e087-11e7-9d29-0002b3a92da8
 
Error: (12/10/2017 07:08:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/10/2017 06:35:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (01/03/2018 05:12:34 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:12:26 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:12:17 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:08:10 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:08:02 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:07:53 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:07:44 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:07:35 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:07:27 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:07:18 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
 
CodeIntegrity:
===================================
  Date: 2018-01-13 23:57:19.345
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_c02db572165f9ab0\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-13 23:57:19.142
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_c02db572165f9ab0\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-13 23:57:18.908
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_c02db572165f9ab0\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-13 23:57:18.589
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_c02db572165f9ab0\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-13 19:57:21.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-13 19:57:21.294
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-13 19:57:21.107
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-13 19:57:20.904
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-13 19:57:20.655
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-13 19:57:20.460
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appid.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 63%
Total physical RAM: 4095.05 MB
Available physical RAM: 1476.27 MB
Total Virtual: 8364.24 MB
Available Virtual: 2178.4 MB
 
==================== Drives ================================
 
Drive a: (OS) (Network) (Total:110.3 GB) (Free:13.15 GB) NTFS
Drive c: (OS) (Fixed) (Total:110.3 GB) (Free:13.15 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.84 GB) NTFS
Drive j: (Data Storage) (Fixed) (Total:471.18 GB) (Free:312.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 70811D92)
Partition 1: (Not Active) - (Size=39 MB) - (Type=1E)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=110.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=471.2 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:08 PM

Posted 16 January 2018 - 10:35 AM

Thank you for the fresh reports.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Microsoft Office Professional Plus 2010 and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan after removal and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 antonio831

antonio831
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 17 January 2018 - 05:40 AM

I am removing Office and other programs. Since I am finally getting around to cleaning the computer up, I am going to take care of a few other things I have put off for a year or two. I do wish to continue to fix the problem but it will be a day or 2 at the most before I get back to you. Will that be OK? 



#12 antonio831

antonio831
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 17 January 2018 - 09:56 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.01.2018
Ran by Tony (administrator) on JAM831 (17-01-2018 09:38:37)
Running from C:\Users\Tony\Desktop
Loaded Profiles: Tony & UpdatusUser & Guest (Available Profiles: Tony & UpdatusUser & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Slimjet\slimjet.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-22] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1957349403-1563706759-2450246291-501\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-1957349403-1563706759-2450246291-501\...\MountPoints2: K - K:\.\Driver\DriverInstaller.exe -eject
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2018-01-17]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{09C8274D-EEF0-429D-85D1-E4B019BFC200}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{730E25AF-6D30-4813-934C-E8C9D976A346}: [DhcpNameServer] 10.12.0.1
Tcpip\..\Interfaces\{8CAC7D09-D7B0-46E7-BBB5-71197B51D29A}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1957349403-1563706759-2450246291-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-1957349403-1563706759-2450246291-1021] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {2B782333-9951-4628-AF27-5F0379224BE5} URL = 
SearchScopes: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> DefaultScope {B97C571B-18F9-443C-9429-EDDE4EDA3874} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> {71CCAEEA-E518-4E25-A1CF-9EE8CBDC11D8} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> {B97C571B-18F9-443C-9429-EDDE4EDA3874} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: No Name -> -{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> -{B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-10] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-10] (AVAST Software)
Toolbar: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> No Name - {1AEC5771-FCD6-4537-A6B7-5F1935FD527C} -  No File
Toolbar: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> No Name - {94000A61-AF9A-4247-8DB6-A949FADB0354} -  No File
DPF: HKLM-x32 {10000000-1000-1000-1000-100000000000} hxxp://cdn.betteradvertising.com/ghostery/addons/ie/WebInstall/ghostery.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: HKLM-x32 {A3256902-51FA-45A0-8A97-FC1143C169D9} hxxp://support.microsoft.com/mats/DiagWebControl.cab
Handler: WSAllMyTubechrome - No CLSID Value
 
FireFox:
========
FF DefaultProfile: 8btycwpw.default
FF ProfilePath: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default [2018-01-15]
FF Homepage: Mozilla\Firefox\Profiles\8btycwpw.default -> hxxps://www.google.com
FF Extension: (AdBlocker Ultimate) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\adblockultimate@adblockultimate.net.xpi [2017-12-13]
FF Extension: (Click&Clean) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\clickclean@hotcleaner.com [2016-04-30] [Legacy]
FF Extension: (OneTab) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\extension@one-tab.com.xpi [2018-01-15]
FF Extension: (YouTube™ Flash® Player) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2017-10-08]
FF Extension: (Avast SafePrice) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\sp@avast.com.xpi [2017-12-13]
FF Extension: (Avast Online Security) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\wrc@avast.com.xpi [2017-10-25]
FF Extension: (Flash and Video Download) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\8btycwpw.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-01-15]
FF ProfilePath: C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default [2013-02-18]
FF Extension: (CSS Stylesheet Editor) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\csseditor@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (EyeDropper) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\eyedropper@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (FontSquirrel Manager) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\fs@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Fullscreen) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\fullscreen@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Google Font Directory Manager) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\gfd@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-cs@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-de@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (English (US) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Español (España) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Suomenkielinen (FI) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-fi@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Français Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-fr@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-he@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-hu@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-it@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Japanese Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-ja@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Korean (KR) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-ko@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-nl@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Polski Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-pl@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-sl@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (српски (sr) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-sr@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (MathML) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\mathml@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Snippets) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\snippets@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (SVG-edit) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\svg-edit@googlegroups.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Table Layouts) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\tablelayout@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (One-click Templates) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\templatesManager@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Thumbnailer) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\thumbnailer@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF Extension: (Tip of the Day) - C:\Users\Tony\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\wnwu19s6.default\Extensions\tipoftheday@bluegriffon.com.xpi [2013-01-04] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-29] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-18] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1957349403-1563706759-2450246291-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tony\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1957349403-1563706759-2450246291-1000: @talk.google.com/O1DPlugin -> C:\Users\Tony\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1957349403-1563706759-2450246291-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1957349403-1563706759-2450246291-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Tony\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Tony\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://google.com/
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Profile 1 -> hxxps://duckduckgo.com/?t=lm&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> duckduckgo.com
CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default [2017-12-17]
CHR Extension: (Angry Birds) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-01-27]
CHR Extension: (Google Docs) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Rapport) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-03-07]
CHR Extension: (YouTube) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (OneTab) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-06-06]
CHR Extension: (Google Search) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (VTchromizer) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2016-01-31]
CHR Extension: (Google Docs Offline) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-13]
CHR Extension: (Click&Clean) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2016-09-19]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-09-04]
CHR Extension: (Avast Online Security) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-25]
CHR Extension: (Protect My Choices) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2016-09-19]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2016-03-07]
CHR Extension: (Ghostery) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR Extension: (Gmail) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-17]
CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-02-12]
CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-12-18]
CHR Extension: (Slides) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-14]
CHR Extension: (Rapport) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-09-14]
CHR Extension: (YouTube) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-14]
CHR Extension: (DuckDuckGo for Chrome) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2017-10-14]
CHR Extension: (Avast SafePrice) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-14]
CHR Extension: (Sheets) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2016-09-20]
CHR Extension: (Google Docs Offline) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-19]
CHR Extension: (Click&Clean) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2017-10-14]
CHR Extension: (Avast Online Security) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-14]
CHR Extension: (Protect My Choices) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2017-10-14]
CHR Extension: (Ghostery) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-10-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-14]
CHR Extension: (Click&Clean App) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-10-14]
CHR Extension: (Gmail) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-14]
CHR Extension: (Chrome Media Router) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-14]
CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-12]
CHR HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1957349403-1563706759-2450246291-501\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-22] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-22] (AVAST Software)
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [13312 2017-01-09] (Cybereason) [File not signed]
S4 HPSLPSVC; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S4 HPSLPSVC; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2259224 2016-01-03] (IBM Corp.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2017-12-22] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2017-12-22] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2017-12-22] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2017-12-22] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2017-12-22] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2017-12-22] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2017-12-22] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-10] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2017-12-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2017-12-22] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2017-12-22] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-10] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2017-12-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2017-12-22] (AVAST Software)
R3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [199032 2015-12-09] (Intel Corporation)
S3 G311N6; C:\Windows\System32\DRIVERS\G311N6.sys [347680 2010-05-05] (Netgear)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-12-17] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-09] (REALiX™)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [27048 2017-06-13] (IObit.com)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2014-04-01] (HandSet Incorporated)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-17] (Malwarebytes)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 PSVolAcc; no ImagePath
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 RapportCerberus_1507079; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507079.sys [961880 2016-01-17] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [503320 2016-01-03] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [141304 2016-01-03] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [396152 2016-01-03] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [496408 2016-01-03] (IBM Corp.)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [52736 2009-07-24] (Realtek Semiconductor Corporation )
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27136 2007-02-05] (Windows ® Codename Longhorn DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 AndnetBus; system32\DRIVERS\lgandnetbus64.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 cpuz138; \??\C:\Users\Tony\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-17 09:38 - 2018-01-17 09:40 - 000032976 _____ C:\Users\Tony\Desktop\FRST.txt
2018-01-17 09:38 - 2018-01-17 09:38 - 000000000 ____D C:\Users\Tony\Desktop\FRST-OlderVersion
2018-01-17 05:25 - 2018-01-17 05:25 - 000000000 ____D C:\Users\Tony\AppData\Local\Western_Digital
2018-01-17 05:09 - 2018-01-17 05:09 - 000000000 ____D C:\ProgramData\Western Digital
2018-01-17 05:08 - 2018-01-17 05:08 - 000000000 ____D C:\Windows\LastGood
2018-01-17 05:08 - 2018-01-17 05:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
2018-01-17 05:08 - 2018-01-17 05:08 - 000000000 ____D C:\Program Files\Western Digital
2018-01-17 05:08 - 2018-01-17 05:08 - 000000000 ____D C:\Program Files (x86)\Western Digital
2018-01-17 05:07 - 2018-01-17 05:07 - 000000000 ____D C:\Users\Tony\AppData\Local\Western Digital
2018-01-17 04:28 - 2018-01-17 04:28 - 000521778 _____ C:\Users\Akn5by\visiting.scientists.xlsx
2018-01-17 04:28 - 2018-01-17 04:28 - 000511474 _____ C:\Users\VDY6nAe\kRD.xlsx
2018-01-17 04:28 - 2018-01-17 04:28 - 000206271 _____ C:\Users\Akn5by\pair.reduced.mdb
2018-01-17 04:28 - 2018-01-17 04:28 - 000201083 _____ C:\Users\VDY6nAe\holes-analysis.mdb
2018-01-17 04:28 - 2018-01-17 04:28 - 000066047 _____ C:\Users\VDY6nAe\button_shop_thorn.xls
2018-01-17 04:28 - 2018-01-17 04:28 - 000061034 _____ C:\Users\Akn5by\geographyreturnsenvelopetray.xls
2018-01-17 04:28 - 2018-01-17 04:28 - 000054057 _____ C:\Users\VDY6nAe\roar.standard.pem
2018-01-17 04:28 - 2018-01-17 04:28 - 000052720 _____ C:\Users\Akn5by\client-fulfill-developed-indicate.pem
2018-01-17 04:28 - 2018-01-17 04:28 - 000034024 _____ C:\Users\VDY6nAe\m9E9gX9W.txt
2018-01-17 04:28 - 2018-01-17 04:28 - 000026840 _____ C:\Users\Akn5by\insurance-conference.txt
2018-01-17 04:28 - 2018-01-17 04:28 - 000019423 _____ C:\Users\VDY6nAe\clothes-steps.sql
2018-01-17 04:28 - 2018-01-17 04:28 - 000013263 _____ C:\Users\Akn5by\diameter.nothing.limited.sql
2018-01-17 04:28 - 2018-01-17 04:28 - 000000000 __SHD C:\Users\Tony\Desktop\ This folder protects against Ransomware. Just leave it here
2018-01-17 04:28 - 2018-01-17 04:28 - 000000000 ___HD C:\Users\VDY6nAe
2018-01-17 04:28 - 2018-01-17 04:28 - 000000000 ___HD C:\Users\Tony\Documents\Xcached95
2018-01-17 04:28 - 2018-01-17 04:28 - 000000000 ___HD C:\Users\Tony\Documents\Alstores154
2018-01-17 04:28 - 2018-01-17 04:28 - 000000000 ___HD C:\Users\Akn5by
2018-01-17 04:28 - 2018-01-17 04:28 - 000000000 ____D C:\Xhelper3
2018-01-17 04:28 - 2018-01-17 04:28 - 000000000 ____D C:\Acresources155
2018-01-17 03:45 - 2018-01-17 03:45 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-01-17 03:30 - 2018-01-17 03:30 - 000000000 ___HD C:\$AV_ASW
2018-01-12 06:16 - 2018-01-12 06:16 - 002451912 _____ (IObit ) C:\Users\Tony\Downloads\unlocker-setup.exe
2018-01-12 06:16 - 2018-01-12 06:16 - 000001146 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk
2018-01-12 06:16 - 2018-01-12 06:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2018-01-12 05:12 - 2018-01-12 05:12 - 000000000 ____D C:\Users\Tony\Downloads\ProcessMonitor
2018-01-12 05:01 - 2018-01-12 05:02 - 000000000 ____D C:\Users\Tony\Downloads\TCPView
2018-01-12 05:00 - 2018-01-12 05:01 - 000291606 _____ C:\Users\Tony\Downloads\TCPView.zip
2018-01-12 04:47 - 2017-05-01 07:31 - 002724512 ____N (Sysinternals - www.sysinternals.com) C:\Users\Tony\Downloads\procexp.exe
2018-01-12 04:47 - 2017-05-01 07:25 - 001458856 ____N (Sysinternals - www.sysinternals.com) C:\Users\Tony\Downloads\procexp64.exe
2018-01-12 04:47 - 2017-05-01 07:19 - 000072154 ____N C:\Users\Tony\Downloads\procexp.chm
2018-01-12 04:47 - 2017-03-13 09:14 - 000007490 ____N C:\Users\Tony\Downloads\Eula.txt
2018-01-03 09:38 - 2018-01-17 09:38 - 002393088 _____ (Farbar) C:\Users\Tony\Desktop\FRST64.exe
2018-01-03 05:47 - 2018-01-17 05:47 - 000000266 _____ C:\Windows\Tasks\AutoKMS.job
2018-01-03 05:47 - 2018-01-16 05:47 - 000002896 _____ C:\Windows\System32\Tasks\AutoKMS
2018-01-03 04:57 - 2018-01-03 04:57 - 000000000 ____D C:\Users\Tony\AppData\Roaming\dvdcss
2017-12-23 09:21 - 2017-11-16 23:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-12-23 09:21 - 2017-11-14 20:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-12-23 09:21 - 2017-11-14 19:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-12-23 09:21 - 2017-11-13 22:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-12-23 09:21 - 2017-11-13 22:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-12-23 09:21 - 2017-11-13 22:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-12-23 09:21 - 2017-11-13 22:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-12-23 09:21 - 2017-11-13 22:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-12-23 09:21 - 2017-11-13 22:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-12-23 09:21 - 2017-11-13 22:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-12-23 09:21 - 2017-11-13 22:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-12-23 09:21 - 2017-11-13 22:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-12-23 09:21 - 2017-11-13 22:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-12-23 09:21 - 2017-11-13 22:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-12-23 09:21 - 2017-11-13 22:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-12-23 09:21 - 2017-11-13 22:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-12-23 09:21 - 2017-11-13 22:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-12-23 09:21 - 2017-11-13 22:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-12-23 09:21 - 2017-11-13 22:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-12-23 09:21 - 2017-11-13 22:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-12-23 09:21 - 2017-11-13 22:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-12-23 09:21 - 2017-11-13 22:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-12-23 09:21 - 2017-11-13 22:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-12-23 09:21 - 2017-11-13 22:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-12-23 09:21 - 2017-11-13 22:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-12-23 09:21 - 2017-11-13 22:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-12-23 09:21 - 2017-11-13 22:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-12-23 09:21 - 2017-11-13 22:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-12-23 09:21 - 2017-11-13 21:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-12-23 09:21 - 2017-11-13 21:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-12-23 09:21 - 2017-11-13 21:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-12-23 09:21 - 2017-11-13 21:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-12-23 09:21 - 2017-11-13 21:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-12-23 09:21 - 2017-11-13 21:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-12-23 09:21 - 2017-11-13 21:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-12-23 09:21 - 2017-11-13 21:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-12-23 09:21 - 2017-11-13 21:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-12-23 09:21 - 2017-11-13 21:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-12-23 09:21 - 2017-11-13 20:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-12-23 09:21 - 2017-11-13 20:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-12-23 09:21 - 2017-11-13 20:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-12-23 09:21 - 2017-11-13 20:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-12-23 09:21 - 2017-11-13 20:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-12-23 09:21 - 2017-11-13 19:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-12-23 09:21 - 2017-11-13 19:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-12-23 09:21 - 2017-11-07 15:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-12-23 09:21 - 2017-11-07 15:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-12-23 09:21 - 2017-11-07 15:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-12-23 09:21 - 2017-11-07 15:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-12-23 09:21 - 2017-11-07 15:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-12-23 09:21 - 2017-11-07 15:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-12-23 09:21 - 2017-11-07 15:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-12-23 09:21 - 2017-11-07 15:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-12-23 09:21 - 2017-11-07 15:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-12-23 09:21 - 2017-11-07 15:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-12-23 09:21 - 2017-11-07 15:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-12-23 09:21 - 2017-11-07 15:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-12-23 09:21 - 2017-11-07 15:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-12-23 09:21 - 2017-11-07 15:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-12-23 09:21 - 2017-11-07 15:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-12-23 09:21 - 2017-11-07 15:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-12-23 09:21 - 2017-11-07 15:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-12-23 09:21 - 2017-11-07 15:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-12-23 09:21 - 2017-11-07 15:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-12-23 09:21 - 2017-11-07 15:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-12-23 09:21 - 2017-11-07 15:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-12-23 09:21 - 2017-11-07 15:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-12-23 09:21 - 2017-11-07 15:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-12-23 09:21 - 2017-11-07 14:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-12-23 09:21 - 2017-11-07 11:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-12-23 09:21 - 2017-11-07 11:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-23 09:21 - 2017-11-04 10:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2017-12-23 09:21 - 2017-11-04 10:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2017-12-23 09:21 - 2017-11-04 10:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2017-12-23 09:21 - 2017-11-04 10:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-23 09:21 - 2017-11-02 11:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-12-23 09:21 - 2017-11-02 11:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2017-12-23 09:21 - 2017-11-02 11:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2017-12-23 09:21 - 2017-11-02 11:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2017-12-23 09:21 - 2017-11-02 10:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-23 09:21 - 2017-11-02 10:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2017-12-23 09:21 - 2017-11-02 10:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2017-12-23 09:21 - 2017-11-02 09:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2017-12-23 09:21 - 2017-10-16 18:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2017-12-23 09:21 - 2017-10-16 17:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2017-12-23 09:21 - 2017-10-11 19:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-12-23 08:53 - 2017-12-23 08:53 - 000000000 ____D C:\Users\Tony\AppData\Roaming\HPPSDr
2017-12-22 19:58 - 2017-12-22 19:56 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2017-12-22 19:57 - 2017-12-22 19:57 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-17 09:38 - 2017-09-22 03:15 - 000000000 ____D C:\FRST
2018-01-17 05:08 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-01-17 04:54 - 2013-05-03 08:49 - 000000000 ____D C:\Users\Tony\Documents\PcSetup
2018-01-17 04:54 - 2009-12-01 19:24 - 000099384 _____ C:\Users\Tony\AppData\Roaming\inst.exe
2018-01-17 04:54 - 2009-12-01 19:24 - 000082816 _____ (VSO Software) C:\Users\Tony\AppData\Roaming\pcouffin.sys
2018-01-17 04:54 - 2009-12-01 19:24 - 000007859 _____ C:\Users\Tony\AppData\Roaming\pcouffin.cat
2018-01-17 04:54 - 2009-12-01 19:24 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Vso
2018-01-17 04:28 - 2009-11-29 17:45 - 000019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-17 04:28 - 2009-11-29 17:45 - 000019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-17 04:26 - 2009-07-14 00:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-17 04:01 - 2017-08-11 18:43 - 000001032 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-01-17 04:01 - 2017-01-28 09:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-01-17 03:50 - 2016-08-15 14:28 - 000000000 ____D C:\Program Files\Yamicsoft
2018-01-17 03:49 - 2009-11-29 18:11 - 000109592 _____ C:\Users\Tony\AppData\Local\GDIPFONTCACHEV1.DAT
2018-01-17 03:44 - 2015-09-11 18:44 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-17 03:44 - 2013-11-28 08:52 - 000000000 ____D C:\ProgramData\ProductData
2018-01-17 03:42 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-17 03:42 - 2009-07-13 23:45 - 000422928 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-17 03:41 - 2016-02-07 02:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-17 03:30 - 2015-08-05 02:53 - 000000000 ____D C:\Windows\AutoKMS
2018-01-17 03:26 - 2010-12-23 04:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition
2018-01-17 03:18 - 2016-02-26 05:36 - 000000000 ____D C:\Program Files\Microsoft Office
2018-01-17 03:18 - 2013-02-05 15:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2018-01-17 03:18 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-01-17 03:18 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-01-17 03:16 - 2009-07-14 02:45 - 000000000 ____D C:\Windows\ShellNew
2018-01-15 17:35 - 2016-11-20 07:13 - 000000000 ____D C:\Users\Tony\AppData\LocalLow\Mozilla
2018-01-15 10:29 - 2015-06-05 09:53 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Mozilla
2018-01-14 01:52 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-01-13 16:07 - 2017-02-14 16:38 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-01-12 06:16 - 2017-05-23 01:57 - 000000000 ____D C:\Program Files (x86)\IObit
2018-01-12 06:16 - 2013-05-10 16:50 - 000000000 ____D C:\ProgramData\IObit
2018-01-10 19:58 - 2013-03-28 09:16 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-01-10 19:58 - 2013-03-28 09:16 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-01-09 15:21 - 2017-03-04 21:49 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-01-09 15:21 - 2016-05-09 01:50 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-09 15:21 - 2016-05-09 01:50 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-09 15:21 - 2011-11-22 14:02 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-09 15:21 - 2009-06-11 16:08 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-04 18:11 - 2015-01-27 16:29 - 000002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-03 05:12 - 2013-05-10 21:28 - 000000000 ____D C:\Users\Tony\AppData\Roaming\vlc
2018-01-03 05:10 - 2010-03-05 22:07 - 000000079 _____ C:\Users\Tony\AppData\default.pls
2018-01-01 09:51 - 2017-05-23 02:09 - 000000000 ____D C:\Program Files\Slimjet
2017-12-31 20:33 - 2014-05-15 18:11 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2017-12-31 20:33 - 2009-06-11 16:18 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-12-27 15:43 - 2009-07-14 00:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-12-23 09:44 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2017-12-23 09:44 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\Setup
2017-12-23 09:34 - 2013-07-25 05:16 - 000000000 ____D C:\Windows\system32\MRT
2017-12-23 09:25 - 2017-10-17 22:42 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-23 09:25 - 2009-12-09 07:26 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-12-23 08:52 - 2014-01-19 19:15 - 000000000 ____D C:\Program Files (x86)\HP
2017-12-23 08:52 - 2014-01-19 19:13 - 000000000 ____D C:\Users\Tony\AppData\Local\HP
2017-12-23 08:39 - 2013-03-30 01:41 - 000000000 ____D C:\Users\Tony\AppData\Local\ElevatedDiagnostics
2017-12-22 19:57 - 2017-11-10 20:33 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2017-12-22 19:57 - 2014-05-04 02:25 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-12-22 19:57 - 2014-01-11 17:39 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-12-22 19:57 - 2013-03-28 09:16 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-12-22 19:57 - 2013-03-22 10:16 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-12-22 19:57 - 2013-03-22 10:16 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-12-22 19:56 - 2017-02-14 16:38 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2017-12-22 19:56 - 2017-02-14 16:38 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-12-22 19:56 - 2017-02-14 16:38 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2017-12-22 19:56 - 2017-02-14 16:38 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2017-12-22 19:56 - 2013-03-28 09:16 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
 
==================== Files in the root of some directories =======
 
2015-08-06 07:25 - 2015-08-06 07:25 - 000000068 _____ () C:\Program Files\.directory
2015-08-06 06:55 - 2015-08-06 06:55 - 000000068 _____ () C:\Users\Tony\AppData\Roaming\.directory
2012-08-23 13:25 - 2012-08-23 13:37 - 000000408 _____ () C:\Users\Tony\AppData\Roaming\Checksum.ini
2011-12-11 23:27 - 2011-12-11 23:27 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\Galactic Static
2011-12-11 23:54 - 2011-12-11 23:54 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\Guides
2011-12-11 23:54 - 2011-12-11 23:54 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\Guitar
2011-12-11 23:54 - 2011-12-11 23:54 - 000000268 ___RH () C:\Users\Tony\AppData\Roaming\Guitars
2009-12-01 19:24 - 2018-01-17 04:54 - 000099384 _____ () C:\Users\Tony\AppData\Roaming\inst.exe
2009-12-01 19:24 - 2018-01-17 04:54 - 000007859 _____ () C:\Users\Tony\AppData\Roaming\pcouffin.cat
2009-12-01 19:24 - 2018-01-17 04:54 - 000001167 _____ () C:\Users\Tony\AppData\Roaming\pcouffin.inf
2018-01-17 04:54 - 2018-01-17 04:54 - 000000055 _____ () C:\Users\Tony\AppData\Roaming\pcouffin.log
2009-12-01 19:24 - 2018-01-17 04:54 - 000082816 _____ (VSO Software) C:\Users\Tony\AppData\Roaming\pcouffin.sys
2012-05-12 14:01 - 2012-05-13 08:52 - 000002035 _____ () C:\Users\Tony\AppData\Roaming\SAS7_000.DAT
2016-06-05 07:59 - 2016-06-05 08:00 - 000017144 _____ () C:\Users\Tony\AppData\Roaming\UserTile.png
2010-05-29 17:33 - 2017-12-17 17:57 - 000001189 _____ () C:\Users\Tony\AppData\Roaming\vso_ts_preview.xml
2013-07-26 23:50 - 2014-04-29 23:50 - 000000039 _____ () C:\Users\Tony\AppData\Roaming\WB.CFG
2013-07-13 10:50 - 2014-01-28 01:50 - 000000005 _____ () C:\Users\Tony\AppData\Roaming\WBPU-TTL.DAT
2011-01-16 23:57 - 2015-06-07 06:47 - 000000504 _____ () C:\Users\Tony\AppData\Roaming\wklnhst.dat
2015-08-06 06:44 - 2015-08-06 06:44 - 000000068 _____ () C:\Users\Tony\AppData\Local\.directory
2014-04-18 14:25 - 2015-07-12 14:54 - 000000600 _____ () C:\Users\Tony\AppData\Local\PUTTY.RND
2010-01-24 08:04 - 2017-09-22 02:59 - 000007604 _____ () C:\Users\Tony\AppData\Local\resmon.resmoncfg
2009-11-29 18:12 - 2009-11-29 18:27 - 000001297 _____ () C:\Users\Tony\AppData\Local\Win7_tmp1.htm
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-01-08 00:00
 
==================== End of FRST.txt ============================


#13 antonio831

antonio831
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 17 January 2018 - 09:57 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018
Ran by Tony (17-01-2018 09:40:56)
Running from C:\Users\Tony\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-11-29 23:10:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1957349403-1563706759-2450246291-500 - Administrator - Disabled)
Guest (S-1-5-21-1957349403-1563706759-2450246291-501 - Limited - Enabled) => C:\Users\Guest
Tony (S-1-5-21-1957349403-1563706759-2450246291-1000 - Administrator - Enabled) => C:\Users\Tony
UpdatusUser (S-1-5-21-1957349403-1563706759-2450246291-1021 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Active@ Disk Image 7.0 (HKLM\...\{9567EC70-0294-4782-BE75-FA9CF50F1078}_is1) (Version: 7.0 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
AMR to MP3 Converter 1.4 (HKLM-x32\...\{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1) (Version:  - www.amrtomp3converter.com)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.50.854.0 - Logitech) Hidden
Cybereason RansomFree 2.2.5.0 (HKLM-x32\...\{4A79F8E4-F22D-4F66-9D52-D84F5AFA830E}) (Version: 2.2.5.0 - Cybereason Inc.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 14.0.8.0 - FlashPeak Inc.)
FlashPeak Slimjet 64bit (HKLM\...\Slimjet) (Version: 14.0.9.0 - FlashPeak Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\HP Photo Creations) (Version: 1.0.0.19662 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.0.2.49 - IObit)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
iSpy (64 bit) (HKLM\...\{79AAFB4D-30FF-4999-9A16-322C4BB61E7C}) (Version: 5.5.8 - iSpy)
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.14350.0 - Linksys LLC)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (HKLM\...\{138A4072-9E64-46BD-B5F9-DB2BB395391F}) (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR GA311 Gigabit Adapter (HKLM-x32\...\{9E7300DD-08A3-4B3F-AEE1-1450843FE86E}) (Version: 1.00.0000 - Netgear)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.2.1 - Nikon)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenVPN 2.3.6-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.3.0 - Nikon)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1507.113 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Seagate Manager Installer (HKLM-x32\...\{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate) Hidden
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SUABnR (HKLM-x32\...\{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.104 - Trusteer)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{2BC6BC08-9E31-4B36-8715-E170F6173942}) (Version: 2.16.0404 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{54F10727-0D7A-4B24-9D8E-F4BB59CB9148}) (Version: 2.16.0307 - Samsung Electronics Co., Ltd.)
ViewNX 2 (HKLM-x32\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.2.3 - Nikon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
Windows Driver Package - XBCD Project HID  (16/05/2008 1.1.0) (HKLM\...\C6DCA6D8EFAB374E8F91A705567555FF4DAF025D) (Version: 16/05/2008 1.1.0 - XBCD Project)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} =>  -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} =>  -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} =>  -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} =>  -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} =>  -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-19] ()
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-19] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-02-03] (NVIDIA Corporation)
ContextMenuHandlers5: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-19] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0074757A-D886-4692-8795-9CC27C6B07D4} - System32\Tasks\SafeZone scheduled Autoupdate 1458746355 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {21EC5BC1-CE0B-4BC5-A014-285719268AD9} - \Microsoft\Windows\WindowsBackup\AutomaticBackup -> No File <==== ATTENTION
Task: {24F35CF8-8C11-450C-9F17-8B55EF04B5F4} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-01-09] (Cybereason)
Task: {2865CB60-EB8A-4C05-87CD-22D3246E6CBA} - System32\Tasks\{8E518E75-6CBA-40C5-9354-CEAC37027171} => C:\Windows\system32\pcalua.exe -a J:\Downloads\Nero7_chm_Enu.exe -d J:\Downloads
Task: {2C4ACAF2-D2A2-4D4F-BF00-144C1803652A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2F3179C0-CA89-4E19-B1BC-E0E073E38286} - System32\Tasks\avastBCLRestartS-1-5-21-1957349403-1563706759-2450246291-1000 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
Task: {3F19B905-C54B-4ADF-B542-EECFDCE41CE3} - System32\Tasks\{07B67644-76BF-444E-84AA-78FFDD3BF190} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {50003D87-481A-4CA9-B932-69935AD466C8} - System32\Tasks\{EE77AA10-E4A1-4596-97E6-56EB8A066A67} => C:\Windows\system32\pcalua.exe -a "J:\Temp Downloads\AdobeAIRInstaller.exe" -d "J:\Temp Downloads"
Task: {71438543-4EEC-48FC-A33A-892562460CAC} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-01-09] (Cybereason)
Task: {74381286-936E-4590-93E3-0BF0F59645FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {755F5200-23A7-49AC-B427-137947C99B7C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-22] (AVAST Software)
Task: {7A176829-9947-4C04-B3D0-88507F9C5AD8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {7F5BF15B-8FCE-4B9E-B065-D206F9C22929} - System32\Tasks\Uninstaller_SkipUac_Tony => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-09-15] (IObit)
Task: {823E62E4-AD3F-43B0-8C2E-00AB7AC59D42} - System32\Tasks\{AD861A28-AFC5-4B73-B8CE-E8F7F62FF34B} => C:\Windows\system32\pcalua.exe -a "J:\Program set up files\Total Video Converter 3.61 Wth Crack Working Perfect\Total Video Converter 3.61 Wth Crack Working Perfect\Keygen.exe" -d "J:\Program set up files\Total Video Converter 3.61 Wth Crack Working Perfect\Total Video Converter 3.61 Wth Crack Working Perfect"
Task: {89CEFB49-26E4-45A3-90A2-E8375F5AB836} - System32\Tasks\{E3AE040E-77B5-468B-A2AB-A0C0B0B3DAEF} => C:\Windows\system32\pcalua.exe -a C:\Users\Tony\Downloads\HPSupportSolutionsFramework-12.3.11.29.exe -d C:\Users\Tony\Downloads
Task: {A67D34DE-C169-49C9-BE0A-3B68205BFA7F} - System32\Tasks\{3A786032-8B0D-4958-99DC-20019AE195B1} => C:\Windows\system32\pcalua.exe -a J:\Downloads\cjxp32se\cjxp32se\cjxp32se\SETUPWIN.EXE -d J:\Downloads\cjxp32se\cjxp32se\cjxp32se
Task: {AE6D4662-C3FE-4F4E-A2B5-9F5DD22810A4} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-16] (AVAST Software)
Task: {BD890FD2-8567-46FA-B093-6B79DEACF335} - System32\Tasks\{4F6098E7-ABFA-4ACE-A0FA-E426ED48F30C} => C:\Windows\system32\pcalua.exe -a "J:\Program set up files\drivers\Setup.exe" -d "J:\Program set up files\drivers"
Task: {BEA33DD9-F576-40B1-90C1-BC881B5690DB} - \Microsoft\Windows\WindowsBackup\Windows Backup Monitor -> No File <==== ATTENTION
Task: {DBD4E11B-0450-45F0-BDD0-2B3C79FE8753} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {E2201713-5486-4693-9629-A608B8B96EC3} - System32\Tasks\{817229F7-96E5-4452-B525-A8D05D295367} => C:\Windows\system32\pcalua.exe -a "J:\Downloads\Advanced SystemCare Pro 5.0.0.152 Setup + KeyGen\Advanced SystemCare Pro 5.0.0.152.exe" -d "J:\Downloads\Advanced SystemCare Pro 5.0.0.152 Setup + KeyGen"
Task: {E459DA13-D802-4BF0-9C10-1642B78D23DA} - System32\Tasks\{E3923907-03E2-410A-88C1-44C7346AC9A7} => C:\Windows\system32\pcalua.exe -a "J:\Temp Downloads\setup.exe" -d "J:\Temp Downloads"
Task: {E74C066C-7023-4A42-B0A9-47D526032C45} - System32\Tasks\{A2C7E219-765C-4E69-902F-05A2ECD96DCE} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {E7FD8111-CC79-4A03-BB97-BB25751E7F5D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {F0E6F1C0-45BF-4E29-89F5-7BA6B6D3450A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F7CCBBFC-8BCE-420C-ABA4-88919D9260E9} - System32\Tasks\{D41E13DD-1EEE-4F01-AF01-2B29EDE2735E} => C:\Windows\system32\pcalua.exe -a F:\Yamicsoft.Windows.7.Manager.v1.1.2.Incl.Keymaker-ROGUE\windows7manager.exe -d F:\Yamicsoft.Windows.7.Manager.v1.1.2.Incl.Keymaker-ROGUE
Task: {FB4EF8BC-3E4F-44A9-B8FC-5D52CD910AB4} - System32\Tasks\{84E26F55-EAAD-4B03-A4F9-0857E874890E} => C:\Windows\system32\pcalua.exe -a C:\Users\Tony\Downloads\R220849\Setup.exe -d C:\Users\Tony\Downloads\R220849
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chromebook Recovery Utility.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jndclpdbaamdhonoechobihbbiimdgai
ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fccac19b89f69350\Click&Clean.lnk -> C:\Program Files\Slimjet\slimjet.exe (FlashPeak Inc.) -> --profile-directory="Profile 1" --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\dea50c82368084a9\Tony - Slimjet.lnk -> C:\Program Files\Slimjet\slimjet.exe (FlashPeak Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5137ab5c18cdb8e7\Tony - Slimjet.lnk -> C:\Program Files\Slimjet\slimjet.exe (FlashPeak Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-07-01 22:18 - 2015-02-03 21:21 - 000115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-04-30 17:12 - 2008-06-19 23:41 - 000062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2017-12-10 05:13 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000067920 _____ () c:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000067984 _____ () C:\Program Files\AVAST Software\Avast\x64\dll_loader.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000236840 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000902824 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000349568 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000337096 _____ () C:\Program Files\AVAST Software\Avast\x64\tasks_core.dll
2011-03-09 11:41 - 2011-03-09 11:41 - 001066896 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2011-03-09 11:41 - 2011-03-09 11:41 - 000491920 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2017-12-22 19:56 - 2017-12-22 19:56 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2018-01-16 12:38 - 2018-01-16 12:38 - 005768336 _____ () C:\Program Files\AVAST Software\Avast\defs\18011604\algo.dll
2017-12-22 19:57 - 2017-12-22 19:57 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000293944 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-01-17 07:46 - 2018-01-17 07:46 - 005768336 _____ () C:\Program Files\AVAST Software\Avast\defs\18011706\algo.dll
2017-07-28 08:52 - 2017-07-28 08:52 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-22 19:56 - 2017-12-22 19:56 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-23 01:58 - 2017-05-22 10:16 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-05-23 01:58 - 2017-05-22 10:16 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-05-23 01:58 - 2017-05-22 10:16 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-09-22 04:05 - 2017-05-22 10:17 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-05-23 01:58 - 2017-05-23 17:57 - 000631584 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2017-05-23 01:58 - 2017-05-22 10:16 - 000524064 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll
2010-03-05 09:24 - 2010-03-05 09:24 - 000886272 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:0CE7F3C9 [118]
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [374]
AlternateDataStreams: C:\ProgramData\Temp:661DFA1C [140]
AlternateDataStreams: C:\ProgramData\Temp:9E00596C [192]
AlternateDataStreams: C:\ProgramData\Temp:ADF211B1 [100]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com
 
There are 4791 more sites.
 
IE trusted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\google.com -> hxxps://www.google.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4793 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 07:34 - 2017-05-22 23:53 - 000000761 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1957349403-1563706759-2450246291-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^Users^Tony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => 
MSCONFIG\startupreg: DellComms => 
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => 
MSCONFIG\startupreg: ISUSPM => 
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LogitechCommunicationsManager => 
MSCONFIG\startupreg: LogitechQuickCamRibbon => 
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Nikon Message Center 2 => 
MSCONFIG\startupreg: PDVDDXSrv => 
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
MSCONFIG\startupreg: Skytel => 
MSCONFIG\startupreg: SunJavaUpdateSched => 
MSCONFIG\startupreg: TkBellExe => 
MSCONFIG\startupreg: UpdateLBPShortCut => 
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{74E40A56-742D-46F2-8193-EEFA33F10665}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{E446CBD0-4863-437D-82C0-AAF6D52B88EB}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{DC492E1D-E454-4E30-8B7F-285A5C270565}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{AC7B9E33-C1E0-4290-9895-6583EFEE8281}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{9DE884D4-22E2-4866-A9B1-B29A74DBD535}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{97057C91-6E5E-4197-8330-DB73613475C5}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{359D0683-9EC1-481A-BAF4-E886DBE62A2D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4DB2D65F-7275-4CAA-A206-CC6FF8463399}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{F6B9594D-F52B-406C-B4AB-894E3C73ACC6}C:\program files\ispy\ispy (64 bit)\ispy.exe] => (Allow) C:\program files\ispy\ispy (64 bit)\ispy.exe
FirewallRules: [UDP Query User{092FC93F-E4E5-4A58-A8F7-6CDE0D56FB76}C:\program files\ispy\ispy (64 bit)\ispy.exe] => (Allow) C:\program files\ispy\ispy (64 bit)\ispy.exe
FirewallRules: [{B609F1B3-F387-444A-BCA2-B8905580D17E}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{E2F87AB7-3CFD-4BA0-827D-9F2A215FC29C}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{C96F0E2A-0D89-45D8-AB96-86F4F2DE6B7F}] => (Allow) LPort=7000
FirewallRules: [{E6D3AC38-9F20-40AA-BC9B-0C29FE9EA585}] => (Allow) LPort=7000
FirewallRules: [{628E9DCC-308C-4A7E-939B-5606738205AD}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{DB463335-75AB-4DB3-BBF6-B064545A8582}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{669C5215-6015-4441-9104-AC37E3B763D6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{2BE0CBCE-2A44-412E-B0B6-05D8B32E8DE7}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{A1D4EEAC-9B17-4205-8F4A-71F019CCF5DB}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{75C6BCEB-04A4-41FB-97C3-FFA1A2A3E1D5}C:\windows\ehome\wow\ehexthost32.exe] => (Allow) C:\windows\ehome\wow\ehexthost32.exe
FirewallRules: [UDP Query User{118100C7-353A-40E1-959B-3EACD3351BE3}C:\windows\ehome\wow\ehexthost32.exe] => (Allow) C:\windows\ehome\wow\ehexthost32.exe
FirewallRules: [{97E4DFB8-A462-4D43-BFA9-F002763457D1}] => (Block) C:\windows\ehome\wow\ehexthost32.exe
FirewallRules: [{0F0991FC-9C72-4241-B6C8-B007980261E0}] => (Block) C:\windows\ehome\wow\ehexthost32.exe
FirewallRules: [TCP Query User{0311AA18-3D40-475D-B20E-ACEB2924BA75}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{4438734C-6C20-4E58-B291-C33185AF5A8D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{81E3BC7A-A792-4D8F-A1FA-17240781FBDF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6D6001B1-C0EA-4154-882E-2ADF0C51CFBD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7CC958FB-9A6B-49F4-A5D3-940F52C10E2C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D2E537E0-161E-4420-89B1-3B27B96720CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B6B026C5-B957-4053-B28E-19E223FE6B2E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B2CF6CAC-BAF1-4A08-B5B5-2428D571B545}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{58B770DD-5039-4216-A131-6621A2EC7DBE}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{8A2FE490-A557-4867-9D16-EECADF931B60}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{2F185DC4-9E25-427D-89E2-52C2DA48D150}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{5F3081E6-1823-40F6-B703-18E72AA9B658}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [TCP Query User{8B6D4902-7BDB-4211-B957-8DEB093CBC06}C:\program files\slimjet\slimjet.exe] => (Allow) C:\program files\slimjet\slimjet.exe
FirewallRules: [UDP Query User{9FC6D495-6ED1-4494-8BC1-8FE7796773A8}C:\program files\slimjet\slimjet.exe] => (Allow) C:\program files\slimjet\slimjet.exe
FirewallRules: [TCP Query User{B7E3DC3E-A35F-40B7-BFF5-85584119B9D4}C:\program files\slimjet\slimjet.exe] => (Allow) C:\program files\slimjet\slimjet.exe
FirewallRules: [UDP Query User{147263A1-A4CE-4342-8CAF-27AA92893F16}C:\program files\slimjet\slimjet.exe] => (Allow) C:\program files\slimjet\slimjet.exe
FirewallRules: [{D3495DAB-3BDD-4898-8FDF-88835084A25B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
19-11-2017 00:00:01 Scheduled Checkpoint
25-11-2017 20:15:34 Installed Rapport
03-12-2017 00:00:01 Scheduled Checkpoint
08-12-2017 19:57:05 Windows Update
10-12-2017 01:21:26 Installed Rapport
17-12-2017 20:50:40 Scheduled Checkpoint
23-12-2017 09:23:14 Windows Update
23-12-2017 09:53:07 Installed Rapport
31-12-2017 00:00:01 Scheduled Checkpoint
31-12-2017 20:32:06 Removed LG Mobile Driver
08-01-2018 00:00:02 Scheduled Checkpoint
16-01-2018 00:00:01 Scheduled Checkpoint
17-01-2018 03:12:22 Removed Microsoft Office Professional Plus 2010
17-01-2018 03:45:36 Installed Rapport
 
==================== Faulty Device Manager Devices =============
 
Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: TAP-Windows Adapter V9 #2
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/17/2018 03:49:11 AM) (Source: MsiInstaller) (EventID: 11721) (User: JAM831)
Description: Product: SlimCleaner -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: UnregisterShell64Ext, location: C:\Program Files (x86)\SlimCleaner\, command: regsvr32.exe /s /u "C:\Program Files (x86)\SlimCleaner\SlimShell64.dll"
 
Error: (01/17/2018 03:43:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/23/2017 09:51:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/23/2017 09:45:43 AM) (Source: Service1) (EventID: 0) (User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at WinServiceHost.RFServiceHost.StopRansomFreeService()
   at WinServiceHost.RFServiceHost.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (12/17/2017 06:08:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/17/2017 02:56:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hitmanpro_x64.exe, version: 3.7.20.286, time stamp: 0x58e5ec3b
Faulting module name: hitmanpro_x64.exe, version: 3.7.20.286, time stamp: 0x58e5ec3b
Exception code: 0xc0000005
Fault offset: 0x00000000002bfb49
Faulting process id: 0x87c
Faulting application start time: 0x01d3776c0921d1cf
Faulting application path: C:\Users\Tony\Desktop\hitmanpro_x64.exe
Faulting module path: C:\Users\Tony\Desktop\hitmanpro_x64.exe
Report Id: 4f6a7203-e364-11e7-9a8d-0002b3a92da8
 
Error: (12/17/2017 01:38:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/17/2017 01:34:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/17/2017 01:29:44 PM) (Source: Service1) (EventID: 0) (User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at WinServiceHost.RFServiceHost.StopRansomFreeService()
   at WinServiceHost.RFServiceHost.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (12/13/2017 11:30:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotoSnap.exe, version: 1.2.0.25, time stamp: 0x46265336
Faulting module name: PhotoSnap.exe, version: 1.2.0.25, time stamp: 0x46265336
Exception code: 0xc0000005
Fault offset: 0x0001920a
Faulting process id: 0x1f18
Faulting application start time: 0x01d3749430153ead
Faulting application path: C:\Program Files (x86)\Nero\Nero 7\Nero PhotoSnap\PhotoSnap.exe
Faulting module path: C:\Program Files (x86)\Nero\Nero 7\Nero PhotoSnap\PhotoSnap.exe
Report Id: 739b2063-e087-11e7-9d29-0002b3a92da8
 
 
System errors:
=============
Error: (01/17/2018 03:45:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswbIDSAgent service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (01/17/2018 03:45:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the aswbIDSAgent service to connect.
 
Error: (01/03/2018 05:12:34 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:12:26 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:12:17 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:08:10 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:08:02 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:07:53 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:07:44 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (01/03/2018 05:07:35 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
 
CodeIntegrity:
===================================
  Date: 2018-01-13 23:57:19.345
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_c02db572165f9ab0\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-13 23:57:19.142
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_c02db572165f9ab0\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-13 23:57:18.908
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_c02db572165f9ab0\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-13 23:57:18.589
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_c02db572165f9ab0\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-13 19:57:21.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-13 19:57:21.294
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-13 19:57:21.107
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-13 19:57:20.904
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-13 19:57:20.655
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-13 19:57:20.460
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appid.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 56%
Total physical RAM: 4095.05 MB
Available physical RAM: 1766.59 MB
Total Virtual: 8188.24 MB
Available Virtual: 6033.66 MB
 
==================== Drives ================================
 
Drive a: (OS) (Network) (Total:110.3 GB) (Free:25.1 GB) NTFS
Drive c: (OS) (Fixed) (Total:110.3 GB) (Free:25.1 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.84 GB) NTFS
Drive j: (Data Storage) (Fixed) (Total:471.18 GB) (Free:331.96 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 70811D92)
Partition 1: (Not Active) - (Size=39 MB) - (Type=1E)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=110.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=471.2 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================


#14 antonio831

antonio831
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 17 January 2018 - 10:01 AM

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\users\tony\favorites\other bookmarks\employment\write for cracked.com   cracked.com.url
c:\users\tony\favorites\other bookmarks\fun interesting sites\cracked.com - america's only humor site   cracked.com.url
scanner sequence 3.AA.11.KOAPTZ
 ----- EOF ----- 


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:08 PM

Posted 17 January 2018 - 10:46 AM

No problem with the delay. I appreciate you letting me know.

-----

Are you familiar with the modifications done to these settings? Each indicates the policy is true, i.e. it is true there will be no Security Tab visible in the file/folders properties screen.
 

HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1957349403-1563706759-2450246291-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1


-----

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\.DEFAULT -> DefaultScope {2B782333-9951-4628-AF27-5F0379224BE5} URL = 
BHO: No Name -> -{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> -{B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
Toolbar: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> No Name - {1AEC5771-FCD6-4537-A6B7-5F1935FD527C} -  No File
Toolbar: HKU\S-1-5-21-1957349403-1563706759-2450246291-1000 -> No Name - {94000A61-AF9A-4247-8DB6-A949FADB0354} -  No File
Handler: WSAllMyTubechrome - No CLSID Value
S3 PSVolAcc;
C:\Users\V8zgul
C:\Users\V8zgul
C:\Users\Tony\Desktop\ This folder protects against Ransomware. Just leave it here
2018-01-15 09:52 - 2018-01-15 09:52 - 000000000 ___HD C:\Users\Tony\Documents\Xdate59
2018-01-15 09:52 - 2018-01-15 09:52 - 000000000 ___HD C:\Users\Tony\Documents\Aldocuments82
2018-01-15 09:52 - 2018-01-15 09:52 - 000000000 ____D C:\Xcaches123
2018-01-15 09:52 - 2018-01-15 09:52 - 000000000 ____D C:\Aclog132
2018-01-03 05:47 - 2018-01-15 05:47 - 000002896 _____ C:\Windows\System32\Tasks\AutoKMS
2018-01-03 05:47 - 2018-01-15 05:47 - 000000266 _____ C:\Windows\Tasks\AutoKMS.job
2018-01-03 05:47 - 2015-08-05 02:53 - 000000000 ____D C:\Windows\AutoKMS
Task: {21EC5BC1-CE0B-4BC5-A014-285719268AD9} - \Microsoft\Windows\WindowsBackup\AutomaticBackup
Task: {50003D87-481A-4CA9-B932-69935AD466C8} - System32\Tasks\{EE77AA10-E4A1-4596-97E6-56EB8A066A67} => C:\Windows\system32\pcalua.exe -a "J:\Temp Downloads\AdobeAIRInstaller.exe" -d "J:\Temp Downloads"
Task: {823E62E4-AD3F-43B0-8C2E-00AB7AC59D42} - System32\Tasks\{AD861A28-AFC5-4B73-B8CE-E8F7F62FF34B} => C:\Windows\system32\pcalua.exe -a "J:\Program set up files\Total Video Converter 3.61 Wth Crack Working Perfect\Total Video Converter 3.61 Wth Crack Working Perfect\Keygen.exe" -d "J:\Program set up files\Total Video Converter 3.61 Wth Crack Working Perfect\Total Video Converter 3.61 Wth Crack Working Perfect"
Task: {A67D34DE-C169-49C9-BE0A-3B68205BFA7F} - System32\Tasks\{3A786032-8B0D-4958-99DC-20019AE195B1} => C:\Windows\system32\pcalua.exe -a J:\Downloads\cjxp32se\cjxp32se\cjxp32se\SETUPWIN.EXE -d J:\Downloads\cjxp32se\cjxp32se\cjxp32se
Task: {BEA33DD9-F576-40B1-90C1-BC881B5690DB} - \Microsoft\Windows\WindowsBackup\Windows Backup Monitor
J:\Temp Downloads\AdobeAIRInstaller.exe
J:\Downloads\cjxp32se
Task: {DBD4E11B-0450-45F0-BDD0-2B3C79FE8753} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {E2201713-5486-4693-9629-A608B8B96EC3} - System32\Tasks\{817229F7-96E5-4452-B525-A8D05D295367} => C:\Windows\system32\pcalua.exe -a "J:\Downloads\Advanced SystemCare Pro 5.0.0.152 Setup + KeyGen\Advanced SystemCare Pro 5.0.0.152.exe" -d "J:\Downloads\Advanced SystemCare Pro 5.0.0.152 Setup + KeyGen"
J:\Downloads\Advanced SystemCare Pro 5.0.0.152 Setup + KeyGen
Task: {E459DA13-D802-4BF0-9C10-1642B78D23DA} - System32\Tasks\{E3923907-03E2-410A-88C1-44C7346AC9A7} => C:\Windows\system32\pcalua.exe -a "J:\Temp Downloads\setup.exe" -d "J:\Temp Downloads"
J:\Temp Downloads\setup.exe
Task: {E74C066C-7023-4A42-B0A9-47D526032C45} - System32\Tasks\{A2C7E219-765C-4E69-902F-05A2ECD96DCE} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {F7CCBBFC-8BCE-420C-ABA4-88919D9260E9} - System32\Tasks\{D41E13DD-1EEE-4F01-AF01-2B29EDE2735E} => C:\Windows\system32\pcalua.exe -a F:\Yamicsoft.Windows.7.Manager.v1.1.2.Incl.Keymaker-ROGUE\windows7manager.exe -d F:\Yamicsoft.Windows.7.Manager.v1.1.2.Incl.Keymaker-ROGUE
F:\Yamicsoft.Windows.7.Manager.v1.1.2.Incl.Keymaker-ROGUE
Task: {FB4EF8BC-3E4F-44A9-B8FC-5D52CD910AB4} - System32\Tasks\{84E26F55-EAAD-4B03-A4F9-0857E874890E} => C:\Windows\system32\pcalua.exe -a C:\Users\Tony\Downloads\R220849\Setup.exe -d C:\Users\Tony\Downloads\R220849
C:\Users\Tony\Downloads\R220849
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:0CE7F3C9 [118]
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [374]
AlternateDataStreams: C:\ProgramData\Temp:661DFA1C [140]
AlternateDataStreams: C:\ProgramData\Temp:9E00596C [192]
AlternateDataStreams: C:\ProgramData\Temp:ADF211B1 [100]
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check for strange folders/files on your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Familiar with registry modifications?
  • Fixlog
  • Update on computer performance including strange folders/files

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users