Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Citypage.today extension and need help.


  • This topic is locked This topic is locked
33 replies to this topic

#1 happyindian

happyindian

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 25 February 2018 - 09:04 AM

Hello,

    I had already posted my issue (https://www.bleepingcomputer.com/forums/t/670684/citypagetoday-extension/) on this forum  but I was asked to post additional details in this thread. Attached are logs from both the text files (was not able to post the logs in this post itself.).... I also wanted to point out that my disk utilization is almost at 100% all the time and I am not downloading or doing any other stuff. If any other information is need please let me know. Thanks for help in advance!

HI

 

Also attaching logs from malware bytes, ADWCleaner and mbar; was not able to do so in the previous thread... 

Attached Files


Edited by happyindian, 25 February 2018 - 09:17 AM.


BC AdBot (Login to Remove)

 


#2 happyindian

happyindian
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 25 February 2018 - 09:07 AM

FRST LOG - 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.02.2018
Ran by aades (administrator) on DESKTOP-2GA934T (25-02-2018 08:36:28)
Running from C:\Users\aades\Downloads
Loaded Profiles: aades (Available Profiles: aades)
Platform: Windows 10 Home Version 1703 15063.540 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\rarmnevsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Program Files\rempl\remsh.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(LULU Software) C:\Program Files\Soda PDF Desktop\creator-ws.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_5\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.724_none_9e8a868b2d8a538d\TiWorker.exe
() C:\Users\aades\AppData\Local\lsdvtup\lsdvtup.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Users\aades\AppData\Local\auspldi\usmnxce.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Wistron Corporation) C:\Program Files\Dell\DpmLite\DpmLiteEvent.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\McCSPServiceHost.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(The SABnzbd-team) C:\Program Files\SABnzbd\SABnzbd.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Greais Software) C:\Program Files (x86)\UnHackMe\wu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Google Inc.) C:\Users\aades\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Corporation) C:\Windows\System32\UNP\UNPCampaignManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\VirtualDrive.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\aades\AppData\Local\lsdvtup\wiohlnk.exe
() C:\Users\aades\AppData\Local\lsdvtup\wiohlnk.exe
() C:\Users\aades\AppData\Local\lsdvtup\wiohlnk.exe
() C:\Users\aades\AppData\Local\lsdvtup\wiohlnk.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
() C:\Users\aades\AppData\Local\lsdvtup\wiohlnk.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235440 2017-06-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [DpmLiteEvent] => C:\Program Files\Dell\DpmLite\DpmLiteEvent.exe [2537776 2014-11-19] (Wistron Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-01-28] (Greenshot)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Audio Ltd.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-02-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964080 2018-01-16] (SUPERAntiSpyware)
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\Run: [Google Update] => C:\Users\aades\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\Run: [Google Photos Backup] => C:\Users\aades\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\MountPoints2: {2ba9d900-2cb3-11e7-8933-141877c8319f} - "E:\autorun.exe" 
Startup: C:\Users\aades\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk [2017-09-29]
ShortcutTarget: SABnzbd.lnk -> C:\Program Files\SABnzbd\SABnzbd.exe (The SABnzbd-team)
BootExecute: autocheck autochk * Partizan
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a26a5904-bd8b-4fb4-b35a-16a1cf719920}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a26a5904-bd8b-4fb4-b35a-16a1cf719920}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{a4ab6505-bdb3-467b-a0e3-481b3993e39f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a4ab6505-bdb3-467b-a0e3-481b3993e39f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a6c9514e-bda0-453a-9828-b4cc237d8b39}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c6c68813-cea0-4e6c-a3c8-bab8f6d44cbf}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f8f504cc-ef83-4d3a-b5c7-b94705885237}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{ff7cd8a9-23f4-46ca-9952-b2497d26f140}: [NameServer] 8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=N0000A9E7F85937E&form=CONMHP&conlogo=CT3210127
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler: mso-minsb-roaming.16 - No CLSID Value
Handler: mso-minsb.16 - No CLSID Value
Handler: osf-roaming.16 - No CLSID Value
Handler: osf.16 - No CLSID Value
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-11-18] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-11-18] (McAfee, Inc.)
 
FireFox:
========
FF DefaultProfile: kdqrf63p.default
FF ProfilePath: C:\Users\aades\AppData\Roaming\Mozilla\Firefox\Profiles\kdqrf63p.default [2018-02-25]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-12-07]
FF HKLM\...\Firefox\Extensions: [soda_pdf_desktop_conv@sodapdf.com] - C:\Program Files\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension
FF Extension: (Soda PDF Desktop Creator) - C:\Program Files\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension [2017-01-28] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-11-29] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3514701322-1850050194-3633948935-1001: @tools.google.com/Google Update;version=3 -> C:\Users\aades\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-3514701322-1850050194-3633948935-1001: @tools.google.com/Google Update;version=9 -> C:\Users\aades\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://slickdeals.net/forums/forumdisplay.php?f=9","hxxp://goldprice.org/","hxxp://www.compareremit.com/dollar-to-rupee-exchange-rate-history/","hxxps://www.plexus-online.com/a2024dbd-671d-4676-8523-ba99d9596686/Modules/SystemAdministration/MenuSystem/MenuCustomer.aspx"
CHR Profile: C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default [2018-02-25]
CHR Extension: (Slides) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-20]
CHR Extension: (Docs) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-20]
CHR Extension: (Google Drive) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-20]
CHR Extension: (Home - Dropbox) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\bephflgelifpmapocgibnedkaoofegol [2018-02-20]
CHR Extension: (YouTube) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-20]
CHR Extension: (Honey) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-02-20]
CHR Extension: (Adblock Plus) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-02-20]
CHR Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2018-02-23]
CHR Extension: (Pushbullet) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2018-02-20]
CHR Extension: (OneTab) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2018-02-20]
CHR Extension: (Tampermonkey) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-02-20]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2018-02-20]
CHR Extension: (Add to Wunderlist) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmnddeddcgdllibmaodanoonljfdmooc [2018-02-20]
CHR Extension: (Adobe Acrobat) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-02-20]
CHR Extension: (Black Menu for Google™) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignhdfgaldabilaaegmdfbajngjmoke [2018-02-20]
CHR Extension: (Sheets) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-20]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-02-20]
CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2018-02-20]
CHR Extension: (Google Docs Offline) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-20]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2018-02-20]
CHR Extension: (The Camelizer) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2018-02-20]
CHR Extension: (Amazon™ Sort - Number of Reviews) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepimngelnnmpbpklphhbbmalefoploi [2018-02-20]
CHR Extension: (Cisco WebEx Extension) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-02-20]
CHR Extension: (The Great Suspender) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2018-02-20]
CHR Extension: (Boomerang for Gmail) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2018-02-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-20]
CHR Extension: (Gmail) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-20]
CHR Extension: (Chrome Media Router) - C:\Users\aades\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-20]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\elbcozp <==== ATTENTION (Rootkit!)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-08] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-28] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-28] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-02-08] (Dropbox, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2017-12-14] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294608 2017-12-14] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2017-12-14] (Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [77648 2016-12-22] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232320 2017-11-21] (Dell Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2018-02-03] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373760 2016-11-07] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-06] (Intel)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-01-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_5\McAPExe.exe [963176 2016-10-07] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [354664 2016-03-03] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\\McCSPServiceHost.exe [1934968 2016-10-17] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1307752 2016-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [242704 2016-09-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384016 2016-09-08] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [331280 2016-09-08] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1473128 2016-10-07] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-06-23] ()
R2 osrss; C:\WINDOWS\system32\osrss.dll [108584 2018-01-09] (Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1041512 2016-09-08] (Intel Security, Inc.)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [333296 2017-06-19] (Realtek Semiconductor)
S3 Soda PDF Desktop; C:\Program Files\Soda PDF Desktop\ws.exe [2571728 2016-12-23] (LULU Software)
S3 Soda PDF Desktop CrashHandler; C:\Program Files\Soda PDF Desktop\crash-handler-ws.exe [925648 2016-12-23] (LULU Software)
R2 Soda PDF Desktop Creator; C:\Program Files\Soda PDF Desktop\creator-ws.exe [733648 2016-12-23] (LULU Software)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2017-12-22] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [265792 2017-05-18] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [615384 2017-02-07] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-06-23] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88120 2016-09-09] (McAfee, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R2 DpmLiteDrv; C:\Program Files\Dell\DpmLite\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-02-25] ()
S3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [46856 2015-06-15] (Intel Corporation)
S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [113416 2015-06-15] (Intel Corporation)
S3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [155400 2015-06-15] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-02-05] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-02-07] (Malwarebytes)
R1 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-02-09] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-02-03] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [364088 2016-09-09] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85656 2016-09-09] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [512056 2016-09-09] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [884792 2016-09-09] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [527496 2016-09-09] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109336 2016-09-09] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252984 2016-09-09] (McAfee, Inc.)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3537672 2017-02-17] (Intel Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2018-02-04] (Greatis Software)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [427528 2016-10-17] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66112 2017-05-18] (Synaptics Incorporated)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [212056 2015-07-06] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-01-28] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-01-28] (Zemana Ltd.)
R3 knquxa; system32\drivers\quxadh.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-25 08:38 - 2018-02-25 08:38 - 000188866 _____ C:\Users\aades\Downloads\Hooch.1989.DVDRip.x264-DJ.nzb
2018-02-25 08:36 - 2018-02-25 08:42 - 000035642 _____ C:\Users\aades\Downloads\FRST.txt
2018-02-25 08:35 - 2018-02-25 08:36 - 000000000 ____D C:\FRST
2018-02-25 08:30 - 2018-02-25 08:31 - 002403328 _____ (Farbar) C:\Users\aades\Downloads\FRST64.exe
2018-02-25 08:29 - 2018-02-25 08:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-02-25 08:25 - 2018-02-25 08:25 - 000000000 ___HD C:\OneDriveTemp
2018-02-23 09:11 - 2018-02-23 09:11 - 000142672 ____N C:\WINDOWS\system32\Drivers\wieybehl.sys
2018-02-22 07:17 - 2018-02-22 07:17 - 000001334 _____ C:\Users\aades\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee WebAdvisor.lnk
2018-02-21 19:38 - 2017-09-06 07:56 - 000003696 _____ C:\Users\aades\Downloads\WNDR4500-V1.0.1.46_1.0.76_Release_Notes.html
2018-02-21 19:38 - 2017-06-26 16:13 - 012107834 _____ C:\Users\aades\Downloads\WNDR4500-V1.0.1.46_1.0.76.chk
2018-02-21 10:52 - 2018-02-21 12:23 - 1680073424 _____ C:\Users\aades\Downloads\Tiger zinda hai.mkv
2018-02-21 08:53 - 2018-02-21 10:19 - 735739961 _____ C:\Users\aades\Downloads\Qarib.Qarib.Singlle.2017.HR.mkv
2018-02-20 20:38 - 2018-01-09 16:44 - 000108584 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2018-02-20 19:31 - 2018-02-20 19:31 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-20 19:31 - 2018-02-20 19:31 - 000002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-20 19:30 - 2018-02-20 19:30 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-20 19:30 - 2018-02-20 19:30 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-19 18:34 - 2018-01-27 02:48 - 001577880 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-02-19 18:34 - 2018-01-27 02:48 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-02-19 18:34 - 2018-01-27 02:47 - 000387480 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-02-19 18:34 - 2018-01-27 02:47 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-02-19 18:34 - 2018-01-27 02:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-02-19 18:34 - 2018-01-27 02:46 - 000613272 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-02-19 18:34 - 2018-01-27 02:46 - 000460696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-02-19 18:34 - 2018-01-27 02:45 - 000662936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-02-19 18:34 - 2018-01-27 02:45 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-02-19 18:34 - 2018-01-27 02:44 - 000272792 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-02-19 18:34 - 2018-01-27 02:18 - 000211864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-02-19 18:34 - 2017-12-31 21:22 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-02-19 18:34 - 2017-12-31 20:23 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-02-19 18:34 - 2017-12-31 20:23 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-02-18 17:33 - 2018-02-18 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2018-02-18 17:33 - 2018-02-18 17:33 - 000000000 ____D C:\Program Files (x86)\ffdshow
2018-02-18 17:33 - 2014-07-17 19:31 - 000112640 _____ C:\WINDOWS\SysWOW64\ff_vfw.dll
2018-02-18 17:20 - 2018-02-06 17:49 - 1590724262 _____ C:\Users\aades\Downloads\Get Out.mkv
2018-02-18 16:10 - 2018-02-18 16:10 - 000000000 ____D C:\Users\aades\Downloads\New folder (2)
2018-02-17 19:39 - 2017-12-31 20:41 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-02-17 19:39 - 2017-12-31 20:40 - 000378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-02-17 19:39 - 2017-12-31 20:40 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-02-17 19:39 - 2017-12-31 20:39 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-02-17 19:39 - 2017-12-31 20:38 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-02-17 19:39 - 2017-12-31 20:35 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-02-17 19:39 - 2017-12-31 20:30 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-02-17 19:39 - 2017-11-02 00:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-02-17 19:39 - 2017-11-01 23:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-02-17 19:39 - 2017-11-01 23:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-02-17 19:39 - 2017-11-01 23:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2018-02-17 19:39 - 2017-11-01 23:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2018-02-17 19:39 - 2017-11-01 23:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2018-02-17 19:39 - 2017-11-01 23:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-02-17 19:39 - 2017-11-01 23:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2018-02-17 19:39 - 2017-11-01 23:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-02-17 19:39 - 2017-11-01 23:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-02-17 19:39 - 2017-11-01 23:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-02-17 19:39 - 2017-11-01 23:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-02-17 19:39 - 2017-09-29 02:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-02-17 19:39 - 2017-09-29 02:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-02-17 19:39 - 2017-09-29 02:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-02-17 19:39 - 2017-09-29 02:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-02-16 07:47 - 2018-02-16 07:47 - 000000431 _____ C:\Users\aades\Desktop\Reply.txt
2018-02-14 20:18 - 2018-02-14 20:49 - 000000000 ____D C:\Users\aades\Desktop\mbar
2018-02-14 20:18 - 2018-02-14 20:49 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-14 20:18 - 2018-02-14 20:18 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7925F6E6.sys
2018-02-14 20:17 - 2018-02-14 20:17 - 000001212 _____ C:\Users\aades\Desktop\AdwCleaner[S3].txt
2018-02-14 20:10 - 2018-02-14 20:10 - 000001244 _____ C:\Users\aades\Desktop\Malware_Bytes_Export_Summary.txt
2018-02-12 18:58 - 2018-02-12 18:58 - 000000002 _____ C:\Users\aades\Downloads\94b5849f-0537-4c30-ada3-88dbd6c73bf0
2018-02-12 18:54 - 2018-02-12 18:56 - 000000000 ____D C:\Users\aades\AppData\LocalLow\Mozilla
2018-02-12 18:54 - 2018-02-12 18:54 - 000000000 ____D C:\Users\aades\AppData\Roaming\Mozilla
2018-02-12 18:54 - 2018-02-12 18:54 - 000000000 ____D C:\Users\aades\AppData\Local\Mozilla
2018-02-10 13:33 - 2018-02-10 13:33 - 000000550 _____ C:\Users\aades\Downloads\client_secret.json
2018-02-09 18:19 - 2018-02-09 18:19 - 141190169 _____ C:\Users\aades\Downloads\thbthrys11e15.hd72_300mbfilms.com.mkv
2018-02-09 16:58 - 2018-02-09 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-02-08 15:10 - 2018-02-08 15:10 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-02-08 15:10 - 2018-02-08 15:10 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-02-08 15:10 - 2018-02-08 15:10 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-02-08 15:10 - 2018-02-08 15:10 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-02-08 09:47 - 2018-02-08 09:47 - 000848049 _____ C:\Users\aades\AppData\LocalLow\wbkCE09.tmp
2018-02-06 19:14 - 2018-02-06 19:14 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2018-02-05 18:41 - 2018-02-09 18:39 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-02-05 18:08 - 2018-02-09 18:44 - 000000000 ____D C:\@RestoreQuarantine
2018-02-05 13:35 - 2018-02-20 20:38 - 000000000 ____D C:\Program Files\rempl
2018-02-05 13:05 - 2018-02-05 13:05 - 000000000 ____D C:\Users\aades\AppData\Local\auspldi
2018-02-04 18:52 - 2018-02-04 18:52 - 000040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2018-02-04 18:32 - 2018-02-25 08:20 - 000000254 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2018-02-04 18:23 - 2018-02-13 21:38 - 000000000 ____D C:\ProgramData\RegRun
2018-02-04 18:22 - 2018-02-25 08:31 - 000000000 ____D C:\Users\aades\Documents\RegRun2
2018-02-04 18:22 - 2018-02-25 08:25 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2018-02-04 18:22 - 2018-02-04 18:25 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2018-02-04 18:22 - 2018-02-04 18:22 - 000003420 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2018-02-04 18:22 - 2018-02-04 18:22 - 000000002 RSHOT C:\WINDOWS\winstart.bat
2018-02-04 18:22 - 2018-02-04 18:22 - 000000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2018-02-04 18:22 - 2018-02-04 18:22 - 000000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2018-02-04 18:22 - 2018-02-04 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2018-02-04 18:22 - 2018-01-31 13:32 - 000014984 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2018-02-04 18:22 - 2018-01-24 21:40 - 000001138 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2018-02-04 18:22 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2018-02-04 18:21 - 2018-02-04 18:21 - 000000000 ____D C:\Users\aades\Downloads\unhackme
2018-02-03 15:24 - 2018-02-03 15:24 - 000002330 _____ C:\WINDOWS\system32\.crusader
2018-02-03 14:56 - 2018-02-25 08:31 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-02-03 14:56 - 2018-02-03 15:25 - 000000000 ____D C:\ProgramData\HitmanPro
2018-02-03 14:56 - 2018-02-03 14:56 - 000001968 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-02-03 14:56 - 2018-02-03 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-02-03 14:56 - 2018-02-03 14:56 - 000000000 ____D C:\Program Files\HitmanPro
2018-02-02 09:25 - 2018-02-02 09:25 - 000848049 _____ C:\Users\aades\Downloads\Mrs_Funnybones.pdf.html
2018-01-31 08:25 - 2018-01-31 09:09 - 1330504933 _____ C:\Users\aades\Downloads\Tumhari Sulu.mkv
2018-01-28 21:07 - 2018-01-28 21:07 - 011605440 _____ (SurfRight B.V.) C:\Users\aades\Downloads\hitmanpro_x64.exe
2018-01-28 20:27 - 2018-01-28 20:27 - 001235408 _____ (GridinSoft LLC) C:\Users\aades\Downloads\setup.exe
2018-01-28 20:24 - 2018-01-28 20:24 - 008206624 _____ (Malwarebytes) C:\Users\aades\Downloads\adwcleaner_7.0.7.0.exe
2018-01-28 20:12 - 2018-02-25 08:42 - 000111239 _____ C:\WINDOWS\ZAM.krnl.trace
2018-01-28 20:12 - 2018-02-25 08:41 - 000080057 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-01-28 20:11 - 2018-01-28 20:12 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-01-28 20:11 - 2018-01-28 20:11 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-01-28 20:11 - 2018-01-28 20:11 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-01-28 20:11 - 2018-01-28 20:11 - 000000000 ____D C:\Users\aades\AppData\Local\Zemana
2018-01-28 20:11 - 2018-01-28 20:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-01-28 20:10 - 2018-01-28 20:10 - 006625600 _____ (Zemana Ltd. ) C:\Users\aades\Downloads\Zemana.AntiMalware.Setup.exe
2018-01-28 13:59 - 2018-02-09 19:21 - 000000000 ____D C:\Program Files\Microsoft Office
2018-01-28 13:16 - 2018-02-07 18:23 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-01-28 13:16 - 2018-01-28 13:16 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-28 13:16 - 2018-01-28 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-28 13:16 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-28 12:56 - 2018-02-14 20:16 - 000000000 ____D C:\AdwCleaner
2018-01-28 12:34 - 2018-01-28 12:34 - 001129816 _____ (Google Inc.) C:\Users\aades\Downloads\ChromeSetup.exe
2018-01-28 12:06 - 2018-01-28 13:19 - 1071510455 _____ C:\Users\aades\Downloads\Fukrey Returns 2017(SDMoviespoint.in) Hindi 1GB PreDvDRip x264 (1).mkv
2018-01-26 17:06 - 2018-01-26 17:07 - 189239288 _____ (Sophos Limited) C:\Users\aades\Downloads\Sophos Virus Removal Tool.exe
2018-01-26 16:42 - 2018-01-26 16:42 - 002953520 _____ (AVAST Software) C:\Users\aades\Downloads\avast-browser-cleanup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-25 08:43 - 2016-11-29 23:26 - 000000000 ____D C:\Users\aades\AppData\Roaming\vlc
2018-02-25 08:40 - 2016-12-14 21:37 - 000000000 ____D C:\Users\aades\Downloads\complete
2018-02-25 08:40 - 2016-12-12 19:45 - 000000000 ____D C:\Users\aades\Downloads\incomplete
2018-02-25 08:39 - 2018-01-24 20:03 - 000000000 ____D C:\Users\aades\AppData\Local\lsdvtup
2018-02-25 08:38 - 2017-05-30 06:57 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{447E6755-FAF4-4050-B829-50069071A8AC}
2018-02-25 08:29 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2018-02-25 08:26 - 2016-11-28 20:42 - 000000000 ___RD C:\Users\aades\OneDrive
2018-02-25 08:22 - 2017-05-30 06:33 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-02-25 08:22 - 2016-11-28 20:38 - 000000000 __SHD C:\Users\aades\IntelGraphicsProfiles
2018-02-25 08:20 - 2018-01-24 20:02 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\rarmnevsvc.exe
2018-02-25 08:20 - 2017-05-30 06:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-23 09:12 - 2017-03-18 06:40 - 002097152 _____ C:\WINDOWS\system32\config\BBI
2018-02-23 09:11 - 2017-03-18 06:40 - 022020096 _____ C:\WINDOWS\system32\config\HARDWARE
2018-02-23 08:42 - 2017-05-30 06:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-23 08:35 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-22 07:27 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-21 21:13 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-02-21 20:52 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-21 19:54 - 2016-12-21 10:10 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-02-21 19:39 - 2017-02-03 12:02 - 000000000 ____D C:\Users\aades\Downloads\WNDR4500-V1.0.1.40_1.0.68
2018-02-20 19:31 - 2016-11-28 21:13 - 000000000 ____D C:\Users\aades\AppData\Local\Google
2018-02-20 19:30 - 2016-11-28 21:13 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-19 20:43 - 2017-05-30 06:34 - 000000000 ____D C:\Users\aades
2018-02-19 19:30 - 2016-11-28 20:38 - 000000000 ____D C:\Users\aades\AppData\Local\Packages
2018-02-19 16:00 - 2017-03-18 06:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-02-18 17:09 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-02-16 07:14 - 2017-07-24 20:49 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3514701322-1850050194-3633948935-1001
2018-02-16 07:14 - 2016-11-28 20:42 - 000002369 _____ C:\Users\aades\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-02-14 20:18 - 2018-01-24 21:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-13 20:50 - 2016-11-30 13:49 - 000000000 ___RD C:\Users\aades\Downloads\Iphone songs
2018-02-13 20:41 - 2017-05-30 06:57 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-13 20:40 - 2017-01-28 10:12 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-09 19:21 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-02-09 19:21 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-02-09 18:39 - 2018-01-24 21:22 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-02-09 17:02 - 2016-11-28 20:43 - 000000000 ___RD C:\Users\aades\Dropbox
2018-02-09 17:02 - 2016-04-25 15:21 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-02-07 09:14 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2018-02-07 08:55 - 2017-11-26 09:43 - 000000000 ____D C:\Users\aades\AppData\Local\calibre-cache
2018-02-07 08:55 - 2017-11-25 22:27 - 000000000 ____D C:\Users\aades\AppData\Roaming\calibre
2018-02-05 18:41 - 2018-01-24 21:23 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-02-03 11:36 - 2018-01-24 21:22 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-02-02 15:34 - 2017-03-18 16:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-02 15:34 - 2017-03-18 16:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-30 03:38 - 2018-01-24 20:06 - 000000000 ____D C:\Users\aades\AppData\Local\wmdrloz
2018-01-28 14:39 - 2017-05-30 06:27 - 000405944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-28 11:26 - 2016-04-25 15:32 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-01-26 20:27 - 2016-12-21 10:10 - 000001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2018-01-26 20:27 - 2016-12-21 10:10 - 000001030 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
 
==================== Files in the root of some directories =======
 
2017-03-02 10:37 - 2017-04-25 05:12 - 000000278 _____ () C:\Users\aades\AppData\Roaming\WB.CFG
2017-04-29 14:16 - 2017-04-29 14:16 - 000001024 _____ () C:\Users\aades\AppData\Local\recently-used.xbel
2017-10-21 11:31 - 2017-10-21 11:31 - 000000000 _____ () C:\Users\aades\AppData\Local\{70747F84-BD4A-44F3-AB03-A8CD2909B453}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\wieybehl.sys -> Access Denied <======= ATTENTION
 
LastRegBack: 2018-02-12 10:14
 
==================== End of FRST.txt ============================

Addition Log - 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018
Ran by aades (25-02-2018 08:43:56)
Running from C:\Users\aades\Downloads
Windows 10 Home Version 1703 15063.540 (X64) (2017-05-30 12:08:46)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
aades (S-1-5-21-3514701322-1850050194-3633948935-1001 - Administrator - Enabled) => C:\Users\aades
Administrator (S-1-5-21-3514701322-1850050194-3633948935-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3514701322-1850050194-3633948935-503 - Limited - Disabled)
Guest (S-1-5-21-3514701322-1850050194-3633948935-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {B10D5953-051E-97F6-F53B-3839EFD98259}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {0A6CB8B7-2324-9878-CF8B-034B945EC8E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {8936D876-4F71-96AE-DE64-910C110AC522}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20036 - Adobe Systems Incorporated)
Adobe Bridge CC 2017 (HKLM-x32\...\KBRG_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Photoshop (HKLM\...\{4A519918-6F4E-4F67-BAD5-842542094C0C}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1) (Version: 18.1.0 - Adobe Systems Incorporated)
Adolix Split and Merge PDF v2.1 (HKLM-x32\...\Adolix Split and Merge PDF_is1) (Version:  - Adolix Software)
Any Audio Converter 6.0.7 (HKLM-x32\...\Any Audio Converter) (Version: 6.0.7 - Anvsoft)
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{63A1E236-1A28-4457-B9BC-A380A89E2D67}) (Version: 3.12.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{E8669F4E-F2BE-48A9-B5A5-0BC12CA4CB4F}) (Version: 2.4.18.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{E8669F4E-F2BE-48A9-B5A5-0BC12CA4CB4F}) (Version: 2.4.18.0 - Dell Inc.)
Dell Power Manager Lite (HKLM-x32\...\DpmLite_Iris_2014_is1) (Version: 1.0.4 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM\...\{8D7B279C-A661-465C-9658-F62FBD6A6B91}) (Version: 2.1.3.5 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.59 - Synaptics Incorporated)
Dell Update - SupportAssist Update Plugin (HKLM\...\{2228BC43-73DA-4F9A-BEE6-8E9C15328513}) (Version: 3.1.1.3832 - Dell Inc.)
Dell Update (HKLM-x32\...\{632610E3-5B12-403C-9C93-EF533ED1C113}) (Version: 1.10.5.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 43.4.50 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - )
GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.16.5272 - GOM & Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Greenshot 1.2.9.129 (HKLM\...\Greenshot_is1) (Version: 1.2.9.129 - Greenshot)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.292 - SurfRight B.V.)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel® WiDi (HKLM\...\{C7CD6D54-26AF-4D93-B06F-D81ACE8624CB}) (Version: 6.0.40.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (HKLM-x32\...\{C7D64C31-3F1E-4205-87A5-B61AAE55E64B}) (Version: 3.4.1942 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{52DA40D6-6EF4-4B28-B501-FC538ECE638C}) (Version: 19.01.1627.3533 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{de9d82da-dc00-4586-97fe-1b0021f2246d}) (Version: 19.2.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.9060.3 - Waves Audio Ltd.) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.2063 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.163 - McAfee, Inc.)
MediaInfo 0.7.92 (HKLM\...\MediaInfo) (Version: 0.7.92 - MediaArea.net)
Microsoft OneDrive (HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5 - Notepad++ Team)
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
Python 2.7.14 (HKLM-x32\...\{0398A685-FD8D-46B3-9816-C47319B0CF5E}) (Version: 2.7.14150 - Python Software Foundation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)
SABnzbd 2.3.0 (HKLM-x32\...\SABnzbd) (Version: 2.3.0 - The SABnzbd Team)
Soda PDF Desktop Asian Fonts Pack (HKLM\...\{33699E05-2FDA-4369-95CC-F56530C30C55}) (Version: 9.0.34.31282 - LULU Software) Hidden
Soda PDF Desktop Convert Module (HKLM\...\{2B9D9339-105C-4C18-B7BA-28C10706F547}) (Version: 9.0.34.31282 - LULU Software) Hidden
Soda PDF Desktop Create Module (HKLM\...\{12C01D18-98CA-4D87-AD8B-41EFE45773CE}) (Version: 9.0.34.31282 - LULU Software) Hidden
Soda PDF Desktop Edit Module (HKLM\...\{61D53817-A24E-4828-A8F3-C7B82F04C552}) (Version: 9.0.34.31282 - LULU Software) Hidden
Soda PDF Desktop Forms Module (HKLM\...\{C9C24CCB-967F-4E06-B80D-406B2F4AF9E6}) (Version: 9.0.34.31282 - LULU Software) Hidden
Soda PDF Desktop Insert Module (HKLM\...\{1E19391E-B8DC-4A95-B952-EA35DCD78D82}) (Version: 9.0.34.31282 - LULU Software) Hidden
Soda PDF Desktop OCR Module (HKLM\...\{8B68B8BA-F410-4751-BAA7-59E342D78D80}) (Version: 9.0.34.31282 - LULU Software) Hidden
Soda PDF Desktop Review Module (HKLM\...\{260ECC9C-5492-4D5C-A030-05048C267B17}) (Version: 9.0.34.31282 - LULU Software) Hidden
Soda PDF Desktop Secure Module (HKLM\...\{07046361-39E2-40C3-AC24-0A9FC89306D5}) (Version: 9.0.34.31282 - LULU Software) Hidden
Soda PDF Desktop View Module (HKLM\...\{84153D4F-F515-4A70-8660-22484247A76F}) (Version: 9.0.34.31282 - LULU Software) Hidden
Stellarium 0.15.2 (HKLM\...\Stellarium_is1) (Version: 0.15.2 - Stellarium team)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.90922 - TeamViewer)
Typing Master 10 (HKLM-x32\...\{19B5F18A-1638-4037-AD44-CF7D0EEAB875}_is1) (Version: 10.00 - Typing Innovation Group Ltd)
UnHackMe 9.60 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9C4F3AF4-21D8-43BD-A69C-517BB96012CF}) (Version: 2.12.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3514701322-1850050194-3633948935-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-558CD2726B29}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3514701322-1850050194-3633948935-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\aades\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3514701322-1850050194-3633948935-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\aades\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3514701322-1850050194-3633948935-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\aades\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3514701322-1850050194-3633948935-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\aades\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3514701322-1850050194-3633948935-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-3514701322-1850050194-3633948935-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\aades\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-28] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-15] ()
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2016-11-18] (McAfee, Inc.)
ContextMenuHandlers1: [SodaPDFDesktop_ManagerExt] -> {526A2ADD-BD9B-40E5-9D45-75EF6313FCE4} => C:\Program Files\Soda PDF Desktop\creator-context-menu.dll [2016-12-23] (LULU Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-07] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-28] ()
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2016-11-18] (McAfee, Inc.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09BAD9E7-48A0-484A-ABD1-C48A3CC8353A} - System32\Tasks\{471AFBA2-DA34-4305-80DA-687C8B9BFF76} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\ByteFence\ByteFence.exe" -c /uninstall
Task: {0A6299FF-9EE4-4EC6-876C-6616E4BBF505} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3514701322-1850050194-3633948935-1001UA => C:\Users\aades\AppData\Local\Google\Update\GoogleUpdate.exe [2017-02-22] (Google Inc.)
Task: {0E2B8D0E-BB3B-43C6-8F05-EFDFDE65D74C} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {1AE97944-1F4A-4908-9AF3-295727BADD4D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {241732FC-0729-46D3-81AA-9CA5B95274B6} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-aadeshgandhi@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {2B32397F-E74D-4032-AF7C-3E5871AF5A99} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3514701322-1850050194-3633948935-1001Core => C:\Users\aades\AppData\Local\Google\Update\GoogleUpdate.exe [2017-02-22] (Google Inc.)
Task: {2F0EF5AB-1AF4-4A74-AA2D-0F4C156985BE} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {30779AAB-7DFA-482A-B022-2B26728F5B8D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-20] (Google Inc.)
Task: {3D506EED-F3C1-4D47-AD18-B53FC99B8DAB} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {3F8A69C2-7E43-45BE-8281-AAF6BF6C7EDC} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-28] (Dropbox, Inc.)
Task: {4242E095-0AC0-438E-9FA3-6E89D86D9CC2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {516086F6-8009-4603-9B9A-90442FD6872C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-01-03] (McAfee, Inc.)
Task: {53A73F85-2784-42FE-B803-BF4DEB234D68} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {76194440-A051-41FE-8E9E-65089EE4AFC3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {7A4A7EC7-3FC2-4EF4-AD55-9D64BFB8C2B4} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-08-12] (Intel Corporation)
Task: {7ADBE159-CE47-4F63-B85C-B5378049DF51} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-12-22] (Dell Inc.)
Task: {7B484743-A584-43E3-B6DE-58A218D0421C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-20] (Google Inc.)
Task: {86C8B357-7823-4B16-A218-EA952985C334} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2016-04-27] (CyberLink)
Task: {94853491-31E1-4B23-A1A7-6AC72FF26437} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-28] (Dropbox, Inc.)
Task: {9F0BC422-02C0-4D66-8482-B91BB6544674} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-08-12] (Intel Corporation)
Task: {AA72C220-2795-49DE-865C-7A47F95AFACE} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {AE532584-EEA0-4608-BA4E-51413B477629} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2018-01-31] (Greatis Software)
Task: {BCB22E9B-67D8-44E5-B252-7F78053401B4} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-10-11] (McAfee, Inc.)
Task: {C0D61FE5-9B28-4DC8-8E2F-0A415FE811B0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated)
Task: {CB114345-80FE-490F-A5D8-A034AFB47422} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-06-19] (Realtek Semiconductor)
Task: {F8F8E06A-7136-49B1-BBCA-812EC28DD2A3} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {FCB1CD91-6348-45D9-86B0-015C2D3A0008} - System32\Tasks\S-1-5-21-3514701322-1850050194-3633948935-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP 2GA934T
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-10-05 19:17 - 2016-10-05 19:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-18 23:51 - 2017-10-18 23:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-19 11:11 - 2015-05-19 11:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2018-01-28 13:16 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-14 02:48 - 2017-08-14 02:48 - 000491600 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll
2017-03-18 15:59 - 2017-03-18 21:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-07 09:47 - 2016-11-07 09:47 - 000401920 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-09-29 18:10 - 2017-09-29 18:10 - 000050688 _____ () C:\Program Files\SABnzbd\lib\_socket.pyd
2017-09-29 18:10 - 2017-09-29 18:10 - 002100736 _____ () C:\Program Files\SABnzbd\lib\_ssl.pyd
2017-09-29 18:10 - 2017-09-29 18:10 - 001482240 _____ () C:\Program Files\SABnzbd\lib\_hashlib.pyd
2017-09-29 18:11 - 2017-09-29 18:11 - 000129024 _____ () C:\Program Files\SABnzbd\lib\win32api.pyd
2017-09-29 18:10 - 2017-09-29 18:10 - 000136704 _____ () C:\Program Files\SABnzbd\lib\pywintypes27.dll
2017-09-29 18:10 - 2017-09-29 18:10 - 000547328 _____ () C:\Program Files\SABnzbd\lib\pythoncom27.dll
2017-09-29 18:10 - 2017-09-29 18:10 - 000120832 _____ () C:\Program Files\SABnzbd\lib\_ctypes.pyd
2017-09-29 18:10 - 2017-09-29 18:10 - 000011776 _____ () C:\Program Files\SABnzbd\lib\select.pyd
2017-09-29 18:11 - 2017-09-29 18:11 - 000022016 _____ () C:\Program Files\SABnzbd\lib\win32event.pyd
2017-09-29 18:11 - 2017-09-29 18:11 - 000052736 _____ () C:\Program Files\SABnzbd\lib\win32service.pyd
2017-09-29 18:10 - 2017-09-29 18:10 - 000064000 _____ () C:\Program Files\SABnzbd\lib\_sqlite3.pyd
2017-09-29 18:10 - 2017-09-29 18:10 - 000785408 _____ () C:\Program Files\SABnzbd\lib\sqlite3.dll
2017-09-29 18:10 - 2017-09-29 18:11 - 000692224 _____ () C:\Program Files\SABnzbd\lib\unicodedata.pyd
2017-09-29 18:10 - 2017-09-29 18:10 - 000008192 _____ () C:\Program Files\SABnzbd\lib\cryptography.hazmat.bindings._constant_time.pyd
2017-09-29 18:10 - 2017-09-29 18:10 - 000164352 _____ () C:\Program Files\SABnzbd\lib\_cffi_backend.pyd
2017-09-29 18:10 - 2017-09-29 18:10 - 002779136 _____ () C:\Program Files\SABnzbd\lib\cryptography.hazmat.bindings._openssl.pyd
2017-09-29 18:10 - 2017-09-29 18:10 - 000012288 _____ () C:\Program Files\SABnzbd\lib\sabyenc.pyd
2017-09-29 18:11 - 2017-09-29 18:11 - 000044032 _____ () C:\Program Files\SABnzbd\lib\win32process.pyd
2017-09-29 18:10 - 2017-09-29 18:10 - 000013824 _____ () C:\Program Files\SABnzbd\lib\Cheetah._namemapper.pyd
2017-09-29 18:10 - 2017-09-29 18:10 - 000179712 _____ () C:\Program Files\SABnzbd\lib\pyexpat.pyd
2017-09-29 18:10 - 2017-09-29 18:10 - 000092672 _____ () C:\Program Files\SABnzbd\lib\bz2.pyd
2017-09-29 18:11 - 2017-09-29 18:11 - 000135168 _____ () C:\Program Files\SABnzbd\lib\win32security.pyd
2017-09-29 18:11 - 2017-09-29 18:11 - 000148480 _____ () C:\Program Files\SABnzbd\lib\win32file.pyd
2017-09-29 18:10 - 2017-09-29 18:10 - 000034816 _____ () C:\Program Files\SABnzbd\lib\_multiprocessing.pyd
2017-09-29 18:11 - 2017-09-29 18:11 - 000062976 _____ () C:\Program Files\SABnzbd\lib\win32evtlog.pyd
2017-09-29 18:10 - 2017-09-29 18:10 - 000031232 _____ () C:\Program Files\SABnzbd\lib\servicemanager.pyd
2017-09-29 18:11 - 2017-09-29 18:11 - 000222720 _____ () C:\Program Files\SABnzbd\lib\win32gui.pyd
2017-09-29 18:11 - 2017-09-29 18:11 - 000392192 _____ () C:\Program Files\SABnzbd\lib\winxpgui.pyd
2018-02-20 19:31 - 2018-02-12 23:25 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\libglesv2.dll
2018-02-20 19:31 - 2018-02-12 23:25 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\libegl.dll
2018-02-19 19:37 - 2018-02-19 19:37 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-02-19 19:37 - 2018-02-19 19:37 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-02-19 19:41 - 2018-02-19 19:41 - 000061952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11801.1001.6.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2016-04-25 15:24 - 2014-12-08 02:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 17:28 - 2014-12-08 17:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2018-02-09 16:57 - 2018-02-08 15:10 - 000740168 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-02-09 16:57 - 2018-02-08 15:10 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-02-09 16:58 - 2018-02-08 15:10 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2018-02-09 16:58 - 2018-02-08 15:12 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-02-09 16:57 - 2018-02-08 15:10 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-02-09 16:57 - 2018-02-08 15:10 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2018-02-09 16:58 - 2018-02-08 15:10 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2018-02-09 16:58 - 2018-02-08 15:13 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-02-09 16:57 - 2018-02-08 15:10 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000116184 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-02-09 16:57 - 2018-02-08 15:10 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2018-02-09 16:58 - 2018-02-08 15:12 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2018-02-09 16:58 - 2018-02-08 15:13 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-02-09 16:58 - 2018-02-08 15:13 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2018-02-09 16:58 - 2018-02-08 15:12 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 001796416 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 001956672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 003859272 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000521032 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2018-02-09 16:58 - 2018-02-08 15:13 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2018-02-09 16:58 - 2018-02-08 15:13 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2018-02-09 16:58 - 2018-02-08 15:13 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2018-02-09 16:58 - 2018-02-08 15:12 - 000100704 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-02-09 16:58 - 2018-02-08 15:13 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-02-09 16:58 - 2018-02-08 15:13 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2018-02-09 16:58 - 2018-02-08 15:13 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-02-09 16:58 - 2018-02-08 15:10 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2018-02-09 16:58 - 2018-02-08 15:13 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-02-09 16:57 - 2018-02-08 15:10 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-02-09 16:57 - 2018-02-08 15:12 - 000032608 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2018-02-09 16:57 - 2018-02-08 15:10 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-02-09 16:58 - 2018-02-08 15:13 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-02-09 16:58 - 2018-02-08 15:12 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-02-09 16:57 - 2018-02-08 15:12 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-02-09 16:58 - 2018-02-08 15:13 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000545096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000359232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-02-09 16:57 - 2018-02-08 15:12 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2017-09-19 10:35 - 2017-09-19 10:35 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2017-11-21 13:50 - 2017-11-21 13:50 - 000134016 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2015-06-24 03:07 - 2015-06-24 03:07 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\aades\Downloads\Sophos Virus Removal Tool.exe:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 02:24 - 2018-02-25 08:44 - 000009750 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1                   na1r.services.adobe.com
127.0.0.1                   hlrcv.stage.adobe.com
0.0.0.0 185.14.28.10
0.0.0.0 1q2w3.fun
0.0.0.0 2giga.link
0.0.0.0 3104709642
0.0.0.0 52.80.10.9
0.0.0.0 8jd2lfsq.me
0.0.0.0 adless.io
0.0.0.0 ad-miner.com
0.0.0.0 afflow.18-plus.net
0.0.0.0 afminer.com
0.0.0.0 ajplugins.com
0.0.0.0 akvideo.stream
0.0.0.0 analytics.blue
0.0.0.0 anime.reactor.cc
0.0.0.0 a-o.ninja
0.0.0.0 api.inwemo.com
0.0.0.0 aservices.party
0.0.0.0 audioknigi.club
0.0.0.0 auroramine.com
0.0.0.0 authedmine.com
0.0.0.0 azvjudwr.info
0.0.0.0 bablace.com
0.0.0.0 baiduccdn1.com
0.0.0.0 becanium.com
 
There are 328 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "skydiveunder"
HKLM\...\StartupApproved\Run: => "skydiveskydive"
HKLM\...\StartupApproved\Run: => "skydive"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "duttoncanyons"
HKLM\...\StartupApproved\Run32: => "duttondutton"
HKLM\...\StartupApproved\Run32: => "dutton"
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\StartupApproved\StartupFolder: => "agentagent.lnk"
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\StartupApproved\StartupFolder: => "agent.lnk"
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\StartupApproved\Run: => "Google Photos Backup"
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\StartupApproved\Run: => "carbonates"
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\StartupApproved\Run: => "underskydive"
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\StartupApproved\Run: => "canyonsdutton"
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\StartupApproved\Run: => "mccord"
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\StartupApproved\Run: => "underunder"
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\StartupApproved\Run: => "under"
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\StartupApproved\Run: => "canyonscanyons"
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\StartupApproved\Run: => "canyons"
HKU\S-1-5-21-3514701322-1850050194-3633948935-1001\...\StartupApproved\Run: => "pchart"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{C458A4EC-3BD5-48B4-82F4-3B0523C68206}C:\program files\windowsapps\xbmcfoundation.kodi_17.1.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.1.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [TCP Query User{32D33215-3D22-44A7-816C-71877C3AA665}C:\program files\windowsapps\xbmcfoundation.kodi_17.1.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.1.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [UDP Query User{728051E0-ED77-41D2-B468-0516CB03AE9D}C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [TCP Query User{6857FEF8-A63E-4082-8690-26F80D7DB983}C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [{B19EE90C-80BD-462F-8F5D-BA1CEA4A491C}] => (Allow) C:\Users\aades\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{F93E3F70-47FC-4B35-BAE4-B6663C1755EE}] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [{4067FD45-A566-4099-BD18-86B5DE920B22}] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [UDP Query User{6F678F55-BA91-4082-8E4D-F85445E9E498}C:\program files\windowsapps\xbmcfoundation.kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [TCP Query User{997B183C-8183-4572-88F5-3C287B5B3C13}C:\program files\windowsapps\xbmcfoundation.kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [{F25CD04E-1F0C-46A9-B7A7-1F7D5A232E9F}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{29C2CAE3-F633-414C-B5E3-7A36F77C5EF3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6C6F0B3E-53C9-41ED-80C4-887BA24E6279}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{669F810D-C5D9-497E-BDA0-66686A80B26D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E47B4712-4342-47C1-A37A-E47EB021FD16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EF1B4514-BCB2-4FBE-BBB7-08D952E5A03C}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{EACB2692-6BA5-450D-8CFC-28412D3DF393}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{D2CEE6DE-D1DC-4B18-8E02-204522E551A8}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{9F0EDC4B-42CC-429A-997D-D38C4CA2C839}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{02742CBC-E45C-44FA-8413-1F40F64B3F55}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{FBB93247-457D-436E-954D-F4ECE88BF50B}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector14\PDR10.EXE
FirewallRules: [{392BC622-9A10-46CB-ABA9-FA04B3A33C23}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD.exe
FirewallRules: [{2EC7FB9A-2C75-48AD-9C46-AFB64D444C64}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{4D81004A-0AB8-4166-9E34-A117956C1199}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{B67C055C-E984-4DCF-B011-DDA03D3AA222}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{C0733A60-35B3-44BD-A02B-E0AD9DC77F9E}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{7CCDDA74-B9C2-4B2D-8CF0-629F17AF9581}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{14DBEEFF-D609-40EA-8632-77FFC31B95E3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{309A8CE0-5901-4503-8A80-D79161CE6E3A}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe
FirewallRules: [TCP Query User{DF890392-8B27-4C12-AB25-348D87672A98}C:\program files\windowsapps\xbmcfoundation.kodi_17.3.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.3.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [UDP Query User{7D94C580-C7B1-466E-BBC5-210A1E1F9966}C:\program files\windowsapps\xbmcfoundation.kodi_17.3.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.3.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [{E30CE7E7-D72D-4514-9D53-22A8CE53A1D0}] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_17.3.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [{1C8F96A0-9642-46F0-9735-F9E0FEDACD15}] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_17.3.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [{7FA9801B-E443-463D-8848-2FB4BFFC98FA}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe
FirewallRules: [TCP Query User{2D0A194B-CC05-405B-9C2E-3FFD7D5D9297}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{DCD92680-5A87-4699-ADA5-377D0616F290}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{45B790CF-AECC-4487-8C41-02CDA39230D7}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe
FirewallRules: [{6A315171-6058-4C8B-8AB2-83DCDAF7AEC8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6A7E8D23-B742-4BA0-AA6A-B8FF27062205}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{AA022ABB-D7F4-4AB1-BC2A-C7D951F612BA}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{15CE1370-AAC9-473D-8943-E17725CA3CCC}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{FA31B22A-4414-414D-890E-D6E0210F629A}] => (Allow) C:\Program Files (x86)\Lunger\keene.exe
FirewallRules: [{81B46161-B934-4628-AEC8-B32BF2519F6E}] => (Allow) C:\Program Files (x86)\Retrospect\keene.exe
FirewallRules: [{546687B2-9664-4675-8115-1CB211058FE3}] => (Allow) C:\Program Files (x86)\twists\donohue.exe
FirewallRules: [{D147AF9D-DA8D-4E7D-8C05-4008AEA2937E}] => (Allow) C:\Program Files (x86)\Retrospect\donohue.exe
FirewallRules: [TCP Query User{01BC579E-1A05-4144-BB16-C56EA957A76B}C:\users\aades\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\aades\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{51DB8FC8-1796-4214-8EDF-8152632F529D}C:\users\aades\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\aades\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{DC506E4B-E516-4979-BD44-BEE0A1F6E585}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CAC7B36E-D418-4206-80C0-D50D7C781298}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C5C33DA2-F0F1-4D2E-8689-6DFDE3235007}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{787A3F2C-A636-4F85-90CC-72BAE998A3D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A7A3A1FC-544E-46A8-B1E4-0B3108EDB208}] => (Allow) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\outlook.exe
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777935}}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA9}}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777934}}] => (Allow) C:\Program Files (x86)\UnHackMe\regruninfo.exe
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA8}}] => (Allow) C:\Program Files (x86)\UnHackMe\regruninfo.exe
FirewallRules: [{32441C8B-64B2-4E2A-BC02-8968121AA8CA}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{10193792-6FDD-40DE-8366-75BFD767F2D6}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{025C3ABC-97A6-4D14-86AD-AD3B3A20D694}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{C6380E74-5AEC-4544-8A80-3DB020B797C0}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{602356CF-9486-468D-A4F6-98C9932710B8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{619B3995-EAA7-42CD-B8F1-BCA2FB55E7EC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{543A16CE-5EA3-43ED-B6D0-839F90A894FE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
22-02-2018 17:56:29 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/25/2018 08:24:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-2GA934T)
Description: Activation of app Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/21/2018 08:52:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-2GA934T)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/21/2018 08:46:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   23 1.0.0.127.in-addr.arpa. PTR DESKTOP-2GA934T.local.
 
Error: (02/21/2018 08:46:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 127.0.0.1:5353   25 1.0.0.127.in-addr.arpa. PTR DESKTOP-2GA934T-2.local.
 
Error: (02/20/2018 09:13:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-2GA934T)
Description: Package Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
Error: (02/20/2018 08:12:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-2GA934T)
Description: Package Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
Error: (02/19/2018 04:07:46 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (8312) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\aades\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (02/19/2018 04:07:46 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (8312) WebCacheLocal: An attempt to open the file "C:\Users\aades\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (02/25/2018 08:33:07 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
 
Error: (02/25/2018 08:32:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (02/25/2018 08:31:03 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application Local Management Service service hung on starting.
 
Error: (02/25/2018 08:30:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (02/25/2018 08:28:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Digital Delivery Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (02/25/2018 08:28:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.
 
Error: (02/25/2018 08:26:50 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (02/25/2018 08:26:50 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
Windows Defender:
===================================
Date: 2018-01-24 19:19:23.761
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Users\aades\Downloads\complete\Microsoft_Office_2016_Pro_x86_x64_Nederlands_Updated_December_2017\Microsoft Office 2016 Pro x86 x64 Nederlands Updated December 2017\KMSpico Portable\AutoPico.exe;file:_C:\Users\aades\Downloads\complete\Microsoft_Office_2016_Pro_x86_x64_Nederlands_Updated_December_2017\Microsoft Office 2016 Pro x86 x64 Nederlands Updated December 2017\KMSpico Portable\KMSELDI.exe;file:_C:\Users\aades\Downloads\complete\Microsoft_Office_365_Home_Premium_+_ProPlus_+_Small_Business-EXE\Microsoft Office 365 Home Premium + ProPlus + Small Business\Activator\Microsoft Permanent Activator(1).exe;file:_C:\Users\aades\Downloads\complete\Microsoft_Office_365_Home_Premium_+_ProPlus_+_Small_Business-EXE\Microsoft Office 365 Home Premium + ProPlus + Small Business\Activator\Microsoft Permanent Activator.exe;file:_C:\Users\aades\Downloads\complete\_UNPACK_Microsoft_Office_2016_Pro_x86_x64_Nederlands_Updated_December_2017\Microsoft Office 2016 Pro x86 x64 Nederlands Updated December 2017\KMSpico Por
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\SearchProtocolHost.exe
Signature Version: AV: 1.249.1233.0, AS: 1.249.1233.0, NIS: 117.8.0.0
Engine Version: AM: 1.1.14003.0, NIS: 2.1.13804.0
 
Date: 2018-01-24 19:19:18.942
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Users\aades\Downloads\complete\Microsoft_Office_2016_Pro_x86_x64_Nederlands_Updated_December_2017\Microsoft Office 2016 Pro x86 x64 Nederlands Updated December 2017\KMSpico Portable\KMSELDI.exe;file:_C:\Users\aades\Downloads\complete\Microsoft_Office_365_Home_Premium_+_ProPlus_+_Small_Business-EXE\Microsoft Office 365 Home Premium + ProPlus + Small Business\Activator\Microsoft Permanent Activator(1).exe;file:_C:\Users\aades\Downloads\complete\Microsoft_Office_365_Home_Premium_+_ProPlus_+_Small_Business-EXE\Microsoft Office 365 Home Premium + ProPlus + Small Business\Activator\Microsoft Permanent Activator.exe;file:_C:\Users\aades\Downloads\complete\_UNPACK_Microsoft_Office_2016_Pro_x86_x64_Nederlands_Updated_December_2017\Microsoft Office 2016 Pro x86 x64 Nederlands Updated December 2017\KMSpico Portable\AutoPico.exe;file:_C:\Users\aades\Downloads\complete\_UNPACK_Microsoft_Office_2016_Pro_x86_x64_Nederlands_Updated_December_2017\Microsoft Office 2016 Pro x86 x64 Nederlands Updated December 2017\KMS
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\SearchProtocolHost.exe
Signature Version: AV: 1.249.1233.0, AS: 1.249.1233.0, NIS: 117.8.0.0
Engine Version: AM: 1.1.14003.0, NIS: 2.1.13804.0
 
Date: 2018-01-24 19:18:36.872
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Users\aades\Downloads\complete\Microsoft_Office_365_Home_Premium_+_ProPlus_+_Small_Business-EXE\Microsoft Office 365 Home Premium + ProPlus + Small Business\Activator\Microsoft Permanent Activator(1).exe;file:_C:\Users\aades\Downloads\complete\Microsoft_Office_365_Home_Premium_+_ProPlus_+_Small_Business-EXE\Microsoft Office 365 Home Premium + ProPlus + Small Business\Activator\Microsoft Permanent Activator.exe;file:_C:\Users\aades\Downloads\complete\_UNPACK_Microsoft_Office_2016_Pro_x86_x64_Nederlands_Updated_December_2017\Microsoft Office 2016 Pro x86 x64 Nederlands Updated December 2017\KMSpico Portable\AutoPico.exe;file:_C:\Users\aades\Downloads\complete\_UNPACK_Microsoft_Office_2016_Pro_x86_x64_Nederlands_Updated_December_2017\Microsoft Office 2016 Pro x86 x64 Nederlands Updated December 2017\KMSpico Portable\KMSELDI.exe;file:_C:\Users\aades\Downloads\complete\_UNPACK_Microsoft_Office_365_Home_Premium_+_ProPlus_+_Small_Business-EXE\Microsoft Office 365 Home Premium + ProPlus + Small Business\Act
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\SABnzbd\SABnzbd.exe
Signature Version: AV: 1.249.1233.0, AS: 1.249.1233.0, NIS: 117.8.0.0
Engine Version: AM: 1.1.14003.0, NIS: 2.1.13804.0
 
Date: 2018-01-24 19:18:34.697
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Users\aades\Downloads\complete\Microsoft_Office_365_Home_Premium_+_ProPlus_+_Small_Business-EXE\Microsoft Office 365 Home Premium + ProPlus + Small Business\Activator\Microsoft Permanent Activator(1).exe;file:_C:\Users\aades\Downloads\complete\Microsoft_Office_365_Home_Premium_+_ProPlus_+_Small_Business-EXE\Microsoft Office 365 Home Premium + ProPlus + Small Business\Activator\Microsoft Permanent Activator.exe;file:_C:\Users\aades\Downloads\complete\_UNPACK_Microsoft_Office_2016_Pro_x86_x64_Nederlands_Updated_December_2017\Microsoft Office 2016 Pro x86 x64 Nederlands Updated December 2017\KMSpico Portable\AutoPico.exe;file:_C:\Users\aades\Downloads\complete\_UNPACK_Microsoft_Office_2016_Pro_x86_x64_Nederlands_Updated_December_2017\Microsoft Office 2016 Pro x86 x64 Nederlands Updated December 2017\KMSpico Portable\KMSELDI.exe;file:_C:\Users\aades\Downloads\complete\_UNPACK_Microsoft_Office_365_Home_Premium_+_ProPlus_+_Small_Business-EXE\Microsoft Office 365 Home Premium + ProPlus + Small Business\Act
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\SABnzbd\win\unrar\x64\UnRAR.exe
Signature Version: AV: 1.249.1233.0, AS: 1.249.1233.0, NIS: 117.8.0.0
Engine Version: AM: 1.1.14003.0, NIS: 2.1.13804.0
 
Date: 2018-01-24 19:18:09.503
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Users\aades\Downloads\complete\Microsoft_Office_365_Home_Premium_+_ProPlus_+_Small_Business-EXE\Microsoft Office 365 Home Premium + ProPlus + Small Business\Activator\Microsoft Permanent Activator(1).exe;file:_C:\Users\aades\Downloads\complete\Microsoft_Office_365_Home_Premium_+_ProPlus_+_Small_Business-EXE\Microsoft Office 365 Home Premium + ProPlus + Small Business\Activator\Microsoft Permanent Activator.exe;file:_C:\Users\aades\Downloads\complete\_UNPACK_Microsoft_Office_2016_Pro_x86_x64_Nederlands_Updated_December_2017\Microsoft Office 2016 Pro x86 x64 Nederlands Updated December 2017\KMSpico Portable\AutoPico.exe;file:_C:\Users\aades\Downloads\complete\_UNPACK_Microsoft_Office_365_Home_Premium_+_ProPlus_+_Small_Business-EXE\Microsoft Office 365 Home Premium + ProPlus + Small Business\Activator\Microsoft Permanent Activator(1).exe;file:_C:\Users\aades\Downloads\complete\_UNPACK_Microsoft_Office_365_Home_Premium_+_ProPlus_+_Small_Business-EXE\Microsoft Office 365 Home Premium + ProPlus + Small Bu
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\SABnzbd\win\unrar\x64\UnRAR.exe
Signature Version: AV: 1.249.1233.0, AS: 1.249.1233.0, NIS: 117.8.0.0
Engine Version: AM: 1.1.14003.0, NIS: 2.1.13804.0
 
Date: 2017-11-04 17:04:10.157
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.249.1233.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14003.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2017-11-04 17:04:10.156
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 117.8.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.13804.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2017-11-04 17:04:10.150
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.249.1233.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14003.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2017-11-04 17:04:10.150
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.249.1233.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14003.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2017-11-04 17:04:10.149
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.249.1233.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14003.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
CodeIntegrity:
===================================
 
Date: 2018-02-25 08:32:26.271
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-02-23 08:28:01.819
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-02-22 17:47:13.315
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-02-22 07:23:57.566
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-02-21 01:03:53.826
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
 
Date: 2018-02-21 01:03:53.824
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
 
Date: 2018-02-20 20:38:53.157
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
 
Date: 2018-02-20 20:38:53.155
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 53%
Total physical RAM: 8101.99 MB
Available physical RAM: 3797.36 MB
Total Virtual: 27557.99 MB
Available Virtual: 22558.72 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:917.42 GB) (Free:619.32 GB) NTFS
Drive e: (Adobe Photoshop) (CDROM) (Total:3.21 GB) (Free:0 GB) CDFS
 
\\?\Volume{418c8d8c-546a-478c-9175-d2905d7ae070}\ () (Fixed) (Total:0.44 GB) (Free:0.04 GB) NTFS
\\?\Volume{4c9bf752-9dff-45ae-8f8c-fcdf14e8e046}\ () (Fixed) (Total:0 GB) (Free:0 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B60877BD)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:07 PM

Posted 25 February 2018 - 06:43 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)

 

The computer is infected with a version of the SmartService Rootkit. It is very difficult to remove as it will require an specific protocol. Let me prepare all for the disinfection.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:07 PM

Posted 25 February 2018 - 07:13 PM

You will need another computer to download FRST64 to a USB drive, run FRST64 in the Recovery Environment, then back in Normal Mode.
 
Please download Farbar Recovery Scan Tool in an uninfected computer and save it to a flash drive (Pen Drive).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.exe

Please also download the attached file and save it in the same location the FRST64 is saved in the flash drive.

Boot to the Recovery Console's Command prompt in the infected computer.

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
 

Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums

After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.

On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:

  • Insert the USB drive containing FRST64 and the Fixlist
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type  e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First press the Scan button. That will deactivate the rootkit, once the scan is finished, press the Fix button.
  • These actions will make two logs, a Fixlog.txt and a FRST.txt logs in the flash drive. Please copy and paste them in your reply.

Once finished in the Recovery Environment, restart the computer in Normal Mode.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 

I will expect the following reports:

 

Frst.txt produced in the Recovery Console

Fixlog.txt produced in the Recovery Console

Frst.txt produced in Normal Mode

Addition.txt produced in Normal Mode


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 happyindian

happyindian
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 26 February 2018 - 09:45 PM

Thank you for the reply back JSntgRvr! Unfortunately I am unable to boot in recovery enviroment using the easier options. I need to create recovery disc and I only have 1 USB on me. I will get a new one tomorrow and give it a try. Thanks for your patience!

 

 

HI



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:07 PM

Posted 26 February 2018 - 11:14 PM

Run these commands at an Administrator Command prompt:

 

bcdedit.exe /set {bootmgr} displaybootmenu yes
bcdedit.exe /set {default} recoveryenabled yes

 

Restart and try to boot into the Recovery Environment once again.


Edited by JSntgRvr, 26 February 2018 - 11:15 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 happyindian

happyindian
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 27 February 2018 - 08:28 PM

Thanks JSntgRvr! That did the trick; logs are attached. I will await next set of instructions from you. 

 

 

HI
 

Attached Files



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:07 PM

Posted 27 February 2018 - 09:06 PM

You ran the fix in Safe Mode. What we are looking for is the Recovery Environment. This is a special boot environment where Windows is unattached, thereby giving us the opportunity to remove the Malware. Check the tutorial at TenForums.
 
Run these commands at an Administrator Command prompt:
 
bcdedit.exe /set {bootmgr} displaybootmenu yes
bcdedit.exe /set {default} recoveryenabled yes

 
Here are the instruction again:
 
You will need another computer to download FRST64 to a USB drive, run FRST64 in the Recovery Environment, then back in Normal Mode.
 
Please download Farbar Recovery Scan Tool in an uninfected computer and save it to a flash drive (Pen Drive).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.exe

Please also download the attached file and save it in the same location the FRST64 is saved in the flash drive.

Boot to the Recovery Console's Command prompt in the infected computer.

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
 
Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums
After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.

On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:

  • Insert the USB drive containing FRST64 and the Fixlist
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type  e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First press the Scan button. That will deactivate the rootkit, once the scan is finished, press the Fix button.
  • These actions will make two logs, a Fixlog.txt and a FRST.txt logs in the flash drive. Please copy and paste them in your reply.

Once finished in the Recovery Environment, restart the computer in Normal Mode.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

Please note the the fixlist.txt changed this time.

I will expect the following reports:
 
Frst.txt produced in the Recovery Console
Fixlog.txt produced in the Recovery Console
Frst.txt produced in Normal Mode
Addition.txt produced in Normal Mode


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 happyindian

happyindian
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 28 February 2018 - 07:26 AM

Apologizes! Here are correct logs.

 

Thanks,

HI

Attached Files



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:07 PM

Posted 28 February 2018 - 11:24 AM

Nice going.
 
Perform this in Normal Mode:

  • Highlight the entire content of the quote box below.

Start::  
C:\Users\aades\AppData\Local\wmdrloz
Handler: mso-minsb-roaming.16 - No CLSID Value
Handler: mso-minsb.16 - No CLSID Value
Handler: osf-roaming.16 - No CLSID Value
Handler: osf.16 - No CLSID Value
CMD: fltmc instances
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 
Update Malwarebytes Antimalware and perform a scan.

  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg

  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 happyindian

happyindian
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 28 February 2018 - 12:20 PM

JSntgRvr I will work on the next step once I get back home in the evening but I do have a side question for you. All the files that I had in the 'Downloads' folder seem to be missing now. I do see the sub folders in the 'Downloads' folder but any files that were not in sub folders are missing. I am not sure if these got deleted or I need to log in as administrator to see them. Just wanted to point it out to you to see if you had any thoughts on this...

 

Thanks again for helping me.

HI.



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:07 PM

Posted 28 February 2018 - 01:45 PM

Files in the download folder were deleted as part of the fix. That folder in most occasions is the source of the Rootkit.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 happyindian

happyindian
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 28 February 2018 - 02:32 PM

Got it! I am not sure if I lost anything important but its too late now :)

Just a suggestion - If you can add in this point that files from the download folder will be deleted; infected users can then get a chance to copy the legitimate files over to a secure place. 

 

 

Thanks,

HI.



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:07 PM

Posted 28 February 2018 - 02:51 PM

You are absolutely right, but we don't delete files unless necessary. Let me know which file you need restored from this list:
 

C:\Users\aades\Downloads\2d3eddc9-c978-4f53-955d-80fe03dd7efe.tmp
C:\Users\aades\Downloads\A. R. Rahman, Jiya Jale (Dil Se)- Berklee Indian Ensemble (Cover).mp3
C:\Users\aades\Downloads\Aadesh_Boarding_Pass.pdf
C:\Users\aades\Downloads\Aadesh_Form-CRN-30909956.JPG
C:\Users\aades\Downloads\AC DC - You Shook Me All Night Long.mp3
C:\Users\aades\Downloads\accessKeys (1).csv
C:\Users\aades\Downloads\accessKeys.csv
C:\Users\aades\Downloads\Addition.txt
C:\Users\aades\Downloads\adwcleaner_7.0.7.0.exe
C:\Users\aades\Downloads\alexa-assistant-master.zip
C:\Users\aades\Downloads\alexa-google-search-master.zip
C:\Users\aades\Downloads\avast-browser-cleanup.exe
C:\Users\aades\Downloads\AVR-791-OM-E_009.pdf
C:\Users\aades\Downloads\AWS_KODI1_Password.png
C:\Users\aades\Downloads\Black Sabbath.mp3
C:\Users\aades\Downloads\Book1.xlsx
C:\Users\aades\Downloads\calibre-3.12.0.msi
C:\Users\aades\Downloads\CEACAA007FB55M_Pratiksha.dat
C:\Users\aades\Downloads\Charlie Puth - Attention (DawnFoxes.com).mp3
C:\Users\aades\Downloads\ChromeSetup.exe
C:\Users\aades\Downloads\client_secret.json
C:\Users\aades\Downloads\Coverage.pdf
C:\Users\aades\Downloads\desktop.ini
C:\Users\aades\Downloads\DS-160 applicatio ID (2017)Pratiksha 1.pdf
C:\Users\aades\Downloads\DS-160 applicatio ID (2017)Pratiksha.pdf
C:\Users\aades\Downloads\DS-160_Application_Pratiksha_Nov_2017.pdf
C:\Users\aades\Downloads\DS-160_Confirmation_Pratiksha_Nov_2017.pdf
C:\Users\aades\Downloads\Empre State Of Mind Official Video Lyrics.mp3
C:\Users\aades\Downloads\Fall colors trip.xlsx
C:\Users\aades\Downloads\FRST.txt
C:\Users\aades\Downloads\FRST64.exe
C:\Users\aades\Downloads\Fukrey Returns 2017(SDMoviespoint.in) Hindi 1GB PreDvDRip x264 (1).mkv
C:\Users\aades\Downloads\Galti Se Mistake.mp3
C:\Users\aades\Downloads\Get Out.mkv
C:\Users\aades\Downloads\Git-2.16.0.2-64-bit.exe
C:\Users\aades\Downloads\hitmanpro_x64.exe
C:\Users\aades\Downloads\hjsplit.exe
C:\Users\aades\Downloads\hmlnds7e3.hd72_300mbfilms.com.mkv.001
C:\Users\aades\Downloads\hmlnds7e3.hd72_300mbfilms.com.mkv.002
C:\Users\aades\Downloads\hmlnds7e3.hd72_300mbfilms.com.mkv.003
C:\Users\aades\Downloads\Hooch.1989.DVDRip.x264-DJ.nzb
C:\Users\aades\Downloads\Hozier - Take Me To Church.mp3
C:\Users\aades\Downloads\Imagine Dragons - Believer.mp3
C:\Users\aades\Downloads\Imagine Dragons - Thunder (DawnFoxes.com).mp3
C:\Users\aades\Downloads\Jonathan Livingston Seagull.pdf
C:\Users\aades\Downloads\jstclgg.br18_300mbfilms.com.mkv.001
C:\Users\aades\Downloads\jstclgg.br18_300mbfilms.com.mkv.002
C:\Users\aades\Downloads\jstclgg.br18_300mbfilms.com.mkv.003
C:\Users\aades\Downloads\jstclgg.br18_300mbfilms.com.mkv.004
C:\Users\aades\Downloads\jstclgg.br18_300mbfilms.com.mkv.005
C:\Users\aades\Downloads\jstclgg.br18_300mbfilms.com.mkv.006
C:\Users\aades\Downloads\jstclgg.br18_300mbfilms.com.mkv.007
C:\Users\aades\Downloads\jstclgg.br18_300mbfilms.com.mkv.008
C:\Users\aades\Downloads\jstclgg.br18_300mbfilms.com.mkv.009
C:\Users\aades\Downloads\jstclgg.br18_300mbfilms.com.mkv.010
C:\Users\aades\Downloads\Justice League.mkv
C:\Users\aades\Downloads\kodi-alexa-master.zip
C:\Users\aades\Downloads\Lan Setup.png
C:\Users\aades\Downloads\Lorde - Royals.mp3
C:\Users\aades\Downloads\Main Kaun Hoon -Secret superstar.mp3
C:\Users\aades\Downloads\Main Tera Boyfriend.mp3
C:\Users\aades\Downloads\Mere Rashke Qamar.mp3
C:\Users\aades\Downloads\MicrosoftOfficeLatest.zip
C:\Users\aades\Downloads\Mrs_Funnybones.pdf.html
C:\Users\aades\Downloads\MyHarmony-App.exe
C:\Users\aades\Downloads\npp.7.5.Installer.exe
C:\Users\aades\Downloads\Paradise City.mp3
C:\Users\aades\Downloads\port_forwarding.png
C:\Users\aades\Downloads\Pratiksha_Boarding_Pass.pdf
C:\Users\aades\Downloads\Pratiksha_Form-CRN-38763464.JPG
C:\Users\aades\Downloads\python-2.7.13.msi
C:\Users\aades\Downloads\python-2.7.14.msi
C:\Users\aades\Downloads\Python-2.7.14.tgz
C:\Users\aades\Downloads\Qarib.Qarib.Singlle.2017.HR.mkv
C:\Users\aades\Downloads\Radiohead - Creep.mp3
C:\Users\aades\Downloads\Report-20170729205222.csv
C:\Users\aades\Downloads\SABnzbd-2.3.2-win-setup.exe
C:\Users\aades\Downloads\Secret Superstar - Nachdi Phira.mp3
C:\Users\aades\Downloads\setup.exe
C:\Users\aades\Downloads\Sophos Virus Removal Tool.exe
C:\Users\aades\Downloads\Taylor Swift -Look what you made me do.mp3
C:\Users\aades\Downloads\thbthrys11e15.hd72_300mbfilms.com.mkv
C:\Users\aades\Downloads\The Chainsmokers & Coldplay - Something Just Like This.mp3
C:\Users\aades\Downloads\Tiger zinda hai.mkv
C:\Users\aades\Downloads\Tumhari Sulu.mkv
C:\Users\aades\Downloads\Ullu Ka Pattha.mp3
C:\Users\aades\Downloads\Ulta_Order.pdf
C:\Users\aades\Downloads\Unwanted_Programs.png
C:\Users\aades\Downloads\WNDR4500-V1.0.1.46_1.0.76.chk
C:\Users\aades\Downloads\WNDR4500-V1.0.1.46_1.0.76_Release_Notes.html
C:\Users\aades\Downloads\Zemana.AntiMalware.Setup.exe


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 happyindian

happyindian
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 28 February 2018 - 03:42 PM

Thanks for getting me the list; there are few that I know I will need. I will take a closer look and send you the final list in the evening. Getting this deleted list is very helpful too...

 

 

HI.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users