Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Riskware.Bitcoinminer, among other things.


  • This topic is locked This topic is locked
35 replies to this topic

#1 assblasted

assblasted

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 13 March 2018 - 10:49 AM

Hello,

 

I tried to download a game from thepiratebay and opened a Setup.exe without any forethought. The exe opened a "Human Verification Test". After clicking, it opened my web browser to a survey site, then I noticed programs like "Shortcut to System Healer" and "Foldershare" appear on my desktop. Suddenly, a bunch of programs started up and my CPU activity ramped up to 100%. In Task Manager, I noticed over 20 instances of "Electrophysiological" under Apps. I also noticed other processes such as "Rance", "goarpulpfm.exe", "personalty", "proxycheck", "Anonymizergadget".

 
I tried running Malwarebytes and it scanned over 500 threats. I noticed Malwares, Trojans, and Riskware.Bitcoinminer. I was panicking and did not catch the names of the malwares or trojans. I did not let the scan finish because my fans were running loud and apps I have never seen before were popping up constantly. So I force-shutdown my PC before the scan finished. I also tried to Reset Windows 10 while performing the Malwarebytes scan, but when I got through the stages to "Remove everything", it took so long to prepare to reset. I also tried to boot into Safe Mode, which I can't seem to do from the BIOS boot screen, as there is no option to. I tried holding Shift and Restart, but that seemed to be taking a while to perform as well.

I have not turned on my PC since last night. Before going to bed, it did boot up, but as soon as it reached the Windows 10 lock screen, it began to slow. I can log into the desktop, but immediately, I am bombarded with the same programs. They all have short names with random letters. I believe one program had a Mona Lisa thumbnail and opened what looked like the frame of a web browser, with only the search bar.

The Preparation Guide suggests I run FRST, but I am honestly scared of turning on my PC at this point. I do not mind losing anything on my hard drive except for Windows. 

Thank you for the help.

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 13 March 2018 - 10:50 AM

Hi assblasted :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below, and provide me both FRST logs (FRST.txt and Addition.txt). You can attach them in your next post, or copy/paste their content.

https://www.bleepingcomputer.com/forums/topic34773.html

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 assblasted

assblasted
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 13 March 2018 - 11:55 AM

Hello Aura,

Since I don't need to recover any files, would a format and reinstall of Windows be the best action? Would that get rid of all the threats?

Would it be safe to run FRST while my PC goes nuts?

Thank you.

 



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 14 March 2018 - 07:15 AM

You can reinstall Windows if you want, it'll get rid of the infection, yes.

And from your first post, I can see that you're infected with miners, PUPs, adwares, browser hijackers, etc. but not keyloggers and/or RAT (though I'll need logs to confirm that), so it should be safe to run FRST. If you want, you can boot in Safe Mode (no network), and use a USB to transfer FRST and the logs back and forth using another computer.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 assblasted

assblasted
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 14 March 2018 - 03:13 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by David (administrator) on PC (14-03-2018 16:02:53)
Running from D:\
Loaded Profiles: David (Available Profiles: David)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [killings] => C:\Program Files (x86)\Rehash\electrophysiological.exe [21504 2018-03-13] ()
HKLM\...\Run: [killingsjoe] => C:\Program Files (x86)\billerica\rance.exe [20992 2018-03-13] ()
HKLM\...\Run: [killingskillings] => C:\Program Files (x86)\Puck\electrophysiological.exe [21504 2018-03-13] ()
HKLM\...\Run: [WebDiscoverBrowser] => C:\Program Files\WebDiscoverBrowser\3.210.2\browser.exe [918240 2017-10-23] () <==== ATTENTION
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3222448 2017-10-12] (Dominik Reichl)
HKLM-x32\...\Run: [nitwit] => C:\Program Files (x86)\Rehash\electrophysiological.exe [21504 2018-03-13] ()
HKLM-x32\...\Run: [nitwitreefers] => C:\Program Files (x86)\billerica\rance.exe [20992 2018-03-13] ()
HKLM-x32\...\Run: [nitwitnitwit] => C:\Program Files (x86)\Puck\electrophysiological.exe [21504 2018-03-13] ()
HKLM-x32\...\Run: [AnonymizerGadget] => C:\Users\David\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe [347784 2018-03-13] (Jetico ltd) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [f.lux] => C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [Amazon Music] => C:\Users\David\AppData\Local\Amazon Music\Amazon Music.exe*se]**詛柛ᜀ蠀C:\Users\David\AppData\Roaming\Microsoft\Windows\Libraries*
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [Spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-20] (Spotify Ltd)
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [Amazon Music Helper] => C:\Users\David\AppData\Local\Amazon Music\Amazon Music Helper.exe [4238824 2018-02-22] (Amazon Services LLC)
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [reefers] => C:\Program Files (x86)\Rehash\electrophysiological.exe [21504 2018-03-13] ()
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [reefersnitwit] => C:\Program Files (x86)\billerica\rance.exe [20992 2018-03-13] ()
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [reefersreefers] => C:\Program Files (x86)\Puck\electrophysiological.exe [21504 2018-03-13] ()
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [joe] => C:\Program Files (x86)\Rehash\electrophysiological.exe [21504 2018-03-13] ()
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [joekillings] => C:\Program Files (x86)\billerica\rance.exe [20992 2018-03-13] ()
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [joejoe] => C:\Program Files (x86)\Puck\electrophysiological.exe [21504 2018-03-13] ()
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [baldassare] => C:\Program Files (x86)\ita\baldassare.exe [66856 2018-03-13] ()
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [exterminators] => C:\Program Files (x86)\Rehash\electrophysiological.exe [21504 2018-03-13] ()
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [GOaRPULPfM.exe] => C:\Program Files\Windows Mail\IZ14H10PBIEJZEGJQPATREIO7Y5E7UCHGW\GOaRPULPfM.exe [393728 2018-03-13] ()
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cabotage.lnk [2018-03-13]
ShortcutTarget: cabotage.lnk -> C:\Program Files (x86)\Rehash\electrophysiological.exe ()
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cabotagecabotage.lnk [2018-03-13]
ShortcutTarget: cabotagecabotage.lnk -> C:\Program Files (x86)\billerica\rance.exe ()
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-03-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{264fe798-933c-40ff-a0a8-f837d12979c2}: [NameServer] 82.163.143.174,82.163.142.176
Tcpip\..\Interfaces\{264fe798-933c-40ff-a0a8-f837d12979c2}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-12-14] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-12-14] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: hhftabs7.default-1519584770620
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hhftabs7.default-1519584770620 [2018-03-13]
FF Extension: (uBlock Origin) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hhftabs7.default-1519584770620\Extensions\uBlock0@raymondhill.net.xpi [2018-02-25]
FF HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\David\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-12-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-12-14] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\secure_cert.js [2018-03-14]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR NewTab: Default ->  Active:"chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default [2018-03-13]
CHR Extension: (Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (uBlock Origin) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-02-09]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Block & Focus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpbedhdekgkhigjgmlcbmcjoeaebbfm [2018-01-12]
CHR Extension: (Google Play Music) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-02-20]
CHR Extension: (Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Play Movies & TV) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdijeikdkaembjbdobgfkoidjkpbmlkd [2016-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Web Scrobbler) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2018-03-09]
CHR Extension: (Discussions button for Google Search™) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjiggoeheaondbmhmilpmbdkpgcjmdn [2017-01-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-03-06]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2018-01-21]
CHR Extension: (Momentum) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2018-03-09]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-08]
CHR HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 3070bdebde178e60142bdb2775e41f72; C:\WINDOWS\3070bdebde178e60142bdb2775e41f72.dll [1618944 2018-03-13] () [File not signed]
S2 4XqcvGKfuUeR Updater; C:\Program Files (x86)\4XqcvGKfuUeR Updater\4XqcvGKfuUeR Updater.exe [313344 2018-03-13] () [File not signed]
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S2 Ds3Service; C:\Program Files\ScpServer\bin\ScpService.exe [381952 2014-04-02] (Scarlet.Crush Productions) [File not signed]
S2 e14589e77b94f01a7d23df380a0a0958; C:\Program Files\e14589e77b94f01a7d23df380a0a0958\5f465602e1e48bb8ddfb6fb2d8471053.exe [473088 2018-03-12] () [File not signed] <==== ATTENTION
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [389392 2016-11-02] (EasyAntiCheat Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe [45568 2014-05-29] () [File not signed]
S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe [81408 2014-05-29] (Oracle Corporation) [File not signed]
S2 OracleServiceXE; c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [147110912 2014-05-30] (Oracle Corporation) [File not signed]
S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [83968 2014-05-29] (Oracle Corporation) [File not signed]
S2 OracleXETNSListener; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [522240 2014-05-29] (Oracle Corporation) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2018-01-22] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-01] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-01] (Microsoft Corporation)
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 1123c9b8e05c5daabf4b1ceef6af5b45; C:\WINDOWS\system32\drivers\1123c9b8e05c5daabf4b1ceef6af5b45.sys [121976 2018-03-12] ()
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
S3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmdag.sys [38774688 2017-10-13] (Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [549792 2017-10-13] (Advanced Micro Devices, Inc.)
S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices)
R3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [15920 2009-08-15] (Windows ® Codename Longhorn DDK provider)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-02-28] (Malwarebytes)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
S1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-10-18] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-03-01] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288296 2018-03-01] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-01] (Microsoft Corporation)
S0 vlbtx; System32\drivers\snabokhi.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-14 16:02 - 2018-03-14 16:02 - 000000000 ____D C:\FRST
2018-03-13 01:16 - 2018-03-13 01:16 - 000000000 ___HD C:\$SysReset
2018-03-13 01:14 - 2018-03-14 15:55 - 000000278 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2018-03-13 01:14 - 2018-03-14 15:55 - 000000278 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
2018-03-13 01:14 - 2018-03-13 01:14 - 000002902 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
2018-03-13 01:14 - 2018-03-13 01:14 - 000002608 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
2018-03-13 01:11 - 2018-03-13 01:14 - 000000000 ____D C:\Program Files (x86)\foldershare
2018-03-13 01:11 - 2018-03-13 01:12 - 000011568 _____ C:\Users\David\AppData\Local\InstallationConfiguration.xml
2018-03-13 01:11 - 2018-03-13 01:11 - 000930816 _____ C:\Users\David\AppData\Local\po.db
2018-03-13 01:11 - 2018-03-13 01:11 - 000140800 _____ C:\Users\David\AppData\Local\installer.dat
2018-03-13 01:11 - 2018-03-13 01:11 - 000004576 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_OU
2018-03-13 01:11 - 2018-03-13 01:11 - 000004560 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_UT
2018-03-13 01:11 - 2018-03-13 01:11 - 000004552 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_SO
2018-03-13 01:11 - 2018-03-13 01:11 - 000004528 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_KI
2018-03-13 01:11 - 2018-03-13 01:11 - 000004496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_WU
2018-03-13 01:11 - 2018-03-13 01:11 - 000001106 _____ C:\Users\David\Desktop\foldershare.lnk
2018-03-13 01:11 - 2018-03-13 01:11 - 000000000 ____D C:\Users\David\AppData\Roaming\aca3678d5d704bdb8cd358735a60dc2d
2018-03-13 01:11 - 2018-03-13 01:11 - 000000000 ____D C:\Users\David\AppData\Roaming\87a873c0526644cf9058c714ba016936
2018-03-13 01:11 - 2018-03-13 01:11 - 000000000 ____D C:\Users\David\AppData\Local\38f5e97d6cd44a35a2e00fbf6df47afb
2018-03-13 01:11 - 2018-03-13 01:11 - 000000000 ____D C:\Users\David\AppData\Local\183e3f8eba414480a420b7a1c939acfc
2018-03-13 01:11 - 2018-03-13 01:11 - 000000000 ____D C:\ProgramData\80e427b8d55b4345b75a87f45dfec350
2018-03-13 01:10 - 2018-03-13 01:10 - 000003842 _____ C:\WINDOWS\System32\Tasks\WebDiscover Browser Update Task
2018-03-13 01:10 - 2018-03-13 01:10 - 000003334 _____ C:\WINDOWS\System32\Tasks\WebDiscover Browser Launch Task
2018-03-13 01:10 - 2018-03-13 01:10 - 000000982 _____ C:\Users\David\Desktop\WebDiscover Browser.lnk
2018-03-13 01:10 - 2018-03-13 01:10 - 000000000 ____D C:\Users\David\AppData\Local\WebDiscoverBrowser
2018-03-13 01:10 - 2018-03-13 01:10 - 000000000 ____D C:\Program Files\WebDiscoverBrowser
2018-03-13 01:09 - 2018-03-14 15:55 - 000000388 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2018-03-13 01:09 - 2018-03-14 15:55 - 000000356 _____ C:\WINDOWS\Tasks\Online Application V2G6.job
2018-03-13 01:09 - 2018-03-14 15:55 - 000000356 _____ C:\WINDOWS\Tasks\Online Application V2G5.job
2018-03-13 01:09 - 2018-03-14 15:55 - 000000356 _____ C:\WINDOWS\Tasks\Online Application V2G4.job
2018-03-13 01:09 - 2018-03-14 15:55 - 000000356 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
2018-03-13 01:09 - 2018-03-14 15:55 - 000000356 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
2018-03-13 01:09 - 2018-03-14 15:55 - 000000356 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2018-03-13 01:09 - 2018-03-13 01:09 - 000003362 _____ C:\WINDOWS\System32\Tasks\AGProxyCheck
2018-03-13 01:09 - 2018-03-13 01:09 - 000003282 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
2018-03-13 01:09 - 2018-03-13 01:09 - 000003246 _____ C:\WINDOWS\System32\Tasks\Online Application V2G6
2018-03-13 01:09 - 2018-03-13 01:09 - 000003246 _____ C:\WINDOWS\System32\Tasks\Online Application V2G5
2018-03-13 01:09 - 2018-03-13 01:09 - 000003246 _____ C:\WINDOWS\System32\Tasks\Online Application V2G4
2018-03-13 01:09 - 2018-03-13 01:09 - 000003246 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3
2018-03-13 01:09 - 2018-03-13 01:09 - 000003246 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2
2018-03-13 01:09 - 2018-03-13 01:09 - 000003246 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1
2018-03-13 01:09 - 2018-03-13 01:09 - 000000943 _____ C:\Users\David\Desktop\s5.lnk
2018-03-13 01:09 - 2018-03-13 01:09 - 000000000 ____D C:\WINDOWS\SysWOW64\csaevwi
2018-03-13 01:09 - 2018-03-13 01:09 - 000000000 ____D C:\WINDOWS\system32\csaevwi
2018-03-13 01:09 - 2018-03-13 01:09 - 000000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2018-03-13 01:09 - 2018-03-13 01:09 - 000000000 ____D C:\Users\David\AppData\Roaming\Microleaves
2018-03-13 01:09 - 2018-03-13 01:09 - 000000000 ____D C:\Users\David\AppData\Roaming\et
2018-03-13 01:09 - 2018-03-13 01:09 - 000000000 ____D C:\Users\David\AppData\Local\AdvinstAnalytics
2018-03-13 01:09 - 2018-03-13 01:09 - 000000000 ____D C:\ProgramData\1520917789
2018-03-13 01:09 - 2018-03-13 01:09 - 000000000 ____D C:\Program Files (x86)\s5
2018-03-13 01:09 - 2018-03-13 01:09 - 000000000 ____D C:\Program Files (x86)\Microleaves
2018-03-13 01:09 - 2018-03-13 01:09 - 000000000 ____D C:\Program Files (x86)\AnonymizerGadget
2018-03-13 01:08 - 2018-03-13 01:16 - 000001321 _____ C:\Users\David\Desktop\Google Chrome.lnk
2018-03-13 01:08 - 2018-03-13 01:14 - 000000000 ____D C:\Program Files (x86)\SystemHealer
2018-03-13 01:08 - 2018-03-13 01:09 - 000000000 ____D C:\Users\David\AppData\Roaming\AGData
2018-03-13 01:08 - 2018-03-13 01:08 - 000024586 _____ C:\WINDOWS\System32\Tasks\{0C080B47-7F09-0A05-7811-05097D09110D}
2018-03-13 01:08 - 2018-03-13 01:08 - 000004032 _____ C:\WINDOWS\System32\Tasks\tussles dilger bonfires
2018-03-13 01:08 - 2018-03-13 01:08 - 000003978 _____ C:\WINDOWS\System32\Tasks\spitballs_lampshade
2018-03-13 01:08 - 2018-03-13 01:08 - 000003964 _____ C:\WINDOWS\System32\Tasks\sophy_phoney
2018-03-13 01:08 - 2018-03-13 01:08 - 000003962 _____ C:\WINDOWS\System32\Tasks\keels-atheistic
2018-03-13 01:08 - 2018-03-13 01:08 - 000003956 _____ C:\WINDOWS\System32\Tasks\petitioner
2018-03-13 01:08 - 2018-03-13 01:08 - 000003922 _____ C:\WINDOWS\System32\Tasks\guano took
2018-03-13 01:08 - 2018-03-13 01:08 - 000003916 _____ C:\WINDOWS\System32\Tasks\consigns
2018-03-13 01:08 - 2018-03-13 01:08 - 000003908 _____ C:\WINDOWS\System32\Tasks\batussles dilger bonfirestussles dilger bonfires
2018-03-13 01:08 - 2018-03-13 01:08 - 000003846 _____ C:\WINDOWS\System32\Tasks\baspitballs_lampshadespitballs_lampshade
2018-03-13 01:08 - 2018-03-13 01:08 - 000003822 _____ C:\WINDOWS\System32\Tasks\bakeels-atheistickeels-atheistic
2018-03-13 01:08 - 2018-03-13 01:08 - 000003818 _____ C:\WINDOWS\System32\Tasks\basophy_phoneysophy_phoney
2018-03-13 01:08 - 2018-03-13 01:08 - 000003806 _____ C:\WINDOWS\System32\Tasks\bapetitionerpetitioner
2018-03-13 01:08 - 2018-03-13 01:08 - 000003772 _____ C:\WINDOWS\System32\Tasks\baguano tookguano took
2018-03-13 01:08 - 2018-03-13 01:08 - 000003762 _____ C:\WINDOWS\System32\Tasks\baconsignsconsigns
2018-03-13 01:08 - 2018-03-13 01:08 - 000003680 _____ C:\WINDOWS\System32\Tasks\SystemHealer Task
2018-03-13 01:08 - 2018-03-13 01:08 - 000003388 _____ C:\WINDOWS\System32\Tasks\System Healer Monitor
2018-03-13 01:08 - 2018-03-13 01:08 - 000003380 _____ C:\WINDOWS\System32\Tasks\System Healer Delayed
2018-03-13 01:08 - 2018-03-13 01:08 - 000001015 _____ C:\Users\David\Desktop\Launch System Healer.lnk
2018-03-13 01:08 - 2018-03-13 01:08 - 000000012 _____ C:\WINDOWS\b47720645
2018-03-13 01:08 - 2018-03-13 01:08 - 000000000 ___HD C:\Program Files (x86)\Puck
2018-03-13 01:08 - 2018-03-13 01:08 - 000000000 ___HD C:\Program Files (x86)\ita
2018-03-13 01:08 - 2018-03-13 01:08 - 000000000 ____D C:\Users\David\AppData\Roaming\SystemHealer
2018-03-13 01:08 - 2018-03-13 01:08 - 000000000 ____D C:\Users\David\AppData\Roaming\System Healer
2018-03-13 01:08 - 2018-03-13 01:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2018-03-13 01:08 - 2018-03-13 01:08 - 000000000 ____D C:\ProgramData\ee9f590c-7171-1
2018-03-13 01:08 - 2018-03-13 01:08 - 000000000 ____D C:\ProgramData\ee9f590c-2597-0
2018-03-13 01:08 - 2018-03-13 01:08 - 000000000 ____D C:\ProgramData\616ca8e3-9bd6-4a32-a4f3-3640822a6c06
2018-03-13 01:08 - 2018-03-13 01:08 - 000000000 ____D C:\Program Files (x86)\Rehash
2018-03-13 01:08 - 2018-03-13 01:08 - 000000000 ____D C:\Program Files (x86)\lansky
2018-03-13 01:08 - 2018-03-13 01:08 - 000000000 ____D C:\Program Files (x86)\billerica
2018-03-13 01:06 - 2018-03-13 01:06 - 000021576 _____ C:\WINDOWS\System32\Tasks\4XqcvGKfuUeR
2018-03-13 01:06 - 2018-03-13 01:06 - 000000000 ____D C:\Program Files (x86)\4XqcvGKfuUeR Updater
2018-03-13 01:05 - 2018-03-14 15:57 - 000003274 _____ C:\WINDOWS\System32\Tasks\e14589e77b94f01a7d23df380a0a0958
2018-03-13 01:05 - 2018-03-13 01:10 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL
2018-03-13 01:05 - 2018-03-13 01:06 - 000000000 ____D C:\Program Files (x86)\4XqcvGKfuUeR
2018-03-13 01:05 - 2018-03-13 01:05 - 001618944 _____ C:\WINDOWS\3070bdebde178e60142bdb2775e41f72.dll
2018-03-13 01:05 - 2018-03-13 01:05 - 000000000 ____D C:\Program Files\e14589e77b94f01a7d23df380a0a0958
2018-03-13 01:02 - 2018-03-13 01:02 - 000000218 _____ C:\Users\David\AppData\Local\recently-used.xbel
2018-03-13 01:02 - 2018-03-13 01:02 - 000000000 ____D C:\Users\David\Desktop\FIFA15
2018-03-13 01:00 - 2018-03-13 01:00 - 000000000 ____D C:\Users\David\Downloads\FIFA.15.Ultimate.Team.Edition-CPY
2018-03-13 00:47 - 2018-03-13 00:47 - 000021504 _____ C:\WINDOWS\choquette.exe
2018-03-13 00:47 - 2018-03-13 00:47 - 000021504 _____ C:\Users\David\AppData\Local\electrophysiological.exe
2018-03-13 00:47 - 2018-03-13 00:47 - 000020992 _____ C:\Users\David\AppData\Local\rance.exe
2018-03-12 23:18 - 2018-03-12 23:18 - 010571443 _____ C:\Users\David\Downloads\SCP-DS-Driver-Package-1.2.0.160.7z
2018-03-12 05:29 - 2018-03-12 05:29 - 000376320 _____ C:\WINDOWS\3b0e8ae12f8a986c33482f221e849207.exe
2018-03-12 05:29 - 2018-03-12 05:29 - 000121976 _____ C:\WINDOWS\system32\Drivers\1123c9b8e05c5daabf4b1ceef6af5b45.sys
2018-03-12 05:29 - 2018-03-12 05:29 - 000047247 _____ C:\WINDOWS\uninstaller.dat
2018-03-07 16:47 - 2018-03-07 16:47 - 000000000 ___HD C:\Users\David\MicrosoftEdgeBackups
2018-03-06 02:24 - 2018-03-06 02:24 - 000012500 _____ C:\Users\David\Downloads\Chapter 2 Worksheet.xlsx
2018-03-06 01:42 - 2018-03-06 03:26 - 000011951 _____ C:\Users\David\Desktop\ACC638_Exam1_Nget.xlsx
2018-03-04 13:55 - 2018-03-04 13:55 - 000000000 ___HD C:\_acestream_cache_
2018-03-04 13:54 - 2018-03-04 13:56 - 000000000 ____D C:\Users\David\AppData\Roaming\.ACEStream
2018-03-02 12:44 - 2018-03-02 12:44 - 000014520 _____ C:\Users\David\Downloads\Chapter 3 - Inclass problem #5 solution.pdf
2018-02-28 14:40 - 2018-02-28 14:40 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-02-27 15:39 - 2018-02-28 15:47 - 000011819 _____ C:\Users\David\Desktop\CW_PersoffandSeaCliff.xlsx
2018-02-26 15:31 - 2018-02-26 15:32 - 003823077 _____ C:\Users\David\Downloads\The Hitchhiker's Guide to the Galaxy Omnibus A Trilogy in Five Parts.epub
2018-02-25 22:02 - 2018-02-05 22:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-25 22:02 - 2018-02-05 22:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-25 22:01 - 2018-03-01 23:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-25 21:49 - 2018-02-25 21:52 - 069316608 _____ C:\Users\David\Downloads\calibre-64bit-3.18.0.msi
2018-02-25 21:47 - 2018-02-25 21:48 - 013298100 _____ C:\Users\David\Downloads\0060005718.epub
2018-02-25 14:52 - 2018-03-13 01:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-25 14:52 - 2018-02-25 14:52 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-25 14:52 - 2018-02-25 14:52 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-02-25 14:52 - 2018-02-25 14:52 - 000000000 ____D C:\Users\David\Desktop\Old Firefox Data
2018-02-25 14:52 - 2018-02-25 14:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-25 14:51 - 2018-02-25 14:51 - 000313520 _____ (Mozilla) C:\Users\David\Downloads\Firefox Installer.exe
2018-02-23 17:13 - 2018-03-01 23:44 - 000001263 _____ C:\Users\David\Desktop\Amazon Music.lnk
2018-02-23 17:13 - 2018-02-23 17:13 - 041988640 _____ (Amazon) C:\Users\David\Downloads\AmazonMusicInstaller.exe
2018-02-23 17:13 - 2018-02-23 17:13 - 000001174 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music.lnk
2018-02-18 15:39 - 2018-02-18 15:48 - 000000534 _____ C:\Users\David\BooleanZero.py
2018-02-18 15:18 - 2018-02-18 15:39 - 000000188 _____ C:\Users\David\BooleanWithValues.py
2018-02-18 15:11 - 2018-02-18 15:17 - 000000108 _____ C:\Users\David\BooleanWithOperators.py
2018-02-18 14:52 - 2018-02-18 15:11 - 000000229 _____ C:\Users\David\Boolean.py
2018-02-17 18:36 - 2018-02-17 18:38 - 000000332 _____ C:\Users\David\AndOrOperators.py
2018-02-17 18:31 - 2018-02-17 18:31 - 000000191 _____ C:\Users\David\AndOr.py
2018-02-17 18:25 - 2018-02-17 18:28 - 000000245 _____ C:\Users\David\indentation.py
2018-02-17 18:17 - 2018-02-17 18:23 - 000000269 _____ C:\Users\David\ifstatements.py
2018-02-16 16:06 - 2018-02-16 16:06 - 000012775 _____ C:\Users\David\Downloads\teamstatsbball.xlsx
2018-02-15 23:45 - 2018-02-15 23:45 - 007890419 _____ C:\Users\David\Downloads\ACCT 639 Chapter 1(1).pptx
2018-02-13 01:17 - 2018-02-13 01:17 - 000048717 _____ C:\Users\David\Downloads\Quiz_businesscombinationsch02spring2018 (1).pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-14 16:02 - 2015-10-25 23:02 - 000354504 _____ C:\WINDOWS\ntbtlog.txt
2018-03-14 16:00 - 2015-10-25 23:03 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-03-14 15:59 - 2017-09-29 04:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-14 15:59 - 2017-07-27 20:18 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-03-14 15:55 - 2018-01-23 12:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-14 15:55 - 2018-01-23 12:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-14 15:55 - 2017-09-27 18:30 - 000000636 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2782644308-2723550521-4127866414-1001.job
2018-03-14 15:55 - 2017-09-27 18:30 - 000000540 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2782644308-2723550521-4127866414-1001.job
2018-03-13 01:23 - 2015-07-13 23:53 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-13 01:16 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-13 01:16 - 2017-06-01 22:44 - 000004052 _____ C:\Users\David\Desktop\Rkill.txt
2018-03-13 01:15 - 2018-01-23 12:57 - 000004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F978C157-78E6-400E-9692-3E1682D99E42}
2018-03-13 01:15 - 2015-07-13 23:53 - 000002337 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-12 23:22 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-12 13:12 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-12 13:11 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-11 13:40 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-11 00:05 - 2016-09-13 22:09 - 000000000 ____D C:\Users\David\AppData\Roaming\Google Play Music Desktop Player
2018-03-09 23:16 - 2015-07-14 00:24 - 000000000 ____D C:\Users\David\AppData\Roaming\KeePass
2018-03-08 21:16 - 2018-01-23 12:57 - 000003780 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2782644308-2723550521-4127866414-1001
2018-03-08 21:16 - 2018-01-23 12:57 - 000003684 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2782644308-2723550521-4127866414-1001
2018-03-08 21:16 - 2017-09-27 18:30 - 000000000 ____D C:\Users\David\AppData\Local\GoToMeeting
2018-03-07 17:58 - 2017-11-14 21:56 - 000000000 ____D C:\Users\David\AppData\LocalLow\Mozilla
2018-03-07 16:47 - 2018-01-23 12:37 - 000000000 ____D C:\Users\David
2018-03-06 02:24 - 2018-01-23 12:38 - 000000000 ____D C:\Users\David\AppData\Local\Packages
2018-03-04 13:59 - 2017-08-26 22:57 - 000000000 ____D C:\Users\David\AppData\Roaming\Soda Player
2018-03-04 13:58 - 2017-08-26 22:57 - 000000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soda Player
2018-03-04 13:58 - 2017-08-26 22:57 - 000000000 ____D C:\Users\David\AppData\Local\sodaplayer
2018-03-04 13:57 - 2016-09-13 22:08 - 000000000 ____D C:\Users\David\AppData\Local\SquirrelTemp
2018-03-03 20:49 - 2016-11-05 12:01 - 000000000 ____D C:\Users\David\AppData\Local\Amazon Music
2018-03-01 23:19 - 2017-09-29 09:46 - 000000000 ____D C:\Program Files\Windows Defender
2018-02-28 21:44 - 2015-12-14 19:12 - 000000000 ____D C:\Users\David\AppData\Roaming\vlc
2018-02-28 19:47 - 2017-09-05 13:00 - 000000000 ____D C:\AdwCleaner
2018-02-28 00:48 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\rescache
2018-02-26 15:35 - 2015-12-02 17:32 - 000000000 ____D C:\Users\David\Documents\Calibre Library
2018-02-26 15:31 - 2015-12-02 17:44 - 000000000 ____D C:\Users\David\AppData\Local\calibre-cache
2018-02-25 22:07 - 2015-12-02 17:32 - 000000000 ____D C:\Users\David\AppData\Roaming\calibre
2018-02-25 22:06 - 2018-01-23 12:35 - 001000148 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-25 22:03 - 2016-11-20 14:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-25 22:03 - 2015-09-08 23:19 - 000000000 ___RD C:\Users\David\3D Objects
2018-02-25 22:02 - 2015-08-03 01:47 - 000001014 __RSH C:\ProgramData\ntuser.pol
2018-02-25 22:00 - 2018-01-23 12:31 - 000401528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-02-25 21:57 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-02-25 21:57 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-02-25 21:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-02-25 21:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-02-25 21:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-02-25 21:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-02-25 21:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-02-25 21:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-02-25 21:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-02-25 21:57 - 2017-09-29 04:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-02-25 21:55 - 2015-12-02 17:32 - 000000999 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2018-02-25 21:55 - 2015-12-02 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2018-02-25 21:55 - 2015-12-02 17:32 - 000000000 ____D C:\Program Files\Calibre2
2018-02-25 14:52 - 2016-02-20 13:38 - 000000000 ____D C:\Users\David\AppData\Roaming\Mozilla
2018-02-22 15:57 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-02-22 15:56 - 2015-07-14 12:58 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-02-18 15:49 - 2018-01-05 19:26 - 000000000 ____D C:\Users\David\AppData\Roaming\Wing 101 6
2018-02-18 15:49 - 2018-01-05 19:26 - 000000000 ____D C:\Users\David\AppData\Local\Wing 101 6
2018-02-13 14:09 - 2015-07-14 00:56 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-13 14:07 - 2017-10-10 16:13 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-13 14:07 - 2015-07-14 00:56 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-12 23:55 - 2015-12-10 13:04 - 000000000 ____D C:\Users\David\AppData\Roaming\Spotify
 
==================== Files in the root of some directories =======
 
2018-03-13 00:47 - 2018-03-13 00:47 - 000021504 _____ () C:\Users\David\AppData\Local\electrophysiological.exe
2018-03-13 01:11 - 2018-03-13 01:12 - 000011568 _____ () C:\Users\David\AppData\Local\InstallationConfiguration.xml
2018-03-13 01:11 - 2018-03-13 01:11 - 000140800 _____ () C:\Users\David\AppData\Local\installer.dat
2018-03-13 01:11 - 2018-03-13 01:11 - 000930816 _____ () C:\Users\David\AppData\Local\po.db
2018-03-13 00:47 - 2018-03-13 00:47 - 000020992 _____ () C:\Users\David\AppData\Local\rance.exe
2018-03-13 01:02 - 2018-03-13 01:02 - 000000218 _____ () C:\Users\David\AppData\Local\recently-used.xbel
2015-08-03 01:16 - 2015-10-22 12:40 - 000007598 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg
 
Files to move or delete:
====================
C:\Program Files\WebDiscoverBrowser\3.210.2\browser.exe
C:\Users\David\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe
 
 
Some files in TEMP:
====================
2018-03-13 01:03 - 2018-03-13 01:03 - 000024576 _____ (1010 Vine Street) C:\Users\David\AppData\Local\Temp\capi.exe
2018-03-13 01:02 - 2018-03-13 01:02 - 001797855 _____ () C:\Users\David\AppData\Local\Temp\gimi.exe
2018-03-13 01:03 - 2018-03-13 01:03 - 003988942 _____ (Indigo Rose Corporation) C:\Users\David\AppData\Local\Temp\ing.exe
2018-03-13 01:03 - 2018-03-13 01:03 - 002344448 _____ () C:\Users\David\AppData\Local\Temp\XvidCodecInstaller.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-05 01:36
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by David (14-03-2018 16:04:26)
Running from D:\
Windows 10 Pro Version 1709 16299.192 (X64) (2018-01-23 16:58:56)
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2782644308-2723550521-4127866414-500 - Administrator - Disabled)
David (S-1-5-21-2782644308-2723550521-4127866414-1001 - Administrator - Enabled) => C:\Users\David
DefaultAccount (S-1-5-21-2782644308-2723550521-4127866414-503 - Limited - Disabled)
Guest (S-1-5-21-2782644308-2723550521-4127866414-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2782644308-2723550521-4127866414-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4XqcvGKfuUeR Updater version 1.2.0.4 (HKLM-x32\...\4XqcvGKfuUeR Updater_is1) (Version: 1.2.0.4 - ) <==== ATTENTION
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
Amazon Music (HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Amazon Amazon Music) (Version: 6.3.4.1269 - Amazon Services LLC)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
AnonymizerGadget (HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\AnonymizerGadget) (Version: 1 - Jetico lim) <==== ATTENTION
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{9F429DF7-F8DD-4980-9673-E6DACA012F6C}) (Version: 3.3 - Microsoft Corporation) Hidden
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
calibre 64bit (HKLM\...\{987DD73B-F97A-4D00-9522-35FC3B9FDB74}) (Version: 3.18.0 - Kovid Goyal)
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version:  - )
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Dotfuscator and Analytics Community Edition 5.18.1 (HKLM-x32\...\{9890DF1A-10E9-4236-94B1-1EFAA4099F13}) (Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
f.lux (HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Flux) (Version:  - f.lux Software LLC)
Google Chrome (HKLM-x32\...\{2CF484F9-A0CD-3AD9-84A6-DFFE749FC71F}) (Version: 64.0.3282.186 - Google, Inc.)
Google Play Music Desktop Player (HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\GPMDP_3) (Version: 4.5.0 - Samuel Attard)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToMeeting 8.22.0.8473 (HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\GoToMeeting) (Version: 8.22.0.8473 - LogMeIn, Inc.)
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
KeePass Password Safe 2.37 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.37 - Dominik Reichl)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.5007.1000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
Oracle Database 11g Express Edition (HKLM\...\{05A7B662-80A3-4EB9-AE1D-89A62449431C}) (Version: 11.2.0 - Oracle Corporation) Hidden
Oracle Database 11g Express Edition (HKLM-x32\...\InstallShield_{05A7B662-80A3-4EB9-AE1D-89A62449431C}) (Version: 11.2.0 - Oracle Corporation)
Oracle VM VirtualBox 5.1.8 (HKLM\...\{65402252-5DA1-4360-A144-E09BB16AC7A9}) (Version: 5.1.8 - Oracle Corporation)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Python 3.4 pygame-1.9.2a0 (HKLM-x32\...\{A4C8B8DF-5BA4-4AFC-9CED-531CBD9CDF08}) (Version: 1.9.2 - Pete Shinners, Rene Dudfield, Marcus von Appen, Bob Pendleton, others...)
Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
s5m (HKLM-x32\...\s5m) (Version: 2.0.2 - s5m) <==== ATTENTION
SearchAwesome (HKLM\...\e14589e77b94f01a7d23df380a0a0958) (Version: 13.14.1.195 (i1.0) - SearchAwesome) <==== ATTENTION
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Soda Player (HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\sodaplayer) (Version: 1.3.3 - Soda Player)
Spotify (HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
System Healer (HKLM-x32\...\SystemHealer_is1) (Version: 4.4.0.3 - System Healer) <==== ATTENTION
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{791295AE-3B0A-3222-9E69-26C8C106E8D1}) (Version: 14.0.23102 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (HKLM-x32\...\{C5D259B0-526A-48D0-9E2D-7CC884B3A1CA}) (Version: 1.5.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{C7AA90EF-3C40-4F1E-897B-696834DD0B0F}) (Version: 1.5.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.5.4.0 (HKLM-x32\...\{4cde0c8c-47b3-448f-babf-fe5d392432a6}) (Version: 1.5.23128.0 - Microsoft Corporation)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{EC5A6438-850E-4AD1-9169-DD071C8EFFEF}) (Version: 2.10.0.0 - Microsoft Corporation)
VidsqaurE (HKLM-x32\...\{A97606DF-0FE1-4390-B0DD-ADA8B303AE61}_is1) (Version: 1.4 - ) <==== ATTENTION
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WebDiscover Browser 3.210.2 (HKLM\...\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1) (Version: 3.210.2 - WebDiscover Media) <==== ATTENTION
Winamp (HKLM-x32\...\Winamp) (Version: 5.66  - Nullsoft, Inc)
Wing IDE 101 6.0.9-1 (HKLM-x32\...\Wing IDE 101 6.0_is1) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2782644308-2723550521-4127866414-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2782644308-2723550521-4127866414-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2782644308-2723550521-4127866414-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2782644308-2723550521-4127866414-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\David\AppData\Local\GoToMeeting\7881\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2782644308-2723550521-4127866414-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-09-22] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0869227D-975C-4F00-BC79-22AC3E17AB57} - System32\Tasks\tussles dilger bonfires => C:\Users\David\AppData\Local\electrophysiological.exe [2018-03-13] ()
Task: {11B06BEE-3115-4FC0-95E2-481193EBEA6C} - System32\Tasks\baguano tookguano took => C:\Program Files (x86)\Puck\rance.exe [2018-03-13] ()
Task: {15530C30-6B86-4287-94FD-19BC9756B657} - System32\Tasks\GoogleUpdateSecurityTaskMachine_UT => C:\Users\David\AppData\Roaming\87a873c0526644cf9058c714ba016936\HandlerExecution.exe [2018-03-13] () <==== ATTENTION
Task: {1D594C76-B487-4677-9614-A359304F76CC} - System32\Tasks\GoogleUpdateSecurityTaskMachine_WU => C:\ProgramData\80e427b8d55b4345b75a87f45dfec350\HandlerExecution.exe [2018-03-13] () <==== ATTENTION
Task: {23A0A0E4-0C33-4E9C-BB95-038A55AB59D2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {2497FF23-392F-4434-84B4-C35C5BC43637} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-13] (Google Inc.)
Task: {25835E55-6315-4F63-B410-B8C8F46A1D29} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {2641B13B-1599-455C-9C71-D9F852FF35DB} - System32\Tasks\petitioner => C:\Program Files (x86)\Rehash\electrophysiological.exe [2018-03-13] ()
Task: {2A01B97B-8E5B-470A-833F-5C0E65308E0B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2D1E09EF-EF9C-433A-BC5E-88886ABA7C90} - System32\Tasks\WebDiscover Browser Launch Task => C:\Program Files\WebDiscoverBrowser\3.210.2\browser.exe [2017-10-23] () <==== ATTENTION
Task: {2FF523B7-00A1-4742-9115-D40BF9F8382F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {360D09A6-AA06-44F0-97E2-492F080A8941} - System32\Tasks\bakeels-atheistickeels-atheistic => C:\Program Files (x86)\billerica\rance.exe [2018-03-13] ()
Task: {3A541E61-DCE3-4C36-9BB5-537C1E918161} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3A9826CA-9BFB-4C6B-921F-800785E51B10} - System32\Tasks\GoogleUpdateSecurityTaskMachine_OU => C:\Users\David\AppData\Roaming\aca3678d5d704bdb8cd358735a60dc2d\HandlerExecution.exe [2018-03-13] () <==== ATTENTION
Task: {3B03DD86-8D2A-4AA9-850E-4B5B0C62CC05} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {3B1A0FDD-E849-4F2A-A8C6-192AE6F69718} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {44F92B30-008A-4DF1-A3B8-AA9A3FE7A5F3} - System32\Tasks\{0C080B47-7F09-0A05-7811-05097D09110D} => C:\WINDOWS\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAA7ADsAOwA7ACAAIAA7ACAAIAAgACAAOwAgACAAIAA7ADsAIAA7ACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcAYQByAG4AaQBuAGcA (the data entry has 10056 more characters). <==== ATTENTION
Task: {468A78E5-5554-4C89-BFCB-450CE93368B3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {48F027A0-A829-48FD-BCA0-51A0978B781B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {4BC50B57-A6F1-4101-887C-5453F2701B10} - System32\Tasks\GoogleUpdateSecurityTaskMachine_SO => C:\Users\David\AppData\Local\183e3f8eba414480a420b7a1c939acfc\HandlerExecution.exe [2018-03-13] () <==== ATTENTION
Task: {4DBF605C-4A4B-426D-B08B-0005BB3D0864} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-12-12] (Microsoft Corporation)
Task: {4F53719B-7BDC-4CEB-9C15-CB47648399C4} - System32\Tasks\baconsignsconsigns => C:\Program Files (x86)\lansky\lansky.exe [2018-03-13] ()
Task: {5312BCF4-FF2F-4D33-9D43-90BD7F6DAB10} - System32\Tasks\System Healer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2018-02-26] () <==== ATTENTION
Task: {53868E1B-26C3-4C75-B636-266ED3CF3D75} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-13] (Google Inc.)
Task: {5466A6AA-A044-4969-8B8A-F2398DBEED9B} - System32\Tasks\batussles dilger bonfirestussles dilger bonfires => C:\Users\David\AppData\Local\electrophysiological.exe [2018-03-13] ()
Task: {55C74193-0238-46BE-9A95-8CAF78A06926} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {595785DE-2E51-4BC6-8BB8-060404D9FAD3} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2018-02-26] () <==== ATTENTION
Task: {5A03C9C2-7F2D-427B-8413-54F01F8103F8} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-09-22] (Advanced Micro Devices, Inc.)
Task: {5C135677-3609-4951-B4A8-68299A0821EE} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {6B133DF7-4217-42A2-AEA0-2981BBCF6186} - System32\Tasks\e14589e77b94f01a7d23df380a0a0958 => sc start e14589e77b94f01a7d23df380a0a0958 <==== ATTENTION
Task: {6FD1742C-97E5-48F1-BDB5-A3271367350D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {70E4C9BD-52AC-431D-962F-CCB70427C03F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {71958027-B64D-40DC-97D7-C3CAC624D695} - \WPD\SqmUpload_S-1-5-21-2782644308-2723550521-4127866414-1001 -> No File <==== ATTENTION
Task: {76DFB640-FA04-4104-AD67-4C5530BA173D} - System32\Tasks\bapetitionerpetitioner => C:\Program Files (x86)\Rehash\electrophysiological.exe [2018-03-13] ()
Task: {7A61590A-DE3A-42E3-9B99-9282ED40CBF4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7B03066D-60A7-4420-9958-061CCE1CF089} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {7C5C0C20-85D0-4DE8-BE7D-D60EF278039F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7EA8D66F-5C6C-4F9B-B251-8FD48926755A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-02-13] (Microsoft Corporation)
Task: {824499FF-E764-4B2E-9E4E-C4996BFA4BFF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8AD2450D-C26F-4C87-8EF6-AD98132FF5E2} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {8CFF29FE-5EFE-49EC-8C7C-AA02214C2B65} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {94A042F6-26CA-460F-9531-EB9EE87B701B} - System32\Tasks\sophy_phoney => C:\Program Files (x86)\Puck\electrophysiological.exe [2018-03-13] ()
Task: {981B49AA-2617-4112-AD45-64EC5D278D76} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-10] (Microleaves) <==== ATTENTION
Task: {9FB01935-BAD4-4CF0-BCEA-54D72C3323CA} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {A0F5FF06-BF69-4C60-B663-A1D157C2CF88} - System32\Tasks\keels-atheistic => C:\Program Files (x86)\billerica\rance.exe [2018-03-13] ()
Task: {A0F8F624-7B93-412C-B881-EBFCF34FAF86} - System32\Tasks\guano took => C:\Program Files (x86)\Puck\rance.exe [2018-03-13] ()
Task: {A733B358-08C6-4724-9EA3-9C950EE26951} - System32\Tasks\AGProxyCheck => C:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove]
Task: {A7877BF5-7F27-47F7-A0F7-A40ECB29A24B} - System32\Tasks\baspitballs_lampshadespitballs_lampshade => C:\Users\David\AppData\Local\rance.exe [2018-03-13] ()
Task: {B7ECFB91-EC00-4EBD-B042-3B086BD0F372} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B8AC4BF7-26D8-456A-9805-A749AD8694FC} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {BAFE08E1-B127-4B69-829C-8363D4365DDB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C186710F-9D22-4E44-AAFD-1CD69FCD0E99} - System32\Tasks\System Healer Delayed => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2018-02-26] () <==== ATTENTION
Task: {C331C4FD-9375-4AA8-A767-2271CB8EC315} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CA1902DC-2DAD-4923-92BB-8F4DC16A048D} - System32\Tasks\4XqcvGKfuUeR => 4xqcvgkfuuer.exe <==== ATTENTION
Task: {CDCA0B3D-F7FA-4D42-9E21-215C4882E12C} - System32\Tasks\G2MUploadTask-S-1-5-21-2782644308-2723550521-4127866414-1001 => C:\Users\David\AppData\Local\GoToMeeting\8473\g2mupload.exe [2018-03-08] (LogMeIn, Inc.)
Task: {D118F2BA-AC74-4FFF-A3E8-226FE0A952D9} - System32\Tasks\G2MUpdateTask-S-1-5-21-2782644308-2723550521-4127866414-1001 => C:\Users\David\AppData\Local\GoToMeeting\8473\g2mupdate.exe [2018-03-08] (LogMeIn, Inc.)
Task: {D50DAA50-7504-4EA8-B266-3D27FAC998A7} - System32\Tasks\WebDiscover Browser Update Task => C:\Program Files\WebDiscoverBrowser\3.210.2\browser.exe [2017-10-23] () <==== ATTENTION
Task: {DB790AB9-137F-4FE5-9853-0B462DF5905F} - System32\Tasks\spitballs_lampshade => C:\Users\David\AppData\Local\rance.exe [2018-03-13] ()
Task: {E135DAC5-B79C-406A-A9A7-67C9217E9CF7} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2018-02-26] () <==== ATTENTION
Task: {E46B2665-E27E-4260-A8A4-2A8DC9CC43E3} - System32\Tasks\GoogleUpdateSecurityTaskMachine_KI => C:\Users\David\AppData\Local\38f5e97d6cd44a35a2e00fbf6df47afb\HandlerExecution.exe [2018-03-13] () <==== ATTENTION
Task: {E6F15F3F-A64E-4791-BF29-A492AB043F76} - System32\Tasks\SystemHealer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2018-02-26] () <==== ATTENTION
Task: {E7A03923-737D-4EEB-BA4A-66A88145F551} - System32\Tasks\consigns => C:\Program Files (x86)\lansky\lansky.exe [2018-03-13] ()
Task: {E7AAAE20-20BC-4EC5-B598-2BE4BD2F8EBD} - System32\Tasks\basophy_phoneysophy_phoney => C:\Program Files (x86)\Puck\electrophysiological.exe [2018-03-13] ()
Task: {FD1ACA3C-466A-4D1C-8822-74DDAFB6D972} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2782644308-2723550521-4127866414-1001.job => C:\Users\David\AppData\Local\GoToMeeting\8473\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2782644308-2723550521-4127866414-1001.job => C:\Users\David\AppData\Local\GoToMeeting\8473\g2mupload.exe
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\David\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --disable-quic
ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enthought Canopy (64-bit)\Canopy 64-bit command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\Canopy\User\Scripts\activate.bat"
ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Movies & TV.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () ->  --profile-directory=Default --app-id=gdijeikdkaembjbdobgfkoidjkpbmlkd
ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --disable-quic
ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-21 13:33 - 2017-01-31 08:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2018-01-22 22:25 - 2018-01-22 22:25 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-01-22 22:25 - 2018-01-22 22:25 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\sharepoint.com -> hxxps://baruchmailcuny-files.sharepoint.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2018-03-13 01:11 - 000001284 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
162.222.193.86       aoaomo.tremorhub.com
188.95.50.62       bobomo.tremorhub.com
162.222.193.86       www.howcast.com
162.222.193.86       howcast.com
162.222.193.86       www.ustream.tv
162.222.193.86       ustream.tv
162.222.193.86       www.livestream.com
162.222.193.86       livestream.com
162.222.193.86       www.dailymotion.com
162.222.193.86       dailymotion.com
192.192.3.8       www.virustotal.com
192.192.3.8       virustotal.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: OracleServiceXE => 2
MSCONFIG\Services: OracleXETNSListener => 2
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMnetDHCP => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: VMware NAT Service => 2
MSCONFIG\Services: VMwareHostd => 2
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\StartupApproved\Run: => "Amazon Music"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A311C060-419A-452A-B8F2-5EB7486FBB04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2B60224B-04D3-4449-BF82-89054515E1E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E7728D6E-10D3-41CE-8E66-AF33432B33E3}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.4.1\google play music desktop player.exe
FirewallRules: [{A60794FB-132E-436A-B02D-ADC8A5F4140B}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.4.1\google play music desktop player.exe
FirewallRules: [UDP Query User{65DC542E-8062-44E2-959C-AC5071618EF3}C:\users\david\appdata\local\gpmdp_3\app-4.4.1\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.4.1\google play music desktop player.exe
FirewallRules: [TCP Query User{3DAB8BFB-F24C-42FB-AE4B-5375331778A5}C:\users\david\appdata\local\gpmdp_3\app-4.4.1\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.4.1\google play music desktop player.exe
FirewallRules: [{6D591F95-4303-4F3F-974B-C675830AC6EB}] => (Block) C:\users\david\appdata\local\sodaplayer\app-1.1.4\soda player.exe
FirewallRules: [{B0EF9C3F-60BD-485D-9CD3-5B4B55FDF8C8}] => (Block) C:\users\david\appdata\local\sodaplayer\app-1.1.4\soda player.exe
FirewallRules: [UDP Query User{7D7087A8-031E-4335-999F-FE05A5C15E3C}C:\users\david\appdata\local\sodaplayer\app-1.1.4\soda player.exe] => (Allow) C:\users\david\appdata\local\sodaplayer\app-1.1.4\soda player.exe
FirewallRules: [TCP Query User{502F45E5-9E94-49D0-9D6C-4DC757E1CAE9}C:\users\david\appdata\local\sodaplayer\app-1.1.4\soda player.exe] => (Allow) C:\users\david\appdata\local\sodaplayer\app-1.1.4\soda player.exe
FirewallRules: [{E4DB388B-8213-4F82-9D50-5A511AF1CD2A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CFE174E2-1AAF-4C7B-B5CD-47C5C7734219}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6A405ACE-8A6D-44E0-9CFA-3CB6491A9440}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.0.5\google play music desktop player.exe
FirewallRules: [{F5AA5C3F-5C62-4B69-9B45-F8C0C21F20F9}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.0.5\google play music desktop player.exe
FirewallRules: [UDP Query User{5B8DE9C3-D631-4EF6-A95A-7786C6F7D98D}C:\users\david\appdata\local\gpmdp_3\app-4.0.5\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.0.5\google play music desktop player.exe
FirewallRules: [TCP Query User{2A0E2647-45C7-4F56-AD3A-F77D7F6A3BAD}C:\users\david\appdata\local\gpmdp_3\app-4.0.5\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.0.5\google play music desktop player.exe
FirewallRules: [{B923FA83-8772-40C5-B81F-C3621C3C012E}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.0.4\google play music desktop player.exe
FirewallRules: [{0463DDC3-ED60-4C28-8958-312E46BDE74D}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.0.4\google play music desktop player.exe
FirewallRules: [UDP Query User{3545BBB3-4F85-4440-A449-4E4732699BB1}C:\users\david\appdata\local\gpmdp_3\app-4.0.4\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.0.4\google play music desktop player.exe
FirewallRules: [TCP Query User{2C1B9CEF-C93A-434A-8B08-12D123585657}C:\users\david\appdata\local\gpmdp_3\app-4.0.4\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.0.4\google play music desktop player.exe
FirewallRules: [{5F0D0A4B-30E1-4EC1-9049-DF6EB4BEDC5F}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.0.3\google play music desktop player.exe
FirewallRules: [{5BAEC815-1B93-4556-8663-C1BD8BE99A82}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.0.3\google play music desktop player.exe
FirewallRules: [UDP Query User{B05CFC4B-BA63-40DC-841E-681D9AEB7858}C:\users\david\appdata\local\gpmdp_3\app-4.0.3\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.0.3\google play music desktop player.exe
FirewallRules: [TCP Query User{357B31C4-64D4-4D33-8D27-7FF99363B326}C:\users\david\appdata\local\gpmdp_3\app-4.0.3\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.0.3\google play music desktop player.exe
FirewallRules: [{E13D0240-2C33-47EC-82A2-D2C01A384D9D}] => (Block) C:\users\david\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{3EAEE7C4-0349-4DF1-A30B-0925210A72F1}] => (Block) C:\users\david\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{680392B1-ED32-4570-8CF2-6DA56BFD6A35}C:\users\david\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\david\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{5685FB12-0B4D-4342-A6F7-4CCCCEBAB0BF}C:\users\david\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\david\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{408212E3-DA84-4344-AF50-ABE846049F16}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.0.2\google play music desktop player.exe
FirewallRules: [{19BECEC7-6A91-44BA-8F34-919DCC027C38}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.0.2\google play music desktop player.exe
FirewallRules: [UDP Query User{A35641A7-25DD-401B-BA53-2B1C27898F10}C:\users\david\appdata\local\gpmdp_3\app-4.0.2\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.0.2\google play music desktop player.exe
FirewallRules: [TCP Query User{5D32DD9B-4C75-47AC-A5C4-40ED49F29C3D}C:\users\david\appdata\local\gpmdp_3\app-4.0.2\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.0.2\google play music desktop player.exe
FirewallRules: [{E571A7BB-8C4E-4228-A94F-E8D1AA5B3C4E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{811516FB-7F3C-4795-9087-2336CDD3933E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{6A6F9A75-C047-4B9C-9950-2F8C5B8B80E4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [UDP Query User{121997AC-9273-4FD2-B34B-EE0AE0D45D11}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{20EC9491-4990-4707-92C6-6BBFAC8F87FF}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [{745680B3-5B88-453D-A018-1EC8454D7712}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D8F84356-D973-41E1-81D4-1C64B2E9E6C0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{465B6B7B-47AA-4B80-841F-680D9B642014}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2832C516-7279-4D2A-8DBC-52696ABFEBC6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{99EF9BF2-D829-4DE5-B498-1245D40C2C66}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{612A7241-A45E-43AA-A3DD-2F78C988B63A}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{31937266-CCAE-4AF9-ABA7-C90C827F275E}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{B9F1624D-9E1E-428C-900A-508C905C4C8E}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{778369A0-1C36-4302-800C-1AAA5B34E716}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{207ABA2E-23C3-4B86-9B9D-A8FE0460DE4C}C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe
FirewallRules: [UDP Query User{7D1625FF-AAB0-4ECB-8A81-79476AB5D81A}C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe
FirewallRules: [{1F4E296B-0683-4F0C-8B11-EEC377627FAE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D583EBA6-7688-4CC7-A2A3-23AE0B8F8C3D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5B44CEA3-18CF-442A-8700-B17F9E82E686}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{D5E62A91-B3A4-4BB4-8E1A-C4CEF4F4662D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{A496507B-5549-44FE-8187-165F9BC193BB}C:\program files (x86)\deluge\deluge.exe] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{501113CF-C6DA-4A31-B505-83EAE59AD672}C:\program files (x86)\deluge\deluge.exe] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{240B1108-1B1F-4F4C-A51F-FF02686536E9}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{21F0B8C5-3DE2-4153-BF03-8E81802003AF}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{7BE740F4-8652-4E31-A320-8AA319721275}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{0C5F8E5E-FFF0-46A9-AD4F-1A340632A789}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{16845C8B-F608-4158-AFF0-876A2E7A0E1A}] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{FD5BE619-E8D6-4160-9950-E57D41B8830F}] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{E557967B-8C6B-46B0-9059-B7A1099B41E9}] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [{BB00D7CD-52CB-4787-9D9D-975E6509A908}] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [{3A1A3CD3-79F6-4238-BE5F-723BAACD7954}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{017EF627-44B5-4FBB-9450-48B2FD9A509C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{2F837034-4136-40D5-834A-DEAF523A86A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metal Slug X\mslugx.exe
FirewallRules: [{B0197756-87C1-4D66-941C-5DD8253950F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metal Slug X\mslugx.exe
FirewallRules: [{4A027405-2E02-4515-8F98-C2B1F6F9E9F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{E57563DD-63A4-457B-97D6-C04F69F605A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{2CC5B71D-337C-4898-A7DB-AEFEB2069854}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\METAL SLUG\mslug1.exe
FirewallRules: [{82E70945-03AC-4F3B-87EB-1544ED11AD2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\METAL SLUG\mslug1.exe
FirewallRules: [{1DFB0D93-8B42-4D48-B298-F7408D2EEA94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6A051061-2D50-4475-B626-CBC074AA16A7}] => (Allow) C:\Program Files\FileZilla FTP Client\filezilla.exe
FirewallRules: [{BA039523-7C9E-41F4-B91A-8D65DB64D7BC}] => (Allow) C:\Program Files\FileZilla FTP Client\filezilla.exe
FirewallRules: [{5C891002-ACDD-4C1B-8216-C409DCE76C36}] => (Allow) C:\Program Files\FileZilla FTP Client\filezilla.exe
FirewallRules: [{5360C7A5-0FC7-49CC-8A94-044B24F0782C}] => (Allow) C:\Program Files\FileZilla FTP Client\filezilla.exe
FirewallRules: [TCP Query User{990EF94F-09F7-4338-A248-9A27E390C51B}C:\users\david\appdata\local\gpmdp_3\app-4.1.1\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.1.1\google play music desktop player.exe
FirewallRules: [UDP Query User{BBCB4968-94AC-4325-A924-DAF57EBBE762}C:\users\david\appdata\local\gpmdp_3\app-4.1.1\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.1.1\google play music desktop player.exe
FirewallRules: [{2DB159EA-059B-40CA-83BF-475DB9547906}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.1.1\google play music desktop player.exe
FirewallRules: [{B8CF0364-FEBC-47AA-88F7-D9EDCDB7E68F}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.1.1\google play music desktop player.exe
FirewallRules: [{8EEEB243-B9B7-4F01-B414-A3CB5A37A3DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{E16192EB-4148-4FC9-8621-563D53E88AC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe
FirewallRules: [TCP Query User{876BA950-CF19-4F88-B49D-F442420F5991}C:\users\david\appdata\local\gpmdp_3\app-4.2.0\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.2.0\google play music desktop player.exe
FirewallRules: [UDP Query User{6E139CDE-0886-45A1-95B5-AF652DFF496C}C:\users\david\appdata\local\gpmdp_3\app-4.2.0\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.2.0\google play music desktop player.exe
FirewallRules: [{AAACC7A0-D3BE-48A4-BD76-F9D323AE0B01}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.2.0\google play music desktop player.exe
FirewallRules: [{E1924B01-5FD5-4EC9-8313-93EADE644AB4}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.2.0\google play music desktop player.exe
FirewallRules: [TCP Query User{11D4C101-9665-4A46-95A6-699CE690C607}C:\users\david\appdata\local\gpmdp_3\app-4.3.0\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.3.0\google play music desktop player.exe
FirewallRules: [UDP Query User{74225EC6-6B2A-4FBB-AFC4-4CBC0439B456}C:\users\david\appdata\local\gpmdp_3\app-4.3.0\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.3.0\google play music desktop player.exe
FirewallRules: [{6762A0D3-3467-4DCC-88D7-AF371833AC66}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.3.0\google play music desktop player.exe
FirewallRules: [{F42CA628-0ED4-4373-AE6F-C8B5EA16C0AF}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.3.0\google play music desktop player.exe
FirewallRules: [{34BDE8A0-E554-443F-9E39-206601CB3E98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{D5F8754A-3820-4924-9EE6-C95828416501}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{187B6EA8-5642-4784-B573-BF2E781116B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{346FABF9-7E2E-45EE-B182-2C95BD8748A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{F29BD6DC-830B-4C5E-A021-40B536B2C0A1}C:\users\david\appdata\local\gpmdp_3\app-4.5.0\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.5.0\google play music desktop player.exe
FirewallRules: [UDP Query User{520FF8FF-DDFA-4D94-A5F0-7548DC570CFB}C:\users\david\appdata\local\gpmdp_3\app-4.5.0\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.5.0\google play music desktop player.exe
FirewallRules: [{F4382847-B64B-42A3-801F-120A362DB57C}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.5.0\google play music desktop player.exe
FirewallRules: [{8DF028E7-19AD-4D64-A73F-7E5B2410A41B}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.5.0\google play music desktop player.exe
FirewallRules: [{4C99CB8E-4459-4C19-B1C4-99345C19135C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{306D976D-250E-4F67-9D77-7C4794E2C785}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3CA54D98-0331-4BCC-9061-DE0677873D88}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{BE867AA3-8891-4AE2-8CE3-A72313754B58}C:\users\david\appdata\local\sodaplayer\app-1.2.1\soda player.exe] => (Allow) C:\users\david\appdata\local\sodaplayer\app-1.2.1\soda player.exe
FirewallRules: [UDP Query User{E4868B79-0476-423F-99BF-D2740F4C29A5}C:\users\david\appdata\local\sodaplayer\app-1.2.1\soda player.exe] => (Allow) C:\users\david\appdata\local\sodaplayer\app-1.2.1\soda player.exe
FirewallRules: [{C1CCF770-9705-4EF1-96A0-BC668CDBEBEA}] => (Block) C:\users\david\appdata\local\sodaplayer\app-1.2.1\soda player.exe
FirewallRules: [{65D3B98C-846D-4277-AC1B-F313340F90FF}] => (Block) C:\users\david\appdata\local\sodaplayer\app-1.2.1\soda player.exe
FirewallRules: [TCP Query User{15D6993F-6341-4603-B3B9-4131A45DA777}C:\users\david\appdata\roaming\soda player\acestream\engine\ace_engine.exe] => (Allow) C:\users\david\appdata\roaming\soda player\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{7D2B6AD2-B41F-45AE-BF7A-56C74C9C7CF2}C:\users\david\appdata\roaming\soda player\acestream\engine\ace_engine.exe] => (Allow) C:\users\david\appdata\roaming\soda player\acestream\engine\ace_engine.exe
FirewallRules: [{DF3261F3-8423-4CE4-92D8-2D42951D6458}] => (Block) C:\users\david\appdata\roaming\soda player\acestream\engine\ace_engine.exe
FirewallRules: [{7C9C7044-127B-4394-8639-16053FD0DB53}] => (Block) C:\users\david\appdata\roaming\soda player\acestream\engine\ace_engine.exe
FirewallRules: [{25B167A4-80AC-40B2-B4F7-A4FC848AA242}] => (Allow) C:\Program Files (x86)\Rehash\electrophysiological.exe
FirewallRules: [{C9D78168-843F-4C8A-BF1B-FA6D62401227}] => (Allow) C:\Program Files (x86)\Puck\electrophysiological.exe
FirewallRules: [{1D72C92F-EA59-4582-8E6A-1F36CC46217B}] => (Allow) C:\Program Files (x86)\billerica\rance.exe
FirewallRules: [{4ECE4CDC-941C-4B20-B989-6996C48436DB}] => (Allow) C:\Program Files (x86)\Puck\rance.exe
 
==================== Restore Points =========================
 
25-02-2018 21:53:26 Installed calibre 64bit
07-03-2018 14:51:36 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/13/2018 01:23:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program electrophysiological.exe version 3.9.8.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: cac
 
Start Time: 01d3ba8adcdcbe06
 
Termination Time: 2359
 
Application Path: C:\Users\David\AppData\Local\electrophysiological.exe
 
Report Id: 1db246b3-cb2f-4aec-83a7-4b177f0fb81e
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/13/2018 01:06:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ic-0.8dd8711558813.exe, version: 6.1.7600.16385, time stamp: 0x5aa4c3ec
Faulting module name: ic-0.8dd8711558813.exe, version: 6.1.7600.16385, time stamp: 0x5aa4c3ec
Exception code: 0xc00001a5
Fault offset: 0x00003640
Faulting process id: 0x206c
Faulting application start time: 0x01d3ba89097a1267
Faulting application path: C:\Users\David\AppData\Local\Temp\1307048984\ic-0.8dd8711558813.exe
Faulting module path: C:\Users\David\AppData\Local\Temp\1307048984\ic-0.8dd8711558813.exe
Report Id: ad74c233-0822-4cec-9965-fff6cec27951
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/12/2018 10:03:19 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/05/2018 01:37:04 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/03/2018 09:01:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Amazon Music.exe, version: 6.3.4.1269, time stamp: 0x5a8f826c
Faulting module name: Amazon Music.exe, version: 6.3.4.1269, time stamp: 0x5a8f826c
Exception code: 0xc0000409
Fault offset: 0x00809a23
Faulting process id: 0x26ac
Faulting application start time: 0x01d3b352a40201cc
Faulting application path: C:\Users\David\AppData\Local\Amazon Music\Amazon Music.exe
Faulting module path: C:\Users\David\AppData\Local\Amazon Music\Amazon Music.exe
Report Id: 68399921-ece8-4d4d-8b3f-779a3da7bd62
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/01/2018 11:50:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Amazon Music.exe, version: 6.3.4.1269, time stamp: 0x5a8f826c
Faulting module name: Amazon Music.exe, version: 6.3.4.1269, time stamp: 0x5a8f826c
Exception code: 0xc0000409
Fault offset: 0x00809a23
Faulting process id: 0xe8c
Faulting application start time: 0x01d3b1d8b7c4c5ca
Faulting application path: C:\Users\David\AppData\Local\Amazon Music\Amazon Music.exe
Faulting module path: C:\Users\David\AppData\Local\Amazon Music\Amazon Music.exe
Report Id: 11372035-1fc5-4b0c-b6bc-fbb462c1d4e0
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/28/2018 02:40:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Exception code: 0xc0000005
Fault offset: 0x00000000001c6e66
Faulting process id: 0x2770
Faulting application start time: 0x01d3b0c38b029e3e
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Report Id: 7f5a926c-ba71-4b25-b32f-dde31e7273a6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/27/2018 03:37:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CLVIEW.EXE, version: 15.0.4919.1000, time stamp: 0x58c7aaf4
Faulting module name: CoreUIComponents.dll, version: 10.0.16299.15, time stamp: 0x2b1f332b
Exception code: 0xc0000602
Fault offset: 0x000eff75
Faulting process id: 0xa34
Faulting application start time: 0x01d3b002717f9e88
Faulting application path: C:\Program Files\Microsoft Office 15\Root\Office15\CLVIEW.EXE
Faulting module path: C:\WINDOWS\System32\CoreUIComponents.dll
Report Id: 7e19cf72-a27c-4115-bf7f-90d36587f2cf
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (03/14/2018 04:05:23 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (03/14/2018 04:05:16 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/14/2018 04:04:26 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/14/2018 04:03:45 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/14/2018 04:03:11 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (03/14/2018 04:03:02 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/14/2018 04:02:54 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/14/2018 04:02:17 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
Windows Defender:
===================================
Date: 2018-03-13 01:14:09.531
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\foldershare\uninstaller.exe;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\foldershare;uninstall:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\foldershare
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\David\AppData\Local\Temp\is-HCA58.tmp\jfk0021.exe
Signature Version: AV: 1.263.484.0, AS: 1.263.484.0, NIS: 118.5.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-03-13 01:13:20.796
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\foldershare\uninstaller.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\David\AppData\Local\Temp\is-HCA58.tmp\jfk0021.exe
Signature Version: AV: 1.263.484.0, AS: 1.263.484.0, NIS: 118.5.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-03-13 01:11:37.228
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\foldershare\uninstaller.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\David\AppData\Local\Temp\is-HCA58.tmp\jfk0021.exe
Signature Version: AV: 1.263.484.0, AS: 1.263.484.0, NIS: 118.5.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-03-13 01:11:27.885
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win64/Detrahere!rfn
ID: 2147725652
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\drivers\lmcntgax.sys
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.263.484.0, AS: 1.263.484.0, NIS: 118.5.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-03-13 01:11:23.301
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win64/Detrahere!rfn
ID: 2147725652
Severity: Severe
Category: Trojan
Path: driver:_tuwrnivx;file:_C:\Windows\System32\drivers\lmcntgax.sys
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.263.484.0, AS: 1.263.484.0, NIS: 118.5.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-02-28 17:45:56.329
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.1689.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-02-28 17:45:56.329
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.14202.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-02-28 17:45:56.323
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.1689.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-02-28 17:45:56.322
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.1689.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-02-28 17:45:56.322
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.1689.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 11%
Total physical RAM: 8149.36 MB
Available physical RAM: 7193.89 MB
Total Virtual: 10709.36 MB
Available Virtual: 9909.29 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:464.59 GB) (Free:283.42 GB) NTFS
Drive d: (Drive) (Removable) (Total:7.27 GB) (Free:7.24 GB) NTFS
 
\\?\Volume{ebb3fe36-29e8-11e5-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.29 GB) NTFS
\\?\Volume{3897aef7-0000-0000-0000-a03b74000000}\ () (Fixed) (Total:0.83 GB) (Free:0.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 3897AEF7)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=849 MB) - (Type=27)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 7.3 GB) (Disk ID: E51D29E6)
Partition 1: (Active) - (Size=7.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 14 March 2018 - 08:09 PM

Biggest fixlist I put together in a while :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 assblasted

assblasted
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 14 March 2018 - 10:46 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by David (14-03-2018 23:25:15) Run:1
Running from D:\
Loaded Profiles: David (Available Profiles: David)
Boot Mode: Safe Mode (minimal)
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
HKLM\...\Run: [killings] => C:\Program Files (x86)\Rehash\electrophysiological.exe [21504 2018-03-13] ()
HKLM\...\Run: [killingsjoe] => C:\Program Files (x86)\billerica\rance.exe [20992 2018-03-13] ()
HKLM\...\Run: [killingskillings] => C:\Program Files (x86)\Puck\electrophysiological.exe [21504 2018-03-13] ()
HKLM\...\Run: [WebDiscoverBrowser] => C:\Program Files\WebDiscoverBrowser\3.210.2\browser.exe [918240 2017-10-23] () <==== ATTENTION
HKLM-x32\...\Run: [nitwit] => C:\Program Files (x86)\Rehash\electrophysiological.exe [21504 2018-03-13] ()
HKLM-x32\...\Run: [nitwitreefers] => C:\Program Files (x86)\billerica\rance.exe [20992 2018-03-13] ()
HKLM-x32\...\Run: [nitwitnitwit] => C:\Program Files (x86)\Puck\electrophysiological.exe [21504 2018-03-13] ()
HKLM-x32\...\Run: [AnonymizerGadget] => C:\Users\David\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe [347784 2018-03-13] (Jetico ltd) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [reefers] => C:\Program Files (x86)\Rehash\electrophysiological.exe [21504 2018-03-13] ()
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [reefersnitwit] => C:\Program Files (x86)\billerica\rance.exe [20992 2018-03-13] ()
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [reefersreefers] => C:\Program Files (x86)\Puck\electrophysiological.exe [21504 2018-03-13] ()
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [joe] => C:\Program Files (x86)\Rehash\electrophysiological.exe [21504 2018-03-13] ()
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [joekillings] => C:\Program Files (x86)\billerica\rance.exe [20992 2018-03-13] ()
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [joejoe] => C:\Program Files (x86)\Puck\electrophysiological.exe [21504 2018-03-13] ()
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [baldassare] => C:\Program Files (x86)\ita\baldassare.exe [66856 2018-03-13] ()
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [exterminators] => C:\Program Files (x86)\Rehash\electrophysiological.exe [21504 2018-03-13] ()
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [GOaRPULPfM.exe] => C:\Program Files\Windows Mail\IZ14H10PBIEJZEGJQPATREIO7Y5E7UCHGW\GOaRPULPfM.exe [393728 2018-03-13] ()
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cabotage.lnk [2018-03-13]
ShortcutTarget: cabotage.lnk -> C:\Program Files (x86)\Rehash\electrophysiological.exe ()
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cabotagecabotage.lnk [2018-03-13]
ShortcutTarget: cabotagecabotage.lnk -> C:\Program Files (x86)\billerica\rance.exe ()
GroupPolicy: Restriction <==== ATTENTION
 
CHR HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
 
S2 3070bdebde178e60142bdb2775e41f72; C:\WINDOWS\3070bdebde178e60142bdb2775e41f72.dll [1618944 2018-03-13] () [File not signed]
S2 4XqcvGKfuUeR Updater; C:\Program Files (x86)\4XqcvGKfuUeR Updater\4XqcvGKfuUeR Updater.exe [313344 2018-03-13] () [File not signed]
S2 e14589e77b94f01a7d23df380a0a0958; C:\Program Files\e14589e77b94f01a7d23df380a0a0958\5f465602e1e48bb8ddfb6fb2d8471053.exe [473088 2018-03-12] () [File not signed] <==== ATTENTION
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
S1 1123c9b8e05c5daabf4b1ceef6af5b45; C:\WINDOWS\system32\drivers\1123c9b8e05c5daabf4b1ceef6af5b45.sys [121976 2018-03-12] ()
S0 vlbtx; System32\drivers\snabokhi.sys [X]
 
Task: {0869227D-975C-4F00-BC79-22AC3E17AB57} - System32\Tasks\tussles dilger bonfires => C:\Users\David\AppData\Local\electrophysiological.exe [2018-03-13] ()
Task: {11B06BEE-3115-4FC0-95E2-481193EBEA6C} - System32\Tasks\baguano tookguano took => C:\Program Files (x86)\Puck\rance.exe [2018-03-13] ()
Task: {15530C30-6B86-4287-94FD-19BC9756B657} - System32\Tasks\GoogleUpdateSecurityTaskMachine_UT => C:\Users\David\AppData\Roaming\87a873c0526644cf9058c714ba016936\HandlerExecution.exe [2018-03-13] () <==== ATTENTION
Task: {1D594C76-B487-4677-9614-A359304F76CC} - System32\Tasks\GoogleUpdateSecurityTaskMachine_WU => C:\ProgramData\80e427b8d55b4345b75a87f45dfec350\HandlerExecution.exe [2018-03-13] () <==== ATTENTION
Task: {2641B13B-1599-455C-9C71-D9F852FF35DB} - System32\Tasks\petitioner => C:\Program Files (x86)\Rehash\electrophysiological.exe [2018-03-13] ()
Task: {2A01B97B-8E5B-470A-833F-5C0E65308E0B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2D1E09EF-EF9C-433A-BC5E-88886ABA7C90} - System32\Tasks\WebDiscover Browser Launch Task => C:\Program Files\WebDiscoverBrowser\3.210.2\browser.exe [2017-10-23] () <==== ATTENTION
Task: {360D09A6-AA06-44F0-97E2-492F080A8941} - System32\Tasks\bakeels-atheistickeels-atheistic => C:\Program Files (x86)\billerica\rance.exe [2018-03-13] ()
Task: {3A541E61-DCE3-4C36-9BB5-537C1E918161} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3A9826CA-9BFB-4C6B-921F-800785E51B10} - System32\Tasks\GoogleUpdateSecurityTaskMachine_OU => C:\Users\David\AppData\Roaming\aca3678d5d704bdb8cd358735a60dc2d\HandlerExecution.exe [2018-03-13] () <==== ATTENTION
Task: {3B1A0FDD-E849-4F2A-A8C6-192AE6F69718} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {44F92B30-008A-4DF1-A3B8-AA9A3FE7A5F3} - System32\Tasks\{0C080B47-7F09-0A05-7811-05097D09110D} => C:\WINDOWS\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAA7ADsAOwA7ACAAIAA7ACAAIAAgACAAOwAgACAAIAA7ADsAIAA7ACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcAYQByAG4AaQBuAGcA (the data entry has 10056 more characters). <==== ATTENTION
Task: {468A78E5-5554-4C89-BFCB-450CE93368B3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4BC50B57-A6F1-4101-887C-5453F2701B10} - System32\Tasks\GoogleUpdateSecurityTaskMachine_SO => C:\Users\David\AppData\Local\183e3f8eba414480a420b7a1c939acfc\HandlerExecution.exe [2018-03-13] () <==== ATTENTION
Task: {4F53719B-7BDC-4CEB-9C15-CB47648399C4} - System32\Tasks\baconsignsconsigns => C:\Program Files (x86)\lansky\lansky.exe [2018-03-13] ()
Task: {5312BCF4-FF2F-4D33-9D43-90BD7F6DAB10} - System32\Tasks\System Healer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2018-02-26] () <==== ATTENTION
Task: {5466A6AA-A044-4969-8B8A-F2398DBEED9B} - System32\Tasks\batussles dilger bonfirestussles dilger bonfires => C:\Users\David\AppData\Local\electrophysiological.exe [2018-03-13] ()
Task: {55C74193-0238-46BE-9A95-8CAF78A06926} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {595785DE-2E51-4BC6-8BB8-060404D9FAD3} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2018-02-26] () <==== ATTENTION
Task: {5C135677-3609-4951-B4A8-68299A0821EE} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {6B133DF7-4217-42A2-AEA0-2981BBCF6186} - System32\Tasks\e14589e77b94f01a7d23df380a0a0958 => sc start e14589e77b94f01a7d23df380a0a0958 <==== ATTENTION
Task: {71958027-B64D-40DC-97D7-C3CAC624D695} - \WPD\SqmUpload_S-1-5-21-2782644308-2723550521-4127866414-1001 -> No File <==== ATTENTION
Task: {76DFB640-FA04-4104-AD67-4C5530BA173D} - System32\Tasks\bapetitionerpetitioner => C:\Program Files (x86)\Rehash\electrophysiological.exe [2018-03-13] ()
Task: {7A61590A-DE3A-42E3-9B99-9282ED40CBF4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7B03066D-60A7-4420-9958-061CCE1CF089} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {7C5C0C20-85D0-4DE8-BE7D-D60EF278039F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {824499FF-E764-4B2E-9E4E-C4996BFA4BFF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8AD2450D-C26F-4C87-8EF6-AD98132FF5E2} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {8CFF29FE-5EFE-49EC-8C7C-AA02214C2B65} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {94A042F6-26CA-460F-9531-EB9EE87B701B} - System32\Tasks\sophy_phoney => C:\Program Files (x86)\Puck\electrophysiological.exe [2018-03-13] ()
Task: {981B49AA-2617-4112-AD45-64EC5D278D76} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-10] (Microleaves) <==== ATTENTION
Task: {9FB01935-BAD4-4CF0-BCEA-54D72C3323CA} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {A0F5FF06-BF69-4C60-B663-A1D157C2CF88} - System32\Tasks\keels-atheistic => C:\Program Files (x86)\billerica\rance.exe [2018-03-13] ()
Task: {A0F8F624-7B93-412C-B881-EBFCF34FAF86} - System32\Tasks\guano took => C:\Program Files (x86)\Puck\rance.exe [2018-03-13] ()
Task: {A733B358-08C6-4724-9EA3-9C950EE26951} - System32\Tasks\AGProxyCheck => C:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove]
Task: {A7877BF5-7F27-47F7-A0F7-A40ECB29A24B} - System32\Tasks\baspitballs_lampshadespitballs_lampshade => C:\Users\David\AppData\Local\rance.exe [2018-03-13] ()
Task: {B7ECFB91-EC00-4EBD-B042-3B086BD0F372} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B8AC4BF7-26D8-456A-9805-A749AD8694FC} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {BAFE08E1-B127-4B69-829C-8363D4365DDB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C186710F-9D22-4E44-AAFD-1CD69FCD0E99} - System32\Tasks\System Healer Delayed => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2018-02-26] () <==== ATTENTION
Task: {C331C4FD-9375-4AA8-A767-2271CB8EC315} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CA1902DC-2DAD-4923-92BB-8F4DC16A048D} - System32\Tasks\4XqcvGKfuUeR => 4xqcvgkfuuer.exe <==== ATTENTION
Task: {D50DAA50-7504-4EA8-B266-3D27FAC998A7} - System32\Tasks\WebDiscover Browser Update Task => C:\Program Files\WebDiscoverBrowser\3.210.2\browser.exe [2017-10-23] () <==== ATTENTION
Task: {DB790AB9-137F-4FE5-9853-0B462DF5905F} - System32\Tasks\spitballs_lampshade => C:\Users\David\AppData\Local\rance.exe [2018-03-13] ()
Task: {E135DAC5-B79C-406A-A9A7-67C9217E9CF7} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2018-02-26] () <==== ATTENTION
Task: {E46B2665-E27E-4260-A8A4-2A8DC9CC43E3} - System32\Tasks\GoogleUpdateSecurityTaskMachine_KI => C:\Users\David\AppData\Local\38f5e97d6cd44a35a2e00fbf6df47afb\HandlerExecution.exe [2018-03-13] () <==== ATTENTION
Task: {E6F15F3F-A64E-4791-BF29-A492AB043F76} - System32\Tasks\SystemHealer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2018-02-26] () <==== ATTENTION
Task: {E7A03923-737D-4EEB-BA4A-66A88145F551} - System32\Tasks\consigns => C:\Program Files (x86)\lansky\lansky.exe [2018-03-13] ()
Task: {E7AAAE20-20BC-4EC5-B598-2BE4BD2F8EBD} - System32\Tasks\basophy_phoneysophy_phoney => C:\Program Files (x86)\Puck\electrophysiological.exe [2018-03-13] ()
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
 
FirewallRules: [{25B167A4-80AC-40B2-B4F7-A4FC848AA242}] => (Allow) C:\Program Files (x86)\Rehash\electrophysiological.exe
FirewallRules: [{C9D78168-843F-4C8A-BF1B-FA6D62401227}] => (Allow) C:\Program Files (x86)\Puck\electrophysiological.exe
FirewallRules: [{1D72C92F-EA59-4582-8E6A-1F36CC46217B}] => (Allow) C:\Program Files (x86)\billerica\rance.exe
FirewallRules: [{4ECE4CDC-941C-4B20-B989-6996C48436DB}] => (Allow) C:\Program Files (x86)\Puck\rance.exe
 
C:\Program Files\e14589e77b94f01a7d23df380a0a0958
C:\Program Files\WebDiscoverBrowser
C:\Program Files\Windows Mail\IZ14H10PBIEJZEGJQPATREIO7Y5E7UCHGW
C:\Program Files (x86)\4XqcvGKfuUeR
C:\Program Files (x86)\4XqcvGKfuUeR Updater
C:\Program Files (x86)\billerica
C:\Program Files (x86)\Rehash
C:\Program Files (x86)\Puck
C:\Program Files (x86)\ita
C:\Program Files (x86)\foldershare
C:\Program Files (x86)\s5
C:\Program Files (x86)\Microleaves
C:\Program Files (x86)\AnonymizerGadget
C:\Program Files (x86)\SystemHealer
C:\Program Files (x86)\Rehash
C:\Program Files (x86)\lansky
C:\Program Files (x86)\billerica
C:\ProgramData\ee9f590c-7171-1
C:\ProgramData\ee9f590c-2597-0
C:\ProgramData\80e427b8d55b4345b75a87f45dfec350
C:\ProgramData\616ca8e3-9bd6-4a32-a4f3-3640822a6c06
C:\ProgramData\1520917789
C:\ProgramData\ntuser.pol
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
C:\Users\David\Desktop\foldershare.lnk
C:\Users\David\Desktop\s5.lnk
C:\Users\David\Desktop\WebDiscover Browser.lnk
C:\Users\David\AppData\Local\38f5e97d6cd44a35a2e00fbf6df47afb
C:\Users\David\AppData\Local\183e3f8eba414480a420b7a1c939acfc
C:\Users\David\AppData\Local\AdvinstAnalytics
C:\Users\David\AppData\Local\WebDiscoverBrowser
C:\Users\David\AppData\Local\InstallationConfiguration.xml
C:\Users\David\AppData\Local\po.db
C:\Users\David\AppData\Local\installer.dat
C:\Users\David\AppData\Local\electrophysiological.exe
C:\Users\David\AppData\Local\rance.exe
2018-03-13 01:03 - 2018-03-13 01:03 - 000024576 _____ (1010 Vine Street) C:\Users\David\AppData\Local\Temp\capi.exe
2018-03-13 01:02 - 2018-03-13 01:02 - 001797855 _____ () C:\Users\David\AppData\Local\Temp\gimi.exe
2018-03-13 01:03 - 2018-03-13 01:03 - 003988942 _____ (Indigo Rose Corporation) C:\Users\David\AppData\Local\Temp\ing.exe
C:\Users\David\AppData\Roaming\aca3678d5d704bdb8cd358735a60dc2d
C:\Users\David\AppData\Roaming\87a873c0526644cf9058c714ba016936
C:\Users\David\AppData\Roaming\AGData
C:\Users\David\AppData\Roaming\Microleaves
C:\Users\David\AppData\Roaming\et
C:\Users\David\AppData\Roaming\SystemHealer
C:\Users\David\AppData\Roaming\System Healer
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
C:\WINDOWS\b47720645
C:\WINDOWS\3070bdebde178e60142bdb2775e41f72.dll
C:\WINDOWS\3b0e8ae12f8a986c33482f221e849207.exe
C:\WINDOWS\choquette.exe
C:\WINDOWS\uninstaller.dat
C:\WINDOWS\system32\csaevwi
C:\WINDOWS\system32\drivers\1123c9b8e05c5daabf4b1ceef6af5b45.sys
C:\WINDOWS\SysWOW64\csaevwi
C:\WINDOWS\SysWOW64\SSL
 
Hosts:
EmptyTemp:
*****************
 
Processes closed successfully.
Error: Restore point can only be created in normal mode.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\killings" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\killingsjoe" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\killingskillings" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WebDiscoverBrowser" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\nitwit" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\nitwitreefers" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\nitwitnitwit" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AnonymizerGadget" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\Software\Microsoft\Windows\CurrentVersion\Run\\reefers" => removed successfully
"HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\Software\Microsoft\Windows\CurrentVersion\Run\\reefersnitwit" => removed successfully
"HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\Software\Microsoft\Windows\CurrentVersion\Run\\reefersreefers" => removed successfully
"HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\Software\Microsoft\Windows\CurrentVersion\Run\\joe" => removed successfully
"HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\Software\Microsoft\Windows\CurrentVersion\Run\\joekillings" => removed successfully
"HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\Software\Microsoft\Windows\CurrentVersion\Run\\joejoe" => removed successfully
"HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\Software\Microsoft\Windows\CurrentVersion\Run\\baldassare" => removed successfully
"HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\Software\Microsoft\Windows\CurrentVersion\Run\\exterminators" => removed successfully
"HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GOaRPULPfM.exe" => removed successfully
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cabotage.lnk => moved successfully
C:\Program Files => FRST is scripted not to move this directory.
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cabotagecabotage.lnk => moved successfully
C:\Program Files => FRST is scripted not to move this directory.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo" => removed successfully
"HKLM\System\CurrentControlSet\Services\3070bdebde178e60142bdb2775e41f72" => removed successfully
3070bdebde178e60142bdb2775e41f72 => service removed successfully
"HKLM\System\CurrentControlSet\Services\4XqcvGKfuUeR Updater" => removed successfully
4XqcvGKfuUeR Updater => service removed successfully
"HKLM\System\CurrentControlSet\Services\e14589e77b94f01a7d23df380a0a0958" => removed successfully
e14589e77b94f01a7d23df380a0a0958 => service removed successfully
"HKLM\System\CurrentControlSet\Services\windowsmanagementservice" => removed successfully
windowsmanagementservice => service removed successfully
"HKLM\System\CurrentControlSet\Services\1123c9b8e05c5daabf4b1ceef6af5b45" => removed successfully
1123c9b8e05c5daabf4b1ceef6af5b45 => service removed successfully
"HKLM\System\CurrentControlSet\Services\vlbtx" => removed successfully
vlbtx => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0869227D-975C-4F00-BC79-22AC3E17AB57}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0869227D-975C-4F00-BC79-22AC3E17AB57}" => removed successfully
C:\WINDOWS\System32\Tasks\tussles dilger bonfires => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tussles dilger bonfires" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11B06BEE-3115-4FC0-95E2-481193EBEA6C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11B06BEE-3115-4FC0-95E2-481193EBEA6C}" => removed successfully
C:\WINDOWS\System32\Tasks\baguano tookguano took => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\baguano tookguano took" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15530C30-6B86-4287-94FD-19BC9756B657}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15530C30-6B86-4287-94FD-19BC9756B657}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_UT => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_UT" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D594C76-B487-4677-9614-A359304F76CC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D594C76-B487-4677-9614-A359304F76CC}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_WU => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_WU" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2641B13B-1599-455C-9C71-D9F852FF35DB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2641B13B-1599-455C-9C71-D9F852FF35DB}" => removed successfully
C:\WINDOWS\System32\Tasks\petitioner => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\petitioner" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A01B97B-8E5B-470A-833F-5C0E65308E0B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A01B97B-8E5B-470A-833F-5C0E65308E0B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D1E09EF-EF9C-433A-BC5E-88886ABA7C90}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D1E09EF-EF9C-433A-BC5E-88886ABA7C90}" => removed successfully
C:\WINDOWS\System32\Tasks\WebDiscover Browser Launch Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebDiscover Browser Launch Task" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{360D09A6-AA06-44F0-97E2-492F080A8941}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{360D09A6-AA06-44F0-97E2-492F080A8941}" => removed successfully
C:\WINDOWS\System32\Tasks\bakeels-atheistickeels-atheistic => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bakeels-atheistickeels-atheistic" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A541E61-DCE3-4C36-9BB5-537C1E918161}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A541E61-DCE3-4C36-9BB5-537C1E918161}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A9826CA-9BFB-4C6B-921F-800785E51B10}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A9826CA-9BFB-4C6B-921F-800785E51B10}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_OU => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_OU" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B1A0FDD-E849-4F2A-A8C6-192AE6F69718}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B1A0FDD-E849-4F2A-A8C6-192AE6F69718}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44F92B30-008A-4DF1-A3B8-AA9A3FE7A5F3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44F92B30-008A-4DF1-A3B8-AA9A3FE7A5F3}" => removed successfully
C:\WINDOWS\System32\Tasks\{0C080B47-7F09-0A05-7811-05097D09110D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C080B47-7F09-0A05-7811-05097D09110D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{468A78E5-5554-4C89-BFCB-450CE93368B3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{468A78E5-5554-4C89-BFCB-450CE93368B3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BC50B57-A6F1-4101-887C-5453F2701B10}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BC50B57-A6F1-4101-887C-5453F2701B10}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_SO => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_SO" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F53719B-7BDC-4CEB-9C15-CB47648399C4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F53719B-7BDC-4CEB-9C15-CB47648399C4}" => removed successfully
C:\WINDOWS\System32\Tasks\baconsignsconsigns => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\baconsignsconsigns" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5312BCF4-FF2F-4D33-9D43-90BD7F6DAB10}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5312BCF4-FF2F-4D33-9D43-90BD7F6DAB10}" => removed successfully
C:\WINDOWS\System32\Tasks\System Healer Monitor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Monitor" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5466A6AA-A044-4969-8B8A-F2398DBEED9B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5466A6AA-A044-4969-8B8A-F2398DBEED9B}" => removed successfully
C:\WINDOWS\System32\Tasks\batussles dilger bonfirestussles dilger bonfires => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\batussles dilger bonfirestussles dilger bonfires" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55C74193-0238-46BE-9A95-8CAF78A06926}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55C74193-0238-46BE-9A95-8CAF78A06926}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{595785DE-2E51-4BC6-8BB8-060404D9FAD3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{595785DE-2E51-4BC6-8BB8-060404D9FAD3}" => removed successfully
C:\WINDOWS\System32\Tasks\System HealerStartUp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerStartUp" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C135677-3609-4951-B4A8-68299A0821EE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C135677-3609-4951-B4A8-68299A0821EE}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G5 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6B133DF7-4217-42A2-AEA0-2981BBCF6186}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B133DF7-4217-42A2-AEA0-2981BBCF6186}" => removed successfully
C:\WINDOWS\System32\Tasks\e14589e77b94f01a7d23df380a0a0958 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e14589e77b94f01a7d23df380a0a0958" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71958027-B64D-40DC-97D7-C3CAC624D695}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71958027-B64D-40DC-97D7-C3CAC624D695}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2782644308-2723550521-4127866414-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76DFB640-FA04-4104-AD67-4C5530BA173D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76DFB640-FA04-4104-AD67-4C5530BA173D}" => removed successfully
C:\WINDOWS\System32\Tasks\bapetitionerpetitioner => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bapetitionerpetitioner" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A61590A-DE3A-42E3-9B99-9282ED40CBF4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A61590A-DE3A-42E3-9B99-9282ED40CBF4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B03066D-60A7-4420-9958-061CCE1CF089}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B03066D-60A7-4420-9958-061CCE1CF089}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G6 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C5C0C20-85D0-4DE8-BE7D-D60EF278039F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C5C0C20-85D0-4DE8-BE7D-D60EF278039F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{824499FF-E764-4B2E-9E4E-C4996BFA4BFF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{824499FF-E764-4B2E-9E4E-C4996BFA4BFF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8AD2450D-C26F-4C87-8EF6-AD98132FF5E2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AD2450D-C26F-4C87-8EF6-AD98132FF5E2}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G3 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8CFF29FE-5EFE-49EC-8C7C-AA02214C2B65}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CFF29FE-5EFE-49EC-8C7C-AA02214C2B65}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{94A042F6-26CA-460F-9531-EB9EE87B701B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94A042F6-26CA-460F-9531-EB9EE87B701B}" => removed successfully
C:\WINDOWS\System32\Tasks\sophy_phoney => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\sophy_phoney" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{981B49AA-2617-4112-AD45-64EC5D278D76}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{981B49AA-2617-4112-AD45-64EC5D278D76}" => removed successfully
C:\WINDOWS\System32\Tasks\Updater_Online_Application => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FB01935-BAD4-4CF0-BCEA-54D72C3323CA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FB01935-BAD4-4CF0-BCEA-54D72C3323CA}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G4 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0F5FF06-BF69-4C60-B663-A1D157C2CF88}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0F5FF06-BF69-4C60-B663-A1D157C2CF88}" => removed successfully
C:\WINDOWS\System32\Tasks\keels-atheistic => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\keels-atheistic" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0F8F624-7B93-412C-B881-EBFCF34FAF86}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0F8F624-7B93-412C-B881-EBFCF34FAF86}" => removed successfully
C:\WINDOWS\System32\Tasks\guano took => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\guano took" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A733B358-08C6-4724-9EA3-9C950EE26951}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A733B358-08C6-4724-9EA3-9C950EE26951}" => removed successfully
C:\WINDOWS\System32\Tasks\AGProxyCheck => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AGProxyCheck" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7877BF5-7F27-47F7-A0F7-A40ECB29A24B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7877BF5-7F27-47F7-A0F7-A40ECB29A24B}" => removed successfully
C:\WINDOWS\System32\Tasks\baspitballs_lampshadespitballs_lampshade => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\baspitballs_lampshadespitballs_lampshade" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B7ECFB91-EC00-4EBD-B042-3B086BD0F372}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7ECFB91-EC00-4EBD-B042-3B086BD0F372}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8AC4BF7-26D8-456A-9805-A749AD8694FC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8AC4BF7-26D8-456A-9805-A749AD8694FC}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAFE08E1-B127-4B69-829C-8363D4365DDB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAFE08E1-B127-4B69-829C-8363D4365DDB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C186710F-9D22-4E44-AAFD-1CD69FCD0E99}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C186710F-9D22-4E44-AAFD-1CD69FCD0E99}" => removed successfully
C:\WINDOWS\System32\Tasks\System Healer Delayed => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Delayed" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C331C4FD-9375-4AA8-A767-2271CB8EC315}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C331C4FD-9375-4AA8-A767-2271CB8EC315}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA1902DC-2DAD-4923-92BB-8F4DC16A048D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA1902DC-2DAD-4923-92BB-8F4DC16A048D}" => removed successfully
C:\WINDOWS\System32\Tasks\4XqcvGKfuUeR => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4XqcvGKfuUeR" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D50DAA50-7504-4EA8-B266-3D27FAC998A7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D50DAA50-7504-4EA8-B266-3D27FAC998A7}" => removed successfully
C:\WINDOWS\System32\Tasks\WebDiscover Browser Update Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebDiscover Browser Update Task" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB790AB9-137F-4FE5-9853-0B462DF5905F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB790AB9-137F-4FE5-9853-0B462DF5905F}" => removed successfully
C:\WINDOWS\System32\Tasks\spitballs_lampshade => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\spitballs_lampshade" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E135DAC5-B79C-406A-A9A7-67C9217E9CF7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E135DAC5-B79C-406A-A9A7-67C9217E9CF7}" => removed successfully
C:\WINDOWS\System32\Tasks\System HealerPeriod => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerPeriod" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E46B2665-E27E-4260-A8A4-2A8DC9CC43E3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E46B2665-E27E-4260-A8A4-2A8DC9CC43E3}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_KI => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_KI" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6F15F3F-A64E-4791-BF29-A492AB043F76}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6F15F3F-A64E-4791-BF29-A492AB043F76}" => removed successfully
C:\WINDOWS\System32\Tasks\SystemHealer Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Task" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E7A03923-737D-4EEB-BA4A-66A88145F551}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7A03923-737D-4EEB-BA4A-66A88145F551}" => removed successfully
C:\WINDOWS\System32\Tasks\consigns => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\consigns" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7AAAE20-20BC-4EC5-B598-2BE4BD2F8EBD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7AAAE20-20BC-4EC5-B598-2BE4BD2F8EBD}" => removed successfully
C:\WINDOWS\System32\Tasks\basophy_phoneysophy_phoney => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\basophy_phoneysophy_phoney" => removed successfully
C:\WINDOWS\Tasks\Online Application V2G1.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G2.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G3.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G4.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G5.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G6.job => moved successfully
C:\WINDOWS\Tasks\System HealerPeriod.job => moved successfully
C:\WINDOWS\Tasks\System HealerStartUp.job => moved successfully
C:\WINDOWS\Tasks\Updater_Online_Application.job => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{25B167A4-80AC-40B2-B4F7-A4FC848AA242}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9D78168-843F-4C8A-BF1B-FA6D62401227}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D72C92F-EA59-4582-8E6A-1F36CC46217B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4ECE4CDC-941C-4B20-B989-6996C48436DB}" => removed successfully
C:\Program Files\e14589e77b94f01a7d23df380a0a0958 => moved successfully
C:\Program Files\WebDiscoverBrowser => moved successfully
C:\Program Files\Windows Mail\IZ14H10PBIEJZEGJQPATREIO7Y5E7UCHGW => moved successfully
C:\Program Files (x86)\4XqcvGKfuUeR => moved successfully
C:\Program Files (x86)\4XqcvGKfuUeR Updater => moved successfully
C:\Program Files (x86)\billerica => moved successfully
C:\Program Files (x86)\Rehash => moved successfully
C:\Program Files (x86)\Puck => moved successfully
C:\Program Files (x86)\ita => moved successfully
C:\Program Files (x86)\foldershare => moved successfully
C:\Program Files (x86)\s5 => moved successfully
C:\Program Files (x86)\Microleaves => moved successfully
C:\Program Files (x86)\AnonymizerGadget => moved successfully
C:\Program Files (x86)\SystemHealer => moved successfully
"C:\Program Files (x86)\Rehash" => not found
C:\Program Files (x86)\lansky => moved successfully
"C:\Program Files (x86)\billerica" => not found
C:\ProgramData\ee9f590c-7171-1 => moved successfully
C:\ProgramData\ee9f590c-2597-0 => moved successfully
C:\ProgramData\80e427b8d55b4345b75a87f45dfec350 => moved successfully
C:\ProgramData\616ca8e3-9bd6-4a32-a4f3-3640822a6c06 => moved successfully
C:\ProgramData\1520917789 => moved successfully
C:\ProgramData\ntuser.pol => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer => moved successfully
C:\Users\David\Desktop\foldershare.lnk => moved successfully
C:\Users\David\Desktop\s5.lnk => moved successfully
C:\Users\David\Desktop\WebDiscover Browser.lnk => moved successfully
C:\Users\David\AppData\Local\38f5e97d6cd44a35a2e00fbf6df47afb => moved successfully
C:\Users\David\AppData\Local\183e3f8eba414480a420b7a1c939acfc => moved successfully
C:\Users\David\AppData\Local\AdvinstAnalytics => moved successfully
C:\Users\David\AppData\Local\WebDiscoverBrowser => moved successfully
C:\Users\David\AppData\Local\InstallationConfiguration.xml => moved successfully
C:\Users\David\AppData\Local\po.db => moved successfully
C:\Users\David\AppData\Local\installer.dat => moved successfully
C:\Users\David\AppData\Local\electrophysiological.exe => moved successfully
C:\Users\David\AppData\Local\rance.exe => moved successfully
C:\Users\David\AppData\Local\Temp\capi.exe => moved successfully
C:\Users\David\AppData\Local\Temp\gimi.exe => moved successfully
C:\Users\David\AppData\Local\Temp\ing.exe => moved successfully
C:\Users\David\AppData\Roaming\aca3678d5d704bdb8cd358735a60dc2d => moved successfully
C:\Users\David\AppData\Roaming\87a873c0526644cf9058c714ba016936 => moved successfully
C:\Users\David\AppData\Roaming\AGData => moved successfully
C:\Users\David\AppData\Roaming\Microleaves => moved successfully
C:\Users\David\AppData\Roaming\et => moved successfully
C:\Users\David\AppData\Roaming\SystemHealer => moved successfully
C:\Users\David\AppData\Roaming\System Healer => moved successfully
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget => moved successfully
C:\WINDOWS\b47720645 => moved successfully
C:\WINDOWS\3070bdebde178e60142bdb2775e41f72.dll => moved successfully
C:\WINDOWS\3b0e8ae12f8a986c33482f221e849207.exe => moved successfully
C:\WINDOWS\choquette.exe => moved successfully
C:\WINDOWS\uninstaller.dat => moved successfully
C:\WINDOWS\system32\csaevwi => moved successfully
C:\WINDOWS\system32\drivers\1123c9b8e05c5daabf4b1ceef6af5b45.sys => moved successfully
C:\WINDOWS\SysWOW64\csaevwi => moved successfully
C:\WINDOWS\SysWOW64\SSL => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54963126 B
Java, Flash, Steam htmlcache => 180220013 B
Windows/system/drivers => 42537740 B
Edge => 2333659 B
Chrome => 443018137 B
Firefox => 61544961 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 253008 B
David => 123737750 B
 
RecycleBin => 28430238 B
EmptyTemp: => 902.4 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 23:26:16 ====


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 15 March 2018 - 07:13 AM

Awesome! Now, let's see if Malwarebytes picks up more stuff.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 assblasted

assblasted
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 15 March 2018 - 12:16 PM

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/15/18
Scan Time: 12:52 PM
Log File: 332a62da-2871-11e8-8abe-bc5ff48d6004.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.4368
License: Free
 
-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: PC\David
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346082
Threats Detected: 62
Threats Quarantined: 62
Time Elapsed: 13 min, 39 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 28
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [9320], [246387],1.0.4368
Adware.SearchAwesome, HKLM\SOFTWARE\SrcAAAesom Browser Enhancer, Quarantined, [4384], [424837],1.0.4368
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, Quarantined, [7974], [253915],1.0.4368
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online Application, Quarantined, [513], [360190],1.0.4368
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online.io Application, Quarantined, [513], [317312],1.0.4368
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [513], [339688],1.0.4368
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [20], [260247],1.0.4368
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\CONSOLE\TASKENG.EXE, Quarantined, [5048], [425125],1.0.4368
PUP.Optional.Wajam, HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\SOFTWARE\WajIEnhance, Quarantined, [73], [244670],1.0.4368
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [73], [-1],0.0.0
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\SOFTWARE\WebDiscoverBrowser, Quarantined, [7974], [253912],1.0.4368
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [20], [260247],1.0.4368
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FD13F4A2-B0D8-4CAD-9CCF-D4128EAF25FF}_IS1, Quarantined, [7974], [253914],1.0.4368
Adware.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\11598763487076930564, Quarantined, [1657], [424293],1.0.4368
Trojan.Yelloader, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\s5m, Quarantined, [1328], [452261],1.0.4368
PUP.Optional.SystemHealer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SystemHealer_is1, Quarantined, [783], [485556],1.0.4368
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [513], [398592],1.0.4368
Adware.DNSUnlocker.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\4XqcvGKfuUeR Updater_is1, Quarantined, [8310], [446621],1.0.4368
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Quarantined, [5048], [425124],1.0.4368
Adware.SearchAwesome, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\e14589e77b94f01a7d23df380a0a0958, Quarantined, [4384], [424836],1.0.4368
PUP.Optional.SystemHealer, HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\SOFTWARE\SYSTEM HEALER, Quarantined, [783], [261796],1.0.4368
PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [9320], [246387],1.0.4368
Adware.SearchAwesome, HKLM\SOFTWARE\WOW6432NODE\SrcAAAesom Browser Enhancer, Quarantined, [4384], [424837],1.0.4368
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WOW6432NODE\WebDiscoverBrowser, Quarantined, [7974], [253915],1.0.4368
Adware.VidSquare.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A97606DF-0FE1-4390-B0DD-ADA8B303AE61}_is1, Quarantined, [2615], [372833],1.0.4368
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [73], [170024],1.0.4368
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [73], [170024],1.0.4368
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [73], [170024],1.0.4368
 
Registry Value: 15
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Quarantined, [5048], [425125],1.0.4368
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [73], [-1],0.0.0
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FD13F4A2-B0D8-4CAD-9CCF-D4128EAF25FF}_IS1|DISPLAYNAME, Quarantined, [7974], [253914],1.0.4368
Adware.DNSUnlocker.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\4XqcvGKfuUeR Updater_is1|UNINSTALLSTRING, Quarantined, [8310], [446621],1.0.4368
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Quarantined, [5048], [425124],1.0.4368
Adware.SearchAwesome, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\e14589e77b94f01a7d23df380a0a0958|DISPLAYNAME, Quarantined, [4384], [424836],1.0.4368
Adware.SearchAwesome.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\e14589e77b94f01a7d23df380a0a0958|PUBLISHER, Quarantined, [8255], [437519],1.0.4368
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{264fe798-933c-40ff-a0a8-f837d12979c2}|NAMESERVER, Quarantined, [5304], [260227],1.0.4368
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Quarantined, [5048], [425126],1.0.4368
PUP.Optional.SystemHealer, HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\SOFTWARE\SYSTEM HEALER|CARTURL, Quarantined, [783], [261796],1.0.4368
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|CONTACT, Quarantined, [513], [333852],1.0.4368
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|URLINFOABOUT, Quarantined, [513], [321304],1.0.4368
Adware.VidSquare.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A97606DF-0FE1-4390-B0DD-ADA8B303AE61}_is1|DISPLAYNAME, Quarantined, [2615], [372833],1.0.4368
 
Registry Data: 7
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replaced, [20], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replaced, [20], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{264fe798-933c-40ff-a0a8-f837d12979c2}|NameServer, Replaced, [20], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{264fe798-933c-40ff-a0a8-f837d12979c2}|DhcpNameServer, Replaced, [20], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}|NameServer, Replaced, [20], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9622632d-f513-40c5-85d0-96380709710f}|NameServer, Replaced, [20], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{ae56d974-575a-4ff8-a62c-2e2f8dd97b41}|NameServer, Replaced, [20], [-1],0.0.0
 
Data Stream: 0
(No malicious items detected)
 
Folder: 5
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\reports, Quarantined, [7974], [444086],1.0.4368
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad, Quarantined, [7974], [444086],1.0.4368
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data, Quarantined, [7974], [444086],1.0.4368
PUP.Optional.WebDiscoverBrowser, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\WEBDISCOVERBROWSER, Quarantined, [7974], [444086],1.0.4368
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [513], [391425],1.0.4368
 
File: 7
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\metadata, Quarantined, [7974], [444086],1.0.4368
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\settings.dat, Quarantined, [7974], [444086],1.0.4368
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\CrashpadMetrics-active.pma, Quarantined, [7974], [444086],1.0.4368
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Quarantined, [513], [391425],1.0.4368
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Quarantined, [513], [391425],1.0.4368
PUP.Optional.SystemHealer, C:\USERS\DAVID\DESKTOP\LAUNCH SYSTEM HEALER.LNK, Quarantined, [783], [252782],1.0.4368
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [513], [391431],1.0.4368
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 15 March 2018 - 07:37 PM

Looks like it did indeed. Now let's do a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 assblasted

assblasted
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 15 March 2018 - 10:31 PM

Here is the RogueKiller log. My web browser opened on its own a couple of times while using RogueKiller - first, when I started the program, and second, when the scan completed. I don't know what to make of that.

RogueKiller V12.12.8.0 (x64) [Mar 12 2018] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : David [Administrator]
Started from : C:\Users\David\Desktop\RogueKiller64.exe
Mode : Delete -- Date : 03/15/2018 22:42:59 (Duration : 00:43:41)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 7 ¤¤¤
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} (C:\Users\David\AppData\Local\GoToMeeting\7881\G2MOutlookAddin64.dll) -> Deleted
[PUP.OnlineIO] (X86) HKEY_LOCAL_MACHINE\Software\Microleaves -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\xs -> Deleted
[PUP.OnlineIO|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2782644308-2723550521-4127866414-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnonymizerGadget -> Deleted
[PUP.OnlineIO|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2782644308-2723550521-4127866414-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnonymizerGadget -> Deleted
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2782644308-2723550521-4127866414-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2782644308-2723550521-4127866414-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Replaced (1)
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-00ERMA0 +++++
--- User ---
[MBR] df4bbe128eaaa19122fe5f1320af08f5
[BSP] 2010e3eb542dec527a1fe4bb9337b94c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 475738 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975032320 | Size: 849 MB
User = LL1 ... OK
User = LL2 ... OK


#12 assblasted

assblasted
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 15 March 2018 - 10:38 PM

# AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 16 03:34:16 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\Users\David\AppData\Roaming\.acestream
Deleted: C:\_acestream_cache_
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{15D6993F-6341-4603-B3B9-4131A45DA777}C:\users\david\appdata\roaming\soda player\acestream\engine\ace_engine.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{7D2B6AD2-B41F-45AE-BF7A-56C74C9C7CF2}C:\users\david\appdata\roaming\soda player\acestream\engine\ace_engine.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DF3261F3-8423-4CE4-92D8-2D42951D6458}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7C9C7044-127B-4394-8639-16053FD0DB53}
Deleted: [Key] - HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted: [Key] - HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [1992 B] - [2017/9/5 17:1:34]
C:/AdwCleaner/AdwCleaner[C1].txt - [2280 B] - [2017/11/10 5:42:1]
C:/AdwCleaner/AdwCleaner[C2].txt - [2467 B] - [2018/1/19 23:14:21]
C:/AdwCleaner/AdwCleaner[S0].txt - [1908 B] - [2017/9/5 17:1:22]
C:/AdwCleaner/AdwCleaner[S1].txt - [1076 B] - [2017/10/25 19:23:17]
C:/AdwCleaner/AdwCleaner[S2].txt - [1145 B] - [2017/10/26 0:52:11]
C:/AdwCleaner/AdwCleaner[S3].txt - [2143 B] - [2017/11/10 5:41:19]
C:/AdwCleaner/AdwCleaner[S4].txt - [1348 B] - [2017/11/17 23:10:24]
C:/AdwCleaner/AdwCleaner[S5].txt - [1417 B] - [2017/12/20 20:57:1]
C:/AdwCleaner/AdwCleaner[S6].txt - [2365 B] - [2018/1/19 23:13:9]
C:/AdwCleaner/AdwCleaner[S7].txt - [1620 B] - [2018/2/28 23:47:25]
C:/AdwCleaner/AdwCleaner[S8].txt - [3652 B] - [2018/3/16 3:33:24]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt ##########


#13 assblasted

assblasted
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 15 March 2018 - 10:40 PM

Aura, 
 

The folder with the executable that caused the whole mess is still on my PC. Can I get rid of it by just placing it in the Recycle Bin?

Thanks.



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 16 March 2018 - 07:03 AM

Here is the RogueKiller log. My web browser opened on its own a couple of times while using RogueKiller - first, when I started the program, and second, when the scan completed. I don't know what to make of that.


RogueKiller caused that. It wanted to open the Adlice Software (RogueKiller's author) website to show some information about the threats it detected.

The folder with the executable that caused the whole mess is still on my PC. Can I get rid of it by just placing it in the Recycle Bin?


And not yet, we'll get to that right now, as I'll remove it using FRST. Run a new scan with FRST and provide me a fresh set of logs, I'll look for remnants.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 assblasted

assblasted
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 16 March 2018 - 11:45 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by David (administrator) on PC (16-03-2018 12:40:51)
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Oracle Corporation) C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE
(Oracle Corporation) C:\oraclexe\app\oracle\product\11.2.0\server\bin\oracle.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(Scarlet.Crush Productions) C:\Program Files\ScpServer\bin\ScpService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(f.lux Software LLC) C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe
(Amazon Services LLC) C:\Users\David\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3222448 2017-10-12] (Dominik Reichl)
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [f.lux] => C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [Amazon Music] => C:\Users\David\AppData\Local\Amazon Music\Amazon Music.exe*se]**詛柛ᜀ蠀C:\Users\David\AppData\Roaming\Microsoft\Windows\Libraries*
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [Spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-20] (Spotify Ltd)
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [Amazon Music Helper] => C:\Users\David\AppData\Local\Amazon Music\Amazon Music Helper.exe [4238824 2018-02-22] (Amazon Services LLC)
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [136737 2018-03-13] ()
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-03-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{264fe798-933c-40ff-a0a8-f837d12979c2}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{264fe798-933c-40ff-a0a8-f837d12979c2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9622632d-f513-40c5-85d0-96380709710f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{ae56d974-575a-4ff8-a62c-2e2f8dd97b41}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b85ce94f-005a-11e8-b439-806e6f6e6963}: [NameServer] 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-12-14] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-12-14] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: hhftabs7.default-1519584770620
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hhftabs7.default-1519584770620 [2018-03-14]
FF Extension: (uBlock Origin) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hhftabs7.default-1519584770620\Extensions\uBlock0@raymondhill.net.xpi [2018-02-25]
FF HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\David\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-12-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-12-14] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\secure_cert.js [2018-03-14]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR NewTab: Default ->  Active:"chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default [2018-03-16]
CHR Extension: (Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (uBlock Origin) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-02-09]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Block & Focus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpbedhdekgkhigjgmlcbmcjoeaebbfm [2018-01-12]
CHR Extension: (Google Play Music) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-03-15]
CHR Extension: (Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Play Movies & TV) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdijeikdkaembjbdobgfkoidjkpbmlkd [2016-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Web Scrobbler) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2018-03-09]
CHR Extension: (Discussions button for Google Search™) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjiggoeheaondbmhmilpmbdkpgcjmdn [2017-01-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-03-15]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2018-01-21]
CHR Extension: (Momentum) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2018-03-15]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-08]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
R2 Ds3Service; C:\Program Files\ScpServer\bin\ScpService.exe [381952 2014-04-02] (Scarlet.Crush Productions) [File not signed]
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [389392 2016-11-02] (EasyAntiCheat Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe [45568 2014-05-29] () [File not signed]
S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe [81408 2014-05-29] (Oracle Corporation) [File not signed]
R2 OracleServiceXE; c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [147110912 2014-05-30] (Oracle Corporation) [File not signed]
S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [83968 2014-05-29] (Oracle Corporation) [File not signed]
R2 OracleXETNSListener; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [522240 2014-05-29] (Oracle Corporation) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2018-01-22] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-01] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-01] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmdag.sys [38774688 2017-10-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [549792 2017-10-13] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices)
R3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [15920 2009-08-15] (Windows ® Codename Longhorn DDK provider)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-03-15] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-10-18] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-01] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-01] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-01] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-16 12:40 - 2018-03-16 12:42 - 000016308 _____ C:\Users\David\Desktop\FRST.txt
2018-03-16 12:39 - 2018-03-16 12:39 - 002403328 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2018-03-15 22:43 - 2018-03-15 22:43 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-03-15 22:41 - 2018-03-15 22:42 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-15 22:40 - 2018-03-15 22:40 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-03-15 22:40 - 2018-03-15 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-03-15 22:40 - 2018-03-15 22:40 - 000000000 ____D C:\Program Files\RogueKiller
2018-03-15 22:40 - 2018-03-12 11:08 - 026972232 _____ (Adlice Software) C:\Users\David\Desktop\RogueKiller64.exe
2018-03-15 22:35 - 2018-03-15 22:36 - 036485480 _____ (Adlice Software ) C:\Users\David\Desktop\setup.exe
2018-03-15 22:35 - 2018-03-15 22:35 - 026972232 _____ (Adlice Software) C:\Users\David\Downloads\RogueKiller_portable64.exe
2018-03-15 22:34 - 2018-03-15 22:34 - 008222496 _____ (Malwarebytes) C:\Users\David\Desktop\AdwCleaner.exe
2018-03-14 23:46 - 2018-03-14 23:46 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-03-14 16:02 - 2018-03-16 12:40 - 000000000 ____D C:\FRST
2018-03-13 01:16 - 2018-03-13 01:16 - 000000000 ___HD C:\$SysReset
2018-03-13 01:08 - 2018-03-13 01:16 - 000001321 _____ C:\Users\David\Desktop\Google Chrome.lnk
2018-03-13 01:02 - 2018-03-13 01:02 - 000000218 _____ C:\Users\David\AppData\Local\recently-used.xbel
2018-03-13 01:02 - 2018-03-13 01:02 - 000000000 ____D C:\Users\David\Desktop\FIFA15
2018-03-13 01:00 - 2018-03-13 01:00 - 000000000 ____D C:\Users\David\Downloads\FIFA.15.Ultimate.Team.Edition-CPY
2018-03-12 23:18 - 2018-03-12 23:18 - 010571443 _____ C:\Users\David\Downloads\SCP-DS-Driver-Package-1.2.0.160.7z
2018-03-07 16:47 - 2018-03-07 16:47 - 000000000 ___HD C:\Users\David\MicrosoftEdgeBackups
2018-03-06 02:24 - 2018-03-06 02:24 - 000012500 _____ C:\Users\David\Downloads\Chapter 2 Worksheet.xlsx
2018-03-06 01:42 - 2018-03-06 03:26 - 000011951 _____ C:\Users\David\Desktop\ACC638_Exam1_Nget.xlsx
2018-03-02 12:44 - 2018-03-02 12:44 - 000014520 _____ C:\Users\David\Downloads\Chapter 3 - Inclass problem #5 solution.pdf
2018-02-28 14:40 - 2018-03-15 13:12 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-02-27 15:39 - 2018-02-28 15:47 - 000011819 _____ C:\Users\David\Desktop\CW_PersoffandSeaCliff.xlsx
2018-02-26 15:31 - 2018-02-26 15:32 - 003823077 _____ C:\Users\David\Downloads\The Hitchhiker's Guide to the Galaxy Omnibus A Trilogy in Five Parts.epub
2018-02-25 22:02 - 2018-02-05 22:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-25 22:02 - 2018-02-05 22:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-25 22:01 - 2018-03-01 23:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-25 21:49 - 2018-02-25 21:52 - 069316608 _____ C:\Users\David\Downloads\calibre-64bit-3.18.0.msi
2018-02-25 21:47 - 2018-02-25 21:48 - 013298100 _____ C:\Users\David\Downloads\0060005718.epub
2018-02-25 14:52 - 2018-03-13 01:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-25 14:52 - 2018-02-25 14:52 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-25 14:52 - 2018-02-25 14:52 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-02-25 14:52 - 2018-02-25 14:52 - 000000000 ____D C:\Users\David\Desktop\Old Firefox Data
2018-02-25 14:52 - 2018-02-25 14:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-25 14:51 - 2018-02-25 14:51 - 000313520 _____ (Mozilla) C:\Users\David\Downloads\Firefox Installer.exe
2018-02-23 17:13 - 2018-03-01 23:44 - 000001263 _____ C:\Users\David\Desktop\Amazon Music.lnk
2018-02-23 17:13 - 2018-02-23 17:13 - 041988640 _____ (Amazon) C:\Users\David\Downloads\AmazonMusicInstaller.exe
2018-02-23 17:13 - 2018-02-23 17:13 - 000001174 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music.lnk
2018-02-18 15:39 - 2018-02-18 15:48 - 000000534 _____ C:\Users\David\BooleanZero.py
2018-02-18 15:18 - 2018-02-18 15:39 - 000000188 _____ C:\Users\David\BooleanWithValues.py
2018-02-18 15:11 - 2018-02-18 15:17 - 000000108 _____ C:\Users\David\BooleanWithOperators.py
2018-02-18 14:52 - 2018-02-18 15:11 - 000000229 _____ C:\Users\David\Boolean.py
2018-02-17 18:36 - 2018-02-17 18:38 - 000000332 _____ C:\Users\David\AndOrOperators.py
2018-02-17 18:31 - 2018-02-17 18:31 - 000000191 _____ C:\Users\David\AndOr.py
2018-02-17 18:25 - 2018-02-17 18:28 - 000000245 _____ C:\Users\David\indentation.py
2018-02-17 18:17 - 2018-02-17 18:23 - 000000269 _____ C:\Users\David\ifstatements.py
2018-02-16 16:06 - 2018-02-16 16:06 - 000012775 _____ C:\Users\David\Downloads\teamstatsbball.xlsx
2018-02-15 23:45 - 2018-02-15 23:45 - 007890419 _____ C:\Users\David\Downloads\ACCT 639 Chapter 1(1).pptx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-16 12:41 - 2018-01-23 12:57 - 000004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F978C157-78E6-400E-9692-3E1682D99E42}
2018-03-16 12:41 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-16 12:41 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-15 23:39 - 2018-01-23 12:35 - 001090398 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-15 23:35 - 2018-01-23 12:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-15 23:34 - 2017-09-29 04:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-15 23:34 - 2017-07-27 20:18 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-03-15 23:33 - 2017-09-05 13:00 - 000000000 ____D C:\AdwCleaner
2018-03-15 23:25 - 2013-08-22 11:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-03-15 13:10 - 2018-01-23 12:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-15 12:52 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-14 23:51 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-14 23:26 - 2015-07-21 13:58 - 000000000 ____D C:\Users\David\AppData\LocalLow\Temp
2018-03-14 23:25 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-03-14 23:24 - 2015-10-25 23:02 - 000551802 _____ C:\WINDOWS\ntbtlog.txt
2018-03-14 23:22 - 2015-10-25 23:03 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-03-14 15:55 - 2017-09-27 18:30 - 000000636 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2782644308-2723550521-4127866414-1001.job
2018-03-14 15:55 - 2017-09-27 18:30 - 000000540 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2782644308-2723550521-4127866414-1001.job
2018-03-13 01:23 - 2015-07-13 23:53 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-13 01:16 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-13 01:16 - 2017-06-01 22:44 - 000004052 _____ C:\Users\David\Desktop\Rkill.txt
2018-03-13 01:15 - 2015-07-13 23:53 - 000002337 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-12 23:22 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-11 00:05 - 2016-09-13 22:09 - 000000000 ____D C:\Users\David\AppData\Roaming\Google Play Music Desktop Player
2018-03-09 23:16 - 2015-07-14 00:24 - 000000000 ____D C:\Users\David\AppData\Roaming\KeePass
2018-03-08 21:16 - 2018-01-23 12:57 - 000003780 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2782644308-2723550521-4127866414-1001
2018-03-08 21:16 - 2018-01-23 12:57 - 000003684 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2782644308-2723550521-4127866414-1001
2018-03-08 21:16 - 2017-09-27 18:30 - 000000000 ____D C:\Users\David\AppData\Local\GoToMeeting
2018-03-07 17:58 - 2017-11-14 21:56 - 000000000 ____D C:\Users\David\AppData\LocalLow\Mozilla
2018-03-07 16:47 - 2018-01-23 12:37 - 000000000 ____D C:\Users\David
2018-03-06 02:24 - 2018-01-23 12:38 - 000000000 ____D C:\Users\David\AppData\Local\Packages
2018-03-04 13:59 - 2017-08-26 22:57 - 000000000 ____D C:\Users\David\AppData\Roaming\Soda Player
2018-03-04 13:58 - 2017-08-26 22:57 - 000000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soda Player
2018-03-04 13:58 - 2017-08-26 22:57 - 000000000 ____D C:\Users\David\AppData\Local\sodaplayer
2018-03-04 13:57 - 2016-09-13 22:08 - 000000000 ____D C:\Users\David\AppData\Local\SquirrelTemp
2018-03-03 20:49 - 2016-11-05 12:01 - 000000000 ____D C:\Users\David\AppData\Local\Amazon Music
2018-03-01 23:19 - 2017-09-29 09:46 - 000000000 ____D C:\Program Files\Windows Defender
2018-02-28 21:44 - 2015-12-14 19:12 - 000000000 ____D C:\Users\David\AppData\Roaming\vlc
2018-02-28 00:48 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\rescache
2018-02-26 15:35 - 2015-12-02 17:32 - 000000000 ____D C:\Users\David\Documents\Calibre Library
2018-02-26 15:31 - 2015-12-02 17:44 - 000000000 ____D C:\Users\David\AppData\Local\calibre-cache
2018-02-25 22:07 - 2015-12-02 17:32 - 000000000 ____D C:\Users\David\AppData\Roaming\calibre
2018-02-25 22:03 - 2016-11-20 14:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-25 22:03 - 2015-09-08 23:19 - 000000000 ___RD C:\Users\David\3D Objects
2018-02-25 22:00 - 2018-01-23 12:31 - 000401528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-02-25 21:57 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-02-25 21:57 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-02-25 21:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-02-25 21:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-02-25 21:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-02-25 21:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-02-25 21:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-02-25 21:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-02-25 21:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-02-25 21:57 - 2017-09-29 04:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-02-25 21:55 - 2015-12-02 17:32 - 000000999 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2018-02-25 21:55 - 2015-12-02 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2018-02-25 21:55 - 2015-12-02 17:32 - 000000000 ____D C:\Program Files\Calibre2
2018-02-25 14:52 - 2016-02-20 13:38 - 000000000 ____D C:\Users\David\AppData\Roaming\Mozilla
2018-02-22 15:57 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-02-22 15:56 - 2015-07-14 12:58 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-02-18 15:49 - 2018-01-05 19:26 - 000000000 ____D C:\Users\David\AppData\Roaming\Wing 101 6
2018-02-18 15:49 - 2018-01-05 19:26 - 000000000 ____D C:\Users\David\AppData\Local\Wing 101 6
 
==================== Files in the root of some directories =======
 
2018-03-13 01:02 - 2018-03-13 01:02 - 000000218 _____ () C:\Users\David\AppData\Local\recently-used.xbel
2015-08-03 01:16 - 2015-10-22 12:40 - 000007598 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2018-03-15 22:41 - 2018-01-01 08:48 - 001954048 _____ (Microsoft Corporation) C:\Users\David\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-05 01:36
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by David (16-03-2018 12:42:48)
Running from C:\Users\David\Desktop
Windows 10 Pro Version 1709 16299.192 (X64) (2018-01-23 16:58:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2782644308-2723550521-4127866414-500 - Administrator - Disabled)
David (S-1-5-21-2782644308-2723550521-4127866414-1001 - Administrator - Enabled) => C:\Users\David
DefaultAccount (S-1-5-21-2782644308-2723550521-4127866414-503 - Limited - Disabled)
Guest (S-1-5-21-2782644308-2723550521-4127866414-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2782644308-2723550521-4127866414-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
Amazon Music (HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Amazon Amazon Music) (Version: 6.3.4.1269 - Amazon Services LLC)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{9F429DF7-F8DD-4980-9673-E6DACA012F6C}) (Version: 3.3 - Microsoft Corporation) Hidden
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
calibre 64bit (HKLM\...\{987DD73B-F97A-4D00-9522-35FC3B9FDB74}) (Version: 3.18.0 - Kovid Goyal)
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version:  - )
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Dotfuscator and Analytics Community Edition 5.18.1 (HKLM-x32\...\{9890DF1A-10E9-4236-94B1-1EFAA4099F13}) (Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
f.lux (HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Flux) (Version:  - f.lux Software LLC)
Google Chrome (HKLM-x32\...\{2CF484F9-A0CD-3AD9-84A6-DFFE749FC71F}) (Version: 64.0.3282.186 - Google, Inc.)
Google Play Music Desktop Player (HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\GPMDP_3) (Version: 4.5.0 - Samuel Attard)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToMeeting 8.22.0.8473 (HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\GoToMeeting) (Version: 8.22.0.8473 - LogMeIn, Inc.)
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
KeePass Password Safe 2.37 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.37 - Dominik Reichl)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.5007.1000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden
Oracle Database 11g Express Edition (HKLM\...\{05A7B662-80A3-4EB9-AE1D-89A62449431C}) (Version: 11.2.0 - Oracle Corporation) Hidden
Oracle Database 11g Express Edition (HKLM-x32\...\InstallShield_{05A7B662-80A3-4EB9-AE1D-89A62449431C}) (Version: 11.2.0 - Oracle Corporation)
Oracle VM VirtualBox 5.1.8 (HKLM\...\{65402252-5DA1-4360-A144-E09BB16AC7A9}) (Version: 5.1.8 - Oracle Corporation)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Python 3.4 pygame-1.9.2a0 (HKLM-x32\...\{A4C8B8DF-5BA4-4AFC-9CED-531CBD9CDF08}) (Version: 1.9.2 - Pete Shinners, Rene Dudfield, Marcus von Appen, Bob Pendleton, others...)
Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.8.0 - Adlice Software)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Soda Player (HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\sodaplayer) (Version: 1.3.3 - Soda Player)
Spotify (HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{791295AE-3B0A-3222-9E69-26C8C106E8D1}) (Version: 14.0.23102 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (HKLM-x32\...\{C5D259B0-526A-48D0-9E2D-7CC884B3A1CA}) (Version: 1.5.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{C7AA90EF-3C40-4F1E-897B-696834DD0B0F}) (Version: 1.5.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.5.4.0 (HKLM-x32\...\{4cde0c8c-47b3-448f-babf-fe5d392432a6}) (Version: 1.5.23128.0 - Microsoft Corporation)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{EC5A6438-850E-4AD1-9169-DD071C8EFFEF}) (Version: 2.10.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.66  - Nullsoft, Inc)
Wing IDE 101 6.0.9-1 (HKLM-x32\...\Wing IDE 101 6.0_is1) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2782644308-2723550521-4127866414-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2782644308-2723550521-4127866414-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2782644308-2723550521-4127866414-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2782644308-2723550521-4127866414-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-09-22] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {23A0A0E4-0C33-4E9C-BB95-038A55AB59D2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {2497FF23-392F-4434-84B4-C35C5BC43637} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-13] (Google Inc.)
Task: {25835E55-6315-4F63-B410-B8C8F46A1D29} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {2FF523B7-00A1-4742-9115-D40BF9F8382F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3B03DD86-8D2A-4AA9-850E-4B5B0C62CC05} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {48F027A0-A829-48FD-BCA0-51A0978B781B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {4DBF605C-4A4B-426D-B08B-0005BB3D0864} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-12-12] (Microsoft Corporation)
Task: {53868E1B-26C3-4C75-B636-266ED3CF3D75} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-13] (Google Inc.)
Task: {5A03C9C2-7F2D-427B-8413-54F01F8103F8} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-09-22] (Advanced Micro Devices, Inc.)
Task: {6FD1742C-97E5-48F1-BDB5-A3271367350D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {70E4C9BD-52AC-431D-962F-CCB70427C03F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {7EA8D66F-5C6C-4F9B-B251-8FD48926755A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-02-13] (Microsoft Corporation)
Task: {CDCA0B3D-F7FA-4D42-9E21-215C4882E12C} - System32\Tasks\G2MUploadTask-S-1-5-21-2782644308-2723550521-4127866414-1001 => C:\Users\David\AppData\Local\GoToMeeting\8473\g2mupload.exe [2018-03-08] (LogMeIn, Inc.)
Task: {D118F2BA-AC74-4FFF-A3E8-226FE0A952D9} - System32\Tasks\G2MUpdateTask-S-1-5-21-2782644308-2723550521-4127866414-1001 => C:\Users\David\AppData\Local\GoToMeeting\8473\g2mupdate.exe [2018-03-08] (LogMeIn, Inc.)
Task: {FD1ACA3C-466A-4D1C-8822-74DDAFB6D972} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2782644308-2723550521-4127866414-1001.job => C:\Users\David\AppData\Local\GoToMeeting\8473\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2782644308-2723550521-4127866414-1001.job => C:\Users\David\AppData\Local\GoToMeeting\8473\g2mupload.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\David\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --disable-quic
ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enthought Canopy (64-bit)\Canopy 64-bit command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\Canopy\User\Scripts\activate.bat"
ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Movies & TV.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () ->  --profile-directory=Default --app-id=gdijeikdkaembjbdobgfkoidjkpbmlkd
ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --disable-quic
ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-14 12:58 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-21 13:33 - 2017-01-31 08:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2018-01-22 22:25 - 2018-01-22 22:25 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-01-22 22:25 - 2018-01-22 22:25 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-02-28 13:47 - 2018-02-21 23:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-02-28 13:47 - 2018-02-21 23:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\sharepoint.com -> hxxps://baruchmailcuny-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2018-03-14 23:25 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: OracleServiceXE => 2
MSCONFIG\Services: OracleXETNSListener => 2
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMnetDHCP => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: VMware NAT Service => 2
MSCONFIG\Services: VMwareHostd => 2
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-2782644308-2723550521-4127866414-1001\...\StartupApproved\Run: => "Amazon Music"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A311C060-419A-452A-B8F2-5EB7486FBB04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2B60224B-04D3-4449-BF82-89054515E1E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E7728D6E-10D3-41CE-8E66-AF33432B33E3}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.4.1\google play music desktop player.exe
FirewallRules: [{A60794FB-132E-436A-B02D-ADC8A5F4140B}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.4.1\google play music desktop player.exe
FirewallRules: [UDP Query User{65DC542E-8062-44E2-959C-AC5071618EF3}C:\users\david\appdata\local\gpmdp_3\app-4.4.1\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.4.1\google play music desktop player.exe
FirewallRules: [TCP Query User{3DAB8BFB-F24C-42FB-AE4B-5375331778A5}C:\users\david\appdata\local\gpmdp_3\app-4.4.1\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.4.1\google play music desktop player.exe
FirewallRules: [{6D591F95-4303-4F3F-974B-C675830AC6EB}] => (Block) C:\users\david\appdata\local\sodaplayer\app-1.1.4\soda player.exe
FirewallRules: [{B0EF9C3F-60BD-485D-9CD3-5B4B55FDF8C8}] => (Block) C:\users\david\appdata\local\sodaplayer\app-1.1.4\soda player.exe
FirewallRules: [UDP Query User{7D7087A8-031E-4335-999F-FE05A5C15E3C}C:\users\david\appdata\local\sodaplayer\app-1.1.4\soda player.exe] => (Allow) C:\users\david\appdata\local\sodaplayer\app-1.1.4\soda player.exe
FirewallRules: [TCP Query User{502F45E5-9E94-49D0-9D6C-4DC757E1CAE9}C:\users\david\appdata\local\sodaplayer\app-1.1.4\soda player.exe] => (Allow) C:\users\david\appdata\local\sodaplayer\app-1.1.4\soda player.exe
FirewallRules: [{E4DB388B-8213-4F82-9D50-5A511AF1CD2A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CFE174E2-1AAF-4C7B-B5CD-47C5C7734219}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6A405ACE-8A6D-44E0-9CFA-3CB6491A9440}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.0.5\google play music desktop player.exe
FirewallRules: [{F5AA5C3F-5C62-4B69-9B45-F8C0C21F20F9}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.0.5\google play music desktop player.exe
FirewallRules: [UDP Query User{5B8DE9C3-D631-4EF6-A95A-7786C6F7D98D}C:\users\david\appdata\local\gpmdp_3\app-4.0.5\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.0.5\google play music desktop player.exe
FirewallRules: [TCP Query User{2A0E2647-45C7-4F56-AD3A-F77D7F6A3BAD}C:\users\david\appdata\local\gpmdp_3\app-4.0.5\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.0.5\google play music desktop player.exe
FirewallRules: [{B923FA83-8772-40C5-B81F-C3621C3C012E}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.0.4\google play music desktop player.exe
FirewallRules: [{0463DDC3-ED60-4C28-8958-312E46BDE74D}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.0.4\google play music desktop player.exe
FirewallRules: [UDP Query User{3545BBB3-4F85-4440-A449-4E4732699BB1}C:\users\david\appdata\local\gpmdp_3\app-4.0.4\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.0.4\google play music desktop player.exe
FirewallRules: [TCP Query User{2C1B9CEF-C93A-434A-8B08-12D123585657}C:\users\david\appdata\local\gpmdp_3\app-4.0.4\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.0.4\google play music desktop player.exe
FirewallRules: [{5F0D0A4B-30E1-4EC1-9049-DF6EB4BEDC5F}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.0.3\google play music desktop player.exe
FirewallRules: [{5BAEC815-1B93-4556-8663-C1BD8BE99A82}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.0.3\google play music desktop player.exe
FirewallRules: [UDP Query User{B05CFC4B-BA63-40DC-841E-681D9AEB7858}C:\users\david\appdata\local\gpmdp_3\app-4.0.3\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.0.3\google play music desktop player.exe
FirewallRules: [TCP Query User{357B31C4-64D4-4D33-8D27-7FF99363B326}C:\users\david\appdata\local\gpmdp_3\app-4.0.3\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.0.3\google play music desktop player.exe
FirewallRules: [{E13D0240-2C33-47EC-82A2-D2C01A384D9D}] => (Block) C:\users\david\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{3EAEE7C4-0349-4DF1-A30B-0925210A72F1}] => (Block) C:\users\david\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{680392B1-ED32-4570-8CF2-6DA56BFD6A35}C:\users\david\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\david\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{5685FB12-0B4D-4342-A6F7-4CCCCEBAB0BF}C:\users\david\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\david\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{408212E3-DA84-4344-AF50-ABE846049F16}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.0.2\google play music desktop player.exe
FirewallRules: [{19BECEC7-6A91-44BA-8F34-919DCC027C38}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.0.2\google play music desktop player.exe
FirewallRules: [UDP Query User{A35641A7-25DD-401B-BA53-2B1C27898F10}C:\users\david\appdata\local\gpmdp_3\app-4.0.2\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.0.2\google play music desktop player.exe
FirewallRules: [TCP Query User{5D32DD9B-4C75-47AC-A5C4-40ED49F29C3D}C:\users\david\appdata\local\gpmdp_3\app-4.0.2\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.0.2\google play music desktop player.exe
FirewallRules: [{E571A7BB-8C4E-4228-A94F-E8D1AA5B3C4E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{811516FB-7F3C-4795-9087-2336CDD3933E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{6A6F9A75-C047-4B9C-9950-2F8C5B8B80E4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [UDP Query User{121997AC-9273-4FD2-B34B-EE0AE0D45D11}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{20EC9491-4990-4707-92C6-6BBFAC8F87FF}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [{745680B3-5B88-453D-A018-1EC8454D7712}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D8F84356-D973-41E1-81D4-1C64B2E9E6C0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{465B6B7B-47AA-4B80-841F-680D9B642014}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2832C516-7279-4D2A-8DBC-52696ABFEBC6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{99EF9BF2-D829-4DE5-B498-1245D40C2C66}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{612A7241-A45E-43AA-A3DD-2F78C988B63A}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{31937266-CCAE-4AF9-ABA7-C90C827F275E}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{B9F1624D-9E1E-428C-900A-508C905C4C8E}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{778369A0-1C36-4302-800C-1AAA5B34E716}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{207ABA2E-23C3-4B86-9B9D-A8FE0460DE4C}C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe
FirewallRules: [UDP Query User{7D1625FF-AAB0-4ECB-8A81-79476AB5D81A}C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe
FirewallRules: [{1F4E296B-0683-4F0C-8B11-EEC377627FAE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D583EBA6-7688-4CC7-A2A3-23AE0B8F8C3D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5B44CEA3-18CF-442A-8700-B17F9E82E686}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{D5E62A91-B3A4-4BB4-8E1A-C4CEF4F4662D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{A496507B-5549-44FE-8187-165F9BC193BB}C:\program files (x86)\deluge\deluge.exe] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{501113CF-C6DA-4A31-B505-83EAE59AD672}C:\program files (x86)\deluge\deluge.exe] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{240B1108-1B1F-4F4C-A51F-FF02686536E9}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{21F0B8C5-3DE2-4153-BF03-8E81802003AF}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{7BE740F4-8652-4E31-A320-8AA319721275}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{0C5F8E5E-FFF0-46A9-AD4F-1A340632A789}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{16845C8B-F608-4158-AFF0-876A2E7A0E1A}] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{FD5BE619-E8D6-4160-9950-E57D41B8830F}] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{E557967B-8C6B-46B0-9059-B7A1099B41E9}] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [{BB00D7CD-52CB-4787-9D9D-975E6509A908}] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [{3A1A3CD3-79F6-4238-BE5F-723BAACD7954}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{017EF627-44B5-4FBB-9450-48B2FD9A509C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{2F837034-4136-40D5-834A-DEAF523A86A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metal Slug X\mslugx.exe
FirewallRules: [{B0197756-87C1-4D66-941C-5DD8253950F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metal Slug X\mslugx.exe
FirewallRules: [{4A027405-2E02-4515-8F98-C2B1F6F9E9F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{E57563DD-63A4-457B-97D6-C04F69F605A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{2CC5B71D-337C-4898-A7DB-AEFEB2069854}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\METAL SLUG\mslug1.exe
FirewallRules: [{82E70945-03AC-4F3B-87EB-1544ED11AD2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\METAL SLUG\mslug1.exe
FirewallRules: [{1DFB0D93-8B42-4D48-B298-F7408D2EEA94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6A051061-2D50-4475-B626-CBC074AA16A7}] => (Allow) C:\Program Files\FileZilla FTP Client\filezilla.exe
FirewallRules: [{BA039523-7C9E-41F4-B91A-8D65DB64D7BC}] => (Allow) C:\Program Files\FileZilla FTP Client\filezilla.exe
FirewallRules: [{5C891002-ACDD-4C1B-8216-C409DCE76C36}] => (Allow) C:\Program Files\FileZilla FTP Client\filezilla.exe
FirewallRules: [{5360C7A5-0FC7-49CC-8A94-044B24F0782C}] => (Allow) C:\Program Files\FileZilla FTP Client\filezilla.exe
FirewallRules: [TCP Query User{990EF94F-09F7-4338-A248-9A27E390C51B}C:\users\david\appdata\local\gpmdp_3\app-4.1.1\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.1.1\google play music desktop player.exe
FirewallRules: [UDP Query User{BBCB4968-94AC-4325-A924-DAF57EBBE762}C:\users\david\appdata\local\gpmdp_3\app-4.1.1\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.1.1\google play music desktop player.exe
FirewallRules: [{2DB159EA-059B-40CA-83BF-475DB9547906}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.1.1\google play music desktop player.exe
FirewallRules: [{B8CF0364-FEBC-47AA-88F7-D9EDCDB7E68F}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.1.1\google play music desktop player.exe
FirewallRules: [{8EEEB243-B9B7-4F01-B414-A3CB5A37A3DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{E16192EB-4148-4FC9-8621-563D53E88AC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe
FirewallRules: [TCP Query User{876BA950-CF19-4F88-B49D-F442420F5991}C:\users\david\appdata\local\gpmdp_3\app-4.2.0\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.2.0\google play music desktop player.exe
FirewallRules: [UDP Query User{6E139CDE-0886-45A1-95B5-AF652DFF496C}C:\users\david\appdata\local\gpmdp_3\app-4.2.0\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.2.0\google play music desktop player.exe
FirewallRules: [{AAACC7A0-D3BE-48A4-BD76-F9D323AE0B01}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.2.0\google play music desktop player.exe
FirewallRules: [{E1924B01-5FD5-4EC9-8313-93EADE644AB4}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.2.0\google play music desktop player.exe
FirewallRules: [TCP Query User{11D4C101-9665-4A46-95A6-699CE690C607}C:\users\david\appdata\local\gpmdp_3\app-4.3.0\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.3.0\google play music desktop player.exe
FirewallRules: [UDP Query User{74225EC6-6B2A-4FBB-AFC4-4CBC0439B456}C:\users\david\appdata\local\gpmdp_3\app-4.3.0\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.3.0\google play music desktop player.exe
FirewallRules: [{6762A0D3-3467-4DCC-88D7-AF371833AC66}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.3.0\google play music desktop player.exe
FirewallRules: [{F42CA628-0ED4-4373-AE6F-C8B5EA16C0AF}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.3.0\google play music desktop player.exe
FirewallRules: [{34BDE8A0-E554-443F-9E39-206601CB3E98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{D5F8754A-3820-4924-9EE6-C95828416501}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{187B6EA8-5642-4784-B573-BF2E781116B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{346FABF9-7E2E-45EE-B182-2C95BD8748A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{F29BD6DC-830B-4C5E-A021-40B536B2C0A1}C:\users\david\appdata\local\gpmdp_3\app-4.5.0\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.5.0\google play music desktop player.exe
FirewallRules: [UDP Query User{520FF8FF-DDFA-4D94-A5F0-7548DC570CFB}C:\users\david\appdata\local\gpmdp_3\app-4.5.0\google play music desktop player.exe] => (Allow) C:\users\david\appdata\local\gpmdp_3\app-4.5.0\google play music desktop player.exe
FirewallRules: [{F4382847-B64B-42A3-801F-120A362DB57C}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.5.0\google play music desktop player.exe
FirewallRules: [{8DF028E7-19AD-4D64-A73F-7E5B2410A41B}] => (Block) C:\users\david\appdata\local\gpmdp_3\app-4.5.0\google play music desktop player.exe
FirewallRules: [{4C99CB8E-4459-4C19-B1C4-99345C19135C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{306D976D-250E-4F67-9D77-7C4794E2C785}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3CA54D98-0331-4BCC-9061-DE0677873D88}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{BE867AA3-8891-4AE2-8CE3-A72313754B58}C:\users\david\appdata\local\sodaplayer\app-1.2.1\soda player.exe] => (Allow) C:\users\david\appdata\local\sodaplayer\app-1.2.1\soda player.exe
FirewallRules: [UDP Query User{E4868B79-0476-423F-99BF-D2740F4C29A5}C:\users\david\appdata\local\sodaplayer\app-1.2.1\soda player.exe] => (Allow) C:\users\david\appdata\local\sodaplayer\app-1.2.1\soda player.exe
FirewallRules: [{C1CCF770-9705-4EF1-96A0-BC668CDBEBEA}] => (Block) C:\users\david\appdata\local\sodaplayer\app-1.2.1\soda player.exe
FirewallRules: [{65D3B98C-846D-4277-AC1B-F313340F90FF}] => (Block) C:\users\david\appdata\local\sodaplayer\app-1.2.1\soda player.exe
 
==================== Restore Points =========================
 
25-02-2018 21:53:26 Installed calibre 64bit
07-03-2018 14:51:36 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/15/2018 10:31:34 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: 
 
Error: (03/15/2018 12:41:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Exception code: 0xc0000005
Fault offset: 0x00000000001c6e66
Faulting process id: 0x1314
Faulting application start time: 0x01d3bc7c8606dcdc
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Report Id: c1302ad7-d241-4ec9-87ef-1d71986f0fcb
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/14/2018 11:50:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WhatsNew.Store.exe version 6.7.1712.12002 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: ed8
 
Start Time: 01d3bc106e0d1d6e
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.Getstarted_6.7.3462.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe
 
Report Id: 5057dd2f-9390-42e7-986f-96e11f5624ed
 
Faulting package full name: Microsoft.Getstarted_6.7.3462.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Error: (03/14/2018 11:21:03 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: 
 
Error: (03/13/2018 01:23:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program electrophysiological.exe version 3.9.8.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: cac
 
Start Time: 01d3ba8adcdcbe06
 
Termination Time: 2359
 
Application Path: C:\Users\David\AppData\Local\electrophysiological.exe
 
Report Id: 1db246b3-cb2f-4aec-83a7-4b177f0fb81e
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/13/2018 01:06:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ic-0.8dd8711558813.exe, version: 6.1.7600.16385, time stamp: 0x5aa4c3ec
Faulting module name: ic-0.8dd8711558813.exe, version: 6.1.7600.16385, time stamp: 0x5aa4c3ec
Exception code: 0xc00001a5
Fault offset: 0x00003640
Faulting process id: 0x206c
Faulting application start time: 0x01d3ba89097a1267
Faulting application path: C:\Users\David\AppData\Local\Temp\1307048984\ic-0.8dd8711558813.exe
Faulting module path: C:\Users\David\AppData\Local\Temp\1307048984\ic-0.8dd8711558813.exe
Report Id: ad74c233-0822-4cec-9965-fff6cec27951
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/12/2018 10:03:19 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/05/2018 01:37:04 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
 
System errors:
=============
Error: (03/16/2018 12:43:35 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Error: (03/16/2018 12:43:04 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Error: (03/16/2018 12:42:33 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Error: (03/16/2018 12:42:02 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Error: (03/16/2018 12:42:02 PM) (Source: Service Control Manager) (EventID: 7046) (User: )
Description: The following service has repeatedly stopped responding to service control requests: Windows Search
 
Contact the service vendor or the system administrator about whether to disable this service until the problem is identified.
 
You may have to restart the computer in safe mode before you can disable the service.
 
Error: (03/16/2018 12:41:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
Error: (03/16/2018 12:41:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
Error: (03/16/2018 12:40:39 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
 
Windows Defender:
===================================
Date: 2018-03-13 01:14:09.531
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\foldershare\uninstaller.exe;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\foldershare;uninstall:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\foldershare
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\David\AppData\Local\Temp\is-HCA58.tmp\jfk0021.exe
Signature Version: AV: 1.263.484.0, AS: 1.263.484.0, NIS: 118.5.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-03-13 01:13:20.796
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\foldershare\uninstaller.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\David\AppData\Local\Temp\is-HCA58.tmp\jfk0021.exe
Signature Version: AV: 1.263.484.0, AS: 1.263.484.0, NIS: 118.5.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-03-13 01:11:37.228
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\foldershare\uninstaller.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\David\AppData\Local\Temp\is-HCA58.tmp\jfk0021.exe
Signature Version: AV: 1.263.484.0, AS: 1.263.484.0, NIS: 118.5.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-03-13 01:11:27.885
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win64/Detrahere!rfn
ID: 2147725652
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\drivers\lmcntgax.sys
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.263.484.0, AS: 1.263.484.0, NIS: 118.5.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-03-13 01:11:23.301
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win64/Detrahere!rfn
ID: 2147725652
Severity: Severe
Category: Trojan
Path: driver:_tuwrnivx;file:_C:\Windows\System32\drivers\lmcntgax.sys
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.263.484.0, AS: 1.263.484.0, NIS: 118.5.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-03-15 12:58:04.197
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.484.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-03-15 12:58:04.197
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 118.5.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.14202.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-03-15 12:58:04.192
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.484.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-03-15 12:58:04.192
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.484.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-03-15 12:58:04.191
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.484.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 32%
Total physical RAM: 8149.36 MB
Available physical RAM: 5461.83 MB
Total Virtual: 10709.36 MB
Available Virtual: 7206.39 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:464.59 GB) (Free:283.02 GB) NTFS
 
\\?\Volume{ebb3fe36-29e8-11e5-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.29 GB) NTFS
\\?\Volume{3897aef7-0000-0000-0000-a03b74000000}\ () (Fixed) (Total:0.83 GB) (Free:0.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 3897AEF7)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=849 MB) - (Type=27)
 
==================== End of Addition.txt ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users