Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Inbound Connection via svchost.exe


  • This topic is locked This topic is locked
9 replies to this topic

#1 VXV

VXV

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 31 March 2018 - 02:54 AM

Malwarebytes detected and blocked an inbound connection via System32\svchost.exe file.

 

The IP address looks highly suspicious and has been reported for abuse in the last 24 hours: https://www.abuseipdb.com/check/91.200.14.73

 

What I did already:

  • Malwarebytes full scan, search for rootkits enabled, nothing detected
  • Rkill run, killed two processes: 7+ Taskbar Tweaker.exe (I installed this myself) and System32\valWBFPolicyService.exe (PID: 3092) [WD-HEUR] (no idea)
  • Immediately after, HitmanPro run, nothing detected
  • Immediately after, AdwCleaner run, several "tracking cookies" detected and deleted, system rebooted
  • FRST run, logs included below

Should I do anything else to prevent this in the future? Thank you.

 

 

FRST Log:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by JCH (administrator) on JCH-TOSH (31-03-2018 09:26:02)
Running from C:\Users\JCH\Desktop
Loaded Profiles: JCH (Available Profiles: JCH)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
() C:\Windows\System32\igfxTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHook.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA) C:\Program Files\TOSHIBA\FlashCards\Hotkey\TDUNotify\TDUSrv64.exe
(RaMMicHaeL) C:\Users\JCH\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(The OpenVPN Project) C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\openvpn-nordvpn.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [1005648 2014-10-30] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [614480 2014-11-05] ()
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe [317016 2014-12-16] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1678408 2014-11-04] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [1500240 2013-04-17] (TOSHIBA)
HKLM\...\Run: [TFPUService] => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe [230752 2013-08-26] (TOSHIBA)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [711040 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [788896 2014-11-18] (Toshiba Europe GmbH)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-09] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296208 2014-11-05] (Intel Corporation)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587800 2017-12-19] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-927094157-3172907750-1925979478-1001\...\Run: [7 Taskbar Tweaker] => C:\Users\JCH\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [401920 2016-09-10] (RaMMicHaeL)
HKU\S-1-5-21-927094157-3172907750-1925979478-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [5849336 2018-03-29] (NordVPN)
HKU\S-1-5-21-927094157-3172907750-1925979478-1001\...\MountPoints2: {416d1215-e308-11e7-aca1-0200397b0f01} - E:\SETUP.EXE
HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 103.86.99.99 103.86.96.96 103.86.96.100 103.86.99.100
Tcpip\..\Interfaces\{4BAB5DBD-2311-497B-8F81-9CEE5946CC78}: [DhcpNameServer] 103.86.99.99 103.86.96.96 103.86.96.100 103.86.99.100
Tcpip\..\Interfaces\{9CC94C9E-2048-4461-8AD5-5C4E7045ED85}: [DhcpNameServer] 130.241.150.2 130.241.25.5
Tcpip\..\Interfaces\{FF4AF176-D026-4B93-9F59-66EB553DB858}: [DhcpNameServer] 62.179.1.62 62.179.1.63

Internet Explorer:
==================
HKU\S-1-5-21-927094157-3172907750-1925979478-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-927094157-3172907750-1925979478-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-927094157-3172907750-1925979478-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_b
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-927094157-3172907750-1925979478-1001 -> DefaultScope {2DC00F16-9F62-49D4-BE72-B3E56FF96702} URL =
SearchScopes: HKU\S-1-5-21-927094157-3172907750-1925979478-1001 -> {2DC00F16-9F62-49D4-BE72-B3E56FF96702} URL =
BHO: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-29] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-01-20] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-03-29] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-20] (Oracle Corporation)
BHO-x32: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-05-13] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-03-29] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-29] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: fiiuz8sn.default
FF ProfilePath: C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default [2018-03-31]
FF Homepage: Mozilla\Firefox\Profiles\fiiuz8sn.default -> hxxps://www.google.com/
FF Extension: (United States English Spellchecker) - C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\Extensions\en-US@dictionaries.addons.mozilla.org [2016-10-05] [Legacy]
FF Extension: (BetterTTV) - C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\Extensions\firefox@betterttv.net.xpi [2017-07-07]
FF Extension: (Nazwa) - C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\Extensions\firefox@ghostery.com.xpi [2018-03-09]
FF Extension: (To Google Translate) - C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2018-01-16]
FF Extension: (Privacy Badger) - C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2018-03-22]
FF Extension: (FrankerFaceZ) - C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\Extensions\jid1-snHdAu6px3p0jA@jetpack.xpi [2017-06-24] [Legacy]
FF Extension: (Reddit Enhancement Suite) - C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2018-01-21]
FF Extension: (LastPass: Free Password Manager) - C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\Extensions\support@lastpass.com.xpi [2018-03-30]
FF Extension: (Google Translator for Firefox) - C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\Extensions\translator@zoli.bod.xpi [2018-01-16]
FF Extension: (uBlock Origin) - C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\Extensions\uBlock0@raymondhill.net.xpi [2018-03-18]
FF Extension: (uMatrix) - C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\Extensions\uMatrix@raymondhill.net.xpi [2018-03-18]
FF Extension: (EPUBReader) - C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2017-08-04]
FF Extension: (NoScript) - C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-03-23]
FF Extension: (Password Exporter) - C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2017-03-13] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-16]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\features\{71880b7b-ac5b-4435-bee9-013ef8d53aea}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-29] [Legacy]
FF SearchPlugin: C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\searchplugins\bing-.xml [2017-07-07]
FF HKLM-x32\...\Firefox\Extensions: [{302BCF7B-E09E-4854-9F2F-8B2DA4EF70F9}] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin
FF Extension: (TOSHIBA Fingerprint Utility Web Site Passwords) - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin [2015-05-06] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-03] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxps://docs.google.com/document/u/0/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\JCH\AppData\Local\Google\Chrome\User Data\Default [2018-03-31]
CHR Extension: (Dokumenty) - C:\Users\JCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-16]
CHR Extension: (Dysk Google) - C:\Users\JCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-30]
CHR Extension: (YouTube) - C:\Users\JCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-30]
CHR Extension: (Arkusze) - C:\Users\JCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-16]
CHR Extension: (Edytor Office) - C:\Users\JCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2018-03-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\JCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-20]
CHR Extension: (TOSHIBA Fingerprint Utility Web Site Passwords) - C:\Users\JCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniieblifogecdlkejbmonblijmdaiog [2016-09-30]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\JCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
CHR Extension: (Gmail) - C:\Users\JCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-30]
CHR Extension: (Chrome Media Router) - C:\Users\JCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-15]
CHR HKU\S-1-5-21-927094157-3172907750-1925979478-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iniieblifogecdlkejbmonblijmdaiog] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\ChromeAddin\ChromeAddin.crx [2013-08-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [87384 2014-11-07] (Alps Electric Co., Ltd.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-09] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-09] (AVAST Software)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8521384 2018-03-24] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3128000 2017-12-15] (Disc Soft Ltd)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-11-15] ()
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [342120 2014-12-16] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [394184 2014-10-15] (Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] ()
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [429304 2018-03-29] ()
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-05-26] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1355000 2015-05-26] (BlackBerry Limited)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112536 2014-11-18] (Toshiba Europe GmbH)
R2 valWBFPolicyService; C:\windows\system32\valWBFPolicyService.exe [35328 2013-11-19] (Validity Sensors, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [196648 2018-03-09] (AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-09] (AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [199440 2018-03-09] (AVAST Software)
R0 aswblog; C:\windows\System32\drivers\aswbloga.sys [343752 2018-03-09] (AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [57680 2018-03-09] (AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [215320 2018-03-09] (AVAST Software)
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46968 2018-03-09] (AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [146656 2018-03-09] (AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [110328 2018-03-09] (AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84368 2018-03-09] (AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1026696 2018-03-09] (AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [460520 2018-03-09] (AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [205976 2018-03-09] (AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [380528 2018-03-09] (AVAST Software)
S3 blackberryncm; C:\windows\System32\DRIVERS\blackberryncm6_AMD64.sys [25600 2015-01-23] (BlackBerry Limited)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-11-16] (Bluestack System Inc. )
R2 config; C:\windows\System32\DRIVERS\ibtfudrv.sys [152008 2014-08-14] (Intel Corporation)
R3 dtlitescsibus; C:\windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-12-17] (Disc Soft Ltd)
R3 dtliteusbbus; C:\windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-12-17] (Disc Soft Ltd)
R3 e1dexpress; C:\windows\System32\DRIVERS\e1d62x64.sys [378136 2014-09-29] (Intel Corporation)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R3 guardian2; C:\windows\System32\Drivers\oz776x64.sys [88248 2014-09-09] (O2Micro)
R0 iaStorF; C:\windows\System32\DRIVERS\iaStorF.sys [28008 2014-06-25] (Intel Corporation)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [193248 2018-03-25] (Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [109800 2018-03-31] (Malwarebytes)
R3 MBAMProtection; C:\windows\System32\DRIVERS\mbam.sys [45960 2018-03-31] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-31] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [92280 2018-03-31] (Malwarebytes)
R3 MEIx64; C:\windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R3 NETwNs64; C:\windows\System32\DRIVERS\Netwsw02.sys [3440408 2015-03-23] (Intel Corporation)
S3 RimUsb; C:\windows\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (BlackBerry Limited)
R3 rimvndis; C:\windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (BlackBerry Limited)
R3 RimVSerPort; C:\windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 RTSPER; C:\windows\System32\DRIVERS\RtsPer.sys [508120 2014-08-21] (Realsil Semiconductor Corporation)
R3 tapnordvpn; C:\windows\System32\DRIVERS\tapnordvpn.sys [75088 2017-03-29] (The OpenVPN Project)
S3 Tosrfcom; no ImagePath
R3 usb3Hub; C:\windows\System32\DRIVERS\usb3Hub.sys [213296 2014-10-15] (Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Apple, Inc.) [File not signed]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-31 09:26 - 2018-03-31 09:26 - 000027564 _____ C:\Users\JCH\Desktop\FRST.txt
2018-03-31 09:25 - 2018-03-31 09:26 - 000000000 ____D C:\FRST
2018-03-31 09:25 - 2018-03-31 09:25 - 002403328 _____ (Farbar) C:\Users\JCH\Desktop\FRST64.exe
2018-03-31 08:57 - 2018-03-31 08:57 - 000045960 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2018-03-31 08:53 - 2018-03-31 08:56 - 000000000 ____D C:\AdwCleaner
2018-03-31 08:52 - 2018-03-31 08:52 - 008222496 _____ (Malwarebytes) C:\Users\JCH\Desktop\adwcleaner_7.0.8.0.exe
2018-03-31 08:42 - 2018-03-31 08:43 - 000004372 _____ C:\Users\JCH\Desktop\Rkill.txt
2018-03-31 08:41 - 2018-03-31 08:41 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\JCH\Desktop\rkill.exe
2018-03-31 08:35 - 2018-03-31 08:38 - 000000000 ____D C:\ProgramData\HitmanPro
2018-03-31 08:35 - 2018-03-31 08:35 - 011605440 _____ (SurfRight B.V.) C:\Users\JCH\Desktop\hitmanpro_x64.exe
2018-03-30 15:35 - 2018-03-28 10:31 - 005583040 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-03-30 15:35 - 2018-03-28 10:09 - 004046016 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2018-03-30 15:35 - 2018-03-28 10:09 - 004026048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2018-03-30 15:35 - 2018-03-09 05:39 - 000708288 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2018-03-30 15:35 - 2018-03-09 05:39 - 000262336 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2018-03-30 15:35 - 2018-03-09 05:39 - 000154816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2018-03-30 15:35 - 2018-03-09 05:39 - 000095424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2018-03-30 15:35 - 2018-03-09 05:18 - 000631640 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2018-03-30 15:35 - 2018-03-09 05:09 - 001665336 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 001461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 001212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 001163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000361984 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000007168 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 05:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:47 - 001314064 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:43 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:38 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2018-03-30 15:35 - 2018-03-09 04:38 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2018-03-30 15:35 - 2018-03-09 04:38 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2018-03-30 15:35 - 2018-03-09 04:37 - 000064512 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2018-03-30 15:35 - 2018-03-09 04:34 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2018-03-30 15:35 - 2018-03-09 04:34 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\videoprt.sys
2018-03-30 15:35 - 2018-03-09 04:33 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2018-03-30 15:35 - 2018-03-09 04:31 - 000160256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2018-03-30 15:35 - 2018-03-09 04:30 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2018-03-30 15:35 - 2018-03-09 04:30 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2018-03-30 15:35 - 2018-03-09 04:29 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2018-03-30 15:35 - 2018-03-09 04:29 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2018-03-30 15:35 - 2018-03-09 04:26 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2018-03-30 15:35 - 2018-03-09 04:22 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2018-03-30 15:35 - 2018-03-09 04:22 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2018-03-30 15:35 - 2018-03-09 04:22 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2018-03-30 15:35 - 2018-03-09 04:22 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2018-03-30 15:35 - 2018-03-09 04:22 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2018-03-30 15:35 - 2018-03-09 04:21 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:21 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:21 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-03-30 15:35 - 2018-03-09 04:21 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-03-30 15:35 - 2018-02-18 23:34 - 000634272 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2018-03-29 18:04 - 2018-03-29 18:04 - 000001924 _____ C:\Users\Public\Desktop\NordVPN.lnk
2018-03-29 18:04 - 2018-03-29 18:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2018-03-29 18:04 - 2018-03-29 18:04 - 000000000 ____D C:\Program Files (x86)\NordVPN
2018-03-29 16:42 - 2018-03-30 10:42 - 000000000 ____D C:\Users\JCH\Desktop\Article-Wysylka
2018-03-25 23:30 - 2018-03-25 23:30 - 000193248 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2018-03-25 23:29 - 2018-03-31 08:57 - 000253664 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-03-25 23:29 - 2018-03-31 08:57 - 000109800 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2018-03-25 23:29 - 2018-03-31 08:57 - 000092280 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2018-03-25 16:59 - 2018-03-25 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-24 13:27 - 2018-03-24 13:27 - 000903416 _____ C:\Users\JCH\Desktop\40.pdf
2018-03-15 09:01 - 2018-02-13 20:17 - 000136384 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2018-03-15 09:01 - 2018-02-13 20:10 - 000655872 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2018-03-15 09:01 - 2018-02-13 16:05 - 001994752 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2018-03-15 09:01 - 2018-02-13 16:05 - 001560064 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2018-03-15 09:01 - 2018-02-13 16:05 - 000740864 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2018-03-15 09:01 - 2018-02-13 16:05 - 000600576 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2018-03-15 09:01 - 2018-02-13 16:05 - 000451072 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2018-03-15 09:01 - 2018-02-13 16:05 - 000380928 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2018-03-15 09:01 - 2018-02-13 16:05 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2018-03-15 09:01 - 2018-02-13 16:05 - 000237568 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2018-03-13 14:46 - 2018-03-13 14:46 - 006210560 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2018-03-13 14:46 - 2018-03-13 14:46 - 000004458 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-11 13:50 - 2018-03-23 11:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-03-09 23:16 - 2018-03-09 23:16 - 000380768 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2018-03-08 16:03 - 2018-03-26 15:15 - 000000000 ____D C:\Users\JCH\Desktop\literatura-NN
2018-03-08 13:41 - 2018-03-31 08:11 - 000001249 _____ C:\Users\JCH\Desktop\lista.txt
2018-03-06 16:33 - 2018-03-29 22:34 - 000000000 ____D C:\Users\JCH\Desktop\NN
2018-03-02 11:10 - 2018-03-02 11:10 - 000000000 ____D C:\Program Files\TeXMaker
2018-03-02 11:07 - 2018-03-02 11:07 - 000000000 ____D C:\Users\JCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2018-03-02 11:06 - 2018-03-02 11:06 - 000000000 ____D C:\Users\JCH\AppData\Roaming\MiKTeX
2018-03-02 11:06 - 2018-03-02 11:06 - 000000000 ____D C:\Users\JCH\AppData\Local\MiKTeX
2018-03-02 10:56 - 2018-03-29 16:09 - 000000000 ____D C:\Users\JCH\Desktop\doktorat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-31 09:17 - 2009-07-14 06:45 - 000027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-31 09:17 - 2009-07-14 06:45 - 000027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-31 09:03 - 2009-07-14 07:13 - 000782382 _____ C:\windows\system32\PerfStringBackup.INI
2018-03-31 09:03 - 2009-07-14 05:20 - 000000000 ____D C:\windows\inf
2018-03-31 08:59 - 2016-11-15 21:56 - 000000000 ____D C:\Users\JCH\AppData\LocalLow\Mozilla
2018-03-31 08:57 - 2009-07-14 07:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-03-30 22:52 - 2016-09-30 10:15 - 000000600 _____ C:\Users\JCH\AppData\Roaming\winscp.rnd
2018-03-30 22:01 - 2016-09-30 09:43 - 000000000 ____D C:\Users\JCH\AppData\Local\Battle.net
2018-03-30 17:56 - 2016-09-30 13:16 - 000000600 _____ C:\Users\JCH\AppData\Local\PUTTY.RND
2018-03-30 17:38 - 2018-02-19 14:46 - 000018903 _____ C:\Users\JCH\Desktop\wydatki.xlsx
2018-03-30 16:02 - 2018-02-07 10:43 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-29 22:48 - 2015-02-25 22:05 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-29 22:47 - 2018-01-25 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-03-29 22:47 - 2015-02-25 22:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-29 18:04 - 2018-01-24 14:11 - 000000000 ____D C:\Users\JCH\AppData\Roaming\NordVPN
2018-03-29 10:59 - 2018-02-19 21:38 - 000000000 ____D C:\Users\JCH\Desktop\files
2018-03-28 10:38 - 2018-02-16 17:14 - 000000000 ____D C:\Users\JCH\Desktop\Article
2018-03-28 09:44 - 2017-01-24 19:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-28 09:44 - 2016-09-20 19:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-28 09:09 - 2016-09-30 15:30 - 000000000 ____D C:\Users\JCH\AppData\Roaming\foobar2000
2018-03-26 08:27 - 2018-02-20 10:37 - 000000000 ____D C:\Users\JCH\Desktop\Resonant-STO
2018-03-23 13:18 - 2016-09-30 12:55 - 000002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-15 18:27 - 2009-07-14 07:08 - 000032608 _____ C:\windows\Tasks\SCHEDLGU.TXT
2018-03-15 10:38 - 2018-02-15 17:55 - 000000000 ____D C:\windows\system32\appraiser
2018-03-15 09:50 - 2017-05-14 21:03 - 000000000 ____D C:\windows\system32\MRT
2018-03-15 09:47 - 2017-10-11 20:51 - 130364688 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe
2018-03-15 09:47 - 2017-05-14 21:03 - 130364688 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-03-13 14:46 - 2015-02-25 22:01 - 000804352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-03-13 14:46 - 2015-02-25 22:01 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-13 14:46 - 2015-02-25 22:01 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-03-13 14:46 - 2015-02-25 22:01 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-03-13 14:46 - 2015-02-25 22:01 - 000000000 ____D C:\windows\system32\Macromed
2018-03-11 13:50 - 2017-03-15 19:31 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-03-11 13:50 - 2016-09-30 14:44 - 000000000 ____D C:\ProgramData\Skype
2018-03-11 13:49 - 2016-09-30 14:43 - 000000000 ____D C:\Program Files (x86)\WinRAR
2018-03-10 20:01 - 2016-09-30 14:45 - 000000000 ____D C:\Users\JCH\AppData\Roaming\Skype
2018-03-09 23:16 - 2018-01-20 18:06 - 000003910 _____ C:\windows\System32\Tasks\Avast Emergency Update
2018-03-09 23:16 - 2018-01-20 18:05 - 001026696 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2018-03-09 23:16 - 2018-01-20 18:05 - 000460520 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2018-03-09 23:16 - 2018-01-20 18:05 - 000380528 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2018-03-09 23:16 - 2018-01-20 18:05 - 000343752 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys
2018-03-09 23:16 - 2018-01-20 18:05 - 000227504 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys
2018-03-09 23:16 - 2018-01-20 18:05 - 000215320 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2018-03-09 23:16 - 2018-01-20 18:05 - 000205976 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2018-03-09 23:16 - 2018-01-20 18:05 - 000199440 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys
2018-03-09 23:16 - 2018-01-20 18:05 - 000196648 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2018-03-09 23:16 - 2018-01-20 18:05 - 000146656 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2018-03-09 23:16 - 2018-01-20 18:05 - 000110328 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2018-03-09 23:16 - 2018-01-20 18:05 - 000084368 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2018-03-09 23:16 - 2018-01-20 18:05 - 000057680 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys
2018-03-09 23:16 - 2018-01-20 18:05 - 000046968 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2018-03-03 21:00 - 2017-04-03 20:52 - 000007615 _____ C:\Users\JCH\AppData\Local\Resmon.ResmonCfg
2018-03-02 19:57 - 2017-12-20 12:04 - 000000000 ____D C:\Users\JCH\AppData\Roaming\RStudio
2018-03-02 19:57 - 2017-12-20 12:04 - 000000000 ____D C:\Users\JCH\AppData\Local\RStudio-Desktop
2018-03-02 19:43 - 2017-12-20 12:06 - 000114688 _____ C:\Users\JCH\AppData\Local\WebpageIcons.db

==================== Files in the root of some directories =======

2016-09-20 19:43 - 2016-09-20 19:43 - 007065600 _____ () C:\Program Files (x86)\GUTEF00.tmp
2016-09-30 10:15 - 2018-03-30 22:52 - 000000600 _____ () C:\Users\JCH\AppData\Roaming\winscp.rnd
2016-09-30 13:16 - 2018-03-30 17:56 - 000000600 _____ () C:\Users\JCH\AppData\Local\PUTTY.RND
2017-04-03 20:52 - 2018-03-03 21:00 - 000007615 _____ () C:\Users\JCH\AppData\Local\Resmon.ResmonCfg
2017-12-20 12:06 - 2018-03-02 19:43 - 000114688 _____ () C:\Users\JCH\AppData\Local\WebpageIcons.db
2017-02-14 23:54 - 2017-02-14 23:54 - 000000000 _____ () C:\Users\JCH\AppData\Local\{E3367008-C8D5-4F99-9309-B3008684C03A}

Some files in TEMP:
====================
2011-04-01 12:57 - 2011-04-01 12:57 - 000149352 ____R (Microsoft Corporation) C:\Users\JCH\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-20 19:47

==================== End of FRST.txt ============================

 

Addition.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by JCH (31-03-2018 09:26:32)
Running from C:\Users\JCH\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-09-20 17:44:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-927094157-3172907750-1925979478-500 - Administrator - Disabled)
Guest (S-1-5-21-927094157-3172907750-1925979478-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-927094157-3172907750-1925979478-1004 - Limited - Enabled)
JCH (S-1-5-21-927094157-3172907750-1925979478-1001 - Administrator - Enabled) => C:\Users\JCH

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7+ Taskbar Tweaker v5.2.1 (HKU\S-1-5-21-927094157-3172907750-1925979478-1001\...\7 Taskbar Tweaker) (Version: 5.2.1 - RaMMicHaeL)
Acrylic Wi-Fi Home v3.1 (HKU\S-1-5-21-927094157-3172907750-1925979478-1001\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 3.1 - Tarlogic Security S.L.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.106.303.118 - ALPS ELECTRIC CO., LTD.)
Amazon Kindle (HKU\S-1-5-21-927094157-3172907750-1925979478-1001\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlackBerry 10 Desktop Software (Blend, Link, Drivers) (HKLM-x32\...\{c33e77db-89b5-4abf-a1d1-97f8b35347e1}) (Version: 1.2.0.52 - BlackBerry)
BlackBerry Blend (HKLM-x32\...\{1DA42C01-4ED2-4B4E-B90C-18FCBA12FC41}) (Version: 1.2.0.50 - BlackBerry Ltd.) Hidden
BlackBerry Communication Drivers (HKLM-x32\...\{46CD5A63-0C1F-45C3-B643-CA87A17275C0}) (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Device Drivers (HKLM-x32\...\{1F6490E5-7540-426D-BC1E-EB57B0BF0C38}) (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Link (HKLM-x32\...\{C42468F9-9812-4550-A54B-5DDB062EB10F}) (Version: 1.2.4.39 - BlackBerry) Hidden
BlackBerry Link Remover (HKLM-x32\...\{44D65CAB-1BC8-47B7-BF5B-3EB8B6BB0276}) (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.50.66.2547 - BlueStack Systems, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CMEDIA USB2.0 Audio Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392016500}) (Version: 1.0.0.3 - C-Media Electronics, Inc.)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-927094157-3172907750-1925979478-1001\...\CopyTrans Suite) (Version: 4.017 - WindSolutions)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.7.0.0333 - Disc Soft Ltd)
DTS Studio Sound (HKLM-x32\...\{C82B23E7-587D-40F4-AD7D-E456C97C37F7}) (Version: 1.02.0900 - DTS, Inc.)
e-Deklaracje Desktop (HKLM-x32\...\{7898AC2E-C485-C8F7-5C95-56D54CCC695C}) (Version: 10.0.0 - Ministerstwo Finansow) Hidden
e-Deklaracje Desktop (HKLM-x32\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 10.0.0 - Ministerstwo Finansow)
Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-927094157-3172907750-1925979478-1001\...\HearthstoneDeckTracker) (Version: 1.4.3 - HearthSim)
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 19.5 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4054 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.2.54 - Intel Corporation)
Intel® WiDi (HKLM\...\{2F97FBC6-7992-4DF7-A7C7-B68455E307F7}) (Version: 5.1.20.0 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{7D732FB8-2B21-4384-9BD0-779158BA0520}) (Version: 17.1.1433.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6535d76a-59fb-4935-b2c5-cd61917c4a4b}) (Version: 17.16.0 - Intel Corporation)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
K-Lite Codec Pack 13.2.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.2.0 - KLCP)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-927094157-3172907750-1925979478-1001\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.9126.2116 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiKTeX 2.9 (HKU\S-1-5-21-927094157-3172907750-1925979478-1001\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
NordVPN (HKLM-x32\...\{5B727BF8-D797-4CB9-9B90-69D78F4986C6}) (Version: 6.12.11 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.12.11) (Version: 6.12.11 - NordVPN)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 7 - Notepad++ Team)
O2Micro OZ776 SCR Driver (HKLM\...\{91EC08DA-4913-468D-9796-BF9760B542FB}) (Version: 2.1.4.235GS - O2Micro) Hidden
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{91EC08DA-4913-468D-9796-BF9760B542FB}) (Version: 2.1.4.235GS - O2Micro)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Origin 2018 (HKLM-x32\...\{FE498A04-5A44-44CB-9107-6BC2BDB13D5E}) (Version: 9.50.00 - OriginLab Corporation)
paint.net (HKLM\...\{1F895C18-6A2F-4A9E-BBE9-246783070F37}) (Version: 4.0.16 - dotPDN LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
R for Windows 3.4.3 (HKLM\...\R for Windows 3.4.3_is1) (Version: 3.4.3 - R Core Team)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21260 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
RStudio (HKLM-x32\...\RStudio) (Version: 1.1.383 - RStudio)
Skype version 8.18 (HKLM-x32\...\Skype_is1) (Version: 8.18 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.5 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
TOSHIBA Battery Manager (HKLM\...\{5D1FDAAD-7037-4D83-8CA8-39D92F91E73E}) (Version: 9.0.7.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.4.11.6402 - Toshiba Corporation)
TOSHIBA Fingerprint Utility (HKLM\...\{62BBF381-D208-4EF0-B502-6CB6E5B9A161}) (Version: 2.3.05.64405 - Toshiba Corporation)
TOSHIBA Flash Cards (HKLM\...\{2263D049-8953-42C5-997B-CC19FD6CEF4F}) (Version: 9.0.9.6402 - Toshiba Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.15 - TOSHIBA Corporation)
TOSHIBA HWSetup (HKLM-x32\...\{0E94D98C-00A7-4C93-9708-8E5A1859E72E}) (Version: 9.0.7.3201 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.20 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\{6C0A2179-56CB-4F1F-9681-E777A4F3C800}) (Version: 9.0.3.3201 - Toshiba Corporation)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.4.6400 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{B507386D-1F61-4E55-B05B-F56ACB0086B3}) (Version: 4.01.01.6402 - Toshiba Corporation)
TOSHIBA Power Saver (HKLM\...\{4573FA6D-5FC1-4CA0-8D90-BAF9325B28ED}) (Version: 9.0.5.6403 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.9.52040013 - Toshiba Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{472175F3-ACB2-4977-8CC8-EB971C24F245}) (Version: 2.0.1.3201 - Toshiba Corporation)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.3.6401 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{3A9B3B6D-3C08-4283-AF50-FD82C49DD71E}) (Version: 3.4 - Toshiba Europe GmbH)
Validity WBF DDK 5111 (HKLM\...\{8824790A-7C36-41D3-8127-5BD92623150E}) (Version: 4.5.243.0 - Validity Sensors, Inc.)
VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.15.6.00000 - VMware, Inc.)
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinSCP 5.9.2 (HKLM-x32\...\winscp3_is1) (Version: 5.9.2 - Martin Prikryl)
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-09] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-09] (AVAST Software)
ShellIconOverlayIdentifiers: [ATFPUOverlayIcon] -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUOverlayIcon.dll [2013-07-17] (TOSHIBA)
ShellIconOverlayIdentifiers: [TFPUOverlayIcon] -> {8DBDDA23-34E3-4BF1-A107-67B94C080A1F} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUFileShellExt.dll [2013-07-17] (TOSHIBA)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-09-21] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-09] (AVAST Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [TFPUContextMenu] -> {2E34EBB9-C147-4DF4-938F-90C5B0837B1E} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUFileShellExt.dll [2013-07-17] (TOSHIBA)
ContextMenuHandlers1: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2014-01-20] (TOSHIBA)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2017-12-15] (Disc Soft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-09] (AVAST Software)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2017-12-15] (Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers4: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2014-01-20] (TOSHIBA)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2014-12-16] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-09] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [TFPUContextMenu] -> {2E34EBB9-C147-4DF4-938F-90C5B0837B1E} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUFileShellExt.dll [2013-07-17] (TOSHIBA)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {017B6DD7-D0F5-4636-8985-4816132A8318} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-30] (Google Inc.)
Task: {1B00029F-63A7-4D53-99D5-D6FF0937B41F} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2015-10-19] (Safer-Networking Ltd.)
Task: {233C5BC7-060A-4D03-AEEC-FC2BF7D659BC} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-05] (AVAST Software)
Task: {3338400F-E6E9-477C-B9BF-B96AE9A12665} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-29] (Microsoft Corporation)
Task: {3E28911C-D0B1-41AB-B6DC-29FBF4EC001F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-03-29] (Microsoft Corporation)
Task: {440B7066-A95D-43A0-B543-D33638AE4D67} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {495EA57A-9A7A-4EF1-A0C7-E2EE8C023F8C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
Task: {63C417CD-5276-47E0-97F5-143E1A9E79C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {775A3154-FDB5-416E-92A7-B4450B56E9EF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\windows\ehome\ehrec.exe
Task: {809F6DD0-3333-4D9D-9744-E2965F70014A} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2014-11-15] ()
Task: {98106199-526B-4F63-9F0B-98CF7ADB355E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-09] (AVAST Software)
Task: {AA5430FD-AFBD-4D15-B0E4-864B0A5AA9FE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-03-29] (Microsoft Corporation)
Task: {E48BEB1D-D4E5-48A4-AB7A-0E27AFD9C77A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-29] (Microsoft Corporation)
Task: {EEF0FE0F-5A35-48FB-B4F2-5D2C466C03D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-30] (Google Inc.)
Task: {FB6B1833-AE37-48DA-AE34-27F4E67425B3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-03-29 11:25 - 2018-03-29 11:25 - 000429304 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
2017-12-13 21:30 - 2018-03-01 10:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-12-13 21:30 - 2018-02-05 14:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-09 23:16 - 2018-03-09 23:16 - 000721624 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-03-09 23:16 - 2018-03-09 23:16 - 000912088 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-03-09 23:16 - 2018-03-09 23:16 - 000341720 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2014-10-09 23:39 - 2014-10-09 23:39 - 011237456 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2014-11-05 20:16 - 2014-11-05 20:16 - 000614480 _____ () C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2014-12-16 01:45 - 2014-12-16 01:45 - 000456808 _____ () C:\windows\system32\igfxTray.exe
2010-12-16 00:19 - 2010-12-16 00:19 - 000124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2014-11-05 19:36 - 2014-11-05 19:36 - 000474184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2014-02-19 18:13 - 2014-02-19 18:13 - 000352096 _____ () C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUCommon.dll
2014-11-15 02:09 - 2014-11-15 02:09 - 000021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2018-02-08 11:47 - 2018-02-08 11:47 - 000217375 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\liblzo2-2.dll
2018-02-08 11:47 - 2018-02-08 11:47 - 000118668 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\libpkcs11-helper-1.dll
2018-03-28 09:44 - 2018-03-28 09:44 - 000166400 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\Liberation.Native.OpenvpnFwHelperPlugin.dll
2018-03-28 09:44 - 2018-03-28 09:44 - 000302080 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\Liberation.Native.Firewall.dll
2013-08-21 08:49 - 2013-08-21 08:49 - 000080264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2018-03-09 23:16 - 2018-03-09 23:16 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-09 23:16 - 2018-03-09 23:16 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-03-30 21:37 - 2018-03-30 21:37 - 005809296 _____ () C:\Program Files\AVAST Software\Avast\defs\18033004\algo.dll
2018-03-09 23:16 - 2018-03-09 23:16 - 000756952 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-03-09 23:16 - 2018-03-09 23:16 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-03-09 23:16 - 2018-03-09 23:16 - 000964824 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-03-09 23:16 - 2018-03-09 23:16 - 000475352 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-03-08 10:53 - 2018-03-08 10:53 - 000238080 _____ () C:\Program Files (x86)\NordVPN\x86\Liberation.Native.Firewall.dll
2015-05-26 16:46 - 2015-05-26 16:46 - 000094208 _____ () C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll
2018-03-09 23:16 - 2018-03-09 23:16 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-09-21 22:16 - 2016-09-21 22:16 - 000021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2014-10-10 18:37 - 2014-10-10 18:37 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2018-03-31 09:02 - 000002641 _____ C:\windows\system32\Drivers\etc\hosts

0.0.0.0    choice.microsoft.com
0.0.0.0    choice.microsoft.com.nstac.net
0.0.0.0    df.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com.nsatc.net
0.0.0.0    redir.metaservices.microsoft.com
0.0.0.0    reports.wes.df.telemetry.microsoft.com
0.0.0.0    services.wes.df.telemetry.microsoft.com
0.0.0.0    settings-sandbox.data.microsoft.com
0.0.0.0    settings-win.data.microsoft.com
0.0.0.0    sqm.df.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0    telecommand.telemetry.microsoft.com
0.0.0.0    telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0    telemetry.appex.bing.net
0.0.0.0    telemetry.microsoft.com
0.0.0.0    telemetry.urs.microsoft.com
0.0.0.0    vortex-sandbox.data.microsoft.com
0.0.0.0    vortex-win.data.microsoft.com
0.0.0.0    vortex.data.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com.nsatc.net
0.0.0.0    watson.ppe.telemetry.microsoft.com
0.0.0.0    wes.df.telemetry.microsoft.com
0.0.0.0    vortex-bn2.metron.live.com.nsatc.net
0.0.0.0    vortex-cy2.metron.live.com.nsatc.net
0.0.0.0    watson.live.com
0.0.0.0    watson.microsoft.com
0.0.0.0    feedback.search.microsoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-927094157-3172907750-1925979478-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\JCH\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 103.86.99.99 - 103.86.96.96
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: WinZip Compression Smart Monitor Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk => C:\windows\pss\HandyAndy.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: RIM PeerManager => "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: Toshiba Registration => c:\Program Files (x86)\Toshiba\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: WinZip PreLoader => C:\Program Files\WinZip\WzPreloader.exe
MSCONFIG\startupreg: WinZip UN => C:\Program Files\WinZip\WZUpdateNotifier.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{2838B83F-A58A-40CE-AB65-0F66A126695D}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{4EF93B7D-1FB9-407A-A370-E1967D30C785}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{69A6E20A-8004-4204-AF43-D7738B4E566E}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{EA8A53DB-4FF9-4978-8DD2-19595B66CD7E}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{CAA802F2-F873-4D42-A542-C9637139F7ED}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{D10B22A8-A437-4F97-B775-B5B913B8D4DB}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{A7007EF8-154A-4CEC-A4D6-27A42C105242}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{94BA4A1F-524D-435B-A749-8485C14C407E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A6B75B36-44A0-444E-A685-16AFC7D1DDAA}] => (Allow) tunmgr.exe
FirewallRules: [{A19C1DC4-987E-49DA-A416-BF1B548A0993}] => (Allow) tunmgr.exe
FirewallRules: [{0B033EE0-34A6-4EBE-8910-88113D3EBF2D}] => (Allow) mDNSResponder.exe
FirewallRules: [{6D9312CE-66B3-470E-8F58-901ACBDAEBB7}] => (Allow) mDNSResponder.exe
FirewallRules: [{0462E582-0FE3-4466-B9BD-A80B10380440}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
FirewallRules: [{8F3A1166-ED6B-48EB-A3D3-CB8EF2435A8E}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\tunnel manager\PeerManager.exe
FirewallRules: [{2747A780-30EB-4AB7-BC89-65759DC8B110}] => (Allow) C:\Program Files (x86)\BlackBerry\BlackBerry Blend\desktopinvokeproxy.exe
FirewallRules: [{DDA474BC-5DE3-4A89-B693-F0C44CF6BB05}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{6239137F-BFCA-4295-9F97-7F11AB8DFE55}C:\program files (x86)\prywatne\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\prywatne\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{90BA4254-1050-4684-9922-A29C94A9F650}C:\program files (x86)\prywatne\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\prywatne\hearthstone\hearthstone.exe
FirewallRules: [{DAFB15BA-FB1A-4DC1-B6D6-B9F509527CF9}] => (Allow) C:\program files (x86)\prywatne\hearthstone\hearthstone.exe
FirewallRules: [{5EDB2A92-6F12-43C3-8682-9D168BDA9898}] => (Allow) C:\program files (x86)\prywatne\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{F5B3B8E3-C031-40C2-88A0-9F3C5383BB01}C:\prywatne\minetest\minetest-0.4.10-win32-msvc\minetest-0.4.10\bin\minetest.exe] => (Allow) C:\prywatne\minetest\minetest-0.4.10-win32-msvc\minetest-0.4.10\bin\minetest.exe
FirewallRules: [UDP Query User{D0EA2996-317D-4F47-AE82-1E72EE6EC425}C:\prywatne\minetest\minetest-0.4.10-win32-msvc\minetest-0.4.10\bin\minetest.exe] => (Allow) C:\prywatne\minetest\minetest-0.4.10-win32-msvc\minetest-0.4.10\bin\minetest.exe
FirewallRules: [{8B643BEB-C9DA-4AD9-A0A3-ACBAFC1D3442}] => (Block) C:\prywatne\minetest\minetest-0.4.10-win32-msvc\minetest-0.4.10\bin\minetest.exe
FirewallRules: [{80B784DC-E9BA-4799-8382-95007C7F6D67}] => (Block) C:\prywatne\minetest\minetest-0.4.10-win32-msvc\minetest-0.4.10\bin\minetest.exe
FirewallRules: [{8459ACE6-0766-4277-8DCA-52F6D20631B8}] => (Allow) C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe
FirewallRules: [{94B111C6-7D79-4B9A-B871-7545CC5E1282}] => (Allow) C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe
FirewallRules: [{9B65C19A-2D78-4483-9BF1-C4FA11A5021C}] => (Allow) C:\Prywatne\Steam\Steam.exe
FirewallRules: [{4EFC700C-8B91-4188-B448-76F9F009767A}] => (Allow) C:\Prywatne\Steam\Steam.exe
FirewallRules: [{CF677562-538D-4547-A0DA-ACFC607FED6A}] => (Allow) C:\Prywatne\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EBC65970-9DAB-424A-B84E-AD42F239DC44}] => (Allow) C:\Prywatne\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9B4CDFE0-D2D4-42C8-ADAB-CFD7717693D8}] => (Allow) C:\Prywatne\Steam\steamapps\common\Europa Universalis III - Complete\eu3game.exe
FirewallRules: [{DCD136F1-2A06-40BA-B14A-4FFD25AF51E0}] => (Allow) C:\Prywatne\Steam\steamapps\common\Europa Universalis III - Complete\eu3game.exe
FirewallRules: [{A3184C61-AED7-4F0D-9E36-3B7DF19FD932}] => (Allow) C:\Prywatne\Steam\steamapps\common\For The Glory\FTG.exe
FirewallRules: [{D3C1F23C-1E73-4573-BF1D-90EDC65385DA}] => (Allow) C:\Prywatne\Steam\steamapps\common\For The Glory\FTG.exe
FirewallRules: [{59EBFC9B-69D3-4264-B0BE-2E04F108F5B8}] => (Allow) LPort=3724
FirewallRules: [TCP Query User{69B2420C-DDE6-4831-929B-411604067DB6}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [UDP Query User{0DE14333-C5C1-4BCE-829C-5C3EBAC5FCFB}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [{5E14F44A-817A-42FA-873B-05CD2FC86B61}] => (Allow) C:\Users\JCH\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{D8AD85DF-A749-4FA7-9FE6-64A247CCB6CE}] => (Allow) C:\Users\JCH\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{E656D636-BC89-4C2D-8DFB-DF1856EAB48B}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{0407210F-BBC4-4FC6-A933-DAFC2049EF51}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{55198B55-62C9-4E81-A680-30B11808B48A}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{A42B2DFD-F219-438E-84DE-782AA4C7B971}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{D9E4A605-CCC9-4BC8-8512-5127D93794D6}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{20F7E7DA-9ECE-44BA-B80B-039C75ABF367}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{E69CFB2B-87C4-48FA-AFD9-33C60F8CDF16}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{7AC74826-DF1D-4263-8D8E-AB2D99DB1CD2}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{C43E81B5-38C2-46B8-890F-ADD605ADAE62}] => (Allow) C:\Users\JCH\AppData\Local\Temp\RemoveTemp.exe
FirewallRules: [{6E198111-E930-4EFB-B265-26F3AF0B4402}] => (Allow) C:\Users\JCH\AppData\Local\Temp\RemoveTemp.exe
FirewallRules: [{DF7F5E2D-6E75-4040-865C-2C2B2FDDE6F4}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{144A8477-40A8-4684-9E17-D530BD91D609}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{DFFC57D9-0A49-4D25-9C50-6573711C59C7}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{7B00327B-A235-434C-AFBF-B1C8D9B744B7}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{6F2463BC-3869-49E7-AEC1-11F5C9F7D7C4}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{C1570BF1-E133-4AE4-9E0F-7483B6AACA44}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
FirewallRules: [TCP Query User{4772072E-D0C3-469A-B001-13D10648122C}C:\program files\rstudio\bin\x64\rsession.exe] => (Allow) C:\program files\rstudio\bin\x64\rsession.exe
FirewallRules: [UDP Query User{AD681E75-6421-443B-8D9D-AE3A102C6F98}C:\program files\rstudio\bin\x64\rsession.exe] => (Allow) C:\program files\rstudio\bin\x64\rsession.exe
FirewallRules: [{0674C76A-7423-46EE-9129-F59C2683992D}] => (Allow) C:\Program Files\OriginLab\Origin2018\Origin95.exe
FirewallRules: [{B3A6F14A-0D63-417B-BC22-B9B27B6D2B8A}] => (Allow) C:\Program Files\OriginLab\Origin2018\Origin95.exe
FirewallRules: [{193DE9DD-4158-440F-9C09-29AFB599AC38}] => (Allow) C:\Program Files\OriginLab\Origin2018\Origin95_64.exe
FirewallRules: [{B2438761-21BC-4359-9A58-549ED6726086}] => (Allow) C:\Program Files\OriginLab\Origin2018\Origin95_64.exe
FirewallRules: [{0AED883B-20F2-45B3-A865-8AA3B960DD04}] => (Allow) C:\Users\JCH\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{6360DF8D-1B0C-418E-BC5E-747F4E8ADDFF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F65AABD1-C1E4-4DF6-B9AA-FF20D744B479}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A1F7ACD8-B4DD-4873-A6C5-3FFF95522834}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F6C488F8-6D58-4BC8-9403-AAB6FD5791CA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{782B8234-C732-48E1-8FB7-BD32E33284C5}C:\prywatne\lol\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Block) C:\prywatne\lol\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [UDP Query User{3FD6EBD2-D7FC-483F-A792-24D161EB7257}C:\prywatne\lol\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Block) C:\prywatne\lol\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [TCP Query User{3D2C56DC-019E-4373-9BFA-B8EBEBF6FD16}C:\prywatne\lol\rads\projects\league_client\releases\0.0.0.132\deploy\leagueclient.exe] => (Allow) C:\prywatne\lol\rads\projects\league_client\releases\0.0.0.132\deploy\leagueclient.exe
FirewallRules: [UDP Query User{4B4ACCFF-8698-46EF-95F1-9E8FF7D8F5B6}C:\prywatne\lol\rads\projects\league_client\releases\0.0.0.132\deploy\leagueclient.exe] => (Allow) C:\prywatne\lol\rads\projects\league_client\releases\0.0.0.132\deploy\leagueclient.exe
FirewallRules: [{8D68B118-1478-427F-92A1-A6D478FCA435}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{1B63F6DC-C126-4B4A-8FDC-30D2F7EF5FE4}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{BBA45BF2-0E79-4F48-87F0-221D2F5A4DEC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{9BC22D79-280F-46B3-B305-E04EE02BD4A8}C:\prywatne\lol\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Block) C:\prywatne\lol\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [UDP Query User{36AE967A-18C8-4887-964B-12C51FD229B5}C:\prywatne\lol\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Block) C:\prywatne\lol\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe

==================== Restore Points =========================

26-03-2018 14:09:48 Scheduled Checkpoint
29-03-2018 18:03:10 Removed NordVPN
30-03-2018 16:02:08 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/31/2018 09:02:03 AM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(1e7d78d42296bef204849d4ac6d188._tunnel._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (03/31/2018 08:59:54 AM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: 556: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (03/31/2018 08:59:54 AM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (03/31/2018 08:58:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 91.189.241.130.in-addr.arpa. PTR JCH-TOSH.local.

Error: (03/31/2018 08:58:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 130.241.189.91:5353   18 91.189.241.130.in-addr.arpa. PTR JCH-TOSH-2.local.

Error: (03/31/2018 08:58:42 AM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. PTR JCH-TOSH-2.local.

Error: (03/31/2018 08:58:42 AM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 0000:0000:0000:0000:0000:0000:0000:0001:5353   16 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. PTR JCH-TOSH.local.

Error: (03/31/2018 08:58:42 AM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Local Hostname JCH-TOSH.local already in use; will try JCH-TOSH-2.local instead


System errors:
=============
Error: (03/31/2018 08:57:31 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (03/31/2018 08:56:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (03/31/2018 08:56:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (03/31/2018 08:56:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (03/31/2018 08:56:40 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (03/31/2018 08:56:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DTS APO Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/31/2018 08:56:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/31/2018 08:56:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA eco Utility Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 24%
Total physical RAM: 16295.36 MB
Available physical RAM: 12311.36 MB
Total Virtual: 32588.89 MB
Available Virtual: 28269.39 MB

==================== Drives ================================

Drive c: (TI31446900A) (Fixed) (Total:225.62 GB) (Free:70.97 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{bcbf3dee-f395-11e4-a12e-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: 79F1A36A)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=225.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.4 GB) - (Type=17)

==================== End of Addition.txt ============================


Edited by VXV, 31 March 2018 - 03:00 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:31 AM

Posted 31 March 2018 - 08:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicy: Restriction <==== ATTENTION
Tcpip\..\Interfaces\{FF4AF176-D026-4B93-9F59-66EB553DB858}: [DhcpNameServer] 62.179.1.62 62.179.1.63
FF Extension: (BetterTTV) - C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\Extensions\firefox@betterttv.net.xpi [2017-07-07]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKU\S-1-5-21-927094157-3172907750-1925979478-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
S3 Tosrfcom; no ImagePath
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
---

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
===

Please let me know what problem persists with this computer.

#3 VXV

VXV
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 02 April 2018 - 08:55 AM

Hello nasdaq, thank you for your time.

 

I  performed the requested fix, fixlog.txt attached below at the end of the post.

Java updater says I already have the latest version. I disabled Java content in all my browsers anyway.

 

For the last two days, there have been no new occurrences of the problem.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by JCH (31-03-2018 16:18:49) Run:1
Running from C:\Users\JCH\Desktop
Loaded Profiles: JCH (Available Profiles: JCH)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicy: Restriction <==== ATTENTION
Tcpip\..\Interfaces\{FF4AF176-D026-4B93-9F59-66EB553DB858}: [DhcpNameServer] 62.179.1.62 62.179.1.63
FF Extension: (BetterTTV) - C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\Extensions\firefox@betterttv.net.xpi [2017-07-07]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKU\S-1-5-21-927094157-3172907750-1925979478-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
S3 Tosrfcom; no ImagePath
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FF4AF176-D026-4B93-9F59-66EB553DB858}\\DhcpNameServer" => removed successfully
C:\Users\JCH\AppData\Roaming\Mozilla\Firefox\Profiles\fiiuz8sn.default\Extensions\firefox@betterttv.net.xpi => moved successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKU\S-1-5-21-927094157-3172907750-1925979478-1001\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tosrfcom" => removed successfully
Tosrfcom => service removed successfully
"HKLM\System\CurrentControlSet\Services\VMnetAdapter" => removed successfully
VMnetAdapter => service removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection 6 while it has its media disconnected.
No operation can be performed on Local Area Connection 3 while it has its media disconnected.
No operation can be performed on Wireless Network Connection 3 while it has its media disconnected.
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

Ethernet adapter Local Area Connection 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::fd69:72cc:3150:4d99%12
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : chello.pl

Tunnel adapter 6TO4 Adapter:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{4BAB5DBD-2311-497B-8F81-9CEE5946CC78}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{0373FB2F-0491-4B13-B03A-1E1D93A90F5B}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{20085EC2-AA34-46DC-943A-F7636061F7E3}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.eduroam.gu.se:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{B5582D86-FCC0-4D30-9665-025EAD6C0392}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection 6 while it has its media disconnected.
No operation can be performed on Local Area Connection 3 while it has its media disconnected.
No operation can be performed on Wireless Network Connection 3 while it has its media disconnected.
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

Ethernet adapter Local Area Connection 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : eduroam.gu.se
   Link-local IPv6 Address . . . . . : fe80::fd69:72cc:3150:4d99%12
   IPv4 Address. . . . . . . . . . . : 130.241.189.91
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : 130.241.188.1

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : chello.pl

Tunnel adapter 6TO4 Adapter:

   Connection-specific DNS Suffix  . : eduroam.gu.se
   IPv6 Address. . . . . . . . . . . : 2002:82f1:bd5b::82f1:bd5b
   Default Gateway . . . . . . . . . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{4BAB5DBD-2311-497B-8F81-9CEE5946CC78}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{20085EC2-AA34-46DC-943A-F7636061F7E3}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.eduroam.gu.se:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : eduroam.gu.se

Tunnel adapter isatap.{B5582D86-FCC0-4D30-9665-025EAD6C0392}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25798706 B
Java, Flash, Steam htmlcache => 191754878 B
Windows/system/drivers => 421792269 B
Edge => 0 B
Chrome => 181145437 B
Firefox => 423053834 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 162272 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 0 B
JCH => 1070018714 B

RecycleBin => 75118481 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:19:37 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:31 AM

Posted 02 April 2018 - 12:52 PM

Hi,

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

I will leave this topic open for 6 days.

#5 VXV

VXV
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 04 April 2018 - 01:12 AM

Unfortunately, there was another blocked attempt this morning with different IP address. So I guess the root cause must be still somewhere around.

 

IP: https://www.abuseipdb.com/check/111.121.193.209



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:31 AM

Posted 04 April 2018 - 07:14 AM



Hi,

If this is reported by Malwarebytes it mayi just be that you are being notified of this blockages.

Check this article and if set remove the notification option.
https://support.malwarebytes.com/docs/DOC-1283

If the problem persist then run the Farbar program and post a fresh FRST.txt log for my review.

#7 VXV

VXV
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 04 April 2018 - 07:49 AM

Hi,

I'm not sure if I understand you correctly - if I disable notifications, how can I check whether the problem persists? Or are you saying that all of this is an automatic action by Malwarebytes and the notifications are only a minor annoyance which does not signal any serious threat?


Edited by VXV, 04 April 2018 - 07:49 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:31 AM

Posted 04 April 2018 - 10:48 AM

Hi,

It might be a minor annoyance but if it happens 10 times a day I do not thing you will want to see the.

In my mind Malwarebytes is protecting you.

If your computer is running well let it be for now. Your call.

#9 VXV

VXV
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 04 April 2018 - 12:42 PM

I don't mind occasionally seeing the messages, my only worry was that it may be a symptom of something worse.

 

If you think this is not the case, I'll leave things running as they are. Thank you for your help.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:31 AM

Posted 04 April 2018 - 12:55 PM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

p.s.
I will leave this topic open for 6 days.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users