Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help laptop fan keeps running.. hard to find virus


  • This topic is locked This topic is locked
10 replies to this topic

#1 ankore

ankore

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 29 April 2018 - 04:12 AM

I have run various antivirus but in vain.. kindly help .. here is Hijack this log
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:33:48 PM, on 4/29/2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Logitech Flow Scroll - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Realtime Behavior Detection (arwsrvc) - Quick Heal Technologies Ltd. - C:\Program Files\Quick Heal\Quick Heal Total Security\arwsrvc.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Behavior Detection System - Quick Heal Technologies Ltd. - C:\Program Files\Quick Heal\Quick Heal Total Security\bdssvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Core Mail Protection - Quick Heal Technologies Ltd. - C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE
O23 - Service: Core Scanning Server - Quick Heal Technologies Ltd. - C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE
O23 - Service: Core Scanning ServerEx - Quick Heal Technologies Ltd. - C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Windows Connectivity Manager for Gramblr (gramblrclient) - Unknown owner - C:\Program Files\Gramblr\gramblr.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: O2SDIOAssist - Unknown owner - C:\Windows\SysWOW64\srvany.exe
O23 - Service: Online Protection System - Quick Heal Technologies Ltd. - C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Quick Update Service - Quick Heal Technologies Ltd. - C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: ReiBootAdService - Unknown owner - C:\Program Files (x86)\ReiBoot\AdService.exe (file missing)
O23 - Service: RepairService - Quick Heal Technologies Ltd. - C:\Program Files\Quick Heal\Quick Heal Total Security\reprsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Total Security Helper Service WSC (ScanWscS) - Quick Heal Technologies Ltd. - C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE
O23 - Service: Core Browsing Protection (ScSecSvc) - Quick Heal Technologies Ltd. - C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - Unknown owner - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WatchGuard SSLVPN Service (wgsslvpnsrc) - Unknown owner - C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Unknown owner - C:\Program Files (x86)\Wondershare\dr.fone\Library\DriverInstaller\DriverInstall.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
 
--
End of file - 11332 bytes

Edited by Platypus, 29 April 2018 - 04:15 AM.
Deleted duplicate post


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 AM

Posted 29 April 2018 - 09:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

HijackThis is no longer supported and not ready for your Operating system.
I suggest your remove via the Control panel > Programs > ...
Use this Farbar Recovery Scan Tool from now on to report problems.
<<<>>>

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs for my review.

#3 ankore

ankore
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 30 April 2018 - 01:38 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.04.2018
Ran by Mega (administrator) on MEGALAPTOP (30-04-2018 12:02:25)
Running from C:\Users\Mega\Downloads
Loaded Profiles: Mega (Available Profiles: Mega)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ARWSRVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCSECSVC.EXE
() C:\Program Files\Quick Heal\Quick Heal Total Security\BSSISS.EXE
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\QHPISVR.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\OPSSVC.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\BDSSVC.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Windows\SysWOW64\srvany.exe
(TODO: <公司名>) C:\Windows\SysWOW64\SDIOAssist.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\QUHLPSVC.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\REPRSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ONLINENT.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(hxxps://tortoisegit.org/) C:\Program Files\TortoiseGit\bin\TGitCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Webyog Inc.) C:\Program Files (x86)\SQLyog\SQLyog.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(FileZilla Project) C:\Program Files\FileZilla FTP Client\filezilla.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [LogiScrollApp] => C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-09] (Logitech, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-08-26] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-07-17] (Intel® Corporation)
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [224384 2017-06-15] (Quick Heal Technologies Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2017-03-28] (Adobe Systems Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2438715495-945724295-1299464113-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8887216 2018-03-23] (SUPERAntiSpyware)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Lsa: [Notification Packages] scecli C:\Windows\system32\ScSecAuth.Dll
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 8.8.8.8
Tcpip\..\Interfaces\{0F7C0E17-C0B4-4AF2-A02E-6C9935B3B1A9}: [DhcpNameServer] 192.168.0.1 8.8.8.8
Tcpip\..\Interfaces\{4EBE2B21-BE2A-4C3D-9C70-5D51C43B2D93}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{848B2B68-4E10-436A-B046-F069CA6CA1FE}: [DhcpNameServer] 192.168.3.15 192.168.3.16
Tcpip\..\Interfaces\{D7B97A09-9E09-4987-A87E-62D10414A7A1}: [DhcpNameServer] 192.168.0.1 8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2438715495-945724295-1299464113-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2438715495-945724295-1299464113-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_112\bin\ssv.dll [2016-10-19] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-08-26] (AVAST Software)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)
BHO: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll [2012-02-09] (Logitech, Inc.)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-08-26] (AVAST Software)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll [2012-02-09] (Logitech, Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-05-05] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: kdebcshi.default
FF ProfilePath: C:\Users\Mega\AppData\Roaming\Mozilla\Firefox\Profiles\kdebcshi.default [2018-04-28]
FF Extension: (Avast SafePrice) - C:\Users\Mega\AppData\Roaming\Mozilla\Firefox\Profiles\kdebcshi.default\Extensions\sp@avast.com.xpi [2018-04-04]
FF Extension: (Avast Online Security) - C:\Users\Mega\AppData\Roaming\Mozilla\Firefox\Profiles\kdebcshi.default\Extensions\wrc@avast.com.xpi [2017-10-23]
FF Extension: (Download all Images) - C:\Users\Mega\AppData\Roaming\Mozilla\Firefox\Profiles\kdebcshi.default\Extensions\{32af1358-428a-446d-873e-5f8eb5f2a72e}.xpi [2018-03-05]
FF Extension: (iMacros for Firefox) - C:\Users\Mega\AppData\Roaming\Mozilla\Firefox\Profiles\kdebcshi.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi [2017-06-23] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF Extension: (Logitech Flow Scroll) - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2016-02-25] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2018-03-10] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-18] ()
FF Plugin: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2438715495-945724295-1299464113-1000: SkypeForBusinessPlugin-15.8 -> C:\Users\Mega\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi.dll [2015-06-15] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2438715495-945724295-1299464113-1000: SkypeForBusinessPlugin64-15.8 -> C:\Users\Mega\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi-x64.dll [2015-06-15] (Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default [2018-04-30]
CHR Extension: (Google Translate) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-02-17]
CHR Extension: (Import Aliexpress Products to Woocommerce) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambpfppfbpeepjlpgekhpdfmmgikfjjd [2018-01-05]
CHR Extension: (Intellyfish Price Comparison) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\anpakijakceoakpblfifhfopkammmcfi [2018-03-01]
CHR Extension: (Docs) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Mobile & Tablet Emulator) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoncepgjhkfeapbalkebdoiialgofpan [2016-02-06]
CHR Extension: (Google Drive) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-06]
CHR Extension: (Screenshot Webpages) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk [2016-06-30]
CHR Extension: (FreeConferenceCall.com Launcher) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkkecfjcahaciigdkmmbfaoejneoogj [2018-04-28]
CHR Extension: (YouTube) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-06]
CHR Extension: (Hola Video Accelerator) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgpmaaockmdehmidghebcjafhihlgha [2018-01-15]
CHR Extension: (Google Search) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-06]
CHR Extension: (Postman) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2018-02-15]
CHR Extension: (Google Docs Offline) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-23]
CHR Extension: (AdBlock) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-04-23]
CHR Extension: (WooDropship - AliExpress WooCommerce Importer) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdmmefakkaehcbcljkgpbcahnhghjgnd [2018-04-23]
CHR Extension: (Advanced REST client) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmloofddffdnphfgcellkdfbfbjeloo [2017-12-15]
CHR Extension: (ibVPN - Best VPN & Proxy) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\higioemojdadgdbhbbbkfbebbdlfjbip [2018-04-25]
CHR Extension: (AllCast Receiver) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjbljnpdahefgnopeohlaeohgkiidnoe [2017-03-25]
CHR Extension: (Gallerify - Powerful Image Downloader) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlmlhalegjopepcnfbnphmpobjkjhdgk [2018-02-12]
CHR Extension: (Oberlo - Aliexpress.com Product Importer) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmanipjnbjnhoicdnooapcnfonebefel [2018-04-23]
CHR Extension: (Eye Dropper) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2017-09-11]
CHR Extension: (Ali Invoice) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\iddjifkhlboklmognibdadieodidkhcm [2018-04-23]
CHR Extension: (Download AliExpress product images) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfdmndkebgjnoecndabpkfpafgdhfjck [2018-04-29]
CHR Extension: (Clipular! Research, save & share screenshot) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjbgcjbgmcfgbgikmbdioggjlhjegpp [2016-02-06]
CHR Extension: (Web Scraper) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnhgnonknehpejjnehehllkliplmbmhn [2018-02-05]
CHR Extension: (Google Hangouts) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2018-02-16]
CHR Extension: (Tweepi Bulk Default Action (aka Select All)) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpniicpnanbaopgkcagaphglbeaejnph [2016-09-05]
CHR Extension: (Mass follow for Twitter) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmanfkmmgfigbnjibfemdnnfjboficn [2017-11-09]
CHR Extension: (Unicorn Smasher) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmmeekapjbfjachdkgabdaoccfclpaa [2018-02-12]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-07-24]
CHR Extension: (Aliexpress Seller Check) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibmplgflabdmnnoncnedjfdpidjblnk [2018-01-13]
CHR Extension: (Hoxx VPN Proxy) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2018-03-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Fatkun Batch Download Image) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjjahlikiabnchcpehcpkdeckfgnohf [2018-04-25]
CHR Extension: (Responsive Web Design Tester) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2017-06-25]
CHR Extension: (My Chrome Theme) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-02-06]
CHR Extension: (Gmail) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-06]
CHR Extension: (Chrome Media Router) - C:\Users\Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-23]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-03-28]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [geooogfhpjdpeiphckpbgkhpbeobcaoi] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2016-02-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 arwsrvc; C:\Program Files\Quick Heal\Quick Heal Total Security\arwsrvc.exe [77952 2017-11-14] (Quick Heal Technologies Ltd.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-08-26] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-08-26] (AVAST Software)
R2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal Total Security\bdssvc.exe [38528 2017-11-14] (Quick Heal Technologies Ltd.)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [67200 2017-06-15] (Quick Heal Technologies Ltd.)
R2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [338560 2018-02-20] (Quick Heal Technologies Ltd.)
S3 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [338560 2018-02-20] (Quick Heal Technologies Ltd.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-09-23] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International) [File not signed]
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2012-03-09] () [File not signed]
R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [71808 2017-06-15] (Quick Heal Technologies Ltd.)
R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [173184 2017-07-04] (Quick Heal Technologies Ltd.)
R2 RepairService; C:\Program Files\Quick Heal\Quick Heal Total Security\reprsvc.exe [43136 2017-06-15] (Quick Heal Technologies Ltd.)
R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [370208 2017-12-22] (Quick Heal Technologies Ltd.)
R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe [643200 2017-09-22] (Quick Heal Technologies Ltd.)
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-05] (@ByELDI) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
R2 wgsslvpnsrc; C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [102912 2014-08-31] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
S2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [X]
S2 ReiBootAdService; C:\Program Files (x86)\ReiBoot\AdService.exe [X]
S2 ss_conn_service; "C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe" [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone\Library\DriverInstaller\DriverInstall.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 arwflt; C:\Windows\System32\DRIVERS\arwflt.sys [104024 2017-11-08] (Quick Heal Technologies Ltd.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-08-26] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-08-26] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-08-26] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-08-26] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-08-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146704 2017-08-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-08-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-08-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015880 2017-08-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-08-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-08-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-08-26] (AVAST Software)
R3 atkldrvr; C:\Windows\System32\DRIVERS\atkldrvr.sys [57144 2017-04-27] (Quick Heal Technologies Ltd.)
R1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [336160 2017-11-09] (Quick Heal Technologies Ltd.)
R1 bdsnm; C:\Windows\System32\DRIVERS\bdsnm.sys [36984 2017-11-14] (Quick Heal Technologies Ltd.)
R3 bsfs; C:\Windows\System32\DRIVERS\bsfs.sys [96784 2017-05-08] (Quick Heal Technologies Ltd.)
R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [162680 2018-02-23] (Quick Heal Technologies Ltd.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [501216 2015-08-05] (Intel Corporation)
R2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [30280 2017-04-21] (Quick Heal Technologies Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [95784 2017-08-28] (Quick Heal Technologies Ltd.)
R3 kbfltr; C:\Windows\System32\DRIVERS\kbfltr.sys [39152 2017-04-27] (Quick Heal Technologies Ltd.)
S3 llio; C:\Windows\system32\DRIVERS\llio.sys [90096 2017-05-23] (Quick Heal Technologies Ltd.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-06] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-06] (Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-04-06] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-06] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-06] (Malwarebytes)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [62344 2017-04-27] (Quick Heal Technologies Ltd.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
S3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [210592 2014-05-14] (BayHubTech/O2Micro )
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [75952 2014-04-21] (STMicroelectronics)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R0 webssx; C:\Windows\System32\drivers\webssx.sys [80256 2017-08-10] (Quick Heal Technologies Ltd.)
R1 wsnf; C:\Windows\System32\DRIVERS\wsnf.sys [59312 2016-04-12] (Quick Heal Technologies Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
S3 iwdbus; system32\DRIVERS\iwdbus.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 usb3Hub; system32\DRIVERS\usb3Hub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XHCIPort; system32\DRIVERS\XHCIPort.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-01-01 06:25 - 2018-03-28 11:41 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-04-30 12:02 - 2018-04-30 12:03 - 000033216 _____ C:\Users\Mega\Downloads\FRST.txt
2018-04-30 12:01 - 2018-04-30 12:02 - 000000000 ____D C:\FRST
2018-04-30 11:48 - 2018-04-30 11:48 - 000421744 _____ C:\Users\Mega\Desktop\Missing Parts.csv
2018-04-30 02:25 - 2018-04-30 02:25 - 000017506 _____ C:\Users\Mega\Desktop\Door-seal.pdf
2018-04-29 21:18 - 2018-04-29 21:18 - 000048555 _____ C:\Users\Mega\Downloads\wp-custom-category-pages.zip
2018-04-29 19:57 - 2018-04-29 19:57 - 002405888 _____ (Farbar) C:\Users\Mega\Downloads\FRST64.exe
2018-04-29 19:55 - 2018-04-29 19:55 - 000015437 _____ C:\Users\Mega\Downloads\enhanced-category-pages.zip
2018-04-29 19:55 - 2016-07-14 06:35 - 000000000 ____D C:\Users\Mega\Desktop\enhanced-category-pages
2018-04-29 18:49 - 2018-04-29 18:51 - 025885464 _____ C:\Users\Mega\Desktop\vantageV3.sql
2018-04-28 20:36 - 2018-04-28 20:36 - 000003494 _____ C:\Users\Mega\Downloads\11.html
2018-04-28 19:22 - 2018-04-28 19:35 - 000001188 _____ C:\Users\Mega\Desktop\cus.csv
2018-04-28 18:08 - 2018-04-28 18:08 - 000009857 _____ C:\Users\Mega\Downloads\Users-Export-2018-April-28-1238.csv
2018-04-28 18:06 - 2018-04-28 18:06 - 000021313 _____ C:\Users\Mega\Downloads\Users-Export-2018-April-28-1236.csv
2018-04-28 17:35 - 2018-04-28 17:35 - 002165789 _____ C:\Users\Mega\Downloads\wp-all-export-pro.zip
2018-04-28 17:33 - 2018-04-28 17:33 - 000002521 _____ C:\Users\Mega\Downloads\vantageplaneplastics.wordpress.2018-04-28.xml
2018-04-28 15:15 - 2018-04-28 15:15 - 000532849 _____ C:\Users\Mega\Downloads\user-role-editor.4.40.3.zip
2018-04-28 14:02 - 2018-04-28 14:02 - 000089199 _____ C:\Users\Mega\Downloads\adminimize.1.11.4.zip
2018-04-28 11:52 - 2018-04-28 11:52 - 003339726 _____ C:\Users\Mega\Downloads\client-dash.2.0.5.zip
2018-04-28 01:58 - 2018-04-28 01:58 - 000139016 _____ C:\Users\Mega\Desktop\Uproducts.csv
2018-04-27 22:01 - 2018-04-27 22:01 - 000014715 _____ C:\Users\Mega\Desktop\Book5.xlsx
2018-04-27 21:10 - 2018-04-27 21:10 - 000000000 ____D C:\Users\Mega\Desktop\documentation
2018-04-27 20:59 - 2018-04-27 20:59 - 010477666 _____ C:\Users\Mega\Downloads\69233_advwooreport-45.zip
2018-04-27 20:59 - 2018-04-27 20:59 - 000000000 ____D C:\Users\Mega\Desktop\advwooreport-45
2018-04-27 19:16 - 2018-04-27 19:16 - 000123074 _____ C:\Users\Mega\Downloads\673_wpai-user-add-on107.zip
2018-04-27 19:16 - 2018-04-27 19:16 - 000000000 ____D C:\Users\Mega\Desktop\wpai-user-add-on
2018-04-27 16:07 - 2018-04-27 16:07 - 000948630 _____ C:\Users\Mega\Downloads\woocommerce-dynamic-pricing.zip
2018-04-27 15:26 - 2018-04-23 09:30 - 000000000 ____D C:\Users\Mega\Desktop\woo-discount-rules
2018-04-27 15:24 - 2018-04-27 15:24 - 000399130 _____ C:\Users\Mega\Downloads\woo-discount-rules.1.5.10.zip
2018-04-27 15:03 - 2018-04-27 15:03 - 000060606 _____ C:\Users\Mega\Desktop\temp.php
2018-04-27 12:58 - 2018-04-27 12:58 - 000000000 ___HD C:\Users\Mega\ScStore
2018-04-27 03:14 - 2018-04-27 03:14 - 000076047 _____ C:\Users\Mega\Desktop\exp-UPLOAD-NEW.csv
2018-04-27 03:13 - 2018-04-27 03:13 - 000034830 _____ C:\Users\Mega\Desktop\exp-UPLOAD-NEW.xlsx
2018-04-27 00:48 - 2018-04-27 03:13 - 000034831 _____ C:\Users\Mega\Downloads\Book2.xlsx
2018-04-26 23:57 - 2018-04-26 23:57 - 002838694 _____ C:\Users\Mega\Downloads\FedminApp.apk
2018-04-26 22:37 - 2018-04-26 22:37 - 001223427 _____ C:\Users\Mega\Downloads\ExpressLookup.csv
2018-04-26 22:22 - 2018-04-26 22:22 - 002838694 _____ C:\Users\Mega\Downloads\FedminApp (1).apk
2018-04-26 18:08 - 2018-04-27 03:14 - 000001160 _____ C:\Users\Mega\Desktop\category-meta-file.csv
2018-04-26 17:49 - 2018-04-26 18:06 - 000000668 _____ C:\Users\Mega\Desktop\Cat-maker.csv
2018-04-26 17:49 - 2018-04-26 17:49 - 000008396 _____ C:\Users\Mega\Desktop\Cat-maker.xlsx
2018-04-26 16:02 - 2018-04-26 16:02 - 000346373 _____ C:\Users\Mega\Downloads\Products-Export-2018-April-26-1030.zip
2018-04-26 16:01 - 2018-04-26 16:02 - 005143542 _____ C:\Users\Mega\Downloads\Products-Export-2018-April-26-1030.csv
2018-04-26 02:01 - 2018-04-26 02:01 - 000301997 _____ C:\Users\Mega\Downloads\wpai-woocommerce-add-on.zip
2018-04-26 02:01 - 2017-02-24 15:32 - 000000000 ____D C:\Users\Mega\Desktop\wpai-woocommerce-add-on
2018-04-26 01:57 - 2018-04-26 18:29 - 000004317 _____ C:\Users\Mega\Desktop\test.csv
2018-04-26 01:52 - 2018-04-26 01:52 - 000237127 _____ C:\Users\Mega\Downloads\Products-Export-2018-April-25-2020.csv
2018-04-26 00:24 - 2018-04-26 00:24 - 000000000 ____D C:\Users\Mega\Downloads\wp-all-import-pro
2018-04-26 00:23 - 2018-04-26 00:24 - 002277545 _____ C:\Users\Mega\Downloads\59995_WP_All_Import_Pro_[v4.5.0].zip
2018-04-24 22:04 - 2018-04-24 22:04 - 000314142 _____ C:\Users\Mega\Downloads\google (1).csv
2018-04-24 12:38 - 2018-04-24 12:38 - 000327662 _____ C:\Users\Mega\Desktop\Carpet Colors.xlsx
2018-04-24 12:31 - 2018-04-24 17:41 - 000909822 _____ C:\Users\Mega\Desktop\carpet.csv
2018-04-20 21:12 - 2018-04-20 21:14 - 024377937 _____ C:\Users\Mega\Desktop\vantageV2.sql
2018-04-18 20:11 - 2018-04-18 20:12 - 023925777 _____ C:\Users\Mega\Desktop\vantage.sql
2018-04-12 21:55 - 2018-04-14 22:02 - 000212945 _____ C:\Users\Mega\Downloads\1st-product-Export.csv
2018-04-12 21:23 - 2018-02-21 13:16 - 000000000 ____D C:\Users\Mega\Desktop\wp-all-export
2018-04-12 21:22 - 2018-04-12 21:23 - 002021500 _____ C:\Users\Mega\Downloads\wp-all-export.1.2.0.zip
2018-04-12 21:22 - 2018-04-12 21:22 - 007924192 _____ (Tim Kosse) C:\Users\Mega\Downloads\FileZilla_3.32.0_win64-setup.exe
2018-04-10 02:13 - 2018-04-10 02:13 - 001290038 _____ C:\Users\Mega\Desktop\ExpressLookup.csv
2018-04-09 14:53 - 2018-04-09 14:53 - 000000064 _____ C:\Users\Mega\Desktop\htway-complaint.txt
2018-04-06 21:25 - 2018-04-06 21:25 - 000017920 _____ C:\Windows\SysWOW64\rpcnetp.dll
2018-04-06 21:23 - 2018-04-30 12:03 - 076283904 _____ C:\Windows\system32\config\SYSTEM
2018-04-06 21:23 - 2018-04-06 21:23 - 000017920 _____ C:\Windows\SysWOW64\rpcnetp.exe
2018-04-06 21:23 - 2018-04-06 21:23 - 000017920 _____ C:\Windows\system32\rpcnetp.exe
2018-04-06 16:53 - 2018-04-06 17:18 - 000000000 ____D C:\temp
2018-04-06 16:51 - 2018-04-06 15:31 - 000025240 _____ C:\Users\Mega\Desktop\Scan Report.txt
2018-04-06 14:38 - 2018-04-06 14:45 - 000000000 ____D C:\backups
2018-04-06 12:33 - 2018-04-06 12:35 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-06 12:33 - 2018-04-06 12:33 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-06 12:33 - 2018-04-06 12:33 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-04-06 12:33 - 2018-04-06 12:33 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-06 12:33 - 2018-04-06 12:33 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-06 02:25 - 2018-04-30 02:25 - 000000464 _____ C:\Windows\Tasks\Quick Heal AntiMalware Scan.job
2018-04-06 02:25 - 2018-04-30 02:25 - 000000440 _____ C:\Windows\Tasks\Resume Quickup Download.job
2018-04-06 02:25 - 2018-04-06 02:25 - 000003532 _____ C:\Windows\System32\Tasks\Quick Heal AntiMalware Scan
2018-04-06 02:25 - 2018-04-06 02:25 - 000003468 _____ C:\Windows\System32\Tasks\Resume Quickup Download
2018-04-06 02:25 - 2018-04-06 02:25 - 000001229 _____ C:\Users\Public\Desktop\Quick Heal Safe Banking.lnk
2018-04-06 02:25 - 2018-04-06 02:25 - 000001222 _____ C:\Users\Public\Desktop\Quick Heal Secure Browse.lnk
2018-04-06 02:25 - 2017-11-14 14:51 - 000036984 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\bdsnm.sys
2018-04-06 02:25 - 2017-11-09 15:13 - 000336160 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\bdsflt.sys
2018-04-06 02:25 - 2017-09-21 17:09 - 000482456 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\ScDetour.Dll
2018-04-06 02:25 - 2017-09-21 17:09 - 000405104 _____ (Quick Heal Technologies Ltd.) C:\Windows\SysWOW64\ScDetour.Dll
2018-04-06 02:25 - 2017-08-10 14:30 - 000080256 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\webssx.sys
2018-04-06 02:25 - 2017-05-23 06:54 - 000090096 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\llio.sys
2018-04-06 02:25 - 2017-04-28 02:45 - 000077256 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\wsfilter.sys
2018-04-06 02:25 - 2017-04-27 02:22 - 000062344 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\mscank.sys
2018-04-06 02:25 - 2017-04-21 12:51 - 000030280 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\EMLTDI.SYS
2018-04-06 02:25 - 2017-03-14 18:41 - 000132720 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\bdsaei64.dll
2018-04-06 02:25 - 2017-03-14 18:41 - 000113264 _____ (Quick Heal Technologies Ltd.) C:\Windows\SysWOW64\bdsaei32.dll
2018-04-06 02:25 - 2016-07-23 16:29 - 000310400 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\ScSandboxApi.dll
2018-04-06 02:25 - 2016-07-23 16:29 - 000255616 _____ (Quick Heal Technologies Ltd.) C:\Windows\SysWOW64\ScSandboxApi.dll
2018-04-06 02:25 - 2016-07-23 16:29 - 000224384 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\ScSecAuth.Dll
2018-04-06 02:25 - 2016-04-12 13:39 - 000059312 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\wsnf.sys
2018-04-06 02:25 - 2016-01-21 20:57 - 000131712 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\atklshld64.dll
2018-04-06 02:25 - 2016-01-21 20:57 - 000115840 _____ (Quick Heal Technologies Ltd.) C:\Windows\SysWOW64\atklshld32.dll
2018-04-06 02:24 - 2018-04-06 02:25 - 000000000 ____D C:\Program Files\Common Files\Quick Heal
2018-04-06 02:24 - 2018-04-06 02:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Heal Total Security
2018-04-06 02:24 - 2018-04-06 02:24 - 000000000 ____D C:\Program Files\Quick Heal
2018-04-06 02:23 - 2018-04-06 02:24 - 000000000 ____D C:\Windows\system32\gprodat
2018-04-06 02:23 - 2017-08-28 13:25 - 000095784 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\ggc.sys
2018-04-06 01:25 - 2018-04-06 02:22 - 408400096 _____ (Quick Heal Technologies Ltd.) C:\Users\Mega\Downloads\QHTSFT64.EXE
2018-04-06 01:24 - 2018-04-06 01:24 - 000536984 _____ (Quick Heal Technologies Ltd.) C:\Users\Mega\Downloads\QHTSFT.EXE
2018-04-05 23:44 - 2018-04-05 23:46 - 008222496 _____ (Malwarebytes) C:\Users\Mega\Downloads\adwcleaner_7.0.8.0.exe
2018-04-05 20:14 - 2018-04-05 20:32 - 000000000 ____D C:\ProgramData\HitmanPro
2018-04-05 20:13 - 2018-04-05 20:13 - 011605440 _____ (SurfRight B.V.) C:\Users\Mega\Downloads\hitmanpro_x64 (1).exe
2018-04-05 16:27 - 2018-04-06 01:28 - 000024227 _____ C:\Users\Mega\Downloads\Vantage-Invoice-April-2018.xlsx
2018-04-04 18:32 - 2018-04-04 18:32 - 000000433 _____ C:\Users\Mega\Downloads\index.php
2018-04-04 14:34 - 2018-04-04 14:34 - 000000090 _____ C:\Users\Mega\Downloads\rootkey.csv
2018-04-03 00:54 - 2018-04-03 00:54 - 000001692 _____ C:\Users\Mega\Downloads\excvantage.pem
2018-04-02 20:54 - 2018-04-03 01:31 - 000001464 _____ C:\Users\Mega\Desktop\vantage-pvt-key.ppk
2018-04-02 20:49 - 2018-04-02 20:50 - 009649448 _____ (Martin Prikryl ) C:\Users\Mega\Downloads\WinSCP-5.13.1-Setup.exe
2018-04-02 20:33 - 2018-04-02 20:33 - 000001696 _____ C:\Users\Mega\Downloads\VNTG-PP-01-Key.pem
2018-04-02 20:13 - 2018-04-02 20:13 - 000035641 _____ C:\Users\Mega\Downloads\INV-000507.pdf
2018-03-31 19:48 - 2018-03-31 19:54 - 000009727 _____ C:\Users\Mega\Desktop\investicon-sponsor-plans.xlsx
2018-03-31 16:25 - 2018-03-31 17:37 - 000972107 _____ C:\Users\Mega\Desktop\investicon-proposal.pdf
2018-03-31 14:10 - 2018-03-31 14:10 - 000466346 _____ C:\Users\Mega\Downloads\pdf_prospectus.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-30 11:54 - 2018-01-11 09:54 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3620 Series Update {6685A278-BA99-47EE-998C-7954C3548A86}.job
2018-04-30 11:54 - 2018-01-11 09:54 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3620 Series Invitation {6685A278-BA99-47EE-998C-7954C3548A86}.job
2018-04-30 11:54 - 2009-07-14 11:02 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-04-30 11:49 - 2016-02-23 12:32 - 000000000 ____D C:\Users\Mega\Documents\Outlook Files
2018-04-30 11:32 - 2017-11-09 08:32 - 000000911 _____ C:\Windows\Tasks\EPSON WF-3620 Series Update {06FE3124-C802-46B9-A4C3-6853C2FD9CBC}.job
2018-04-30 11:32 - 2017-11-09 08:32 - 000000725 _____ C:\Windows\Tasks\EPSON WF-3620 Series Invitation {06FE3124-C802-46B9-A4C3-6853C2FD9CBC}.job
2018-04-30 11:18 - 2016-02-10 21:15 - 000000600 _____ C:\Users\Mega\AppData\Local\PUTTY.RND
2018-04-30 11:18 - 2009-07-14 10:15 - 000009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-30 11:18 - 2009-07-14 10:15 - 000009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-30 02:00 - 2018-03-28 11:41 - 000000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 718583fd-036a-4758-a7fd-ad1d266283df.job
2018-04-29 23:25 - 2016-02-07 12:56 - 000000000 ____D C:\Users\Mega\AppData\Roaming\SQLyog
2018-04-29 20:45 - 2018-03-28 11:41 - 000000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 50226b26-8488-4785-b401-a1583994bb78.job
2018-04-29 20:04 - 2016-02-10 17:11 - 000000000 ____D C:\Users\Mega\AppData\Roaming\FileZilla
2018-04-29 17:02 - 2016-02-06 20:36 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-04-28 17:32 - 2017-01-13 18:35 - 000000000 ____D C:\Users\Mega\AppData\LocalLow\Mozilla
2018-04-28 16:44 - 2016-02-06 20:03 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2018-04-28 12:13 - 2016-11-25 16:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-28 12:13 - 2016-02-09 14:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-27 16:07 - 2018-02-21 03:33 - 000000000 ____D C:\Users\Mega\Desktop\woocommerce-dynamic-pricing
2018-04-27 13:06 - 2009-07-14 10:43 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-27 13:06 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\inf
2018-04-27 13:03 - 2017-03-09 12:13 - 000000000 ____D C:\Users\Mega\AppData\Local\TortoiseGit
2018-04-27 12:59 - 2016-05-31 12:25 - 000000093 _____ C:\HaxLogs.txt
2018-04-27 12:58 - 2016-02-06 14:04 - 000000000 ____D C:\Users\Mega
2018-04-27 12:58 - 2009-07-14 10:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-27 11:37 - 2016-02-06 20:40 - 000000000 ____D C:\Users\Mega\AppData\Roaming\Skype
2018-04-25 12:35 - 2017-02-10 08:35 - 000000000 ____D C:\Users\Mega\AppData\Local\TSVNCache
2018-04-19 00:18 - 2018-02-12 09:09 - 000000000 ____D C:\Users\Mega\Downloads\MISC
2018-04-19 00:17 - 2018-03-06 13:25 - 000000000 ____D C:\Users\Mega\Downloads\Dropship products
2018-04-17 17:24 - 2018-03-29 23:54 - 000000000 ____D C:\Users\Mega\Desktop\planeplastics
2018-04-17 17:04 - 2016-02-12 14:54 - 000001456 _____ C:\Users\Mega\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-04-10 21:56 - 2016-02-07 13:03 - 000002032 ____H C:\Users\Mega\Documents\Default.rdp
2018-04-10 00:13 - 2018-03-06 12:32 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-04-09 14:35 - 2017-02-24 16:18 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-04-06 18:15 - 2016-07-09 00:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2018-04-06 18:15 - 2016-02-06 20:37 - 000000000 ____D C:\Users\Mega\AppData\Roaming\uTorrent
2018-04-06 14:44 - 2018-01-25 13:48 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-04-06 12:33 - 2018-03-30 17:18 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-05 02:17 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\rescache
2018-04-04 19:13 - 2018-03-27 05:44 - 000000233 _____ C:\Users\Mega\Desktop\vpn-details.txt
2018-04-02 20:51 - 2017-02-13 15:31 - 000000600 _____ C:\Users\Mega\AppData\Roaming\winscp.rnd
2018-04-02 20:50 - 2017-02-13 15:31 - 000001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2018-04-02 20:50 - 2017-02-13 15:31 - 000000000 ____D C:\Program Files (x86)\WinSCP
2018-03-31 11:53 - 2018-03-13 15:45 - 003165310 _____ C:\Users\Mega\Desktop\Investicon-Small – Mid Cap Growth Conference.pdf
 
==================== Files in the root of some directories =======
 
2017-02-11 15:10 - 2017-02-11 15:10 - 000000000 _____ () C:\Users\Mega\.mongorc.js
2016-04-14 11:57 - 2016-06-26 18:16 - 000002713 _____ () C:\Users\Mega\AppData\Roaming\ad.trace
2016-07-11 15:40 - 2017-08-23 19:53 - 000000132 _____ () C:\Users\Mega\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-08-26 20:48 - 2017-05-25 20:13 - 000000102 _____ () C:\Users\Mega\AppData\Roaming\Camdata.ini
2016-08-26 20:48 - 2017-05-25 20:13 - 000000408 _____ () C:\Users\Mega\AppData\Roaming\CamLayout.ini
2016-08-26 20:48 - 2017-05-25 20:13 - 000000408 _____ () C:\Users\Mega\AppData\Roaming\CamShapes.ini
2017-03-28 12:09 - 2017-05-25 20:13 - 000004520 _____ () C:\Users\Mega\AppData\Roaming\CamStudio.cfg
2016-08-04 16:34 - 2018-03-19 12:24 - 000000600 _____ () C:\Users\Mega\AppData\Roaming\PUTTY.RND
2017-02-13 15:31 - 2018-04-02 20:51 - 000000600 _____ () C:\Users\Mega\AppData\Roaming\winscp.rnd
2016-09-30 18:14 - 2016-09-30 18:16 - 305520897 _____ () C:\Users\Mega\AppData\Local\ACCCx3_8_0_310.zip.aamdownload
2016-09-30 18:14 - 2016-09-30 18:16 - 000003413 _____ () C:\Users\Mega\AppData\Local\ACCCx3_8_0_310.zip.aamdownload.aamd
2016-02-12 14:54 - 2018-04-17 17:04 - 000001456 _____ () C:\Users\Mega\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-02-10 21:15 - 2018-04-30 11:18 - 000000600 _____ () C:\Users\Mega\AppData\Local\PUTTY.RND
2016-07-14 20:19 - 2018-02-27 14:16 - 000007620 _____ () C:\Users\Mega\AppData\Local\resmon.resmoncfg
2017-03-11 19:57 - 2017-03-11 19:59 - 000022899 _____ () C:\Users\Mega\AppData\Local\WiDiSetupLog.20170311.195741.txt
 
Some files in TEMP:
====================
2018-03-04 10:04 - 2009-12-04 04:25 - 000366136 ____R (HP) C:\Users\Mega\AppData\Local\Temp\siinst.exe
2018-04-26 14:34 - 2018-04-26 14:35 - 058834376 _____ (Skype Technologies S.A.) C:\Users\Mega\AppData\Local\Temp\SkypeSetup.exe
2018-03-04 10:04 - 2009-12-04 04:53 - 000270336 ____R (HP) C:\Users\Mega\AppData\Local\Temp\strings.dll
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\ssh-keygen.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-04-05 02:05
 
==================== End of FRST.txt ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 AM

Posted 30 April 2018 - 09:12 AM

Hi,

I need to see the Addition.txt log that was created by the Farbr Program

Please post it for my review.

#5 ankore

ankore
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 30 April 2018 - 02:16 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by Mega (30-04-2018 12:04:00)
Running from C:\Users\Mega\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-02-06 21:38:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2438715495-945724295-1299464113-500 - Administrator - Disabled)
Guest (S-1-5-21-2438715495-945724295-1299464113-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2438715495-945724295-1299464113-1002 - Limited - Enabled)
Mega (S-1-5-21-2438715495-945724295-1299464113-1000 - Administrator - Enabled) => C:\Users\Mega
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Quick Heal Total Security (Enabled - Out of date) {0F4D060D-5F75-6E6C-0E6D-3DE7271FA74E}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Quick Heal Total Security (Enabled - Up to date) {B42CE7E9-794F-61E2-34DD-06955C98EDF3}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Quick Heal Firewall (Enabled) {37768728-151A-6F34-2532-94D2D9CCE035}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2438715495-945724295-1299464113-1000\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.20 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{FBB02B04-C034-4382-A3F6-57416E2752C4}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.58 - Hulubulu Software)
amazeowl-desktop (HKU\S-1-5-21-2438715495-945724295-1299464113-1000\...\amazeowl) (Version: 2.34.6 - AmazeOwl © 2017)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CamStudio 2.7 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
Camtasia Studio 8 (HKLM-x32\...\{474DFABF-E55B-4905-ABAA-40791A6AC77F}) (Version: 8.4.4.1859 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
ClamAV-x64 (HKLM\...\{535697A7-69D2-49B4-94DD-FB8B73FA7236}) (Version: 0.99.2 - Cisco Systems, Inc.)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version:  3.1 - Acro Software Inc.)
Dell Custom Help (HKLM\...\{BE1CF6CA-3182-45D8-9535-A18055B73607}) (Version: 16.01.1000.0235 - Intel Corporation) Hidden
EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version:  - SEIKO EPSON Corporation)
FBP - Facebook Blaster Pro (HKLM-x32\...\{13F864A8-B7AF-4D36-8F23-08C58C7E685B}) (Version: 9.0.4 - Digital Media Group)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
FontForge version 31-07-2017 (HKLM-x32\...\{56748B9C-19AE-4689-B8C5-5A45AE0A993A}_is1) (Version: 31-07-2017 - FontForgeBuilds)
Git version 2.12.0 (HKLM\...\Git_is1) (Version: 2.12.0 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gramblr (HKLM\...\Gramblr) (Version: 2.9.27 - Gramblr Team)
GramDominator 2.0 setup (HKLM-x32\...\{4E55D202-E5F7-4BD1-9076-C3719D1269E0}) (Version: 2.0.2 - GramDominator 2.0)
Hot Item Finder (HKLM-x32\...\Hot Item Finder2.1.2.0) (Version: 2.1.2.0 - InnAnTech Industries Inc.)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 20.2 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4280 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{30F3FF94-225B-4319-A13C-E307FFDA3CFB}) (Version: 6.0.1 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b6b417a3-1f40-4618-aadd-49628bda7836}) (Version: 16.1.1 - Intel Corporation)
iSpy (64 bit) (HKLM\...\{E87CDB31-F46C-40D3-8527-F0637B0648D4}) (Version: 6.7.5.0 - DeveloperInABox)
iSpy package installer (64 bit) (HKLM-x32\...\{0651b528-a551-481e-aacc-89bfe7e38061}) (Version: 6.7.5.0 - DeveloperInABox)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 112 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java SE Development Kit 8 Update 112 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180112}) (Version: 8.0.1120.15 - Oracle Corporation)
JiBit Macro Recorder (HKLM-x32\...\JiBit Macro Recorder) (Version:  - )
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech Flow Scroll 4.0 (HKLM\...\Sn1) (Version: 4.00.33 - Logitech)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Mercurial 3.1.1 (x86) (HKLM-x32\...\{35CC28D1-EB96-4DA0-9082-1230D4BDF1B0}) (Version: 3.1.1 - Matt Mackall and others)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mongobooster (HKU\S-1-5-21-2438715495-945724295-1299464113-1000\...\mongobooster) (Version: 3.5.6 - mongobooster.com)
MongoDB 3.4.2 2008R2Plus SSL (64 bit) (HKLM\...\{C34E6411-747C-4205-A7F7-C721C3DF2DF3}) (Version: 3.4.2 - MongoDB)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\{C834E5DF-AB21-4142-8234-0C4FA77F3A04}) (Version: 3.0.08.38 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{C834E5DF-AB21-4142-8234-0C4FA77F3A04}) (Version: 3.0.08.38 - O2Micro International LTD.)
Office Tab EnterPrise (HKLM\...\{DE469D65-1DEB-4058-BF95-C642D733668D}_is1) (Version: 9.81 - Detong Technology Ltd.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Power Indiabulls (HKLM-x32\...\{FACCF191-EA48-462E-95EB-09D4F47A9F4B}) (Version: 5.1 - Indiabulls Ventures Ltd)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.8 - Power Software Ltd)
Quick Heal Total Security (HKLM\...\{75DEED91-7B14-49DC-A5F3-B60E633AC4A5}) (Version: 17.00 - Quick Heal) Hidden
Quick Heal Total Security (HKLM\...\Quick Heal Total Security) (Version: 17.00 - Quick Heal Technologies Ltd.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Remote Desktop Manager Free (HKLM-x32\...\{09024B15-858B-4B71-B9FF-32F931A0E4AE}) (Version: 1.6.1.0 - Devolutions inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 1.0.1 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype for Business Web App Plug-in (HKLM-x32\...\{37C8167B-B653-4955-A6E8-EBB8DE937DDD}) (Version: 15.8.20020.400 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
SQLyog 11.11 (32 bit) (HKLM-x32\...\SQLyog) (Version: 11.11 (32 bit) - Webyog Inc.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0055 - ST Microelectronics)
Subversion (HKLM-x32\...\{5A8BA143-C9F1-4ED5-A3ED-6C19974A099B}) (Version: 1.8.17 - CollabNet)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1258 - SUPERAntiSpyware.com)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
TortoiseGit 2.4.0.2 (64 bit) (HKLM\...\{48F51D96-6216-47E6-A8E8-1A4EF27AFDCC}) (Version: 2.4.0.2 - TortoiseGit)
TortoiseSVN 1.9.5.27581 (64 bit) (HKLM\...\{1655E9E4-04C9-414E-8581-6D1162DFB802}) (Version: 1.9.27581 - TortoiseSVN)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0419-1000-0000000FF1CE}_Office15.PROPLUS_{E248798E-B471-4172-93CF-F1A7A356C7D8}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0419-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WatchGuard Mobile VPN with SSL client 11.9.3 (HKLM-x32\...\Mobile VPN with SSL client_is1) (Version:  - WatchGuard)
WinDFT (HKLM-x32\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (11/28/2013 2.0.0018.00000) (HKLM\...\724A5661585DAD3C707B84BACF43F64B5E070CE5) (Version: 11/28/2013 2.0.0018.00000 - Google, Inc.)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (06/10/2014 2.11.10.0) (HKLM\...\7C7D77F30DA293C8D56A9D5FB8C3E70F4E17DA7F) (Version: 06/10/2014 2.11.10.0 - SAMSUNG Electronics Co., Ltd. )
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.1.5976 - WinISO Computing Inc.)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinSCP 5.13.1 (HKLM-x32\...\winscp3_is1) (Version: 5.13.1 - Martin Prikryl)
WT-NMP (HKLM-x32\...\{8292A1D3-090C-4535-ABFB-35CB69C95B5D}_is1) (Version: 15.09 - WTriple)
X2Go Client for Windows (HKLM-x32\...\x2goclient) (Version: 4.0.2.1+hotfix1+build4 - X2Go Project)
Засоби перевірки правопису Microsoft Office 2013 – українська мова (HKLM\...\{90150000-001F-0422-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2013 — русский (HKLM\...\{90150000-001F-0419-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2438715495-945724295-1299464113-1000_Classes\CLSID\{7ECF6F97-B4F3-4168-9835-F59C06D7875F}\InprocServer32 -> C:\Users\Mega\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\GatewayActiveX-x64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2438715495-945724295-1299464113-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-26] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-26] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-16] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-26] (AVAST Software)
ContextMenuHandlers1: [DeleteSecurely] -> {13C39C87-76A0-4CD6-A2E8-2984C6B84160} => C:\Program Files\Quick Heal\Quick Heal Total Security\PCTuner\sdshell.dll [2016-07-23] (Quick Heal Technologies Ltd.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers1: [RCScan] -> {362A3A82-5EF4-422F-817F-A17EBA53E67C} => C:\Program Files\Quick Heal\Quick Heal Total Security\RCSCAN.DLL [2016-07-23] (Quick Heal Technologies Ltd.)
ContextMenuHandlers1: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2017-01-31] (hxxps://tortoisegit.org/)
ContextMenuHandlers1: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net)
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2017-01-31] (hxxps://tortoisegit.org/)
ContextMenuHandlers2: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-26] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [DeleteSecurely] -> {13C39C87-76A0-4CD6-A2E8-2984C6B84160} => C:\Program Files\Quick Heal\Quick Heal Total Security\PCTuner\sdshell.dll [2016-07-23] (Quick Heal Technologies Ltd.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers4: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2017-01-31] (hxxps://tortoisegit.org/)
ContextMenuHandlers4: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net)
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-09-23] (Intel Corporation)
ContextMenuHandlers5: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2017-01-31] (hxxps://tortoisegit.org/)
ContextMenuHandlers5: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-26] (AVAST Software)
ContextMenuHandlers6: [DeleteSecurely] -> {13C39C87-76A0-4CD6-A2E8-2984C6B84160} => C:\Program Files\Quick Heal\Quick Heal Total Security\PCTuner\sdshell.dll [2016-07-23] (Quick Heal Technologies Ltd.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers6: [RCScan] -> {362A3A82-5EF4-422F-817F-A17EBA53E67C} => C:\Program Files\Quick Heal\Quick Heal Total Security\RCSCAN.DLL [2016-07-23] (Quick Heal Technologies Ltd.)
ContextMenuHandlers6: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2017-01-31] (hxxps://tortoisegit.org/)
ContextMenuHandlers6: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {033D399E-B1F2-40F7-8490-B1D65233FAA4} - System32\Tasks\{7A259BC9-340E-48D9-869F-FDFE2480C04D} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.28.0.101/en/abandoninstall?page=tsProgressBar
Task: {0D7E5C85-85C3-447A-B284-5E1091120952} - System32\Tasks\Abelssoft\StartBackgroundguardWithWindows => C:\Program Files (x86)\CheckDrive\CheckDrive.exe
Task: {21627792-8DB2-4156-B467-CB2602C959DF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {248DC7F6-4A14-493C-BF51-3C61E22FB5A3} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2018-02-02] (AVAST Software)
Task: {25E84998-287A-4804-805A-F3981D06D4F1} - System32\Tasks\{E1174059-A954-401E-B5C9-81A4ED1D9D52} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.23.0.105/en/abandoninstall?page=tsProgressBar
Task: {30735359-B07C-434C-9FAC-CE4FA1B4A807} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {33744054-289E-4FD2-87BD-CBAA7DA40604} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {33FEE22B-CD2C-4E6D-A7B8-B0531B690FF2} - System32\Tasks\KMSAuto => C:\Windows\KMSAuto.exe
Task: {345BFB2C-0577-4D09-A982-E5E184A8AD4F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-08-26] (AVAST Software)
Task: {3F08BC25-3499-4B90-B0F4-2A3F315A904D} - System32\Tasks\{E18B202F-BBB2-4E04-9DEC-25200D1A0A75} => C:\Windows\system32\pcalua.exe -a C:\Users\Mega\Downloads\MTK_65xx_Usb_Driver\InstallDriver.exe -d C:\Users\Mega\Downloads\MTK_65xx_Usb_Driver
Task: {498A0289-F1D2-4FA5-BAC3-D388549D5BC3} - System32\Tasks\EPSON WF-3620 Series Invitation {06FE3124-C802-46B9-A4C3-6853C2FD9CBC} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {5CF1E338-5C3B-4A18-916A-622F11C55B1A} - System32\Tasks\Quick Heal AntiMalware Scan => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE [2017-06-15] (Quick Heal Technologies Ltd.)
Task: {739C5D87-850A-4D7D-AFFB-F406208ADDD4} - System32\Tasks\SUPERAntiSpyware Scheduled Task 718583fd-036a-4758-a7fd-ad1d266283df => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {794C04BE-A23E-4A44-8799-37FC4523D3AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7D5525C9-D185-4811-B300-3A8570D89B33} - System32\Tasks\Resume Quickup Download => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [2017-07-25] (Quick Heal Technologies Ltd.)
Task: {8C1F31B4-CD45-4694-BAC4-AED188FBB9E9} - System32\Tasks\SUPERAntiSpyware Scheduled Task 50226b26-8488-4785-b401-a1583994bb78 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {97DF33D4-8EED-41F8-9AB8-684ADDB443CF} - System32\Tasks\{921C0F26-0CFC-4770-8A8B-1CDEDA602E59} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.10.0.101&LastError=404
Task: {A0C982E4-D63B-49E9-AF54-C48BAA52B8BD} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-12-05] (@ByELDI)
Task: {AD95A86A-4CBB-4F80-8A1A-D6C0CA414676} - System32\Tasks\{29BDDE99-29E9-4EDD-BB26-39DEF472D514} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.23.0.105/en/abandoninstall?page=tsProgressBar
Task: {B6B77A96-CCE3-49EC-8A35-07633BC0B3BB} - System32\Tasks\{EDCDDB85-0A36-46D1-8703-004BA6688D0C} => C:\Windows\system32\pcalua.exe -a "C:\Users\Mega\Downloads\Adobe Acrobat 9 Professional + patch 9.2.0.0.20\Setup.exe" -d "C:\Users\Mega\Downloads\Adobe Acrobat 9 Professional + patch 9.2.0.0.20"
Task: {B6E692AC-BB72-43A9-97B6-38D5EDA89A9F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C5FA9E2E-982C-4A70-BBFF-7DA6CF9E91ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-06] (Google Inc.)
Task: {C62F2E23-5BBC-45B3-A490-F1D2671092B6} - System32\Tasks\EPSON WF-3620 Series Invitation {6685A278-BA99-47EE-998C-7954C3548A86} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {CA6B5CE7-D241-4B82-A9CF-4FFC215F2F5C} - System32\Tasks\{086CD267-56DD-4824-BFDD-7CB20A0E808E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\FolderSize\FolderSize.cpl" -c Folder Size
Task: {CC3691FA-7B67-4707-BFC8-88BA0D33BB43} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-27] (Piriform Ltd)
Task: {CDE97E3E-08E6-4E17-B334-2FA56BA896DE} - System32\Tasks\AdobeGCInvoker-1.0-MegaLaptop-Mega => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {D8FF714C-D764-4873-A79B-367446FD8F0D} - System32\Tasks\EPSON WF-3620 Series Update {06FE3124-C802-46B9-A4C3-6853C2FD9CBC} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {DDD76DE5-8453-48DD-BCF2-A317A4F63052} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-04-14] (AVAST Software)
Task: {DF380D6D-678B-4A0A-8354-958C97B53062} - System32\Tasks\EPSON WF-3620 Series Update {6685A278-BA99-47EE-998C-7954C3548A86} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {E3291857-5598-4F1B-9384-EBBDCF51C82E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-06] (Google Inc.)
Task: {E5A11E99-C62D-4DB4-9D11-2DD540C2B495} - System32\Tasks\challengeChecker => D:\WT-NMP\bin\PHP\php-5.6.13\php.exe [2015-09-17] (The PHP Group)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\EPSON WF-3620 Series Invitation {06FE3124-C802-46B9-A4C3-6853C2FD9CBC}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\Windows\Tasks\EPSON WF-3620 Series Invitation {6685A278-BA99-47EE-998C-7954C3548A86}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\Windows\Tasks\EPSON WF-3620 Series Update {06FE3124-C802-46B9-A4C3-6853C2FD9CBC}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{06FE3124-C802-46B9-A4C3-6853C2FD9CBC} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-3620 Series Update {6685A278-BA99-47EE-998C-7954C3548A86}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{6685A278-BA99-47EE-998C-7954C3548A86} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\Quick Heal AntiMalware Scan.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE
Task: C:\Windows\Tasks\Resume Quickup Download.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 50226b26-8488-4785-b401-a1583994bb78.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 718583fd-036a-4758-a7fd-ad1d266283df.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Mega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\AllCast Receiver.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hjbljnpdahefgnopeohlaeohgkiidnoe
ShortcutWithArgument: C:\Users\Mega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Mega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
ShortcutWithArgument: C:\Users\Mega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e07b2b0cd45777dd\Web Scraper.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jnhgnonknehpejjnehehllkliplmbmhn
ShortcutWithArgument: C:\Users\Mega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\baaeb189b57b5934\Advanced REST client.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hgmloofddffdnphfgcellkdfbfbjeloo
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-05-19 00:15 - 2016-01-22 16:57 - 000089008 _____ () C:\Windows\System32\cpwmon64.dll
2016-03-26 14:52 - 2013-04-01 18:21 - 000178688 _____ () C:\Windows\System32\HP1005LM.DLL
2016-02-15 18:08 - 2012-09-29 13:25 - 000409088 _____ () C:\Windows\System32\HPM1210LM.DLL
2015-06-11 09:48 - 2015-06-11 09:48 - 000022528 _____ () C:\Windows\System32\sst9clm.dll
2016-03-26 14:52 - 2013-04-01 18:21 - 000065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1005PP.dll
2016-02-15 18:08 - 2012-09-29 13:25 - 000074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2018-01-05 00:13 - 2018-01-05 00:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-05 00:14 - 2018-01-05 00:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-02-06 15:11 - 2012-03-09 21:57 - 000008192 _____ () C:\Windows\SysWOW64\srvany.exe
2018-03-27 04:20 - 2014-08-31 21:59 - 000102912 _____ () C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
2017-08-26 12:17 - 2017-08-26 12:17 - 000162032 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-08-26 12:17 - 2017-08-26 12:17 - 000831664 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-08-26 12:17 - 2017-08-26 12:17 - 000276808 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2016-11-26 14:48 - 2016-11-26 14:48 - 000095184 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2017-01-31 22:26 - 2017-01-31 22:26 - 000994416 _____ () C:\Program Files\TortoiseGit\bin\libgit2_tgit.dll
2017-01-31 22:26 - 2017-01-31 22:26 - 000092776 _____ () C:\Program Files\TortoiseGit\bin\zlib1_tgit.dll
2015-10-16 15:32 - 2015-10-16 15:32 - 000043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-04-16 01:43 - 2015-04-16 01:43 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-01-22 03:15 - 2018-01-22 03:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-01-22 03:15 - 2018-01-22 03:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-03-23 01:32 - 2018-03-20 11:30 - 002683224 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libglesv2.dll
2018-03-23 01:32 - 2018-03-20 11:30 - 000127832 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libegl.dll
2016-02-06 15:42 - 2015-02-02 13:44 - 013349376 _____ () C:\Program Files (x86)\Detong\Office Tab\TabsforOffice2013x64.dll
2016-02-06 15:42 - 2014-10-15 14:52 - 003680544 _____ () C:\Program Files (x86)\Detong\Office Tab\TabsforOfficeHelper64.dll
2014-01-23 08:05 - 2014-01-23 08:05 - 001424552 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2017-08-26 12:17 - 2017-08-26 12:17 - 000170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-08-26 12:17 - 2017-08-26 12:17 - 000192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-08-26 12:17 - 2017-08-26 12:17 - 000224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-04-27 04:50 - 2018-04-27 04:50 - 005838992 _____ () C:\Program Files\AVAST Software\Avast\defs\18042604\algo.dll
2017-08-26 12:17 - 2017-08-26 12:17 - 000689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-08-26 12:17 - 2017-08-26 12:17 - 000231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-28 01:14 - 2018-04-28 01:14 - 005838992 _____ () C:\Program Files\AVAST Software\Avast\defs\18042704\algo.dll
2018-04-30 01:34 - 2018-04-30 01:34 - 005842576 _____ () C:\Program Files\AVAST Software\Avast\defs\18042904\algo.dll
2016-02-06 20:06 - 2009-12-23 17:32 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2017-08-26 12:18 - 2017-08-26 12:18 - 001065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-08-26 12:18 - 2017-08-26 12:18 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-08-26 12:17 - 2017-08-26 12:17 - 000292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2015-06-09 00:36 - 2015-06-09 00:36 - 000014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2015-05-15 19:54 - 2015-05-15 19:54 - 002873856 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2016-04-21 02:10 - 2016-04-21 02:10 - 001940480 _____ () C:\Program Files (x86)\Notepad++\plugins\XMLTools.dll
2016-04-21 02:10 - 2016-04-21 02:10 - 000103424 _____ () C:\Program Files (x86)\Notepad++\zlib1.dll
2016-04-21 02:10 - 2016-04-21 02:10 - 004535910 _____ () C:\Program Files (x86)\Notepad++\libxml2-2.dll
2016-04-21 02:10 - 2016-04-21 02:10 - 000941389 _____ () C:\Program Files (x86)\Notepad++\libxslt-1.dll
2017-01-31 22:23 - 2017-01-31 22:23 - 000742000 _____ () C:\Program Files\TortoiseGit\bin\libgit232_tgit.dll
2017-01-31 22:23 - 2017-01-31 22:23 - 000081008 _____ () C:\Program Files\TortoiseGit\bin\zlib132_tgit.dll
2015-05-13 18:31 - 2015-05-13 18:31 - 008898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Mega\Desktop\Door-seal.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\3_EventSponsorship.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\4. New City Accessory Brochure_Copy.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\AC16_Benefits of Sponsorship_july28.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\Book2.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\INV-000507.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\pdf_prospectus.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\Questions to ask for an app-Modified.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\Vantage-Invoice-April-2018.xlsx:SandBoxSafeFile [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2018-04-30 11:18 - 000000809 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       www.party.com
127.0.0.1       www.contest.com
127.0.0.1       www.contest.com.au
127.0.0.1       www.service.com
127.0.0.1       www.mega.com
127.0.0.1       www.poker.com
127.0.0.1       www.pokerplay.com
127.0.0.1       www.knowme.com
127.0.0.1       www.subzono.com
127.0.0.1    activation.cloud.techsmith.com
127.0.0.1    oscount.techsmith.com
127.0.0.1    updater.techsmith.com
127.0.0.1    camtasiatudi.techsmith.com
127.0.0.1    tsccloud.cloudapp.net
127.0.0.1    assets.cloud.techsmith.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
0.0.0.0 superantispyware.com
0.0.0.0 license.superantispyware.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2438715495-945724295-1299464113-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPSIService => 2
MSCONFIG\Services: PlantronicsUpdateService => 2
MSCONFIG\Services: Service KMSELDI => 2
MSCONFIG\Services: WsAppService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AnyDesk.lnk => C:\Windows\pss\AnyDesk.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PLTHub.exe => C:\Program Files (x86)\Plantronics\Spokes3G\PLTHub.exe -min
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: Syncios device service => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C9942E90-CB8B-45F9-9327-58EC21881BE5}] => (Allow) LPort=1688
FirewallRules: [{E584D840-0CA7-4CFD-B2DE-9A1F6051BF69}] => (Allow) LPort=8317
FirewallRules: [{86735484-5F54-473C-A5A3-A2F286A1FCC6}] => (Allow) C:\Users\Mega\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EB2329B0-5133-40F5-9893-4AF96B302AD9}] => (Allow) C:\Users\Mega\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6541C374-F3A7-49C7-906A-599A910A787D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{49E4FA6E-C055-42D0-8CA7-2CF6A3F9F4E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5D271EE5-E3D0-4202-8117-B298AFEA2B25}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{793AF52D-DB34-4DDC-8122-F26A1031C762}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{617D8420-99D4-46A3-9708-8C33CD61A754}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [TCP Query User{57839FDB-17B0-4694-965E-0E220B0C9A31}C:\program files (x86)\x2goclient\sshd.exe] => (Allow) C:\program files (x86)\x2goclient\sshd.exe
FirewallRules: [UDP Query User{C1FFBE08-8DEF-473F-B907-ACDC5C4F4DD8}C:\program files (x86)\x2goclient\sshd.exe] => (Allow) C:\program files (x86)\x2goclient\sshd.exe
FirewallRules: [TCP Query User{DC8F87DD-6B8E-4149-A1A5-6BAA7B22FE9E}C:\program files (x86)\x2goclient\pulse\pulseaudio.exe] => (Allow) C:\program files (x86)\x2goclient\pulse\pulseaudio.exe
FirewallRules: [UDP Query User{3FBC54AA-9A8D-45DC-8676-3E781A3512FF}C:\program files (x86)\x2goclient\pulse\pulseaudio.exe] => (Allow) C:\program files (x86)\x2goclient\pulse\pulseaudio.exe
FirewallRules: [TCP Query User{9B16E521-8356-445B-B1E9-9A44D03F0A9A}C:\program files (x86)\x2goclient\vcxsrv\vcxsrv.exe] => (Allow) C:\program files (x86)\x2goclient\vcxsrv\vcxsrv.exe
FirewallRules: [UDP Query User{F2F495F9-6A7B-4382-816D-0C93D0B5CFD3}C:\program files (x86)\x2goclient\vcxsrv\vcxsrv.exe] => (Allow) C:\program files (x86)\x2goclient\vcxsrv\vcxsrv.exe
FirewallRules: [TCP Query User{D2F67BB5-431A-499F-BDBE-44C5D1E51D65}C:\program files (x86)\x2goclient\x2goclient.exe] => (Allow) C:\program files (x86)\x2goclient\x2goclient.exe
FirewallRules: [UDP Query User{3155EF98-5412-4B98-A541-D0C8CF47608D}C:\program files (x86)\x2goclient\x2goclient.exe] => (Allow) C:\program files (x86)\x2goclient\x2goclient.exe
FirewallRules: [TCP Query User{BBA7B75C-157B-47C0-B4D8-B1EE0C8D2E79}C:\program files (x86)\x2goclient\sshd.exe] => (Allow) C:\program files (x86)\x2goclient\sshd.exe
FirewallRules: [UDP Query User{34702F07-9F53-42CC-9F9F-5493D590C929}C:\program files (x86)\x2goclient\sshd.exe] => (Allow) C:\program files (x86)\x2goclient\sshd.exe
FirewallRules: [TCP Query User{11562372-B315-4D5C-85F3-85CF8C447F14}C:\program files (x86)\x2goclient\pulse\pulseaudio.exe] => (Allow) C:\program files (x86)\x2goclient\pulse\pulseaudio.exe
FirewallRules: [UDP Query User{CEF32C8E-2A83-4A39-86C4-E4A35949C450}C:\program files (x86)\x2goclient\pulse\pulseaudio.exe] => (Allow) C:\program files (x86)\x2goclient\pulse\pulseaudio.exe
FirewallRules: [TCP Query User{C88D7EB3-476A-426C-A420-329631C6DEA4}C:\program files (x86)\x2goclient\vcxsrv\vcxsrv.exe] => (Allow) C:\program files (x86)\x2goclient\vcxsrv\vcxsrv.exe
FirewallRules: [UDP Query User{B70EDE30-FE0D-4552-B01F-E9129A50F592}C:\program files (x86)\x2goclient\vcxsrv\vcxsrv.exe] => (Allow) C:\program files (x86)\x2goclient\vcxsrv\vcxsrv.exe
FirewallRules: [TCP Query User{B8DE224F-C805-4CB3-8FB0-406A5E35A296}C:\program files (x86)\x2goclient\x2goclient.exe] => (Allow) C:\program files (x86)\x2goclient\x2goclient.exe
FirewallRules: [UDP Query User{DC06256D-BBC9-48D7-ADD9-2FA1B9DBD09F}C:\program files (x86)\x2goclient\x2goclient.exe] => (Allow) C:\program files (x86)\x2goclient\x2goclient.exe
FirewallRules: [TCP Query User{4CCFD995-EB38-439A-8D15-52D6F5E8D715}\\friends-pc\e\015 -- software downloads\0000---setup files\extender easy setup\easysetupassistant\easysetupassistant.exe] => (Allow) \\friends-pc\e\015 -- software downloads\0000---setup files\extender easy setup\easysetupassistant\easysetupassistant.exe
FirewallRules: [UDP Query User{E5F0D48E-54FE-486D-B385-3C29BCE00677}\\friends-pc\e\015 -- software downloads\0000---setup files\extender easy setup\easysetupassistant\easysetupassistant.exe] => (Allow) \\friends-pc\e\015 -- software downloads\0000---setup files\extender easy setup\easysetupassistant\easysetupassistant.exe
FirewallRules: [TCP Query User{23CA0745-2046-4345-B81C-75100D62F558}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [UDP Query User{25E76E04-7992-43AC-99F9-5324256505C4}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [TCP Query User{870E290A-BC38-48F2-8573-A0CF7680E60D}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [UDP Query User{5E1ED4B3-7B8D-4E1D-9AF4-F5BACE8D475D}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [TCP Query User{ED24B0A3-22E1-44AB-B741-A00E94BD11B4}C:\program files\java\jdk1.8.0_112\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_112\bin\java.exe
FirewallRules: [UDP Query User{7786FEBF-F426-44C3-9393-C77C80553F8B}C:\program files\java\jdk1.8.0_112\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_112\bin\java.exe
FirewallRules: [TCP Query User{2C3778E4-D7FD-43BD-A985-E9782662F627}C:\program files\java\jdk1.8.0_112\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_112\bin\java.exe
FirewallRules: [UDP Query User{D8DACD0B-4D96-43DF-B90F-273E0314A386}C:\program files\java\jdk1.8.0_112\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_112\bin\java.exe
FirewallRules: [TCP Query User{F730A42E-0723-47BE-82D1-8FCE53710343}D:\wt-nmp\bin\nginx\nginx.exe] => (Allow) D:\wt-nmp\bin\nginx\nginx.exe
FirewallRules: [UDP Query User{DA10E6A9-AD15-422A-A270-3800F746F5A4}D:\wt-nmp\bin\nginx\nginx.exe] => (Allow) D:\wt-nmp\bin\nginx\nginx.exe
FirewallRules: [TCP Query User{69048FC0-28FD-4932-BB4F-0DD5BAEEB209}D:\wt-nmp\bin\nginx\nginx.exe] => (Allow) D:\wt-nmp\bin\nginx\nginx.exe
FirewallRules: [UDP Query User{63AB21BE-7A3B-43E1-9C0C-99626819FB58}D:\wt-nmp\bin\nginx\nginx.exe] => (Allow) D:\wt-nmp\bin\nginx\nginx.exe
FirewallRules: [TCP Query User{83EA4A49-E987-405B-B070-89C063AA3386}C:\users\mega\downloads\setup files\tplink -setup\20113289170611\easysetupassistant\easysetupassistant.exe] => (Allow) C:\users\mega\downloads\setup files\tplink -setup\20113289170611\easysetupassistant\easysetupassistant.exe
FirewallRules: [UDP Query User{2FE8953E-9159-48E4-8091-B8EE5C0D027C}C:\users\mega\downloads\setup files\tplink -setup\20113289170611\easysetupassistant\easysetupassistant.exe] => (Allow) C:\users\mega\downloads\setup files\tplink -setup\20113289170611\easysetupassistant\easysetupassistant.exe
FirewallRules: [TCP Query User{D2048571-F5A4-4028-948C-09F28DADCCF2}C:\users\mega\downloads\setup files\tplink -setup\20113289170611\easysetupassistant\easysetupassistant.exe] => (Allow) C:\users\mega\downloads\setup files\tplink -setup\20113289170611\easysetupassistant\easysetupassistant.exe
FirewallRules: [UDP Query User{D26391D6-6D2F-42A1-A288-DE3CD6519C60}C:\users\mega\downloads\setup files\tplink -setup\20113289170611\easysetupassistant\easysetupassistant.exe] => (Allow) C:\users\mega\downloads\setup files\tplink -setup\20113289170611\easysetupassistant\easysetupassistant.exe
FirewallRules: [TCP Query User{5B2E48BE-64DD-4ED5-9D0B-804E1584C934}C:\program files\mongodb\server\3.4\bin\mongod.exe] => (Allow) C:\program files\mongodb\server\3.4\bin\mongod.exe
FirewallRules: [UDP Query User{1C7520BC-0741-49FC-83BF-45CB688FFA5B}C:\program files\mongodb\server\3.4\bin\mongod.exe] => (Allow) C:\program files\mongodb\server\3.4\bin\mongod.exe
FirewallRules: [TCP Query User{FDC755B0-9294-4621-A2CA-00801F546D3E}C:\users\mega\desktop\my mobile\mymobiler\mymobiler.exe] => (Allow) C:\users\mega\desktop\my mobile\mymobiler\mymobiler.exe
FirewallRules: [UDP Query User{9FFBAC83-C78F-4650-845A-1F9777634820}C:\users\mega\desktop\my mobile\mymobiler\mymobiler.exe] => (Allow) C:\users\mega\desktop\my mobile\mymobiler\mymobiler.exe
FirewallRules: [TCP Query User{18FDC277-1332-41D7-8338-CCA742B4F394}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [UDP Query User{C2F32BB7-C8F6-4325-9DE4-EBE69D98BC22}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [TCP Query User{59B9656D-5B7A-45F8-89C4-8624B504ED95}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [UDP Query User{21AF94CA-B2CD-49F6-8FDA-2B79CB638A8C}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [TCP Query User{56838BA8-BABC-4C33-8171-7B9156E294D1}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [UDP Query User{8DC06B0D-24B0-4F69-967A-97164857C0F5}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [TCP Query User{851B7CD9-5173-46F7-A016-1708178363A4}C:\users\mega\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe] => (Allow) C:\users\mega\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe
FirewallRules: [UDP Query User{EEF667FA-2108-4869-9BFA-3A7885D0165C}C:\users\mega\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe] => (Allow) C:\users\mega\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe
FirewallRules: [TCP Query User{395FDDDB-124D-4645-8411-74B4C0D5A690}C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe] => (Allow) C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe
FirewallRules: [UDP Query User{FD3575AF-6DCC-4BB9-9F98-E091BFEBA080}C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe] => (Allow) C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe
FirewallRules: [{74F5FA43-DB81-483D-B1DC-B66BA7FDF347}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{830B566A-D528-46E7-9FD1-3ADFD0232C6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5F510C20-C06E-4FA7-B27B-1A6A2B010695}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{15F24CF5-E5E9-4C68-B87C-CC74AE543780}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5478EF19-1326-4A0F-8184-D396840A5691}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ED4B8746-8E85-48AA-A567-F2295C114F45}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6BD34773-7521-419E-A2FC-B70D5CF6CE40}] => (Allow) LPort=80
FirewallRules: [{D72C54F1-404E-4906-8429-9125FCBB1D88}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AA1B731B-F3E1-47F7-9B9A-6DA2EB313D18}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8B775B43-FCD3-40C3-83B6-C3FC1FF00225}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B4B3A5E6-BDD2-44BA-BAA8-1FB8CB33280D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{26E04D59-2479-4EC3-BA61-4B23875CEE19}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B345A1BB-FE5F-412C-85AB-367A99E9AFE2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{4F4C64BF-581B-4396-B3A9-62A55CED8330}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{E94BEA35-AC97-451B-AA05-FF019C1F5DF6}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{5C2C5518-B32C-4881-BC48-D83822762212}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CF6BA473-50BA-4085-AEBE-30ED72EA06F5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4265733C-5D4D-483F-BCA8-51EA933FC741}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DD61BC70-FA7D-4FFA-9216-C97B3FA63FE8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{722C2F67-1892-46C3-90FE-A8D20AC8FD09}] => (Allow) LPort=1688
FirewallRules: [{33C70FC7-CFDF-43C1-BDE9-C1FA983A0741}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{67A815EF-7006-441B-A9FB-BD44E0BC990D}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: mscank
Description: mscank
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mscank
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Broadcom USH
Description: Broadcom USH
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/25/2018 01:55:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8814
 
Error: (04/25/2018 01:55:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8814
 
Error: (04/25/2018 01:55:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/25/2018 01:55:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7613
 
Error: (04/25/2018 01:55:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7613
 
Error: (04/25/2018 01:55:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/25/2018 01:55:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6568
 
Error: (04/25/2018 01:55:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6568
 
 
System errors:
=============
Error: (04/28/2018 05:49:38 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Quality Windows Audio Video Experience service depends the following service: psched. This service might not be installed.
 
Error: (04/28/2018 05:49:38 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Quality Windows Audio Video Experience service depends the following service: psched. This service might not be installed.
 
Error: (04/28/2018 05:47:36 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Quality Windows Audio Video Experience service depends the following service: psched. This service might not be installed.
 
Error: (04/28/2018 05:47:36 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Quality Windows Audio Video Experience service depends the following service: psched. This service might not be installed.
 
Error: (04/27/2018 01:00:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/27/2018 12:59:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Wondershare Driver Install Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (04/27/2018 12:59:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAMSUNG Mobile Connectivity Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (04/27/2018 12:59:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ReiBootAdService service failed to start due to the following error: 
The system cannot find the file specified.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 560 @ 2.67GHz
Percentage of memory in use: 71%
Total physical RAM: 8117.83 MB
Available physical RAM: 2341.47 MB
Total Virtual: 16233.85 MB
Available Virtual: 10122.43 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.66 GB) (Free:8.93 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:195.31 GB) (Free:101.64 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:638.44 GB) (Free:587.6 GB) NTFS
 
\\?\Volume{95c106c6-cd19-11e5-a97a-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6C110A79)
Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=638.4 GB) - (Type=0F Extended)
 
==================== End of Addition.txt ============================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 AM

Posted 01 May 2018 - 07:29 AM

Hi,

ATTENTION: System Restore is disabled
Turn your System Restore ON - Windows Help
https://support.microsoft.com/en-us/help/17228/windows-protect-my-pc-from-viruses
<<<>>>

You should never run 2 security programs in real life. It can only cause delays and problems. Disable one of them.

AS: Quick Heal Total Security (Enabled - Up to date) {B42CE7E9-794F-61E2-34DD-06955C98EDF3}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

====

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
S2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [X]
S2 ReiBootAdService; C:\Program Files (x86)\ReiBoot\AdService.exe [X]
S2 ss_conn_service; "C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe" [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone\Library\DriverInstaller\DriverInstall.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
S3 iwdbus; system32\DRIVERS\iwdbus.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 usb3Hub; system32\DRIVERS\usb3Hub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XHCIPort; system32\DRIVERS\XHCIPort.sys [X]

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {97DF33D4-8EED-41F8-9AB8-684ADDB443CF} - System32\Tasks\{921C0F26-0CFC-4770-8A8B-1CDEDA602E59} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.10.0.101&LastError=404
AlternateDataStreams: C:\Users\Mega\Desktop\Door-seal.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\3_EventSponsorship.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\4. New City Accessory Brochure_Copy.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\AC16_Benefits of Sponsorship_july28.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\Book2.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\INV-000507.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\pdf_prospectus.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\Questions to ask for an app-Modified.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\Vantage-Invoice-April-2018.xlsx:SandBoxSafeFile [0]
C:\Windows\System32\Tasks\{921C0F26-0CFC-4770-8A8B-1CDEDA602E59}

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 8 Update 112 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java SE Development Kit 8 Update 112 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180112}) (Version: 8.0.1120.15 - Oracle Corporation)
---

Please let me know if the persists with this computer.

#7 ankore

ankore
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 04 May 2018 - 03:23 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by Mega (02-05-2018 17:42:41) Run:1
Running from C:\Users\Mega\Downloads
Loaded Profiles: Mega &  (Available Profiles: Mega)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
S2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [X]
S2 ReiBootAdService; C:\Program Files (x86)\ReiBoot\AdService.exe [X]
S2 ss_conn_service; "C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe" [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone\Library\DriverInstaller\DriverInstall.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
S3 iwdbus; system32\DRIVERS\iwdbus.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 usb3Hub; system32\DRIVERS\usb3Hub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XHCIPort; system32\DRIVERS\XHCIPort.sys [X]
 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {97DF33D4-8EED-41F8-9AB8-684ADDB443CF} - System32\Tasks\{921C0F26-0CFC-4770-8A8B-1CDEDA602E59} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.10.0.101&LastError=404
AlternateDataStreams: C:\Users\Mega\Desktop\Door-seal.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\3_EventSponsorship.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\4. New City Accessory Brochure_Copy.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\AC16_Benefits of Sponsorship_july28.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\Book2.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\INV-000507.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\pdf_prospectus.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\Questions to ask for an app-Modified.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Mega\Downloads\Vantage-Invoice-April-2018.xlsx:SandBoxSafeFile [0]
C:\Windows\System32\Tasks\{921C0F26-0CFC-4770-8A8B-1CDEDA602E59}
 
End
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => not found
"HKLM\System\CurrentControlSet\Services\gramblrclient" => removed successfully
gramblrclient => service removed successfully
"HKLM\System\CurrentControlSet\Services\ReiBootAdService" => removed successfully
ReiBootAdService => service removed successfully
"HKLM\System\CurrentControlSet\Services\ss_conn_service" => removed successfully
ss_conn_service => service removed successfully
"HKLM\System\CurrentControlSet\Services\WsDrvInst" => removed successfully
WsDrvInst => service removed successfully
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully
catchme => service removed successfully
"HKLM\System\CurrentControlSet\Services\intaud_WaveExtensible" => removed successfully
intaud_WaveExtensible => service removed successfully
"HKLM\System\CurrentControlSet\Services\iwdbus" => removed successfully
iwdbus => service removed successfully
"HKLM\System\CurrentControlSet\Services\Synth3dVsc" => removed successfully
Synth3dVsc => service removed successfully
"HKLM\System\CurrentControlSet\Services\tsusbhub" => removed successfully
tsusbhub => service removed successfully
"HKLM\System\CurrentControlSet\Services\usb3Hub" => removed successfully
usb3Hub => service removed successfully
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully
VGPU => service removed successfully
"HKLM\System\CurrentControlSet\Services\XHCIPort" => removed successfully
XHCIPort => service removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97DF33D4-8EED-41F8-9AB8-684ADDB443CF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97DF33D4-8EED-41F8-9AB8-684ADDB443CF}" => removed successfully
C:\Windows\System32\Tasks\{921C0F26-0CFC-4770-8A8B-1CDEDA602E59} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{921C0F26-0CFC-4770-8A8B-1CDEDA602E59}" => removed successfully
C:\Users\Mega\Desktop\Door-seal.pdf => ":SandBoxSafeFile" ADS removed successfully
C:\Users\Mega\Downloads\3_EventSponsorship.pdf => ":SandBoxSafeFile" ADS removed successfully
C:\Users\Mega\Downloads\4. New City Accessory Brochure_Copy.pdf => ":SandBoxSafeFile" ADS removed successfully
C:\Users\Mega\Downloads\AC16_Benefits of Sponsorship_july28.pdf => ":SandBoxSafeFile" ADS removed successfully
C:\Users\Mega\Downloads\Book2.xlsx => ":SandBoxSafeFile" ADS removed successfully
C:\Users\Mega\Downloads\INV-000507.pdf => ":SandBoxSafeFile" ADS removed successfully
C:\Users\Mega\Downloads\pdf_prospectus.pdf => ":SandBoxSafeFile" ADS removed successfully
C:\Users\Mega\Downloads\Questions to ask for an app-Modified.docx => ":SandBoxSafeFile" ADS removed successfully
C:\Users\Mega\Downloads\Vantage-Invoice-April-2018.xlsx => ":SandBoxSafeFile" ADS removed successfully
"C:\Windows\System32\Tasks\{921C0F26-0CFC-4770-8A8B-1CDEDA602E59}" => not found
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 74482091 B
Java, Flash, Steam htmlcache => 1378 B
Windows/system/drivers => 3083910 B
Edge => 0 B
Chrome => 312202321 B
Firefox => 385123988 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 79033 B
LocalService => 33326 B
NetworkService => 34388 B
Mega => 105111209 B
Grambler => 168597 B
 
RecycleBin => 1324655161 B
EmptyTemp: => 2.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:43:17 ====


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 AM

Posted 04 May 2018 - 07:54 AM

Has the problem been solved?

#9 ankore

ankore
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 07 May 2018 - 02:52 AM

the laptop fan still keeps running constantly.. seems its an hardware issue .. cant figure it out yet



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 AM

Posted 07 May 2018 - 07:25 AM

Hi,

It could be a driver that needs to be updated.

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.

<<<>>>

If the problem persists check the Device manager in your Control Panel > System ...

Open each of the entries and if you find one with a Yellow Exclamation mark that should be investigated.

You an also check you computer's manufacturer and find out if they have a hardware diagnostic tool.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 AM

Posted 14 May 2018 - 07:05 AM

Hi,

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users