Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

conhost exe or Host miner?


  • This topic is locked This topic is locked
39 replies to this topic

#1 Jourdan

Jourdan

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 10 June 2018 - 03:06 PM

Hello,

I think that this is already known problem, but I would like to tell me if can be solved

Recently, I found for me suspicious process in task manager conhost.exe....

I used malwar bytes program, and other anti malware programs, like adwcleaner,Rogue Killer.

This last recognize malware bytes service.exe as problem...but I think it is false alarm, as mentioned somewhere on google.

Can you tell me how to get rid of this,

 

thank you



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,896 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:34 AM

Posted 10 June 2018 - 03:45 PM

https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

Louis



#3 Jourdan

Jourdan
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 10 June 2018 - 04:01 PM

hello thank you Louis



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 15 June 2018 - 03:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/678884 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 Jourdan

Jourdan
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 15 June 2018 - 03:23 PM

Hello,

I will repeat the mentioned above, meanwhile I didn't do anything specific about problem,

although I've noticed trough connecting to net that on youtube sounds flickers or video slowsdown and in processes there appear conhost.exe ...

"Recently, I found for me suspicious process in task manager conhost.exe....

I used malwar bytes program, and other anti malware programs, like adwcleaner,Rogue Killer.

This last recognize malware bytes service.exe as problem...but I think it is false alarm, as mentioned somewhere on google."

Thank you



#6 Jourdan

Jourdan
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 15 June 2018 - 03:35 PM

Recently, I found for me suspicious process in task manager conhost.exe....I've noticed trough connecting to net that on youtube sounds flickers or video slowdown and in processes there appear conhost.exe ...

I used malware bytes program, and other anti malware programs, like adwcleaner,Rogue Killer.

This last recognize malware bytes service.exe as problem...but I think it is false alarm, as mentioned somewhere on google.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Toni (administrator) on TONI-PC (15-06-2018 22:32:45)
Running from D:\Slike
Loaded Profiles: Toni (Available Profiles: Toni)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) D:\Program files\ESET\ESET Security\ekrn.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Malwarebytes) D:\Program files\Malwarebytes\Anti-Malware\MBAMService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(MyCity) D:\Program Files (x86)\MCShield\MCShieldRTM.exe
() C:\Advanced Wheel Mouse\wh_exec.exe
(ESET) D:\Program files\ESET\ESET Security\egui.exe
(Malwarebytes) D:\Program files\Malwarebytes\Anti-Malware\mbamtray.exe
(Adobe Systems, Incorporated) D:\Program Files (x86)\Adobe Photoshop CS5\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => D:\Program Files\ESET\ESET Security\ecmds.exe [324352 2017-12-18] (ESET)
HKLM\...\Run: [ctfmon] => C:\Windows\system32\CTFMON.EXE [9728 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [WheelMouse] => C:\Advanced Wheel Mouse\wh_exec.exe [147456 2010-05-26] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-960558740-2251998360-3135729050-1000\...\Run: [MCShield Monitor] => D:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-960558740-2251998360-3135729050-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe [2009-07-14] (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BA42E897-0DBF-4F36-8566-136B6123A5E5}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{BA42E897-0DBF-4F36-8566-136B6123A5E5}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-960558740-2251998360-3135729050-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File

FireFox:
========
FF ProfilePath: C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541 [2018-06-15]
FF Homepage: Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541 -> hxxps://www.google.rs/webhp?hl=sr&sa=X&ved=0ahUKEwjk_Pi9xYraAhXCJZoKHUXSAGAQPAgD
FF NetworkProxy: Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541 -> type", 0
FF Extension: (F.B Purity - Cleans up Facebook (WX)) - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541\Extensions\fbpElectroWebExt@fbpurity.com.xpi [2018-06-03]
FF Extension: (Dictionnaire français) - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org [2018-05-11] [Legacy]
FF Extension: (DuckDuckGo Plus) - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2018-04-11] [Legacy]
FF Extension: (Default) - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2018-05-06] [Legacy] [not signed]
FF Extension: (Video DownloadHelper) - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-07]
FF Extension: (JDownloader Browser Solver Extension) - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541\Extensions\{c4163d03-7c8a-410b-9753-379b6c29b50e}.xpi [2017-12-08]
FF Extension: (Adblock Plus) - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-17]
FF Extension: (Greasemonkey) - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-02-09]
FF HKLM\...\Firefox\Extensions: [soda_pdf_8_conv@sodapdf.com] - C:\Program Files\Soda PDF 8\resources\sodapdf8firefoxextension => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - D:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-960558740-2251998360-3135729050-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Toni\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Toni\AppData\Roaming\IDM\idmmzcc5 [2016-05-25] [Legacy] [not signed]
FF HKU\S-1-5-21-960558740-2251998360-3135729050-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Toni\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-02-02] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-02-02] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> D:\Program Files (x86)\Java\bin\dtplugin\npDeployJava1.dll [2017-05-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> D:\Program Files (x86)\Java\bin\plugin2\npjp2.dll [2017-05-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Toni\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [No File]
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Toni\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-960558740-2251998360-3135729050-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Toni\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-960558740-2251998360-3135729050-1000: @talk.google.com/O1DPlugin -> C:\Users\Toni\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-960558740-2251998360-3135729050-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Toni\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-960558740-2251998360-3135729050-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Toni\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-960558740-2251998360-3135729050-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\Toni\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Toni\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Toni\AppData\Roaming\mozilla\plugins\Xnpgoogletalk (1).dll [2014-10-29] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Toni\AppData\Roaming\mozilla\plugins\xnpgoogletalk (2).dll [2014-10-29] (Google)
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; D:\Program Files\ESET\ESET Security\ekrn.exe [1940584 2017-12-18] (ESET)
R2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [1816520 2018-04-03] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [22568 2016-09-10] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-03] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [134368 2018-01-19] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107328 2018-01-19] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180088 2018-01-19] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50744 2018-01-19] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [81880 2018-01-19] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61040 2018-01-19] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [106304 2018-01-19] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-06-09] (Malwarebytes)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [26272 2018-03-20] (IObit.com)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
S3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17136 2009-07-29] (JMicron Technology Corp.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-06-09] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112872 2018-06-15] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-06-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-15] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [94840 2018-06-15] (Malwarebytes)
S3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-07-13] (The OpenVPN Project)
S3 PRODIGY; C:\Windows\System32\Drivers\PRODIGY.SYS [32377 2006-08-29] (B-phreaks) [File not signed]
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
S3 rkhdrv40; C:\Windows\SysWow64\Drivers\rkhdrv40.sys [24448 2018-05-23] () [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-01-06] (Duplex Secure Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R3 WacHidRouterPro; C:\Windows\System32\DRIVERS\wachidrouter.sys [115680 2018-01-12] (Wacom Technology, Corp.)
R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [10368 2009-09-16] ()
S1 aiptektp; system32\DRIVERS\aiptektp.sys [X]
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz140; \??\C:\Users\Toni\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
S3 moufiltr; system32\DRIVERS\moufiltr.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S1 tmactmon; system32\DRIVERS\tmactmon.sys [X]
S0 tmcomm; system32\DRIVERS\tmcomm.sys [X]
U3 tmeevw; no ImagePath
S1 tmevtmgr; system32\DRIVERS\tmevtmgr.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vhidmini; system32\DRIVERS\walvhid.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-15 22:32 - 2018-06-15 22:32 - 000000000 ____D C:\FRST
2018-06-15 20:11 - 2018-06-15 20:11 - 005529384 _____ C:\Windows\system32\FNTCACHE.DAT
2018-06-15 15:21 - 2018-06-15 15:21 - 000001688 _____ C:\Users\Toni\AppData\Local\recently-used.xbel
2018-06-15 15:09 - 2018-06-15 15:09 - 000000748 _____ C:\Users\Toni\Desktop\GIMP 2.lnk
2018-06-15 12:46 - 2018-06-15 12:46 - 000391616 _____ C:\Users\Toni\AppData\Local\GDIPFONTCACHEV1.DAT
2018-06-10 21:45 - 2018-06-10 22:03 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-06-10 21:45 - 2018-06-10 21:45 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5B2667B6.sys
2018-06-09 21:49 - 2018-06-15 21:16 - 000094840 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-06-09 21:49 - 2018-06-15 20:13 - 000112872 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-06-09 21:49 - 2018-06-15 20:13 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-06-09 21:49 - 2018-06-15 20:12 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-09 21:49 - 2018-06-09 21:49 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-06-09 21:39 - 2018-06-09 21:39 - 000001496 _____ C:\Users\Toni\Desktop\Skype - Shortcut.lnk
2018-06-09 21:36 - 2018-06-09 21:36 - 000001757 _____ C:\Users\Toni\Desktop\nero - Shortcut.lnk
2018-06-07 19:24 - 2018-06-07 19:24 - 000000000 ____D C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-06-02 19:37 - 2018-06-02 19:37 - 000000962 _____ C:\Users\Toni\Desktop\art submission 2018 - Shortcut.lnk
2018-05-30 15:49 - 2018-06-15 20:12 - 000000000 ____D C:\ProgramData\MCShield
2018-05-30 15:49 - 2018-05-30 15:49 - 000000775 _____ C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk
2018-05-30 15:49 - 2018-05-30 15:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2018-05-30 15:47 - 2018-05-30 15:48 - 000001302 _____ C:\DelFix.txt
2018-05-30 11:31 - 2018-05-30 11:31 - 000000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2018-05-29 17:17 - 2018-05-29 17:17 - 000000000 ____D C:\ProgramData\Emsisoft
2018-05-29 12:14 - 2018-05-29 12:14 - 000000934 _____ C:\Users\Toni\Desktop\UpWork projekti - Shortcut.lnk
2018-05-23 21:31 - 2018-05-23 21:31 - 000000000 ____D C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2018-05-23 21:31 - 2018-05-23 21:31 - 000000000 ____D C:\Users\Toni\AppData\Roaming\FreeFixer
2018-05-23 18:39 - 2018-05-27 21:53 - 000002788 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-05-23 18:39 - 2018-05-23 20:59 - 000000688 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-05-23 18:39 - 2018-05-23 18:39 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-05-23 18:39 - 2018-05-23 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-05-23 17:42 - 2018-06-09 21:49 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-05-23 17:42 - 2018-05-23 17:42 - 000000923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-23 17:42 - 2018-05-23 17:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-23 17:41 - 2018-05-23 17:41 - 000000000 ____D C:\ProgramData\MB2Migration
2018-05-23 16:57 - 2018-05-23 17:48 - 000024106 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-05-23 16:57 - 2018-05-23 17:19 - 000245381 _____ C:\Windows\ZAM.krnl.trace
2018-05-23 16:56 - 2018-05-27 17:23 - 000000000 ____D C:\Users\Toni\AppData\Local\Zemana
2018-05-23 15:44 - 2018-05-23 15:44 - 000000000 ____D C:\Users\Toni\AppData\Local\ElevatedDiagnostics
2018-05-23 12:51 - 2018-05-23 12:51 - 000000010 _____ C:\Users\Toni\AppData\Local\sponge.last.runtime.cache
2018-05-23 12:24 - 2018-05-23 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker
2018-05-23 12:24 - 2018-05-23 12:25 - 000024448 _____ C:\Windows\SysWOW64\Drivers\rkhdrv40.sys
2018-05-23 12:24 - 2018-05-23 12:24 - 000000000 ____D C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker
2018-05-22 21:30 - 2018-05-23 20:14 - 000000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000UA.job
2018-05-22 21:30 - 2018-05-23 20:14 - 000000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000Core1d0c171f753ac59.job
2018-05-22 13:18 - 2018-05-22 13:18 - 000000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2018-05-22 13:18 - 2018-03-20 18:32 - 000026272 _____ (IObit.com) C:\Windows\system32\Drivers\IMFCameraProtect.sys
2018-05-22 08:30 - 2018-05-23 16:32 - 000000000 ____D C:\Users\Toni\AppData\LocalLow\IObit
2018-05-21 21:47 - 2018-05-21 21:54 - 000001582 _____ C:\Windows\SysWOW64\SHORTCUT.INI
2018-05-21 21:46 - 2018-05-21 22:00 - 000000148 _____ C:\Windows\SysWOW64\REMOTEDEVICE.INI
2018-05-21 21:42 - 2018-05-21 21:42 - 000000000 ____D C:\Users\Toni\Documents\BlueSoleil_cPhone
2018-05-21 21:41 - 2018-05-21 21:41 - 000000000 ____D C:\Users\Toni\AppData\Local\BlueSoleil_cPhone
2018-05-18 17:33 - 2018-05-18 17:33 - 000001265 _____ C:\Users\Toni\Desktop\Raymond Leblanc 2018 - Shortcut.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-15 22:06 - 2017-04-03 16:41 - 000000000 ____D C:\Users\Toni\AppData\Roaming\WTablet
2018-06-15 21:09 - 2017-06-15 16:09 - 000000000 ____D C:\Users\Toni\AppData\LocalLow\Mozilla
2018-06-15 20:31 - 2009-07-14 06:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-15 20:31 - 2009-07-14 06:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-15 20:11 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-15 15:12 - 2016-01-29 22:15 - 000000000 ____D C:\Users\Toni\.gimp-2.8
2018-06-15 14:12 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-06-15 12:40 - 2014-10-02 19:59 - 000000000 ____D C:\Users\Toni\AppData\Local\CrashDumps
2018-06-12 21:54 - 2016-03-31 12:05 - 000124928 _____ C:\Users\Toni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-06-10 23:15 - 2013-09-03 15:39 - 000000000 ____D C:\Users\Toni\AppData\Roaming\Skype
2018-06-10 21:46 - 2014-12-19 23:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-09 22:19 - 2014-10-01 22:38 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-06-07 19:24 - 2013-09-20 16:42 - 000000000 ____D C:\Users\Toni\AppData\Roaming\Dropbox
2018-06-02 21:14 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2018-06-02 11:30 - 2016-07-20 22:57 - 000001456 _____ C:\Users\Toni\AppData\Local\Adobe Save for Web 12.0 Prefs
2018-05-30 15:52 - 2015-01-05 22:40 - 000780372 _____ C:\Windows\system32\perfh00C.dat
2018-05-30 15:52 - 2015-01-05 22:40 - 000168268 _____ C:\Windows\system32\perfc00C.dat
2018-05-30 15:52 - 2009-07-14 07:13 - 001763006 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-30 15:47 - 2014-06-24 18:44 - 000000000 ____D C:\Windows\ERUNT
2018-05-30 11:31 - 2016-05-23 22:33 - 000290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2018-05-29 21:42 - 2017-05-15 19:48 - 000000000 ____D C:\Users\Toni\dwhelper
2018-05-29 19:33 - 2015-06-10 18:16 - 000001217 _____ C:\Users\Toni\Desktop\Photoshop - Shortcut.lnk
2018-05-29 18:46 - 2009-07-14 04:34 - 000000215 _____ C:\Windows\system.ini
2018-05-29 14:01 - 2016-05-23 22:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-05-29 14:01 - 2016-05-23 22:54 - 000000000 ____D C:\Program Files\RogueKiller
2018-05-27 21:53 - 2015-05-21 18:30 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-27 21:52 - 2014-12-14 17:19 - 000000000 ____D C:\Windows\pss
2018-05-24 14:11 - 2014-09-18 10:14 - 000000132 _____ C:\Users\Toni\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-05-23 22:03 - 2016-08-15 19:47 - 000000000 ____D C:\Program Files\Common Files\AV
2018-05-23 21:47 - 2014-10-03 18:08 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-23 21:42 - 2017-07-30 20:45 - 000000000 ____D C:\Users\Toni\AppData\Local\FreeFixer
2018-05-23 18:46 - 2016-09-13 18:17 - 000002976 _____ C:\Windows\System32\Tasks\{77CC0124-945F-41D5-96B5-7A74544AAF22}
2018-05-23 18:46 - 2015-07-18 17:54 - 000003502 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000Core1d0c171f753ac59
2018-05-23 18:46 - 2015-06-18 19:48 - 000003898 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000UA
2018-05-23 18:46 - 2015-03-22 12:12 - 000003508 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000UA
2018-05-23 18:46 - 2015-03-22 12:12 - 000003236 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000Core
2018-05-23 17:09 - 2013-09-03 15:23 - 000000000 ____D C:\Users\Toni
2018-05-23 16:43 - 2018-02-12 23:30 - 000000000 ____D C:\USB File Resc
2018-05-23 16:01 - 2009-07-14 04:34 - 092798976 _____ C:\Windows\system32\config\SOFTWARE.bak
2018-05-23 16:01 - 2009-07-14 04:34 - 034078720 _____ C:\Windows\system32\config\SYSTEM.bak
2018-05-23 16:01 - 2009-07-14 04:34 - 005767168 _____ C:\Windows\system32\config\DEFAULT.bak
2018-05-23 16:01 - 2009-07-14 04:34 - 000065536 _____ C:\Windows\system32\config\SAM.bak
2018-05-23 16:01 - 2009-07-14 04:34 - 000024576 _____ C:\Windows\system32\config\SECURITY.bak
2018-05-23 16:00 - 2016-05-25 22:53 - 000000000 ____D C:\Windows\erdnt
2018-05-22 22:55 - 2013-09-03 15:36 - 000000000 ____D C:\Users\Toni\AppData\Local\Google
2018-05-22 13:56 - 2013-09-06 17:21 - 000000032 _____ C:\Windows\0
2018-05-22 13:07 - 2017-04-07 18:58 - 000000000 ____D C:\Users\Toni\AppData\Roaming\Ambient Design
2018-05-21 21:26 - 2014-01-05 22:48 - 000000000 ____D C:\ProgramData\TEMP
2018-05-21 20:51 - 2018-03-26 11:45 - 000000000 ____D C:\ProgramData\FastPictureViewer
2018-05-21 20:29 - 2018-02-05 23:36 - 000009359 _____ C:\Users\Toni\AppData\Roaming\Comma Separated Values (Windows).EML
2018-05-21 19:52 - 2015-08-05 18:23 - 000002089 _____ C:\Users\Public\Desktop\Nokia Suite.lnk
2018-05-21 19:52 - 2015-08-05 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2018-05-17 16:23 - 2014-11-09 17:19 - 000000132 _____ C:\Users\Toni\AppData\Roaming\Adobe BMP Format CS5 Prefs

==================== Files in the root of some directories =======

2014-08-06 15:57 - 2013-09-11 15:13 - 006583664 _____ (AVAST Software) C:\Program Files\AVAST So
2014-02-26 17:13 - 2008-12-10 17:14 - 004411392 _____ (Gabest) C:\Program Files\mplayerc.exe
2014-02-26 17:13 - 2008-12-10 17:14 - 004411392 _____ (Gabest) C:\Program Files (x86)\mplayerc.exe
2014-06-23 21:26 - 2013-02-18 18:46 - 004216840 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\vcredist_2008_sp1_x86.exe
2014-11-09 17:19 - 2018-05-17 16:23 - 000000132 _____ () C:\Users\Toni\AppData\Roaming\Adobe BMP Format CS5 Prefs
2014-09-18 10:14 - 2018-05-24 14:11 - 000000132 _____ () C:\Users\Toni\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-02-14 20:39 - 2015-02-14 20:39 - 000000052 _____ () C:\Users\Toni\AppData\Roaming\Camdata.ini
2015-02-14 20:39 - 2015-02-14 20:39 - 000000408 _____ () C:\Users\Toni\AppData\Roaming\CamLayout.ini
2015-02-14 20:39 - 2015-02-14 20:39 - 000000408 _____ () C:\Users\Toni\AppData\Roaming\CamShapes.ini
2015-02-14 20:39 - 2015-02-14 20:39 - 000004535 _____ () C:\Users\Toni\AppData\Roaming\CamStudio.cfg
2015-02-14 20:32 - 2015-02-14 20:32 - 000000098 _____ () C:\Users\Toni\AppData\Roaming\CamStudio.Producer.command
2015-02-14 20:32 - 2015-02-14 20:32 - 000000000 _____ () C:\Users\Toni\AppData\Roaming\CamStudio.Producer.Data.ini
2015-02-14 20:32 - 2015-02-14 20:32 - 000001205 _____ () C:\Users\Toni\AppData\Roaming\CamStudio.Producer.ini
2013-10-02 20:31 - 2017-11-11 12:05 - 000037898 _____ () C:\Users\Toni\AppData\Roaming\Comma Separated Values (DOS).ADR
2015-10-26 18:46 - 2018-02-05 23:34 - 000038507 _____ () C:\Users\Toni\AppData\Roaming\Comma Separated Values (Windows).ADR
2018-02-05 23:36 - 2018-05-21 20:29 - 000009359 _____ () C:\Users\Toni\AppData\Roaming\Comma Separated Values (Windows).EML
2015-03-21 22:07 - 2015-03-21 22:14 - 000000115 _____ () C:\Users\Toni\AppData\Roaming\LogFile.txt
2014-10-14 19:46 - 2018-02-05 23:31 - 000038495 _____ () C:\Users\Toni\AppData\Roaming\Microsoft Excel 97-2003.ADR
2016-10-02 17:34 - 2016-10-10 22:21 - 000000087 _____ () C:\Users\Toni\AppData\Roaming\MultiFill Prefs
2015-02-14 20:30 - 2015-02-14 20:30 - 000000096 _____ () C:\Users\Toni\AppData\Roaming\version2.xml
2014-12-24 19:14 - 2014-12-24 19:15 - 000000576 _____ () C:\Users\Toni\AppData\Roaming\WinInstallFlashLog.ini
2016-09-17 14:59 - 2016-09-17 15:00 - 305520897 _____ () C:\Users\Toni\AppData\Local\ACCCx3_8_0_310.zip.aamdownload
2016-09-17 14:59 - 2016-09-17 15:00 - 000003413 _____ () C:\Users\Toni\AppData\Local\ACCCx3_8_0_310.zip.aamdownload.aamd
2016-07-20 22:57 - 2018-06-02 11:30 - 000001456 _____ () C:\Users\Toni\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-03-31 12:05 - 2018-06-12 21:54 - 000124928 _____ () C:\Users\Toni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-14 17:51 - 2014-12-14 17:51 - 000000036 _____ () C:\Users\Toni\AppData\Local\housecall.guid.cache
2014-10-01 16:22 - 2015-08-17 18:14 - 000004096 ____H () C:\Users\Toni\AppData\Local\keyfile3.drm
2018-06-15 15:21 - 2018-06-15 15:21 - 000001688 _____ () C:\Users\Toni\AppData\Local\recently-used.xbel
2014-06-18 20:25 - 2016-05-09 18:55 - 000007614 _____ () C:\Users\Toni\AppData\Local\resmon.resmoncfg
2018-05-23 12:51 - 2018-05-23 12:51 - 000000010 _____ () C:\Users\Toni\AppData\Local\sponge.last.runtime.cache
2016-01-05 16:51 - 2016-01-05 16:51 - 000000000 _____ () C:\Users\Toni\AppData\Local\{F95D306C-3519-413A-82DB-7E383DDBF3D6}

Some files in TEMP:
====================
2018-06-14 21:34 - 2018-06-14 21:34 - 000040448 _____ () C:\Users\Toni\AppData\Local\Temp\proxy_vole5130637461783328278.dll
2018-06-14 21:34 - 2018-06-14 21:34 - 000040448 _____ () C:\Users\Toni\AppData\Local\Temp\proxy_vole79639824107291412.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-05 16:37

==================== End of FRST.txt ============================


Edited by Jourdan, 15 June 2018 - 03:37 PM.


#7 Jourdan

Jourdan
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 15 June 2018 - 03:37 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Toni (15-06-2018 22:33:58)
Running from D:\Slike
Windows 7 Ultimate Service Pack 1 (X64) (2013-09-03 13:23:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-960558740-2251998360-3135729050-500 - Administrator - Disabled)
Guest (S-1-5-21-960558740-2251998360-3135729050-501 - Limited - Disabled)
Toni (S-1-5-21-960558740-2251998360-3135729050-1000 - Administrator - Enabled) => C:\Users\Toni

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Disabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ACDSee 10 Photo Manager (HKLM-x32\...\{F8B98EB6-FC06-45BF-87D4-9784E0408611}) (Version: 10.0.219 - ACD Systems International)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\{FA944726-00F8-43B5-BB97-33E6FF409C22}) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Advanced Wheel Mouse 6.0.0.010 (HKLM-x32\...\WheelMouse) (Version:  - )
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.327.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0335 - Disc Soft Ltd)
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-960558740-2251998360-3135729050-1000\...\Dropbox) (Version: 51.4.66 - Dropbox, Inc.)
eMule (HKLM-x32\...\eMule) (Version:  - )
ESET Security (HKLM\...\{B489BC2D-0079-4631-97BF-CA2378299D43}) (Version: 11.0.159.9 - ESET, spol. s r.o.)
FastStone Image Viewer 5.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.2 - FastStone Soft)
FreeFixer (HKLM-x32\...\FreeFixer1.17) (Version: 1.17 - Kephyr)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
HP Scanjet 3800 (HKLM\...\{34EBE5BE-15BB-42E6-B744-7CB6505C7A43}) (Version: 13.0 - HP)
hpg3800 (HKLM-x32\...\{C1138DD4-4193-4F2B-9870-56D258E96D6F}) (Version: 14.0.0.0 - Hewlett-Packard) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Mega Codec Pack 12.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.0.5 - KLCP)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
MFC RunTime files (HKLM-x32\...\{70C592EC-AE9B-4734-928B-676E824FB41E}) (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ Run Time  Lib Setup (HKLM-x32\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Monkey's Audio (HKLM-x32\...\Monkey's Audio_is1) (Version:  - )
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 52.8.0 ESR (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.8.0 ESR (x86 en-US)) (Version: 52.8.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.1 - Mozilla)
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Burning ROM_Nero Express (HKLM-x32\...\Nero Burning ROM_Nero Express) (Version:  - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\{88B6F9DE-C80F-4A70-ACF6-BEE933679170}) (Version: 3.8.54.0 - Nokia) Hidden
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
RogueKiller version 12.12.19.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.19.0 - Adlice Software)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SketchUp 5 (HKLM-x32\...\{B357C4B4-9024-4B64-9B3F-A6729031C3DD}) (Version: 5 - )
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
SnapIt 3.7 (HKLM-x32\...\{88385116-E660-4D4D-91F5-AEC21B76121D}) (Version: 3.7 - Digeus, Inc.)
Soda PDF 8 Convert Module (HKLM\...\{BF2D119E-8D88-4958-B12B-B3C2B0BFB3B5}) (Version: 8.0.44.25306 - LULU Software Limited) Hidden
Soda PDF 8 Create Module (HKLM\...\{C804079F-EC35-492F-8447-73DAF6356BF1}) (Version: 8.0.44.25306 - LULU Software Limited) Hidden
Soda PDF 8 Secure Module (HKLM\...\{69AD1D9E-5080-41A1-905B-DB1C8A864094}) (Version: 8.0.44.25306 - LULU Software Limited) Hidden
Storyboarder 0.13.2 (HKLM\...\527a63cd-e2d3-5c49-af18-16603aef72c9) (Version: 0.13.2 - Wonder Unit Inc.)
Subtitle Workshop 6.0b (HKLM-x32\...\SubtitleWorkshop) (Version:  - )
SysTools DBX Converter version 4.3 (HKLM-x32\...\{0BDF5B3B-040E-4355-BAF5-DA626D01A1F8}_is1) (Version: 4.3 - SysTools Software)
Teleport Pro (HKLM-x32\...\Teleport Pro) (Version: 1.69 - Tennyson Maxwell Information Systems, Inc.)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USB Serial Port Driver (HKLM-x32\...\{281A7FBF-9E98-4639-AC73-D205BBF979AA}) (Version: 1.1.4.1416 - Nokia)
USB Tablet Manager (HKLM-x32\...\Rmtablet) (Version:  - )
VdhCoApp 1.1.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
Visual Studio 2010 SP1 Runtime x64 (HKLM\...\{F6305232-7952-4CCE-BDCD-9B2E66591C4A}) (Version: 1.0.0 - Microsoft Corporation)
Visual Studio 2010 SP1 Runtime x86 (HKLM-x32\...\{AEA163A5-BA2F-4E63-9529-DE8606AC82A4}) (Version: 1.0.0 - Microsoft Corporation)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.128.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.66  - Nullsoft, Inc)
Windows Driver Package - Hewlett-Packard Image  (04/27/2007 9.0.0.0) (HKLM\...\A6BCA7876CD547CFB5821019998F044515D81B74) (Version: 04/27/2007 9.0.0.0 - Hewlett-Packard)
Windows Driver Package - Intel System  (07/19/2011 9.2.0.1032) (HKLM\...\03616F2289682C41A0832A9023B55F5F63976BD4) (Version: 07/19/2011 9.2.0.1032 - Intel)
Windows Driver Package - Intel USB  (07/09/2013 9.2.0.1034) (HKLM\...\C73419A103EAB9D14F91A4BE7BC932945DEA93BC) (Version: 07/09/2013 9.2.0.1034 - Intel)
Windows Driver Package - JMicron (usbccgp) USB  (07/28/2009 1.0.4.2) (HKLM\...\D3AAF0E65D8B1D5934711D3312BF76371DB14E42) (Version: 07/28/2009 1.0.4.2 - JMicron)
Windows Driver Package - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Driver Package - Realtek (RTL8167) Net  (01/15/2015 7.092.0115.2015) (HKLM\...\55FF4C94BB84DE87B24343792B2BBF2EE8E527F0) (Version: 01/15/2015 7.092.0115.2015 - Realtek)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 5.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WinZip 11.1 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}) (Version: 11.1.7466 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Toni\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Toni\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [                     FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} =>  -> No File
ShellIconOverlayIdentifiers: [                    IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} =>  -> No File
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [B1ShellEx] -> [CC]{76CF52AF-2B2D-4999-8CE8-495187BB11CD} =>  -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-18] (ESET)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext64.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => D:\Program Files (x86)\WinZip\WZSHLS64.DLL [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-18] (ESET)
ContextMenuHandlers3: [00avast] -> [CC]{472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} =>  -> No File
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers4-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => D:\Program Files (x86)\WinZip\WZSHLS64.DLL [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-09-28] (Intel Corporation)
ContextMenuHandlers6: [B1ShellEx] -> {76CF52AF-2B2D-4999-8CE8-495187BB11CD} =>  -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-18] (ESET)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => D:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext64.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => D:\Program Files (x86)\WinZip\WZSHLS64.DLL [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers1_S-1-5-21-960558740-2251998360-3135729050-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-960558740-2251998360-3135729050-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-960558740-2251998360-3135729050-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14DE4BBE-4B0A-4B8E-BE89-9096B14F9341} - System32\Tasks\{77CC0124-945F-41D5-96B5-7A74544AAF22} => D:\Program Files (x86)\Adobe Photoshop CS5\Photoshop.exe [2010-04-07] (Adobe Systems, Incorporated)
Task: {1B828061-AB93-41B5-AFC8-31358D0F66B3} - \2b2e7b30-82dc-4deb-b480-b81abc7f2791 -> No File <==== ATTENTION
Task: {1EB9C607-B508-4229-AD25-6775268115D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-02] (Adobe Systems Incorporated)
Task: {39C4D3F7-6431-4778-B6FF-03DA44450875} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000Core1d0c171f753ac59 => C:\Users\Toni\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2018-05-22] (Dropbox, Inc.)
Task: {3BC386BF-A85A-41BC-89A8-61CD0413955E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {40C54FF5-119C-4B35-8D3E-91E1E9B6CBDD} - System32\Tasks\{9A746B7E-CE12-450F-A190-957ECEFA2CBE} => C:\Windows\system32\pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {75D55313-6456-4D3B-B62F-AFEDD0B6D0AB} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-03-22] ()
Task: {915F480F-CBCC-4AEC-8F91-DD5454B4797C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000Core => C:\Users\Toni\AppData\Local\Google\Update\GoogleUpdate.exe [2018-05-22] (Google Inc.)
Task: {986D79C6-672C-493D-8231-1604D2D2DFF8} - System32\Tasks\{887DD254-3346-4BB4-99BC-034E23B7B3D5} => C:\Windows\system32\pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\MOBIMB\MPBrowser.exe"
Task: {9ED2C9C8-EE6A-4FA6-A575-B61E2FC6211E} - System32\Tasks\{70D3EC11-F100-451D-929B-D3ACDD42FF17} => C:\Windows\system32\pcalua.exe -a D:\install\arhiveri\WinRar\winrar_3.30_corporate_edition.exe -d D:\install\arhiveri\WinRar
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {BB25C58D-A040-4C2A-B6FF-428DBB5368B2} - System32\Tasks\{ED5CCF58-AE70-45F2-8853-475F6A15721D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Toni\Desktop\BlueSoleil 6.4.275.0WithMobile\install\x86\setup.exe" -d "C:\Users\Toni\Desktop\BlueSoleil 6.4.275.0WithMobile\install\x86"
Task: {BF5DA17E-626D-4B7B-A445-7F4E709AFABC} - System32\Tasks\{499F36F3-02E2-48BA-B9F3-626A680C0753} => C:\Windows\system32\pcalua.exe -a E:\ivt6.2\setup.exe -d E:\ivt6.2
Task: {C1AC266B-5DBB-4972-A9BE-353DD822F2C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {C72B7C74-F99A-46E8-B8D3-09BD2F37D160} - System32\Tasks\CCleaner Update => D:\Program Files\CCleaner\CCUpdate.exe [2018-05-10] (Piriform Ltd)
Task: {DA8F2467-1BFD-44EB-86E4-8C2DB90403A7} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {E393FBB9-43E9-4307-9AC5-8DF881BC8868} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000UA => C:\Users\Toni\AppData\Local\Google\Update\GoogleUpdate.exe [2018-05-22] (Google Inc.)
Task: {E7329D54-471F-4432-9751-37FA47561B27} - System32\Tasks\{476AD3D8-47E5-47D4-81AE-3C6E4513398B} => D:\Program Files (x86)\Adobe Photoshop CS5\Photoshop.exe [2010-04-07] (Adobe Systems, Incorporated)
Task: {EE02C1C0-A375-4445-8EAB-68160FDBC46E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000UA => C:\Users\Toni\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2018-05-22] (Dropbox, Inc.)
Task: {FE68D9A6-45FB-4192-BF09-5CC113A47F0A} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {FFD2A248-92A5-48F4-A044-22C51A9A496F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000Core1d0c171f753ac59.job => C:\Users\Toni\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000UA.job => C:\Users\Toni\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2009-09-01 05:31 - 2009-09-01 05:31 - 000022016 _____ () C:\Windows\System32\ssp2ml6.dll
2018-04-06 18:55 - 2018-06-09 21:49 - 002297040 _____ () D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-06 18:54 - 2018-06-09 21:49 - 002493648 _____ () D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-04-03 16:39 - 2018-04-03 19:04 - 002288072 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2010-05-26 14:47 - 2010-05-26 14:47 - 000147456 _____ () C:\Advanced Wheel Mouse\wh_exec.exe
2010-05-26 14:47 - 2010-05-26 14:47 - 000036864 _____ () C:\Advanced Wheel Mouse\wh_hook.dll
2014-01-08 21:13 - 2010-04-07 02:34 - 000033280 _____ () D:\Program Files (x86)\Adobe Photoshop CS5\QuickTimeGlue.dll
2010-02-22 05:50 - 2010-02-22 05:50 - 000060416 _____ () C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 000064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 000434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 000756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5 [122]
AlternateDataStreams: C:\ProgramData\TEMP:DBC416F8 [144]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\europacasino.com -> www.europacasino.com
IE trusted site: HKU\S-1-5-21-960558740-2251998360-3135729050-1000\...\fnac.com -> hxxps://livre.fnac.com
IE restricted site: HKU\S-1-5-21-960558740-2251998360-3135729050-1000\...\europacasino.com -> www.europacasino.com
IE restricted site: HKU\S-1-5-21-960558740-2251998360-3135729050-1000\...\skype.com -> hxxps://apps.skype.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-03-21 20:59 - 2018-05-29 18:46 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-960558740-2251998360-3135729050-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: BlueSoleilCS => 2
MSCONFIG\Services: BsHelpCS => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: SDScannerService => 3
MSCONFIG\Services: SDUpdateService => 3
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: uSHAREitSvc => 3
MSCONFIG\Services: WTService => 2
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "D:\Program files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Toni\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: Google Update => "C:\Users\Toni\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Toni\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [TCP Query User{5604FD32-6152-4713-BDD7-29B84EB31F95}C:\users\toni\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\toni\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{D106BB4F-C008-41B2-97F5-69365078DD78}C:\users\toni\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\toni\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{94439292-DB2E-4AA4-B83F-6734363D821B}D:\program files (x86)\winamp\winamp.exe] => (Allow) D:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{711804FB-03AB-4F3E-9ACD-396B653A96D2}D:\program files (x86)\winamp\winamp.exe] => (Allow) D:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{4560075D-3FF5-493F-9AE8-BB5DD2340CC2}C:\users\toni\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\toni\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{B9B542ED-26CF-4547-8CDE-A79B7098425F}C:\users\toni\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\toni\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{26730F7E-5746-49E3-9D7E-5C4F3246D9A1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B36DDF43-6271-494E-AA1E-EA088FAA9F09}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{6B0439EC-DDB4-4BDE-B4B7-BAC2643826F3}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3D7574BC-DD0E-4F9A-8B92-E58E5CC2E0A2}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe

==================== Restore Points =========================

30-05-2018 15:48:02 End of disinfection

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: tmactmon
Description: tmactmon
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tmactmon
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: tmevtmgr
Description: tmevtmgr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tmevtmgr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2018 12:39:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 52.8.0.6694, time stamp: 0x5ae79b5a
Faulting module name: mozglue.dll, version: 52.8.0.6694, time stamp: 0x5ae796cf
Exception code: 0x80000003
Fault offset: 0x0000ff0f
Faulting process id: 0x108c
Faulting application start time: 0x01d40495232beb82
Faulting application path: D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: D:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: 6eac51f8-7088-11e8-8ff3-d43d7e59e09a


System errors:
=============
Error: (06/15/2018 08:12:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aiptektp
tmactmon
tmcomm
tmevtmgr


Windows Defender:
===================================
Date: 2018-05-23 16:30:32.784
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{6B42EE73-7388-4423-8092-54651A196DB0}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2017-07-29 13:14:46.511
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ircbrute!gmb&threatid=203707
Name:Trojan:Win32/Ircbrute!gmb
ID:203707
Severity:Severe
Category:Trojan
Path Found:file:C:\Users\Toni\AppData\Local\Temp\Rar$EXa0.260\NOD32 2.70.32 + Crack\Crack.exe;file:C:\Users\Toni\AppData\Local\Temp\Rar$EXa0.916\NOD32 2.70.32 + Crack\Crack.exe;file:C:\Users\Toni\Desktop\NOD32 2.70.32 + Crack\Crack.exe
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2017-07-29 13:10:06.047
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ircbrute!gmb&threatid=203707
Name:Trojan:Win32/Ircbrute!gmb
ID:203707
Severity:Severe
Category:Trojan
Path Found:file:C:\Users\Toni\AppData\Local\Temp\Rar$EXa0.260\NOD32 2.70.32 + Crack\Crack.exe;file:C:\Users\Toni\AppData\Local\Temp\Rar$EXa0.916\NOD32 2.70.32 + Crack\Crack.exe;file:C:\Users\Toni\Desktop\NOD32 2.70.32 + Crack\Crack.exe;process:pid:1020;process:pid:2300;process:pid:316
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

Date: 2017-07-29 13:09:49.683
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ircbrute!gmb&threatid=203707
Name:Trojan:Win32/Ircbrute!gmb
ID:203707
Severity:Severe
Category:Trojan
Path Found:file:C:\Users\Toni\AppData\Local\Temp\Rar$EXa0.260\NOD32 2.70.32 + Crack\Crack.exe;file:C:\Users\Toni\AppData\Local\Temp\Rar$EXa0.916\NOD32 2.70.32 + Crack\Crack.exe;process:pid:1020;process:pid:2300
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

Date: 2017-07-29 13:08:25.030
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ircbrute!gmb&threatid=203707
Name:Trojan:Win32/Ircbrute!gmb
ID:203707
Severity:Severe
Category:Trojan
Path Found:file:C:\Users\Toni\AppData\Local\Temp\Rar$EXa0.916\NOD32 2.70.32 + Crack\Crack.exe;process:pid:1020
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

CodeIntegrity:
===================================

Date: 2018-06-10 21:52:54.617
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod60C6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-06-10 21:52:54.430
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod60C6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-06-10 21:52:54.280
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod60C6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-06-10 21:52:53.871
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod60C6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-06-10 21:52:53.658
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod60C6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-06-10 21:52:53.467
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod60C6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-05-29 18:46:12.086
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-29 18:46:12.071
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU G2020 @ 2.90GHz
Percentage of memory in use: 91%
Total physical RAM: 3989.46 MB
Available physical RAM: 349.04 MB
Total Virtual: 7977.12 MB
Available Virtual: 3408.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:53.41 GB) NTFS
Drive d: () (Fixed) (Total:368.1 GB) (Free:90.99 GB) NTFS

\\?\Volume{e5003e40-14e4-11e3-8e02-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: C087C087)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#8 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 20 June 2018 - 03:15 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:34 AM

Posted 24 June 2018 - 12:13 PM

Jourdan:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Assistance Forum. My name is Phil. May I address you by your first name?
 

At the outset, please accept my apologies that you have had to wait so long for your topic to receive a response.  The "Am I Infected ..." Forum was recently closed, so there are far more topics being opened in this Forum, and only a limited number of qualified malware removal specialists available to respond to the topics.  Add to that, summer vacations and such, and the resources are even more limited at this time.

 

I will be assisting you with your computer issues. I will endeavor to respond within a reasonable time. Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.

I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies. Please do not use "code" or "quote" boxes. Thank you for your anticipated cooperation.

 

I do not know what you have done with your computer to try and disinfect it yourself since you last posted your FRST scan logs, which are now over a week old (run on 2018-06-15).  It is important that I have a fresh set of FRST scan logs to analyze for malware.

I will need some time to review your new FRST logs, once I receive them. That could take a day or two, but I do hope to respond within 24 hours of receiving the new scan logs, with an initial FRST "fixlist" script.

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#10 Jourdan

Jourdan
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 24 June 2018 - 12:20 PM

hello Phil thank you for your kind reply,

well I was busy these days so didn't pay attention too much,

few times I've noticed conhost.exe process usually when starting youtube, or new window in firefox...

I will post new FRST log here

thank you



#11 Jourdan

Jourdan
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 24 June 2018 - 12:24 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Toni (administrator) on TONI-PC (23-05-2018 10:03:20)
Running from D:\Slike
Loaded Profiles: Toni &  (Available Profiles: Toni)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) D:\Program files\ESET\ESET Security\ekrn.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(IObit) D:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Malwarebytes) D:\Program files\Malwarebytes\Anti-Malware\MBAMService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dropbox, Inc.) C:\Users\Toni\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Toni\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Toni\AppData\Roaming\Dropbox\bin\Dropbox.exe
(IObit) D:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(IObit) D:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(IObit) D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(ESET) D:\Program files\ESET\ESET Security\egui.exe
(Malwarebytes) D:\Program files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-p..ng-spooler-splwow64_31bf3856ad364e35_6.1.7601.17777_none_25927c8ba8c5251d\splwow64.exe
(VS Revo Group) D:\Program files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ctfmon] => C:\Windows\system32\CTFMON.EXE [9728 2009-07-14] (Microsoft Corporation)
HKLM\...\Run: [egui] => D:\Program Files\ESET\ESET Security\ecmds.exe [324352 2017-12-18] (ESET)
HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM-x32\...\Run: [IObit Malware Fighter] => D:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5568784 2018-05-02] (IObit)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-960558740-2251998360-3135729050-1000\...\Run: [] => [X]
HKU\S-1-5-21-960558740-2251998360-3135729050-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-960558740-2251998360-3135729050-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232018081547519\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232018081547519\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-05-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BA42E897-0DBF-4F36-8566-136B6123A5E5}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{BA42E897-0DBF-4F36-8566-136B6123A5E5}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-960558740-2251998360-3135729050-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232018081547519 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25] (IObit)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File

FireFox:
========
FF ProfilePath: C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541 [2018-05-23]
FF Homepage: Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541 -> hxxps://www.google.rs/webhp?hl=sr&sa=X&ved=0ahUKEwjk_Pi9xYraAhXCJZoKHUXSAGAQPAgD
FF NetworkProxy: Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541 -> type", 0
FF Extension: (F.B Purity - Cleans up Facebook (WX)) - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541\Extensions\fbpElectroWebExt@fbpurity.com.xpi [2018-03-18]
FF Extension: (Dictionnaire français) - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org [2018-05-11] [Legacy]
FF Extension: (DuckDuckGo Plus) - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2018-04-11] [Legacy]
FF Extension: (Default) - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2018-05-06] [Legacy] [not signed]
FF Extension: (Video DownloadHelper) - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-07]
FF Extension: (JDownloader Browser Solver Extension) - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541\Extensions\{c4163d03-7c8a-410b-9753-379b6c29b50e}.xpi [2017-12-08]
FF Extension: (Adblock Plus) - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-17]
FF Extension: (Greasemonkey) - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\vee4hv2c.default-1466108301541\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-02-09]
FF HKLM\...\Firefox\Extensions: [soda_pdf_8_conv@sodapdf.com] - C:\Program Files\Soda PDF 8\resources\sodapdf8firefoxextension => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - D:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-960558740-2251998360-3135729050-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Toni\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Toni\AppData\Roaming\IDM\idmmzcc5 [2016-05-25] [Legacy] [not signed]
FF HKU\S-1-5-21-960558740-2251998360-3135729050-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Toni\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-02-02] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-02-02] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> D:\Program Files (x86)\Java\bin\dtplugin\npDeployJava1.dll [2017-05-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> D:\Program Files (x86)\Java\bin\plugin2\npjp2.dll [2017-05-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Toni\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [No File]
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Toni\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-960558740-2251998360-3135729050-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Toni\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-960558740-2251998360-3135729050-1000: @talk.google.com/O1DPlugin -> C:\Users\Toni\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-960558740-2251998360-3135729050-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Toni\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-960558740-2251998360-3135729050-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Toni\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-960558740-2251998360-3135729050-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\Toni\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Toni\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Toni\AppData\Roaming\mozilla\plugins\Xnpgoogletalk (1).dll [2014-10-29] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Toni\AppData\Roaming\mozilla\plugins\xnpgoogletalk (2).dll [2014-10-29] (Google)
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Opera:
=======
OPR Extension: (Fast search) - C:\Users\Toni\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-07-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; D:\Program Files\ESET\ESET Security\ekrn.exe [1940584 2017-12-18] (ESET)
R2 IMFservice; D:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrv.exe [2130192 2018-04-24] (IObit)
S4 IObitUnSvr; D:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206096 2018-01-25] (IObit)
R2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [1816520 2018-04-03] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [22568 2016-09-10] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-03] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [134368 2018-01-19] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107328 2018-01-19] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180088 2018-01-19] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50744 2018-01-19] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [81880 2018-01-19] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61040 2018-01-19] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [106304 2018-01-19] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [26272 2018-03-20] (IObit.com)
R3 IMFDownProtect; D:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFDownProtect.sys [21360 2018-03-20] (IObit.com)
R3 IMFFilter; D:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22440 2018-03-20] (IObit)
R3 IMFForceDelete; D:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFForceDelete.sys [16216 2018-03-20] (IObit.com)
R1 IMFMBRProtect; D:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFMBRProtect.sys [19856 2018-03-20] (IObit.com)
R1 IMFSafeBox; D:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFSafeBox.sys [33240 2018-04-04] (IObit.com)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R3 IUFileFilter; D:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
R3 IURegProcessFilter; D:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [22416 2018-01-11] (IObit.com)
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
S3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17136 2009-07-29] (JMicron Technology Corp.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-05-22] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-05-23] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-05-23] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-05-23] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-05-23] (Malwarebytes)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2017-01-02] (Riverbed Technology, Inc.)
S3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-07-13] (The OpenVPN Project)
S3 PRODIGY; C:\Windows\System32\Drivers\PRODIGY.SYS [32377 2006-08-29] (B-phreaks) [File not signed]
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
R3 RegFilter; D:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34752 2018-03-20] (IObit.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-01-06] (Duplex Secure Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R3 WacHidRouterPro; C:\Windows\System32\DRIVERS\wachidrouter.sys [115680 2018-01-12] (Wacom Technology, Corp.)
R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [10368 2009-09-16] ()
S1 aiptektp; system32\DRIVERS\aiptektp.sys [X]
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz140; \??\C:\Users\Toni\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
S3 moufiltr; system32\DRIVERS\moufiltr.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vhidmini; system32\DRIVERS\walvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-23 09:32 - 2018-05-23 09:32 - 000026643 _____ C:\Users\Toni\Desktop\DxDiag.txt
2018-05-23 08:12 - 2018-05-23 09:19 - 000000000 ____D C:\ProgramData\ProductData
2018-05-22 22:46 - 2018-05-23 09:46 - 000003452 _____ C:\Users\Toni\Desktop\startup.txt
2018-05-22 22:29 - 2018-05-22 22:29 - 000001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-05-22 22:28 - 2018-05-22 22:29 - 000000000 ____D C:\Program Files\HitmanPro
2018-05-22 21:57 - 2018-05-22 21:57 - 000008327 _____ C:\Users\Toni\Desktop\JRT.txt
2018-05-22 21:40 - 2018-05-22 21:40 - 000000000 ____D C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-05-22 21:30 - 2018-05-23 09:35 - 000000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000UA.job
2018-05-22 21:30 - 2018-05-22 21:35 - 000000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000Core1d0c171f753ac59.job
2018-05-22 21:24 - 2018-05-22 21:24 - 000391616 _____ C:\Users\Toni\AppData\Local\GDIPFONTCACHEV1.DAT
2018-05-22 21:21 - 2018-05-22 21:22 - 005529384 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-22 21:15 - 2018-05-22 21:20 - 000003308 _____ C:\Windows\ntbtlog.txt
2018-05-22 13:18 - 2018-05-22 13:18 - 000000850 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2018-05-22 13:18 - 2018-05-22 13:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2018-05-22 13:18 - 2018-05-22 13:18 - 000000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2018-05-22 13:18 - 2018-03-20 18:32 - 000026272 _____ (IObit.com) C:\Windows\system32\Drivers\IMFCameraProtect.sys
2018-05-22 08:30 - 2018-05-22 21:49 - 000000000 ____D C:\Users\Toni\AppData\LocalLow\IObit
2018-05-22 08:30 - 2018-05-22 08:30 - 000001015 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2018-05-22 08:30 - 2018-05-22 08:30 - 000001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2018-05-22 08:30 - 2018-05-22 08:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2018-05-21 21:56 - 2018-05-21 21:56 - 000002107 _____ C:\Users\Toni\Desktop\Nokia Suite.lnk
2018-05-21 21:47 - 2018-05-21 21:54 - 000001582 _____ C:\Windows\SysWOW64\SHORTCUT.INI
2018-05-21 21:46 - 2018-05-21 22:00 - 000000148 _____ C:\Windows\SysWOW64\REMOTEDEVICE.INI
2018-05-21 21:42 - 2018-05-21 21:42 - 000000000 ____D C:\Users\Toni\Documents\BlueSoleil_cPhone
2018-05-21 21:41 - 2018-05-21 21:41 - 000000000 ____D C:\Users\Toni\AppData\Local\BlueSoleil_cPhone
2018-05-18 17:33 - 2018-05-18 17:33 - 000001265 _____ C:\Users\Toni\Desktop\Raymond Leblanc 2018 - Shortcut.lnk
2018-05-08 20:26 - 2018-05-08 21:39 - 000000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2018-05-08 20:13 - 2018-05-08 20:13 - 000000994 _____ C:\Users\Toni\Desktop\Strip album - Shortcut.lnk
2018-05-06 18:20 - 2018-05-06 18:20 - 000001181 _____ C:\Users\Toni\Desktop\firefox - Shortcut.lnk
2018-05-04 14:05 - 2018-05-04 14:11 - 000000000 ____D C:\ProgramData\SecTaskMan
2018-05-01 20:37 - 2018-05-01 20:37 - 000000000 ____D C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Wheel Mouse
2018-05-01 20:37 - 2018-05-01 20:37 - 000000000 ____D C:\Advanced Wheel Mouse
2018-05-01 19:57 - 2018-05-01 19:57 - 000001034 _____ C:\Users\Toni\Desktop\Migu & Filoteo colors - Shortcut.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-23 10:03 - 2016-05-23 22:39 - 000000000 ____D C:\FRST
2018-05-23 10:02 - 2017-06-15 16:09 - 000000000 ____D C:\Users\Toni\AppData\LocalLow\Mozilla
2018-05-23 09:08 - 2014-12-14 17:19 - 000000000 ____D C:\Windows\pss
2018-05-23 08:32 - 2009-07-14 06:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-23 08:32 - 2009-07-14 06:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-23 08:15 - 2018-04-06 18:55 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-05-23 08:15 - 2018-04-06 18:55 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-05-23 08:14 - 2018-04-06 18:55 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-05-23 08:14 - 2018-04-06 18:55 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-05-23 08:12 - 2017-04-03 16:41 - 000000000 ____D C:\Users\Toni\AppData\Roaming\WTablet
2018-05-23 08:12 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-22 22:55 - 2013-09-03 15:36 - 000000000 ____D C:\Users\Toni\AppData\Local\Google
2018-05-22 22:29 - 2015-07-19 22:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-05-22 21:56 - 2014-10-02 19:59 - 000000000 ____D C:\Users\Toni\AppData\Local\CrashDumps
2018-05-22 21:45 - 2014-06-23 21:03 - 000000000 ____D C:\AdwCleaner
2018-05-22 21:42 - 2015-03-22 12:12 - 000003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000UA
2018-05-22 21:42 - 2015-03-22 12:12 - 000003234 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000Core
2018-05-22 21:40 - 2013-09-20 16:42 - 000000000 ____D C:\Users\Toni\AppData\Roaming\Dropbox
2018-05-22 21:30 - 2015-07-18 17:54 - 000003490 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000Core1d0c171f753ac59
2018-05-22 21:30 - 2015-06-18 19:48 - 000003886 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000UA
2018-05-22 21:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-05-22 21:07 - 2018-04-06 18:55 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-05-22 13:56 - 2013-09-06 17:21 - 000000032 _____ C:\Windows\0
2018-05-22 13:19 - 2014-12-29 20:22 - 000000000 ____D C:\ProgramData\IObit
2018-05-22 13:19 - 2014-12-29 20:21 - 000000000 ____D C:\Users\Toni\AppData\Roaming\IObit
2018-05-22 13:07 - 2017-04-07 18:58 - 000000000 ____D C:\Users\Toni\AppData\Roaming\Ambient Design
2018-05-21 21:26 - 2014-01-05 22:48 - 000000000 ____D C:\ProgramData\TEMP
2018-05-21 20:51 - 2018-03-26 11:45 - 000000000 ____D C:\ProgramData\FastPictureViewer
2018-05-21 20:29 - 2018-02-05 23:36 - 000009359 _____ C:\Users\Toni\AppData\Roaming\Comma Separated Values (Windows).EML
2018-05-21 19:52 - 2015-08-05 18:23 - 000002089 _____ C:\Users\Public\Desktop\Nokia Suite.lnk
2018-05-21 19:52 - 2015-08-05 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2018-05-19 19:04 - 2015-01-05 22:40 - 000780372 _____ C:\Windows\system32\perfh00C.dat
2018-05-19 19:04 - 2015-01-05 22:40 - 000168268 _____ C:\Windows\system32\perfc00C.dat
2018-05-19 19:04 - 2009-07-14 07:13 - 001763006 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-19 18:20 - 2013-09-03 15:39 - 000000000 ____D C:\Users\Toni\AppData\Roaming\Skype
2018-05-17 16:23 - 2014-11-09 17:19 - 000000132 _____ C:\Users\Toni\AppData\Roaming\Adobe BMP Format CS5 Prefs
2018-05-15 22:39 - 2016-07-20 22:57 - 000001456 _____ C:\Users\Toni\AppData\Local\Adobe Save for Web 12.0 Prefs
2018-05-15 20:35 - 2017-03-01 23:29 - 003021517 ____H C:\Users\Toni\AppData\Local\IconCache.db.backup
2018-05-15 20:32 - 2015-05-21 18:30 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-15 20:31 - 2015-11-05 19:52 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-15 17:06 - 2013-09-03 15:24 - 000000000 ____D C:\Users\Toni\AppData\Roaming\Adobe
2018-05-11 15:18 - 2014-09-18 10:14 - 000000132 _____ C:\Users\Toni\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-05-11 10:24 - 2018-01-04 12:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-04 14:34 - 2017-07-30 20:45 - 000000000 ____D C:\Users\Toni\AppData\Roaming\FreeFixer
2018-05-04 14:15 - 2015-04-24 17:42 - 000000000 ____D C:\Users\Toni\AppData\Roaming\Easeware
2018-05-04 13:25 - 2009-07-14 04:34 - 000000920 _____ C:\Windows\win.ini
2018-05-02 15:46 - 2016-03-31 12:05 - 000121344 _____ C:\Users\Toni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-05-01 19:53 - 2013-09-03 18:52 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-05-01 14:04 - 2017-08-14 15:33 - 000032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-04-24 19:31 - 2013-09-03 15:39 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-04-24 19:31 - 2013-09-03 15:39 - 000000000 ____D C:\ProgramData\Skype
2018-04-24 18:50 - 2015-06-18 19:48 - 000000000 ____D C:\Users\Toni\AppData\Local\Dropbox

==================== Files in the root of some directories =======

2014-08-06 15:57 - 2013-09-11 15:13 - 006583664 _____ (AVAST Software) C:\Program Files\AVAST So
2014-02-26 17:13 - 2008-12-10 17:14 - 004411392 _____ (Gabest) C:\Program Files\mplayerc.exe
2014-02-26 17:13 - 2008-12-10 17:14 - 004411392 _____ (Gabest) C:\Program Files (x86)\mplayerc.exe
2014-06-23 21:26 - 2013-02-18 18:46 - 004216840 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\vcredist_2008_sp1_x86.exe
2014-11-09 17:19 - 2018-05-17 16:23 - 000000132 _____ () C:\Users\Toni\AppData\Roaming\Adobe BMP Format CS5 Prefs
2014-09-18 10:14 - 2018-05-11 15:18 - 000000132 _____ () C:\Users\Toni\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-02-14 20:39 - 2015-02-14 20:39 - 000000052 _____ () C:\Users\Toni\AppData\Roaming\Camdata.ini
2015-02-14 20:39 - 2015-02-14 20:39 - 000000408 _____ () C:\Users\Toni\AppData\Roaming\CamLayout.ini
2015-02-14 20:39 - 2015-02-14 20:39 - 000000408 _____ () C:\Users\Toni\AppData\Roaming\CamShapes.ini
2015-02-14 20:39 - 2015-02-14 20:39 - 000004535 _____ () C:\Users\Toni\AppData\Roaming\CamStudio.cfg
2015-02-14 20:32 - 2015-02-14 20:32 - 000000098 _____ () C:\Users\Toni\AppData\Roaming\CamStudio.Producer.command
2015-02-14 20:32 - 2015-02-14 20:32 - 000000000 _____ () C:\Users\Toni\AppData\Roaming\CamStudio.Producer.Data.ini
2015-02-14 20:32 - 2015-02-14 20:32 - 000001205 _____ () C:\Users\Toni\AppData\Roaming\CamStudio.Producer.ini
2013-10-02 20:31 - 2017-11-11 12:05 - 000037898 _____ () C:\Users\Toni\AppData\Roaming\Comma Separated Values (DOS).ADR
2015-10-26 18:46 - 2018-02-05 23:34 - 000038507 _____ () C:\Users\Toni\AppData\Roaming\Comma Separated Values (Windows).ADR
2018-02-05 23:36 - 2018-05-21 20:29 - 000009359 _____ () C:\Users\Toni\AppData\Roaming\Comma Separated Values (Windows).EML
2015-03-21 22:07 - 2015-03-21 22:14 - 000000115 _____ () C:\Users\Toni\AppData\Roaming\LogFile.txt
2014-10-14 19:46 - 2018-02-05 23:31 - 000038495 _____ () C:\Users\Toni\AppData\Roaming\Microsoft Excel 97-2003.ADR
2016-10-02 17:34 - 2016-10-10 22:21 - 000000087 _____ () C:\Users\Toni\AppData\Roaming\MultiFill Prefs
2015-02-14 20:30 - 2015-02-14 20:30 - 000000096 _____ () C:\Users\Toni\AppData\Roaming\version2.xml
2014-12-24 19:14 - 2014-12-24 19:15 - 000000576 _____ () C:\Users\Toni\AppData\Roaming\WinInstallFlashLog.ini
2016-09-17 14:59 - 2016-09-17 15:00 - 305520897 _____ () C:\Users\Toni\AppData\Local\ACCCx3_8_0_310.zip.aamdownload
2016-09-17 14:59 - 2016-09-17 15:00 - 000003413 _____ () C:\Users\Toni\AppData\Local\ACCCx3_8_0_310.zip.aamdownload.aamd
2016-07-20 22:57 - 2018-05-15 22:39 - 000001456 _____ () C:\Users\Toni\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-03-31 12:05 - 2018-05-02 15:46 - 000121344 _____ () C:\Users\Toni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-14 17:51 - 2014-12-14 17:51 - 000000036 _____ () C:\Users\Toni\AppData\Local\housecall.guid.cache
2014-10-01 16:22 - 2015-08-17 18:14 - 000004096 ____H () C:\Users\Toni\AppData\Local\keyfile3.drm
2016-08-02 23:08 - 2016-08-02 23:08 - 000002975 _____ () C:\Users\Toni\AppData\Local\recently-used.xbel
2014-06-18 20:25 - 2016-05-09 18:55 - 000007614 _____ () C:\Users\Toni\AppData\Local\resmon.resmoncfg
2016-01-05 16:51 - 2016-01-05 16:51 - 000000000 _____ () C:\Users\Toni\AppData\Local\{F95D306C-3519-413A-82DB-7E383DDBF3D6}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-05 16:37

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Toni (23-05-2018 10:04:05)
Running from D:\Slike
Windows 7 Ultimate Service Pack 1 (X64) (2013-09-03 13:23:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-960558740-2251998360-3135729050-500 - Administrator - Disabled)
Guest (S-1-5-21-960558740-2251998360-3135729050-501 - Limited - Disabled)
Toni (S-1-5-21-960558740-2251998360-3135729050-1000 - Administrator - Enabled) => C:\Users\Toni

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {0B81F5C2-9C9F-1DB6-0BF9-02BFE6D63BAF}
FW: ESET Firewall (Disabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ACDSee 10 Photo Manager (HKLM-x32\...\{F8B98EB6-FC06-45BF-87D4-9784E0408611}) (Version: 10.0.219 - ACD Systems International)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\{FA944726-00F8-43B5-BB97-33E6FF409C22}) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Advanced Wheel Mouse 6.0.0.010 (HKLM-x32\...\WheelMouse) (Version:  - )
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.327.000 - Hewlett-Packard) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0335 - Disc Soft Ltd)
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-960558740-2251998360-3135729050-1000\...\Dropbox) (Version: 50.4.71 - Dropbox, Inc.)
eMule (HKLM-x32\...\eMule) (Version:  - )
ESET Security (HKLM\...\{B489BC2D-0079-4631-97BF-CA2378299D43}) (Version: 11.0.159.9 - ESET, spol. s r.o.)
FastStone Image Viewer 5.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.2 - FastStone Soft)
Free Audio Converter (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.68.1117 - DVDVideoSoft Ltd.)
Free Audio Editor (HKLM-x32\...\Free Audio Editor_is1) (Version: 1.1.35.831 - Digital Wave Ltd)
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
FreeFixer (HKLM-x32\...\FreeFixer1.14) (Version: 1.14 - Kephyr)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.292 - SurfRight B.V.)
HP Scanjet 3800 (HKLM\...\{34EBE5BE-15BB-42E6-B744-7CB6505C7A43}) (Version: 13.0 - HP)
hpg3800 (HKLM-x32\...\{C1138DD4-4193-4F2B-9870-56D258E96D6F}) (Version: 14.0.0.0 - Hewlett-Packard) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IObit Malware Fighter 6 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 6.0 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.4.0.8 - IObit)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Mega Codec Pack 12.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.0.5 - KLCP)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
MFC RunTime files (HKLM-x32\...\{70C592EC-AE9B-4734-928B-676E824FB41E}) (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ Run Time  Lib Setup (HKLM-x32\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Monkey's Audio (HKLM-x32\...\Monkey's Audio_is1) (Version:  - )
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 52.8.0 ESR (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.8.0 ESR (x86 en-US)) (Version: 52.8.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.1 - Mozilla)
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.4.2 - MusicBrainz)
Nero Burning ROM_Nero Express (HKLM-x32\...\Nero Burning ROM_Nero Express) (Version:  - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\{88B6F9DE-C80F-4A70-ACF6-BEE933679170}) (Version: 3.8.54.0 - Nokia) Hidden
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SketchUp 5 (HKLM-x32\...\{B357C4B4-9024-4B64-9B3F-A6729031C3DD}) (Version: 5 - )
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
SnapIt 3.7 (HKLM-x32\...\{88385116-E660-4D4D-91F5-AEC21B76121D}) (Version: 3.7 - Digeus, Inc.)
Soda PDF 8 Convert Module (HKLM\...\{BF2D119E-8D88-4958-B12B-B3C2B0BFB3B5}) (Version: 8.0.44.25306 - LULU Software Limited) Hidden
Soda PDF 8 Create Module (HKLM\...\{C804079F-EC35-492F-8447-73DAF6356BF1}) (Version: 8.0.44.25306 - LULU Software Limited) Hidden
Soda PDF 8 Secure Module (HKLM\...\{69AD1D9E-5080-41A1-905B-DB1C8A864094}) (Version: 8.0.44.25306 - LULU Software Limited) Hidden
Storyboarder 0.13.2 (HKLM\...\527a63cd-e2d3-5c49-af18-16603aef72c9) (Version: 0.13.2 - Wonder Unit Inc.)
Subtitle Workshop 6.0b (HKLM-x32\...\SubtitleWorkshop) (Version:  - )
SysTools DBX Converter version 4.3 (HKLM-x32\...\{0BDF5B3B-040E-4355-BAF5-DA626D01A1F8}_is1) (Version: 4.3 - SysTools Software)
Teleport Pro (HKLM-x32\...\Teleport Pro) (Version: 1.69 - Tennyson Maxwell Information Systems, Inc.)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USB Serial Port Driver (HKLM-x32\...\{281A7FBF-9E98-4639-AC73-D205BBF979AA}) (Version: 1.1.4.1416 - Nokia)
USB Tablet Manager (HKLM-x32\...\Rmtablet) (Version:  - )
VdhCoApp 1.1.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
Visual Studio 2010 SP1 Runtime x64 (HKLM\...\{F6305232-7952-4CCE-BDCD-9B2E66591C4A}) (Version: 1.0.0 - Microsoft Corporation)
Visual Studio 2010 SP1 Runtime x86 (HKLM-x32\...\{AEA163A5-BA2F-4E63-9529-DE8606AC82A4}) (Version: 1.0.0 - Microsoft Corporation)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.128.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.66  - Nullsoft, Inc)
Windows Driver Package - Hewlett-Packard Image  (04/27/2007 9.0.0.0) (HKLM\...\A6BCA7876CD547CFB5821019998F044515D81B74) (Version: 04/27/2007 9.0.0.0 - Hewlett-Packard)
Windows Driver Package - Intel System  (07/19/2011 9.2.0.1032) (HKLM\...\03616F2289682C41A0832A9023B55F5F63976BD4) (Version: 07/19/2011 9.2.0.1032 - Intel)
Windows Driver Package - Intel USB  (07/09/2013 9.2.0.1034) (HKLM\...\C73419A103EAB9D14F91A4BE7BC932945DEA93BC) (Version: 07/09/2013 9.2.0.1034 - Intel)
Windows Driver Package - JMicron (usbccgp) USB  (07/28/2009 1.0.4.2) (HKLM\...\D3AAF0E65D8B1D5934711D3312BF76371DB14E42) (Version: 07/28/2009 1.0.4.2 - JMicron)
Windows Driver Package - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Driver Package - Realtek (RTL8167) Net  (01/15/2015 7.092.0115.2015) (HKLM\...\55FF4C94BB84DE87B24343792B2BBF2EE8E527F0) (Version: 01/15/2015 7.092.0115.2015 - Realtek)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 5.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WinZip 11.1 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}) (Version: 11.1.7466 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Toni\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Toni\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Toni\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960558740-2251998360-3135729050-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [                    IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => D:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-03-20] (IObit)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [B1ShellEx] -> [CC]{76CF52AF-2B2D-4999-8CE8-495187BB11CD} =>  -> No File
ContextMenuHandlers1-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-18] (ESET)
ContextMenuHandlers1-x32: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => D:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-03-20] (IObit)
ContextMenuHandlers1-x32: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext64.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => D:\Program Files (x86)\WinZip\WZSHLS64.DLL [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-18] (ESET)
ContextMenuHandlers3: [00avast] -> [CC]{472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4-x32: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => D:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-03-20] (IObit)
ContextMenuHandlers4-x32: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers4-x32-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers4-x32-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers4-x32-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => D:\Program Files (x86)\WinZip\WZSHLS64.DLL [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-09-28] (Intel Corporation)
ContextMenuHandlers6: [B1ShellEx] -> {76CF52AF-2B2D-4999-8CE8-495187BB11CD} =>  -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Program Files\ESET\ESET Security\shellExt.dll [2017-12-18] (ESET)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => D:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-03-20] (IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => D:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext64.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => D:\Program Files (x86)\WinZip\WZSHLS64.DLL [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers1_S-1-5-21-960558740-2251998360-3135729050-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-960558740-2251998360-3135729050-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-960558740-2251998360-3135729050-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Toni\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0541A361-7666-4F84-9AF7-621A9872FD4A} - System32\Tasks\{16DBA862-E512-4883-AC52-8FC6358DF923} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Task: {14DE4BBE-4B0A-4B8E-BE89-9096B14F9341} - System32\Tasks\{77CC0124-945F-41D5-96B5-7A74544AAF22} => D:\Program Files (x86)\Adobe Photoshop CS5\Photoshop.exe [2010-04-07] (Adobe Systems, Incorporated)
Task: {1B828061-AB93-41B5-AFC8-31358D0F66B3} - \2b2e7b30-82dc-4deb-b480-b81abc7f2791 -> No File <==== ATTENTION
Task: {1EB9C607-B508-4229-AD25-6775268115D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-02] (Adobe Systems Incorporated)
Task: {39C4D3F7-6431-4778-B6FF-03DA44450875} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000Core1d0c171f753ac59 => C:\Users\Toni\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2018-05-22] (Dropbox, Inc.)
Task: {3BC386BF-A85A-41BC-89A8-61CD0413955E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {40C54FF5-119C-4B35-8D3E-91E1E9B6CBDD} - System32\Tasks\{9A746B7E-CE12-450F-A190-957ECEFA2CBE} => C:\Windows\system32\pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {75D55313-6456-4D3B-B62F-AFEDD0B6D0AB} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-03-22] ()
Task: {915F480F-CBCC-4AEC-8F91-DD5454B4797C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000Core => C:\Users\Toni\AppData\Local\Google\Update\GoogleUpdate.exe [2018-05-22] (Google Inc.)
Task: {986D79C6-672C-493D-8231-1604D2D2DFF8} - System32\Tasks\{887DD254-3346-4BB4-99BC-034E23B7B3D5} => C:\Windows\system32\pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\MOBIMB\MPBrowser.exe"
Task: {9ED2C9C8-EE6A-4FA6-A575-B61E2FC6211E} - System32\Tasks\{70D3EC11-F100-451D-929B-D3ACDD42FF17} => C:\Windows\system32\pcalua.exe -a D:\install\arhiveri\WinRar\winrar_3.30_corporate_edition.exe -d D:\install\arhiveri\WinRar
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {BB25C58D-A040-4C2A-B6FF-428DBB5368B2} - System32\Tasks\{ED5CCF58-AE70-45F2-8853-475F6A15721D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Toni\Desktop\BlueSoleil 6.4.275.0WithMobile\install\x86\setup.exe" -d "C:\Users\Toni\Desktop\BlueSoleil 6.4.275.0WithMobile\install\x86"
Task: {BF5DA17E-626D-4B7B-A445-7F4E709AFABC} - System32\Tasks\{499F36F3-02E2-48BA-B9F3-626A680C0753} => C:\Windows\system32\pcalua.exe -a E:\ivt6.2\setup.exe -d E:\ivt6.2
Task: {C1AC266B-5DBB-4972-A9BE-353DD822F2C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {DCE05937-D615-4DBE-9A90-13AA71EF4464} - System32\Tasks\{E1C90732-DF77-4EAF-9677-209E6FD2A386} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.5.64.101/en/abandoninstall?page=tsMain
Task: {E393FBB9-43E9-4307-9AC5-8DF881BC8868} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000UA => C:\Users\Toni\AppData\Local\Google\Update\GoogleUpdate.exe [2018-05-22] (Google Inc.)
Task: {E7329D54-471F-4432-9751-37FA47561B27} - System32\Tasks\{476AD3D8-47E5-47D4-81AE-3C6E4513398B} => D:\Program Files (x86)\Adobe Photoshop CS5\Photoshop.exe [2010-04-07] (Adobe Systems, Incorporated)
Task: {EE02C1C0-A375-4445-8EAB-68160FDBC46E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000UA => C:\Users\Toni\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2018-05-22] (Dropbox, Inc.)
Task: {FE68D9A6-45FB-4192-BF09-5CC113A47F0A} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {FFD2A248-92A5-48F4-A044-22C51A9A496F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000Core1d0c171f753ac59.job => C:\Users\Toni\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-960558740-2251998360-3135729050-1000UA.job => C:\Users\Toni\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2009-09-01 05:31 - 2009-09-01 05:31 - 000022016 _____ () C:\Windows\System32\ssp2ml6.dll
2017-04-03 16:39 - 2018-04-03 19:04 - 002288072 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2018-04-06 18:55 - 2018-03-12 15:09 - 002300192 _____ () D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-06 18:54 - 2018-03-27 13:47 - 002492704 _____ () D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-05-22 21:40 - 2018-05-21 19:06 - 000847688 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-05-22 21:40 - 2018-05-21 19:06 - 002079048 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-05-22 21:40 - 2018-05-21 19:05 - 000100312 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000018896 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\select.pyd
2018-05-22 21:40 - 2018-05-21 19:09 - 000020808 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000035808 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000694232 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2018-05-22 21:39 - 2018-05-21 19:08 - 000021856 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000130520 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2018-05-22 21:39 - 2018-05-21 19:08 - 001845600 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2018-05-22 21:39 - 2018-05-21 19:08 - 000022880 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2018-05-22 21:40 - 2018-05-21 19:06 - 000116696 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2018-05-22 21:40 - 2018-05-21 19:05 - 000105944 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\win32api.pyd
2018-05-22 21:40 - 2018-05-21 19:10 - 000022872 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2018-05-22 21:40 - 2018-05-21 19:08 - 000063312 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000024536 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\win32event.pyd
2018-05-22 21:40 - 2018-05-21 19:08 - 000077120 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\fastpath.pyd
2018-05-22 21:40 - 2018-05-21 19:06 - 000392664 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2018-05-22 21:40 - 2018-05-21 19:05 - 000043480 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\win32process.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000020952 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000124888 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\win32file.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000114136 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\win32security.pyd
2018-05-22 21:40 - 2018-05-21 19:09 - 000392520 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2018-05-22 21:40 - 2018-05-21 19:10 - 000028000 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000024024 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000175576 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\win32gui.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000030168 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000026072 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\win32job.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000048600 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\win32service.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000057816 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2018-05-22 21:39 - 2018-05-21 19:08 - 000021840 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2018-05-22 21:40 - 2018-05-21 19:10 - 000023376 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2018-05-22 21:39 - 2018-05-21 19:08 - 000022864 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2018-05-22 21:40 - 2018-05-21 19:09 - 000066400 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2018-05-22 21:40 - 2018-05-21 19:10 - 000025440 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000145880 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2018-05-22 21:40 - 2018-05-21 19:09 - 003863880 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000084944 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\sip.pyd
2018-05-22 21:40 - 2018-05-21 19:08 - 001798464 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2018-05-22 21:40 - 2018-05-21 19:08 - 001959232 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000028632 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\win32ts.pyd
2018-05-22 21:40 - 2018-05-21 19:09 - 000155472 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2018-05-22 21:40 - 2018-05-21 19:08 - 000521544 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2018-05-22 21:40 - 2018-05-21 19:09 - 000051024 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2018-05-22 21:40 - 2018-05-21 19:08 - 000043336 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2018-05-22 21:40 - 2018-05-21 19:09 - 000131400 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2018-05-22 21:40 - 2018-05-21 19:09 - 000219984 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2018-05-22 21:40 - 2018-05-21 19:08 - 000204104 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000060888 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\win32print.pyd
2018-05-22 21:40 - 2018-05-21 19:10 - 000054616 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000024024 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\win32profile.pyd
2018-05-22 21:40 - 2018-05-21 19:10 - 000022880 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2018-05-22 21:40 - 2018-05-21 19:10 - 000022368 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-05-22 21:40 - 2018-05-21 19:10 - 000021856 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2018-05-22 21:40 - 2018-05-21 19:10 - 000022368 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2018-05-22 21:39 - 2018-05-21 19:08 - 000027496 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-05-22 21:40 - 2018-05-21 19:05 - 000349144 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2018-05-22 21:40 - 2018-05-21 19:10 - 000023904 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2018-05-22 21:40 - 2018-05-21 19:08 - 000025432 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2018-05-22 21:40 - 2018-05-21 19:06 - 000036312 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\librsync.dll
2018-05-22 21:40 - 2018-05-21 19:10 - 000021856 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-05-22 21:40 - 2018-05-21 19:08 - 000181064 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-05-22 21:40 - 2018-05-21 19:09 - 000030544 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2018-05-22 21:40 - 2018-05-21 19:08 - 000024384 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-05-22 21:40 - 2018-05-21 19:08 - 001638208 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-05-22 21:40 - 2018-05-21 19:08 - 000546632 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2018-05-22 21:40 - 2018-05-21 19:08 - 000359744 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2018-05-22 08:29 - 2017-05-22 11:16 - 000442144 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2018-05-22 08:29 - 2017-05-22 11:16 - 000210720 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2018-05-22 08:29 - 2017-05-22 11:16 - 000059680 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2018-05-22 08:29 - 2018-01-25 17:02 - 000899856 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2018-05-22 08:29 - 2018-01-25 17:01 - 000631568 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2018-05-22 08:29 - 2017-05-22 11:16 - 000524064 _____ () D:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 000756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5 [122]
AlternateDataStreams: C:\ProgramData\TEMP:DBC416F8 [144]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\europacasino.com -> www.europacasino.com
IE trusted site: HKU\S-1-5-21-960558740-2251998360-3135729050-1000\...\fnac.com -> hxxps://livre.fnac.com
IE restricted site: HKU\S-1-5-21-960558740-2251998360-3135729050-1000\...\europacasino.com -> www.europacasino.com
IE restricted site: HKU\S-1-5-21-960558740-2251998360-3135729050-1000\...\skype.com -> hxxps://apps.skype.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\europacasino.com -> www.europacasino.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232018081547519\...\europacasino.com -> www.europacasino.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-03-21 20:59 - 2016-12-20 22:50 - 000000583 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com\
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-960558740-2251998360-3135729050-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: BlueSoleilCS => 2
MSCONFIG\Services: BsHelpCS => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: SDScannerService => 3
MSCONFIG\Services: SDUpdateService => 3
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: uSHAREitSvc => 3
MSCONFIG\Services: WTService => 2
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^errorlog.txt => C:\Windows\pss\errorlog.txt.CommonStartup
MSCONFIG\startupfolder: C:^Users^Toni^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^errorlog.txt => C:\Windows\pss\errorlog.txt.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Toni\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: Google Update => "C:\Users\Toni\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Toni\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: WheelMouse => C:\ADVANC~1\wh_exec.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [TCP Query User{85D12854-F0F5-44F4-969C-E0186D57F58A}C:\users\toni\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\toni\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{E3148D2D-1E2F-46FE-BC33-7C83E0EE51CB}C:\users\toni\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\toni\appdata\roaming\dropbox\bin\dropbox.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2018 09:56:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 52.8.0.6694, time stamp: 0x5ae79b5a
Faulting module name: mozglue.dll, version: 52.8.0.6694, time stamp: 0x5ae796cf
Exception code: 0x80000003
Fault offset: 0x0000ff0f
Faulting process id: 0x10b8
Faulting application start time: 0x01d3f206111cafe3
Faulting application path: D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: D:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: 35c96c5b-5dfa-11e8-84f6-d43d7e59e09a

Error: (05/22/2018 09:49:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Toni\Desktop\autoruns\Autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (05/22/2018 09:49:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Toni\Desktop\autoruns\autorunsc.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (05/22/2018 09:37:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "D:\Tekstovi\razno\install\autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (05/22/2018 09:31:25 PM) (Source: Outlook) (EventID: 34) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x80070015.

Error: (05/22/2018 09:28:49 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/22/2018 09:28:49 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/22/2018 09:28:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (05/23/2018 08:12:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aiptektp

Error: (05/22/2018 09:48:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aiptektp

Error: (05/22/2018 09:45:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (05/22/2018 09:45:50 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (05/22/2018 09:45:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IMF Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/22/2018 09:45:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wacom Professional Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/22/2018 09:45:24 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (05/22/2018 09:45:24 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.


Windows Defender:
===================================
Date: 2017-07-29 13:14:46.511
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ircbrute!gmb&threatid=203707
Name:Trojan:Win32/Ircbrute!gmb
ID:203707
Severity:Severe
Category:Trojan
Path Found:file:C:\Users\Toni\AppData\Local\Temp\Rar$EXa0.260\NOD32 2.70.32 + Crack\Crack.exe;file:C:\Users\Toni\AppData\Local\Temp\Rar$EXa0.916\NOD32 2.70.32 + Crack\Crack.exe;file:C:\Users\Toni\Desktop\NOD32 2.70.32 + Crack\Crack.exe
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2017-07-29 13:10:06.047
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ircbrute!gmb&threatid=203707
Name:Trojan:Win32/Ircbrute!gmb
ID:203707
Severity:Severe
Category:Trojan
Path Found:file:C:\Users\Toni\AppData\Local\Temp\Rar$EXa0.260\NOD32 2.70.32 + Crack\Crack.exe;file:C:\Users\Toni\AppData\Local\Temp\Rar$EXa0.916\NOD32 2.70.32 + Crack\Crack.exe;file:C:\Users\Toni\Desktop\NOD32 2.70.32 + Crack\Crack.exe;process:pid:1020;process:pid:2300;process:pid:316
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

Date: 2017-07-29 13:09:49.683
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ircbrute!gmb&threatid=203707
Name:Trojan:Win32/Ircbrute!gmb
ID:203707
Severity:Severe
Category:Trojan
Path Found:file:C:\Users\Toni\AppData\Local\Temp\Rar$EXa0.260\NOD32 2.70.32 + Crack\Crack.exe;file:C:\Users\Toni\AppData\Local\Temp\Rar$EXa0.916\NOD32 2.70.32 + Crack\Crack.exe;process:pid:1020;process:pid:2300
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

Date: 2017-07-29 13:08:25.030
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ircbrute!gmb&threatid=203707
Name:Trojan:Win32/Ircbrute!gmb
ID:203707
Severity:Severe
Category:Trojan
Path Found:file:C:\Users\Toni\AppData\Local\Temp\Rar$EXa0.916\NOD32 2.70.32 + Crack\Crack.exe;process:pid:1020
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

CodeIntegrity:
===================================

Date: 2018-05-04 14:29:04.505
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program files\ESET\ESET Security\Modules\em002_64\37235\em002_64.dll.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-05-04 14:29:03.280
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program files\ESET\ESET Security\Modules\em002_64\37235\em002_64.dll.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-05-04 14:28:58.865
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program files\ESET\ESET Security\Modules\em023_64\12188\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-05-04 14:28:58.689
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program files\ESET\ESET Security\Modules\em023_64\12188\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-05-04 14:28:48.993
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program files\ESET\ESET Security\Modules\em002_64\37261\em002_64.dll.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-05-04 14:28:47.833
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program files\ESET\ESET Security\Modules\em002_64\37261\em002_64.dll.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-05-04 14:28:44.065
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program files\ESET\ESET Security\Modules\em023_64\12201\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-05-04 14:28:43.860
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program files\ESET\ESET Security\Modules\em023_64\12201\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU G2020 @ 2.90GHz
Percentage of memory in use: 54%
Total physical RAM: 3989.46 MB
Available physical RAM: 1800.69 MB
Total Virtual: 7977.12 MB
Available Virtual: 5778.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:56.05 GB) NTFS
Drive d: () (Fixed) (Total:368.1 GB) (Free:67.18 GB) NTFS

\\?\Volume{e5003e40-14e4-11e3-8e02-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: C087C087)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:34 AM

Posted 24 June 2018 - 12:25 PM

Jourdan:

 

Thank you for your post.  The executable file conhost.exe is a legitimate Windows file, if it has not been infected and is located in the correct file folder.

 

Just by way of clarification, I will require fresh copies of the "FRST.txt" and "Addition.txt" files to be copied and pasted into your subsequent reply(ies).  I have to be away for most of the rest of the day, but I will get to work on your new FRST scan files tomorrow and hopefully get you the results of my initial analysis then.

 

Thank you and have a great day.

 

Regards,

-Phil

 

 


Member of the Unified Network of Instructors and Trusted Eliminators


#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:34 AM

Posted 24 June 2018 - 12:27 PM

Jourdan:

 

Our posts crossed.  I have received your new FRST scan log files.  I will respond tomorrow after I have finished analyzing them.

 

Thank you for your very prompt response! :thumbup2:

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:34 AM

Posted 24 June 2018 - 01:53 PM

Jourdan:

 

Just an update.  I have analyzed about 150 lines of your FRST scan logs.  I am finding some issues, but nothing too serious, ... so far. :)

 

I will continue tomorrow afternoon.  Unfortunately, "real life" commitments do get in the way of malware identification and remediation! :(

 

Thank you for your patience.  Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#15 Jourdan

Jourdan
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 24 June 2018 - 01:57 PM

Hi thank you, too for fast reply, and yes I usually do reply if possible, it is okay for wait for tomorrow, interesting if there are some issues...Have a good day Phil...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users