Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot remove aunowbx.exe - Virus folder needs permission


  • Please log in to reply
2 replies to this topic

#1 djrazr

djrazr

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 11 June 2018 - 10:57 AM

I have been tackling this issue for about 3 hours now ,with no success. I have a folder that cannot be removed. The folder ask for permissions to make changes, which i get denied every time. Folder is labeled sidxwkn

In task manager, there is a process named aunowbx.exe (5) of them, that i cannot stop. Each time i try and stop them or attempt to delete sidxwkn, a new folder or random file shows up with random letters, although i can remove these folders and files

I have tried in safe mode and in safe mode with networking to remove sidxwkn and stop aunowbx.exe with no success

I have eset on a trial which is the only virus software that i can install. I have tried to install other virus software, but i cannot open them after downloading. I can install malware spyware software, and run them. I have malwarebytes, adw, and roguekiller which pick up the issues, removes aunowbx.exe, but on a reboot, it shows up again

 

Any help would greatly be appreciated

 

This is the report from Farbar recovery scan tool

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by pc (administrator) on PC-THINK (11-06-2018 09:00:06)
Running from D:\
Loaded Profiles: pc (Available Profiles: pc & user & eb & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\cgahmipsvc.exe
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
() C:\Program Files (x86)\Mace\prager.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
() C:\Users\pc\AppData\Local\sidxwkn\sidxwkn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Users\pc\AppData\Local\containersvc\containersvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\pc\AppData\Local\sidxwkn\aunowbx.exe
() C:\Users\pc\AppData\Local\sidxwkn\aunowbx.exe
() C:\Users\pc\AppData\Local\sidxwkn\aunowbx.exe
() C:\Users\pc\AppData\Local\sidxwkn\aunowbx.exe
() C:\Users\pc\AppData\Local\sidxwkn\aunowbx.exe
() C:\Users\pc\AppData\Local\sidxwkn\aunowbx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [178496 2018-04-19] (ESET)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1564669726-2984673101-1444055983-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4096056 2018-03-01] (Tonec Inc.)
HKU\S-1-5-21-1564669726-2984673101-1444055983-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-1564669726-2984673101-1444055983-1001\...\MountPoints2: {1be46453-1dc9-11e8-8be3-f4b7e2ce4863} - F:\VZW_Software_upgrade_assistant.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [181088 2017-03-31] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [158392 2017-03-31] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll => No File 
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll => No File 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{04C5E2EC-6413-40CF-8B41-85B957E61ADB}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{04C5E2EC-6413-40CF-8B41-85B957E61ADB}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{052112B0-C057-4596-976E-34FD05259D35}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{09784078-DC37-4011-9B34-F8A571D9F93E}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{147E78C7-CE1F-4D78-BDFF-B4741D0368BC}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{2B0DDFBB-A457-4D77-B335-BBECC657444C}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{359CECE0-D4C2-4283-943B-ACB188F115B3}: [NameServer] 8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1564669726-2984673101-1444055983-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {1DC6C53F-C80B-42F8-9B4F-EEA4E1832986} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1564669726-2984673101-1444055983-1001 -> {1DC6C53F-C80B-42F8-9B4F-EEA4E1832986} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-13] (Internet Download Manager, Tonec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-13] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF HKU\S-1-5-21-1564669726-2984673101-1444055983-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\pc\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\pc\AppData\Roaming\IDM\idmmzcc5 [2018-03-04] [Legacy] [not signed]
FF HKU\S-1-5-21-1564669726-2984673101-1444055983-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/search?q=Pedro+Martinez&rlz=1C1AVNG_en&es_sm=122&source=lnms&tbm=isch&sa=X&ved=0CAgQ_AUoAmoVChMIn5L8nM76xgIVhqWICh382w8H&biw=1600&bih=861&dpr=0.9#imgrc=_
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default [2018-06-11]
CHR Extension: (Slides) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-20]
CHR Extension: (ColorZilla) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2018-03-10]
CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-20]
CHR Extension: (Sheets) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-20]
CHR Extension: (AdBlock) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-24]
CHR Extension: (WhatFont) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2018-03-15]
CHR Extension: (IDM Integration Module) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-05-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-20]
CHR Extension: (Chrome Media Router) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-01]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-01]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\elvpngw <==== ATTENTION (Rootkit!)
 
S4 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2017-02-21] (Lenovo.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2240264 2018-04-19] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2240264 2018-04-19] (ESET)
S4 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [120400 2017-04-03] (Lenovo Group Limited)
R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [711248 2017-04-01] (Lenovo.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-04-04] ()
S4 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [233456 2017-07-03] (NETGEAR)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [4174264 2017-03-31] (NVIDIA Corporation)
S4 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [498608 2017-06-12] (Sony Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-04-04] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 00175202; C:\Windows\System32\drivers\71159609.sys [85600 2018-06-09] (Kaspersky Lab ZAO)
S4 12024885; C:\Windows\System32\drivers\72506984.sys [85600 2018-06-09] (Kaspersky Lab ZAO)
R0 78197676; C:\Windows\System32\drivers\78197676.sys [478392 2018-06-09] (Kaspersky Lab ZAO)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [53904 2018-02-07] (The OpenVPN Project)
S3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [22568 2014-08-12] (IVT Corporation.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-08-03] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-08-03] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137928 2018-04-12] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [110432 2018-04-12] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [196112 2018-04-12] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50136 2018-04-12] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82816 2018-04-12] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61520 2018-04-12] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [108320 2018-04-12] (ESET)
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2017-12-23] (CACE Technologies, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [316464 2017-03-31] (NVIDIA Corporation)
S3 RCUVCAVS; C:\Windows\System32\DRIVERS\RCUVCAVS.sys [177920 2013-07-05] (Ricoh co.,Ltd.) [File not signed]
S2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [101888 2011-05-25] (REDC) [File not signed]
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.)
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 fimpsw; system32\drivers\mpsvzc.sys [X]
S4 idcabsh; System32\drivers\psaelcbt.sys [X]
S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
S3 mqtwzd; system32\drivers\twzdgj.sys [X]
S1 MTU0M2; system32\drivers\MTU0M2.sys [X]
R3 ptwzcg; system32\drivers\wzcfjm.sys [X]
S4 SMR521; System32\drivers\SMR521.SYS [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-11 09:00 - 2018-06-11 09:00 - 000000000 ____D C:\FRST
2018-06-11 03:05 - 2018-06-11 03:05 - 000142672 ____N C:\Windows\system32\Drivers\cwbhlorv.sys
2018-06-11 02:33 - 2018-06-11 02:33 - 000000000 ____D C:\ProgramData\NortonInstaller
2018-06-11 02:20 - 2018-06-11 02:20 - 005660506 _____ (Swearware) C:\Users\pc\Desktop\ComboFix.exe
2018-06-11 01:41 - 2018-06-11 03:05 - 000853980 _____ C:\Windows\ntbtlog.txt
2018-06-11 01:36 - 2018-06-11 01:36 - 000000793 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-06-11 01:01 - 2018-06-11 08:56 - 000000001 _____ C:\d1az1x4vtlq7981
2018-06-11 00:17 - 2018-06-11 00:57 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-06-11 00:17 - 2018-06-11 00:41 - 000000000 ____D C:\ProgramData\RogueKiller
2018-06-11 00:10 - 2018-06-11 01:18 - 000050902 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-06-11 00:10 - 2018-06-11 00:55 - 000058164 _____ C:\Windows\ZAM.krnl.trace
2018-06-10 23:58 - 2018-06-10 23:58 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\3343C652.sys
2018-06-10 23:57 - 2018-06-11 00:04 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-06-10 23:56 - 2018-06-11 00:04 - 000000000 ____D C:\Users\pc\Desktop\mbar
2018-06-10 23:36 - 2018-06-10 23:36 - 000000000 ____D C:\Users\pc\AppData\Local\ESET
2018-06-10 23:35 - 2018-06-10 23:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2018-06-10 23:35 - 2018-06-10 23:35 - 000000000 ____D C:\ProgramData\ESET
2018-06-10 23:35 - 2018-06-10 23:35 - 000000000 ____D C:\Program Files\ESET
2018-06-10 23:25 - 2018-06-10 23:57 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-06-10 23:04 - 2018-06-10 23:04 - 000000000 ___SD C:\Users\pc\Documents\Password Manager
2018-06-09 23:53 - 2018-06-09 23:53 - 000001214 _____ C:\Windows\system32\Drivers\etc\hosts.txt
2018-06-09 18:01 - 2018-06-09 18:04 - 000000000 ____D C:\Users\pc\AppData\Local\NPE
2018-06-09 18:01 - 2018-06-09 18:01 - 000000020 _____ C:\Windows\system32\Drivers\SMR521.dat
2018-06-09 18:01 - 2018-06-09 18:01 - 000000000 ____D C:\ProgramData\Norton
2018-06-09 17:27 - 2018-06-09 17:27 - 000085600 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\71159609.sys
2018-06-09 16:35 - 2018-06-09 16:35 - 000085600 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\72506984.sys
2018-06-09 16:22 - 2018-06-09 16:22 - 000478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\78197676.sys
2018-06-09 16:12 - 2018-06-09 16:15 - 000000000 ____D C:\ProgramData\HitmanPro
2018-06-09 15:57 - 2018-06-09 15:57 - 007391672 _____ (AVG Technologies CZ, s.r.o.) C:\Users\pc\Desktop\avg_antivirus_free_setup_2.exe
2018-06-08 15:41 - 2018-06-08 15:42 - 000010016 _____ C:\Users\pc\Desktop\Untitled-1 copy.svg
2018-06-08 06:59 - 2018-06-08 06:59 - 000000000 ____D C:\Users\pc\AppData\Local\containersvc
2018-06-08 05:47 - 2018-06-08 05:47 - 000101827 _____ C:\Windows\uninstaller.dat
2018-06-07 16:59 - 2018-06-08 01:58 - 000086365 _____ C:\Users\pc\Desktop\Resume.pdf
2018-06-07 16:45 - 2018-06-07 16:46 - 000000000 ____D C:\AdwCleaner
2018-06-07 16:02 - 2018-06-10 15:07 - 000000000 ____D C:\Users\pc\AppData\Local\dwmaoig
2018-06-07 15:59 - 2018-06-11 09:00 - 000000000 ____D C:\Users\pc\AppData\Local\sidxwkn
2018-06-07 15:58 - 2018-06-11 09:00 - 000001508 _____ C:\Windows\Tasks\KOSMOS.job
2018-06-07 15:58 - 2018-06-11 03:05 - 002888704 _____ (TOSHIBA CORPORATION) C:\Windows\system32\cgahmipsvc.exe
2018-06-07 15:58 - 2018-06-09 16:36 - 000000000 ____D C:\Program Files (x86)\KOSMOS
2018-06-07 15:58 - 2018-06-07 15:58 - 000000000 ____D C:\Windows\SysWOW64\usmcpxn
2018-06-07 15:58 - 2018-06-07 15:58 - 000000000 ____D C:\Windows\system32\usmcpxn
2018-06-07 15:58 - 2018-06-07 15:58 - 000000000 ____D C:\Users\pc\AppData\Roaming\et
2018-06-07 15:57 - 2018-06-07 15:57 - 000003740 _____ C:\Windows\System32\Tasks\linkletter
2018-06-07 15:57 - 2018-06-07 15:57 - 000003736 _____ C:\Windows\System32\Tasks\durand suey
2018-06-07 15:57 - 2018-06-07 15:57 - 000003736 _____ C:\Windows\System32\Tasks\cos-distantly
2018-06-07 15:57 - 2018-06-07 15:57 - 000003732 _____ C:\Windows\System32\Tasks\relicensing_interdiction
2018-06-07 15:57 - 2018-06-07 15:57 - 000003726 _____ C:\Windows\System32\Tasks\nazarene_suisun
2018-06-07 15:57 - 2018-06-07 15:57 - 000003722 _____ C:\Windows\System32\Tasks\lets
2018-06-07 15:57 - 2018-06-07 15:57 - 000003722 _____ C:\Windows\System32\Tasks\delegations righthanded toledo
2018-06-07 15:57 - 2018-06-07 15:57 - 000003722 _____ C:\Windows\System32\Tasks\briefer
2018-06-07 15:57 - 2018-06-07 15:57 - 000003574 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 69581771
2018-06-07 15:57 - 2018-06-07 15:57 - 000003570 _____ C:\Windows\System32\Tasks\linkletterlinkletter
2018-06-07 15:57 - 2018-06-07 15:57 - 000003566 _____ C:\Windows\System32\Tasks\durand sueydurand suey
2018-06-07 15:57 - 2018-06-07 15:57 - 000003566 _____ C:\Windows\System32\Tasks\cos-distantlycos-distantly
2018-06-07 15:57 - 2018-06-07 15:57 - 000003562 _____ C:\Windows\System32\Tasks\relicensing_interdictionrelicensing_interdiction
2018-06-07 15:57 - 2018-06-07 15:57 - 000003556 _____ C:\Windows\System32\Tasks\nazarene_suisunnazarene_suisun
2018-06-07 15:57 - 2018-06-07 15:57 - 000003552 _____ C:\Windows\System32\Tasks\letslets
2018-06-07 15:57 - 2018-06-07 15:57 - 000003552 _____ C:\Windows\System32\Tasks\delegations righthanded toledodelegations righthanded toledo
2018-06-07 15:57 - 2018-06-07 15:57 - 000000012 _____ C:\Windows\b26235090
2018-06-07 15:57 - 2018-06-07 15:57 - 000000000 ___HD C:\Program Files (x86)\Shirked
2018-06-07 15:57 - 2018-06-07 15:57 - 000000000 ____D C:\Users\pc\Documents\Chameleon files
2018-06-07 15:57 - 2018-06-07 15:57 - 000000000 ____D C:\ProgramData\Arkei-e7d27a3e-c4b5-424d-aa34-855e9de3b180
2018-06-07 15:57 - 2018-06-07 15:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-07 15:57 - 2018-06-07 15:57 - 000000000 ____D C:\Program Files (x86)\Mace
2018-06-07 15:50 - 2018-06-07 15:50 - 000024445 _____ C:\Users\pc\Desktop\My Resume 1.lnk
2018-06-07 14:19 - 2018-06-07 14:19 - 000145920 _____ C:\Windows\pendergrass.exe
2018-05-31 17:36 - 2018-05-31 17:41 - 000000000 ____D C:\Users\pc\Desktop\New folder (7)
2018-05-31 16:31 - 2018-06-03 19:47 - 000000436 _____ C:\Users\pc\Desktop\kyle.txt
2018-05-30 01:22 - 2018-05-30 01:22 - 000000000 ____D C:\Users\pc\Desktop\Wii backup
2018-05-29 21:33 - 2018-05-29 21:38 - 000000000 ____D C:\Users\pc\Desktop\wii
2018-05-28 21:24 - 2018-05-29 19:48 - 000000000 ____D C:\Users\pc\Desktop\111
2018-05-23 21:28 - 2017-09-14 20:09 - 000000000 ____D C:\Users\pc\Desktop\NBA2K18
2018-05-22 02:28 - 2018-05-22 02:33 - 000000000 ____D C:\Users\pc\Desktop\17526
2018-05-20 00:14 - 2018-05-20 00:14 - 004044367 _____ C:\Users\pc\Desktop\wordpress-seo.7.5.1.zip
2018-05-13 15:20 - 2018-05-22 23:50 - 000000000 ____D C:\Users\pc\Desktop\skyrim console ebay
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-11 09:00 - 2009-07-13 19:34 - 019922944 _____ C:\Windows\system32\config\HARDWARE
2018-06-11 08:42 - 2009-07-13 22:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-11 08:42 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2018-06-11 03:15 - 2009-07-13 21:45 - 000031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-11 03:15 - 2009-07-13 21:45 - 000031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-11 03:05 - 2017-04-06 14:44 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-11 03:05 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-11 03:03 - 2017-07-21 01:28 - 000000000 ____D C:\Windows\pss
2018-06-11 03:03 - 2017-07-20 14:06 - 000000000 ____D C:\Users\pc\AppData\Roaming\DMCache
2018-06-11 01:57 - 2017-07-20 14:06 - 000000000 ____D C:\Users\pc\Downloads\Compressed
2018-06-11 01:57 - 2017-07-20 14:06 - 000000000 ____D C:\Users\pc\AppData\Roaming\IDM
2018-06-11 01:36 - 2017-07-28 00:21 - 000000000 ____D C:\Users\pc\AppData\Roaming\PhotoScape
2018-06-11 01:36 - 2017-07-20 14:00 - 000000000 ____D C:\Program Files\CCleaner
2018-06-11 01:36 - 2017-07-20 13:35 - 000000000 ____D C:\Users\pc\AppData\Roaming\uTorrent
2018-06-11 00:10 - 2017-07-20 12:42 - 000000000 ____D C:\Users\pc
2018-06-10 23:58 - 2017-07-21 01:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-10 23:34 - 2017-07-21 02:06 - 000000000 ____D C:\Users\pc\AppData\Roaming\vlc
2018-06-09 18:07 - 2017-08-27 17:32 - 000000000 ____D C:\Users\pc\AppData\Roaming\Mozilla
2018-06-09 18:07 - 2017-08-27 17:32 - 000000000 ____D C:\Users\pc\AppData\Local\Mozilla
2018-06-09 17:38 - 2017-07-20 13:05 - 000002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-09 15:58 - 2018-02-07 22:27 - 000000000 ____D C:\ProgramData\AVAST Software
2018-06-08 10:17 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\NDF
2018-06-07 17:11 - 2017-08-27 17:32 - 000000000 ____D C:\Users\pc\AppData\LocalLow\Mozilla
2018-06-07 16:42 - 2017-11-30 14:00 - 000001428 _____ C:\Users\eb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-06-07 16:42 - 2017-10-25 16:15 - 000001428 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-06-07 16:42 - 2017-10-25 16:12 - 000001400 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-06-07 16:42 - 2017-07-20 12:42 - 000001428 _____ C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-06-07 16:42 - 2017-04-06 16:26 - 000002010 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools.lnk
2018-06-07 15:53 - 2017-04-06 16:24 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2018-06-07 15:53 - 2017-04-06 16:24 - 000000000 ____D C:\ProgramData\Adobe
2018-06-03 21:11 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-06-03 21:10 - 2017-11-06 22:46 - 000000000 ____D C:\Users\pc\AppData\Roaming\SoftGrid Client
2018-06-03 19:44 - 2017-10-28 14:18 - 000000000 ____D C:\OutputFolder
2018-06-01 10:19 - 2018-04-14 20:24 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-05-30 18:04 - 2017-08-17 00:41 - 000000000 ____D C:\Users\pc\Desktop\360
2018-05-30 18:02 - 2018-04-07 23:40 - 000000000 ____D C:\Users\pc\Desktop\New folder (4)
2018-05-28 18:34 - 2017-07-20 15:03 - 000000000 ____D C:\Users\pc\AppData\Local\ElevatedDiagnostics
2018-05-28 00:01 - 2017-11-12 00:29 - 000000000 ____D C:\Users\pc\AppData\Local\NETGEARGenie
2018-05-24 14:39 - 2018-03-18 13:29 - 001112360 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-21 20:42 - 2018-01-12 00:16 - 000000000 ____D C:\Users\eb\Desktop\pics
2018-05-19 12:08 - 2017-04-06 16:22 - 000000000 ____D C:\Program Files\Lenovo
2018-05-19 12:07 - 2017-10-11 16:20 - 000000000 ____D C:\Users\pc\AppData\Roaming\Downloaded Installations
2018-05-18 08:01 - 2017-10-11 16:21 - 000000000 ____D C:\Users\pc\AppData\Roaming\Nitro
2018-05-17 03:27 - 2017-07-20 13:05 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 03:27 - 2017-07-20 13:05 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
Some files in TEMP:
====================
2018-06-07 15:57 - 2018-06-07 15:57 - 004279968 _____ (NeoSoft Tools                                               ) C:\Users\pc\AppData\Local\Temp\ctask.exe
2018-06-11 00:17 - 2017-08-10 23:36 - 001732864 _____ (Microsoft Corporation) C:\Users\pc\AppData\Local\Temp\dllnt_dump.dll
2018-06-09 08:26 - 2018-06-09 08:26 - 017224068 _____ () C:\Users\pc\AppData\Local\Temp\setup.dll
2018-06-07 16:44 - 2018-06-07 15:58 - 000099896 _____ () C:\Users\pc\AppData\Local\Temp\Uninstall.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\cwbhlorv.sys -> Access Denied <======= ATTENTION
 
LastRegBack: 2018-06-07 11:31
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by pc (11-06-2018 09:00:23)
Running from D:\
Windows 7 Professional Service Pack 1 (X64) (2017-07-20 19:42:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1564669726-2984673101-1444055983-500 - Administrator - Disabled)
eb (S-1-5-21-1564669726-2984673101-1444055983-1004 - Administrator - Enabled) => C:\Users\eb
Guest (S-1-5-21-1564669726-2984673101-1444055983-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1564669726-2984673101-1444055983-1002 - Limited - Enabled)
pc (S-1-5-21-1564669726-2984673101-1444055983-1001 - Administrator - Enabled) => C:\Users\pc
user (S-1-5-21-1564669726-2984673101-1444055983-1003 - Administrator - Enabled) => C:\Users\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Smart Security Premium (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security Premium (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1564669726-2984673101-1444055983-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
AAA Logo 2014 v4.11 FULL (HKLM-x32\...\AAA Logo 2014_is1) (Version:  - SWGSoft)
Adobe Reader 9.4.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.0 - Adobe Systems Incorporated)
Aoao Video Watermark Pro (HKU\S-1-5-21-1564669726-2984673101-1444055983-1001\...\AoaoVideoWatermarkPro) (Version:  - WonderFox Soft, Inc. All Rights Reserved.)
Aurora 3D Text & Logo Maker version 12.09.26 (HKLM-x32\...\{4F6B6582-B9F6-42B2-AAFC-48E097D07837}_is1) (Version: 12.09.26 - Aurora3D Software)
Boilsoft Video Splitter 6.34 (HKLM-x32\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version:  - Boilsoft, Inc.)
Business Card Studio (HKLM-x32\...\{26413EE3-C4B2-4A06-8225-72649315337D}) (Version: 5.0.2 - Summitsoft)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio)
Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
IDM Crack 6.30 build 7 (HKLM-x32\...\IDM Crack 6.30 build 7) (Version: 6.30 build 7 - Crackingpatching.com Team)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{88540041-fd0c-4588-9b2f-251e29f7c5a1}) (Version: 18.40.4 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.21 - Lenovo)
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.86.06 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.24 - Lenovo) Hidden
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
LogoMaker 4.0 (HKLM-x32\...\LogoMaker_is1) (Version:  - Avanquest)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
MergeModule_x64 (HKLM\...\{12DCC5A7-0100-4433-B4FF-217A3C5DC83B}) (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (HKLM-x32\...\{DD7721BB-CF1C-4DC9-AD87-8D5FB75413B7}) (Version: 9.3.00 - Sony Corporation) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mobile Broadband (HKLM-x32\...\{4330AAE7-1893-42F9-BC38-539A1A60530B}) (Version: 3.6.0034 - Lenovo)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.48.00 - NETGEAR Inc.)
NVIDIA 3D Vision Driver 376.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.91 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA nView 148.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 148.47 - NVIDIA Corporation)
NVIDIA WMI 2.29.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.29.0 - NVIDIA Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PlayMemories Home (HKLM-x32\...\{4F95DC94-A29D-41F6-AF34-15AA0D666186}) (Version: 5.4.02.06120 - Sony Corporation)
PMB_ModeEditor (HKLM-x32\...\{E95982CA-945F-41F2-B156-A603897AB242}) (Version: 10.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (HKLM-x32\...\{2CA3C685-339C-4C61-B12C-FAD81A872651}) (Version: 10.4.02 - Sony Corporation) Hidden
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.12 - Lenovo Group Limited)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.9 - Power Software Ltd)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.26.902.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
ResumeMaker (HKLM-x32\...\ResumeMaker) (Version:  - Individual Software, Inc)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
Sothink Logo Maker Professional (HKLM-x32\...\{D597C3D3-13D7-4BF1-9D60-AAEBBD350FF5}) (Version: 4.4.4625 - SourceTec Software)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.20 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.26.85 - Lenovo)
Ultra Video Joiner 6.1.0108 (HKLM-x32\...\Ultra Video Joiner_is1) (Version:  - Aone Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2017-03-31] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-09-03] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-02-17] (NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {17A2E408-8C47-4B72-B2D6-6E166CBAAF1F} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
Task: {1FD7D147-5D52-4524-AE68-125BDCBE20AC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {2D0BAF43-1721-4486-A074-4694B5B77837} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2017-07-20] ()
Task: {35AD05D6-CA68-4F81-A908-45478D0CF916} - System32\Tasks\TVT\ChangePWD => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe
Task: {3E5E3D7B-CF23-465D-9506-3BD623578C6F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-06] (AVAST Software)
Task: {469D56BB-5506-4DDA-B088-FC2159269193} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2017-02-21] (Lenovo Group Limited)
Task: {4CD268B8-27D6-40A1-A5DA-D24B54415F53} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe
Task: {4E9DA11F-3141-4543-8AC1-745B8EB6F98F} - \Avast Emergency Update -> No File <==== ATTENTION
Task: {62A33F66-A7A0-4211-8837-1B569E561441} - System32\Tasks\TVT\UpdateRnR => C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsetsched.exe
Task: {68A8C338-65B5-4442-AFCF-FC96D956E679} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {6CB86C11-BCDF-4060-A206-9F22E2A341F9} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe
Task: {80F3762A-8138-4161-B22C-6384F0D84554} - System32\Tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2017-03-31] ()
Task: {A41023B2-7700-45CA-9923-87B50A0657E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-20] (Google Inc.)
Task: {A6C60731-D8FA-41CF-A8FE-CA64D0ACF4DD} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {BC0385C8-5926-425D-B255-F8C6697A5769} - \Avast TUNEUP Update -> No File <==== ATTENTION
Task: {CAF7E9CA-C582-4C37-8B6C-1D149C701556} - System32\Tasks\briefer => C:\Program Files (x86)\Mace\prager.exe [2018-06-07] ()
Task: {D74B5396-DB67-4EEF-903D-BE725C2D9C40} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-20] (Google Inc.)
Task: {DCFC261C-25B1-4619-BB29-7CF6B6CD3419} - System32\Tasks\TVT\LaunchRnR => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe
Task: {E68EF0AE-387E-4889-95E0-723E43EAA01B} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: {F352C52C-BFD9-47DB-8383-0FA7C654BFE3} - \KOSMOS -> No File <==== ATTENTION
Task: {FC9E9EC4-B79E-4381-8873-9C2936E477CB} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\KOSMOS.job => C:\Program Files (x86)\KOSMOS\KOSMOS.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AoaoPhoto Soft\Aoao Video Watermark Pro\Aoao Video Watermark Pro on the web.lnk -> hxxp:
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AoaoPhoto Soft\Aoao Video Watermark Pro\Buy Aoao Video Watermark Pro on online.lnk -> hxxp:
 
ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-31 19:15 - 2017-03-31 19:15 - 000029232 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2017-04-06 14:44 - 2017-02-17 16:56 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-04-06 16:23 - 2017-02-21 06:08 - 000107008 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2018-06-07 14:19 - 2018-06-07 14:19 - 000078276 _____ () C:\Program Files (x86)\Mace\prager.exe
2018-05-16 18:22 - 2018-05-14 20:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-16 18:22 - 2018-05-14 20:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2017-03-31 19:15 - 2017-03-31 19:15 - 000027576 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00175202.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\12024885.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78197676.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00175202.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\12024885.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78197676.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2017-10-21 18:47 - 000001146 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 license.bluesoleil.com
127.0.0.1 license2.bluesoleil.com
127.0.0.1 license3.bluesoleil.com
127.0.0.1 www.bluesoleil.com
127.0.0.1 bluesoleil.com 
127.0.0.1 license.bluesoleil.com
127.0.0.1 license2.bluesoleil.com
127.0.0.1 license3.bluesoleil.com
127.0.0.1 www.bluesoleil.com
127.0.0.1 bluesoleil.com 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1564669726-2984673101-1444055983-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\pc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: bthserv => 2
MSCONFIG\Services: CleanupPSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Avast Cleanup Premium.lnk => C:\Windows\pss\Avast Cleanup Premium.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dolby Home Theater v4 => "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: NETGEARGenie => "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
MSCONFIG\startupreg: PWMTRV => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\system32\StikyNot.exe
MSCONFIG\startupreg: RtHDVBg_Dolby => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{61D55016-66E6-4BCC-BE1A-4BDF32DD1C7C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EF120CAF-53CF-405D-80B7-9877EDC497FD}] => (Allow) LPort=2869
FirewallRules: [{A313FA96-EA2C-439B-801E-12E60ED2D0AE}] => (Allow) LPort=1900
FirewallRules: [{767757B2-58BB-4821-BC9A-55233927A463}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{70CF3AFC-4F91-4AB9-BD30-AC7593D1C31B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{AA822FA5-9F1B-4031-A9E6-8D0660CA7391}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E89BA46C-0494-4840-AD83-0128C2807D34}] => (Allow) C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E15F87B8-3327-4611-9185-FE1AD1BEC0FF}] => (Allow) C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8C3E7F42-6B23-4311-9C8B-5144440877E7}] => (Allow) C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C319F0CB-E6B3-4105-AE69-D65A1A966F2C}] => (Allow) C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{46D65C1A-1F28-4AFD-AA8A-A405817F6E91}] => (Allow) C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{77AFD453-C50D-449E-96B0-44CE0BD3413C}] => (Allow) C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5E8AB5D5-10A9-4164-90DC-3B8819080CE5}] => (Allow) C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{785F3C31-C986-4D2F-AE99-993C4A3C0802}] => (Allow) C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{A49AD5EA-E0F6-4EA2-9A5F-54CD7F822432}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe
FirewallRules: [UDP Query User{21F52947-DB24-41BB-88D8-4B396BB4864F}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe
FirewallRules: [TCP Query User{D1C8B747-0E14-4452-8E2C-3EFD2CF911B2}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe
FirewallRules: [UDP Query User{D3714599-C6C0-4FCB-B748-9E551DC04113}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe
FirewallRules: [TCP Query User{9BA4BD20-3F9E-49DF-A832-A1BDA020BB70}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{92C8CCBC-B6D5-475B-B759-26E12DDAAD7F}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{6D31C6BF-BE86-46A3-9921-DF4C14344CBD}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{235857D9-7AA1-4181-9C76-4BD5F04A1370}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{86DE93B2-AE0D-4EDF-8B2A-B082E694D44D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9EFBB507-A3DB-4555-9EE8-31D9362E6CD4}] => (Allow) C:\Program Files (x86)\Shirked\Sisyphus.exe
FirewallRules: [{368929EB-DD30-483D-BA3C-D1AA151D13A6}] => (Allow) C:\Program Files (x86)\Shirked\Riboflavin.exe
 
==================== Restore Points =========================
 
11-06-2018 03:42:26 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: MTU0M2
Description: MTU0M2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MTU0M2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/11/2018 03:05:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/11/2018 02:34:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/11/2018 02:31:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/11/2018 02:15:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKiller_portable64.exe version 12.12.20.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 858
 
Start Time: 01d40163d9a81b9b
 
Termination Time: 2
 
Application Path: C:\Users\pc\Downloads\Programs\RogueKiller_portable64.exe
 
Report Id: f3607517-6d57-11e8-9a48-f4b7e2ce4863
 
Error: (06/11/2018 01:44:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/11/2018 01:43:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"  /forcedfolder "C:\Users\pc\AppData\Local\sidxwkn"; Description = Revo Uninstaller Pro's restore point - sidxwkn; Error = 0x8007043c).
 
Error: (06/11/2018 01:43:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/11/2018 01:42:32 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"  /forcedfolder "C:\Users\pc\AppData\Local\sidxwkn"; Description = Revo Uninstaller Pro's restore point - sidxwkn; Error = 0x8007043c).
 
 
System errors:
=============
Error: (06/11/2018 03:05:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
MTU0M2
 
Error: (06/11/2018 03:05:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The risdxc service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (06/11/2018 03:05:12 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.
 
Error: (06/11/2018 03:04:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (06/11/2018 03:04:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (06/11/2018 03:04:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (06/11/2018 03:04:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (06/11/2018 03:04:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
CodeIntegrity:
===================================
 
Date: 2018-06-11 03:05:58.228
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-11 03:05:58.196
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-11 02:34:56.306
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-11 02:34:56.274
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-11 01:44:10.321
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-11 01:44:10.290
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-11 01:19:30.196
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-11 01:19:30.165
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3740QM CPU @ 2.70GHz
Percentage of memory in use: 22%
Total physical RAM: 15950.79 MB
Available physical RAM: 12390.01 MB
Total Virtual: 31899.77 MB
Available Virtual: 28315.93 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:222.4 GB) (Free:52.2 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HDD) (Fixed) (Total:698.61 GB) (Free:3.58 GB) exFAT
 
\\?\Volume{93c225c5-1b1f-11e7-a262-806e6f6e6963}\ (SYSTEM_DRV) (Fixed) (Total:1.17 GB) (Free:0.4 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: D09ECED4)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: A394C5AF)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by djrazr, 11 June 2018 - 11:02 AM.


BC AdBot (Login to Remove)

 


#2 djrazr

djrazr
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 12 June 2018 - 01:48 AM

ok, so i used a different laptop, that i haven't used in a while. That laptop is infected as well

Odd file names, that i don't have permission to change

task manager shows "client" 3 times, which i cannot end

Same this is happening as my previous laptop. It starts out with a redirect city page to bing from google chrome

I can download but not open what i downlioad

 

Possible to have a virus in the router?

I have a verizon frontier router, but i have my netgear R7 bridged


Edited by djrazr, 12 June 2018 - 01:51 AM.


#3 djrazr

djrazr
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 12 June 2018 - 09:45 PM

I fixed the issue, running Kaspersky rescue via ISO USB

I tried may others, but they did not rid of what needed to be gone

Kasperksy removed the aunowbx

 

Thanks for everyones help






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users