Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojan yelloader and window process 32 bit


  • This topic is locked This topic is locked
30 replies to this topic

#1 Sebo119

Sebo119

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 11 July 2018 - 10:11 AM

Attached File  FRST_11-07-2018 23.08.27.txt   38.86KB   7 downloadsAttached File  Addition_11-07-2018 23.08.27.txt   39.93KB   12 downloads



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:17 PM

Posted 11 July 2018 - 09:07 PM

Greetings Sebo119 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

===================================================

SmartService Removal With Recovery Environment Installed

--------------------
  • On a clean computer download Farbar Recover Scan Tool for 64 bit systems and save it to a USB device
  • Remove the USB device
  • On your compromised computer click on Start, type command, right click on Command Prompt above and select Run as administrator
  • Type bcdedit /set recoveryenabled Yes and hit Enter
  • Confirm The operation completed successfully
  • Close the Command window
  • Hold down the Shift Key, click Start, click on the power icon just above Start, then select Restart
  • Select Troubleshoot
  • Select Advanced options
  • Select Command Prompt
  • Select your User Account
  • Type your password, if necessary
  • Insert the USB drive containing FRST into the compromised computer
  • In the command window type in Notepad and press Enter
  • Click File then Open
  • In the lower right hand corner change Text Documents (*.txt) to All Files (*.*)
  • On the left side locate and double click on the USB device containing FRST
  • Right click on the FRST icon and select Run as administrator
  • Click Yes on the Disclaimer
  • Press Scan button.
  • When completed a (FRST.txt) file will be created on the flash drive. Please copy and paste the contents in your reply.
  • Reboot your computer into Normal Boot and run a new FRST scan
  • Copy and post both reports in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FRST.txt
  • Addition.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Sebo119

Sebo119
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 11 July 2018 - 10:11 PM

when I hold down the shift key it doesn't allow me to click on anything. 



#4 Sebo119

Sebo119
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 11 July 2018 - 10:43 PM

When I restart the computer it just restarts normally.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:17 PM

Posted 12 July 2018 - 08:18 AM

OK, please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
  • The information will be copied invisibly and will be "pasted" into FRST automatically when you click Fix as instructed below
Start::
cmd: bcdedit /set recoveryenabled Yes
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Sebo119

Sebo119
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 12 July 2018 - 09:32 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Sebo (12-07-2018 22:29:50) Run:1
Running from C:\Users\Sebo\Desktop
Loaded Profiles: Sebo (Available Profiles: Sebo & avril_000)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
cmd: bcdedit /set recoveryenabled Yes
 
*****************
 
 
========= bcdedit /set recoveryenabled Yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
==== End of Fixlog 22:29:51 ====


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:17 PM

Posted 12 July 2018 - 02:38 PM

Very good, thank you.

I am slightly modifying the instructions. Please do this.

===================================================

SmartService Removal With Recovery Environment Installed

--------------------
  • On a clean computer download Farbar Recover Scan Tool for 64 bit systems and save it to a USB device
  • Remove the USB device
  • Download RecoveryEnvironment.bat and save it to your Desktop
  • Right click on the icon and select Run as administrator
  • Agree to any warning screens that may appear
  • At Enter input: type Y and hit Enter
  • Your computer will reboot in 5 seconds
  • At the Choose an option screen select Troubleshoot
  • Select Advanced options
  • Select Command Prompt
  • Select your User Account
  • Type your password, if necessary
  • Insert the USB drive containing FRST into the compromised computer
  • In the command window type in Notepad and press Enter
  • Click File then Open
  • In the lower right hand corner change Text Documents (*.txt) to All Files (*.*)
  • On the left side locate and double click on the USB device containing FRST
  • Right click on the FRST icon and select Run as administrator
  • Click Yes on the Disclaimer
  • Press Scan button.
  • When completed a (FRST.txt) file will be created on the flash drive. Please copy and paste the contents in your reply.
  • Reboot your computer into Normal Boot and run a new FRST scan
  • Copy and post both reports in your reply. Use multiple posts if the content is too long
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog.txt
  • FRST.txt
  • Addition.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Sebo119

Sebo119
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 12 July 2018 - 04:03 PM

My computer still restarted normally.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:17 PM

Posted 12 July 2018 - 07:20 PM

Greetings.

Do you have a Windows 8.1 installation disk? Do you have the ability to burn a DVD?
  • Shut down your computer.
  • Start your computer then after 5 seconds hold down the power button until the computer shuts down. Do this twice.
  • Start your computer and let it boot. If you see the screen with Troubleshooting run the steps in the previous post.
If that does not work please run this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
  • The information will be copied invisibly and will be "pasted" into FRST automatically when you click Fix as instructed below
Start::
cmd: bcdedit
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Sebo119

Sebo119
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 12 July 2018 - 08:09 PM

​Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018

Ran by SYSTEM on MININT-M0GQ467 (12-07-2018 21:39:50)
Running from G:\
Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Default\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\Default User\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\Sebo\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\Sebo\...\Run: [utweb] => "C:\Users\Sebo\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"HKLM\System\ControlSet001\Services\uizvp" => removed successfully
C:\Windows\System32\drivers\ussybeil.sys => moved successfully
C:\Users\avril_000\AppData\Local\reapwbz\pshbrid.exe => moved successfully
C:\Users\avril_000\AppData\Local\reapwbz\reapwbz.exe => moved successfully
C:\Users\avril_000\AppData\Local\wmcagent\wmcagent.exe => moved successfully
C:\Users\avril_000\AppData\Local\wmcagent\wow_helper.exe => moved successfully
C:\Users\Sebo\AppData\Local\containersvc\nvdtsvc.exe => moved successfully
C:\Users\Sebo\AppData\Local\scczuwg\scczuwg.exe => moved successfully
C:\Users\Sebo\AppData\Local\scczuwg\wmcatpb.exe => moved successfully
C:\Users\Sebo\AppData\Local\Temp\1523746236SEdtmp.exe => moved successfully
C:\Users\Sebo\AppData\Local\Temp\arctic-loop.exe => moved successfully
C:\Users\Sebo\AppData\Local\Temp\DoubleClick.exe => moved successfully
C:\Users\Sebo\AppData\Local\Temp\FileUnlocker_Installer.exe => moved successfully
C:\Users\Sebo\AppData\Local\Temp\setup.exe => moved successfully
C:\Users\Sebo\AppData\Local\Temp\SystemHealer.exe => moved successfully
C:\Users\Sebo\AppData\Local\Temp\zdj.exe => moved successfully
C:\Users\TEMP\AppData\Local\iareput\iareput.exe => moved successfully
C:\Users\TEMP\AppData\Local\iareput\senuckh.exe => moved successfully
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 BitDefenderCOM; "C:\Program Files\BDServices\BitDefenderCom.exe" [X]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-08-21] (Realsil Semiconductor Corporation)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [6393856 2016-12-28] (Realtek Semiconductor Corporation )
S3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [442848 2018-02-22] (BitDefender S.R.L.)
S3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-23] (HP)
S3 aswbdisk; no ImagePath
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
S1 MpKsl8c969d71; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A061111C-8C63-42C6-9B09-63427DB81399}\MpKsl8c969d71.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-12 17:29 - 2018-07-12 17:29 - 000000542 _____ C:\Users\Sebo\Desktop\Fixlog.txt
2018-07-12 17:24 - 2018-07-12 17:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\pskreva
2018-07-12 16:10 - 2018-07-12 16:10 - 000000000 ____D C:\Users\Sebo\AppData\Local\racdueh
2018-07-12 16:05 - 2018-07-12 16:05 - 000001947 _____ C:\Users\Sebo\Downloads\RecoveryEnvironment.bat
2018-07-12 16:00 - 2018-07-12 16:00 - 000000000 ____D C:\Users\Sebo\AppData\Local\cgirhtv
2018-07-12 15:45 - 2018-07-12 15:45 - 000000000 ____D C:\Users\Sebo\AppData\Local\vsirgkp
2018-07-12 13:01 - 2018-07-12 13:01 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmmzuwe
2018-07-12 12:56 - 2018-07-12 12:56 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdmgupb
2018-07-12 12:54 - 2018-07-12 12:54 - 000000000 ____D C:\Users\Sebo\AppData\Local\cgoxnkl
2018-07-12 12:49 - 2018-07-12 12:49 - 000001947 _____ C:\Users\Sebo\Desktop\RecoveryEnvironment.bat
2018-07-12 12:44 - 2018-07-12 12:44 - 000000000 ____D C:\Users\Sebo\AppData\Local\wmnarhz
2018-07-12 08:35 - 2018-07-12 08:35 - 000000000 ____D C:\Users\Sebo\AppData\Local\usrbwog
2018-07-12 06:46 - 2018-07-12 06:46 - 000000000 ____D C:\Users\Sebo\AppData\Local\sboamxz
2018-07-12 06:07 - 2018-07-12 06:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\tiogbnm
2018-07-12 06:04 - 2018-07-12 06:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsnhzpo
2018-07-12 05:58 - 2018-07-12 05:58 - 000000000 ____D C:\Users\Sebo\AppData\Local\atsmbno
2018-07-12 05:53 - 2018-07-12 05:53 - 000000000 ____D C:\Users\Sebo\AppData\Local\ranwcsx
2018-07-12 05:40 - 2018-07-12 05:40 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaokhtm
2018-07-12 05:25 - 2018-07-12 05:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\upkmtde
2018-07-12 05:11 - 2018-07-12 05:11 - 000000000 ____D C:\Users\Sebo\AppData\Local\upkslmd
2018-07-12 02:55 - 2018-07-12 02:55 - 000000000 ____D C:\Users\Sebo\AppData\Local\iastxwz
2018-07-12 00:07 - 2018-07-12 00:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdbolum
2018-07-11 18:12 - 2018-07-11 18:12 - 000039792 _____ C:\Users\Sebo\Downloads\FRST_11-07-2018 23.08.27.txt
2018-07-11 18:03 - 2018-07-11 18:08 - 000039792 _____ C:\Users\Sebo\Downloads\FRST.txt
2018-07-11 17:57 - 2018-07-11 17:57 - 000000000 ____D C:\Users\Sebo\AppData\Local\psmntuo
2018-07-11 17:55 - 2018-07-11 17:55 - 000000000 ____D C:\Users\Sebo\AppData\Local\aterwkn
2018-07-11 17:29 - 2018-07-12 21:39 - 000000000 ____D C:\Users\Sebo\AppData\Local\scczuwg
2018-07-11 17:26 - 2018-07-11 17:26 - 000000000 ____D C:\Users\Sebo\AppData\Local\ianmtbz
2018-07-11 09:36 - 2018-06-12 11:01 - 000149632 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2018-07-11 09:36 - 2018-06-08 05:15 - 001602048 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2018-07-11 09:36 - 2018-06-08 05:15 - 000680960 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2018-07-11 09:36 - 2018-06-08 05:15 - 000612352 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2018-07-11 09:36 - 2018-06-08 05:15 - 000443392 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2018-07-11 09:36 - 2018-06-08 05:15 - 000301056 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2018-07-11 09:36 - 2018-06-08 05:15 - 000246272 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2018-07-11 09:35 - 2018-06-08 05:15 - 002860032 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2018-07-11 09:35 - 2018-06-08 05:15 - 000783872 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2018-07-11 09:35 - 2018-06-08 05:15 - 000470016 _____ (Microsoft Corporation) C:\Windows\System32\centel.dll
2018-07-11 09:27 - 2018-07-11 09:27 - 000000000 ____D C:\Users\Sebo\AppData\Local\usmegcx
2018-07-11 09:20 - 2018-07-11 09:20 - 000000000 ____D C:\Users\Sebo\AppData\Local\sidarev
2018-07-11 09:11 - 2018-07-11 18:08 - 000040889 _____ C:\Users\Sebo\Downloads\Addition.txt
2018-07-11 09:08 - 2018-07-12 17:29 - 000000000 ____D C:\FRST
2018-07-11 08:35 - 2018-07-11 08:35 - 000000000 ____D C:\SUPERDelete
2018-07-11 08:05 - 2018-07-11 08:05 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmmgcep
2018-07-11 07:39 - 2018-07-11 07:39 - 000000000 ____D C:\Users\Sebo\Desktop\Fatal flute - Copy
2018-07-11 07:39 - 2018-07-11 07:39 - 000000000 ____D C:\Users\Sebo\AppData\Local\atokpzn
2018-07-11 05:52 - 2018-07-11 05:55 - 034339440 _____ (SUPERAntiSpyware) C:\Users\Sebo\Downloads\SUPERAntiSpyware.exe
2018-07-11 05:52 - 2018-07-11 05:53 - 000359021 _____ C:\Users\Sebo\Downloads\InsaneCryptDecrypter.zip
2018-07-11 05:50 - 2018-07-11 05:50 - 001790024 _____ (Malwarebytes) C:\Users\Sebo\Downloads\JRT.exe
2018-07-11 05:49 - 2018-07-11 05:50 - 007395536 _____ (Malwarebytes) C:\Users\Sebo\Downloads\AdwCleaner.exe
2018-07-11 05:44 - 2018-07-11 08:22 - 000003490 _____ C:\Users\Sebo\Desktop\Rkill.txt
2018-07-11 05:43 - 2018-07-11 05:44 - 005336387 _____ C:\Users\Sebo\Downloads\rakhnidecryptor.zip
2018-07-11 05:42 - 2018-07-11 05:42 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Sebo\Downloads\rkill.exe
2018-07-11 05:40 - 2018-07-11 05:40 - 000000000 ____D C:\Program Files\AVAST Software
2018-07-11 05:38 - 2018-07-11 18:00 - 000000000 ____D C:\Users\Sebo\AppData\Local\Opera Software
2018-07-11 05:38 - 2018-07-11 05:49 - 031209595 ____R C:\Users\Sebo\Downloads\SpyHunter 4.9.10.3956 Final incl patch-SND.rar
2018-07-11 05:37 - 2018-07-11 18:00 - 000000000 ____D C:\Users\Sebo\AppData\Roaming\Opera Software
2018-07-11 05:33 - 2018-07-11 18:00 - 000000000 ____D C:\Program Files\Opera
2018-07-11 05:33 - 2018-07-11 08:46 - 000000000 ____D C:\Users\Sebo\AppData\Roaming\uTorrent
2018-07-11 05:33 - 2018-07-11 08:06 - 000000000 ____D C:\Users\Sebo\AppData\LocalLow\uTorrent
2018-07-11 05:33 - 2018-07-11 05:33 - 000000865 _____ C:\Users\Sebo\Desktop\µTorrent.lnk
2018-07-11 05:29 - 2018-07-11 05:30 - 002948240 _____ (BitTorrent Inc.) C:\Users\Sebo\Downloads\uTorrent.exe
2018-07-11 05:25 - 2018-07-11 05:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\nvorphx
2018-07-10 23:31 - 2018-07-10 23:31 - 000000000 ____D C:\Users\Sebo\AppData\Local\lscntmw
2018-07-10 23:16 - 2018-07-10 23:16 - 000000000 ____D C:\Users\Sebo\AppData\Local\atbdire
2018-07-10 23:03 - 2018-07-10 23:03 - 000002246 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-10 22:21 - 2018-07-10 22:23 - 021020664 _____ (BitTorrent, Inc.) C:\Users\Sebo\Downloads\utweb_installer.exe
2018-07-10 22:19 - 2018-07-10 22:19 - 000000000 ____D C:\Users\Sebo\AppData\Local\snhztxi
2018-07-10 21:53 - 2018-07-10 21:53 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmrnckg
2018-07-10 04:22 - 2018-07-10 04:22 - 000000000 ____D C:\Users\Sebo\AppData\Local\nvdzlgs
2018-07-10 03:46 - 2018-07-10 03:46 - 000000000 ____D C:\Users\Sebo\AppData\Local\dtenlgo
2018-07-10 02:48 - 2018-07-10 02:48 - 000000000 ____D C:\Users\Sebo\AppData\Local\tismcoh
2018-07-10 01:34 - 2018-07-10 01:34 - 000000000 ____D C:\Users\Sebo\AppData\Local\rtsigwk
2018-07-10 00:45 - 2018-07-10 00:45 - 000000000 ____D C:\Users\Sebo\AppData\Local\pcdlvgb
2018-07-10 00:24 - 2018-07-10 00:24 - 000007597 _____ C:\Users\Sebo\AppData\Local\Resmon.ResmonCfg
2018-07-09 23:47 - 2018-07-09 23:47 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdrxsue
2018-07-09 23:34 - 2018-07-09 23:34 - 000000000 ____D C:\Users\Sebo\AppData\Local\seozcpd
2018-07-08 21:27 - 2018-07-08 21:27 - 000000000 ____D C:\Users\Sebo\AppData\Local\reizbcg
2018-07-07 06:20 - 2018-07-07 06:20 - 000000000 ____D C:\Users\Sebo\AppData\Local\dwitmav
2018-07-06 23:18 - 2018-07-06 23:18 - 000012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2018-07-06 23:18 - 2018-07-06 23:18 - 000001750 _____ C:\Windows\System32\bootdelete.lst
2018-07-06 22:50 - 2018-07-06 22:50 - 000000000 ____D C:\Users\Sebo\AppData\Local\snhbaxg
2018-07-06 21:53 - 2018-07-09 23:32 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-07-06 21:53 - 2018-07-08 22:36 - 000070255 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-07-06 21:53 - 2018-07-08 21:38 - 000057398 _____ C:\Windows\ZAM.krnl.trace
2018-07-06 21:53 - 2018-07-06 21:53 - 000000000 ____D C:\Users\Sebo\AppData\Local\Zemana
2018-07-06 21:50 - 2018-07-06 21:50 - 000000000 ____D C:\Users\Sebo\AppData\Local\wmhregi
2018-07-06 20:35 - 2018-07-06 20:35 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmhknco
2018-07-06 07:08 - 2018-07-06 07:08 - 000000000 ____D C:\Users\Sebo\AppData\Local\wmdablg
2018-07-06 05:36 - 2018-07-06 05:36 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdrvnbc
2018-07-06 02:16 - 2018-07-06 02:16 - 000000000 ____D C:\Users\Sebo\AppData\Local\pwecikg
2018-07-06 01:23 - 2018-07-06 01:23 - 000000000 ____D C:\Users\Sebo\AppData\Local\sccoxak
2018-07-05 20:31 - 2018-07-05 20:31 - 000000000 ____D C:\Users\Sebo\AppData\Local\csripux
2018-07-05 19:58 - 2018-07-05 19:58 - 000000000 ____D C:\Users\Sebo\AppData\Local\audpksx
2018-07-05 19:13 - 2018-07-05 19:13 - 000000000 ____D C:\Users\Sebo\AppData\Local\tirnczg
2018-07-05 19:11 - 2018-07-12 16:25 - 000949776 _____ C:\Windows\ntbtlog.txt
2018-07-05 19:10 - 2018-07-05 19:10 - 000000000 ____D C:\Windows\pss
2018-07-05 18:52 - 2018-07-05 18:52 - 000000000 ____D C:\Users\Sebo\AppData\Local\reniumt
2018-07-05 10:25 - 2018-07-05 10:25 - 000000000 ____D C:\Program Files (x86)\Trojan Killer
2018-07-05 10:17 - 2018-07-05 10:17 - 000000000 ____D C:\Users\Sebo\AppData\Local\svdhwxe
2018-07-05 09:30 - 2018-07-05 09:30 - 000000000 ____D C:\Users\Sebo\AppData\Local\dworbeg
2018-07-05 09:23 - 2018-07-05 09:23 - 000000000 ____D C:\Users\Sebo\AppData\Local\spbvhlk
2018-07-05 08:52 - 2018-07-05 08:52 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsspenh
2018-07-05 06:43 - 2018-07-05 06:43 - 000000000 ____D C:\Users\Sebo\AppData\Local\aubrvgp
2018-07-05 06:36 - 2018-07-06 23:18 - 000000000 ____D C:\ProgramData\HitmanPro
2018-07-05 06:26 - 2018-07-05 06:26 - 000000000 ____D C:\Users\Sebo\AppData\Local\wemhlop
2018-07-05 06:12 - 2018-07-05 06:12 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaimedt
2018-07-05 05:50 - 2018-07-05 05:50 - 000000000 ____D C:\Users\Sebo\Desktop\New folder
2018-07-05 05:45 - 2018-07-05 05:45 - 000000000 ____D C:\Users\Sebo\AppData\Local\wikvoea
2018-07-05 05:37 - 2018-07-05 05:48 - 000000000 ____D C:\Users\Sebo\Downloads\SpyHunter 4.1.11.0 + Crack
2018-07-05 05:18 - 2018-07-05 05:18 - 000000000 ____D C:\Users\Sebo\AppData\Local\scrgoiw
2018-07-05 05:08 - 2018-07-06 22:43 - 000000000 ____D C:\Program Files\BDServices
2018-07-05 04:25 - 2018-07-05 04:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\sckedtw
2018-07-05 04:16 - 2018-07-05 04:16 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsbapic
2018-07-05 01:04 - 2018-07-05 01:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\sekmxlb
2018-07-05 01:02 - 2018-07-05 01:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\snalxtp
2018-07-05 00:49 - 2018-07-05 00:49 - 000000000 ____D C:\Users\Sebo\AppData\Local\wmohvai
2018-07-04 23:49 - 2018-07-04 23:49 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaixcwn
2018-07-04 23:44 - 2018-07-04 23:44 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdkowrn
2018-07-04 23:36 - 2018-07-04 23:36 - 000000000 ____D C:\Users\Sebo\AppData\Local\avnetks
2018-07-04 23:33 - 2018-07-04 23:33 - 000000000 ____D C:\Users\Sebo\AppData\Local\mskoatb
2018-07-04 23:22 - 2018-07-04 23:22 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdbacop
2018-07-04 23:16 - 2018-07-04 23:16 - 000000000 ____D C:\Program Files\Unlocker
2018-07-04 23:07 - 2018-07-04 23:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\psnbdwg
2018-07-04 21:28 - 2018-07-04 21:28 - 000000000 ____D C:\Program Files (x86)\HP
2018-07-04 21:13 - 2018-07-04 21:13 - 000000000 ____D C:\Users\Sebo\AppData\Local\nicktga
2018-07-04 08:39 - 2018-07-04 08:39 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdomvel
2018-07-04 07:25 - 2018-07-04 07:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\ninzlcp
2018-07-04 06:57 - 2018-07-04 06:57 - 000000000 ____D C:\Users\Sebo\AppData\Local\pskiwcx
2018-07-04 06:26 - 2018-07-04 06:26 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmagnus
2018-07-04 05:50 - 2018-07-04 05:50 - 000000000 ____D C:\Users\Sebo\AppData\Local\avitwxl
2018-07-04 04:36 - 2018-07-04 04:36 - 000000000 ____D C:\Users\Sebo\AppData\Local\sbdkvxa
2018-07-04 04:02 - 2018-07-04 04:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\nidrmcp
2018-07-04 03:22 - 2018-07-04 03:22 - 000000000 ____D C:\Users\Sebo\AppData\Local\cgsunrm
2018-07-04 03:16 - 2018-07-04 03:18 - 000000000 ____D C:\AdwCleaner
2018-07-04 02:23 - 2018-07-04 02:23 - 000000000 ____D C:\Users\Sebo\AppData\Local\wembnxl
2018-07-04 01:59 - 2018-07-04 01:59 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsavocb
2018-07-04 01:53 - 2018-07-04 01:53 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdmacol
2018-07-04 01:30 - 2018-07-04 01:30 - 000000000 ____D C:\Users\Sebo\AppData\Local\spsrktw
2018-07-03 19:52 - 2018-07-04 06:32 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3491979019-2275402679-4232920000-1003
2018-07-03 19:25 - 2018-07-03 19:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\vshzxra
2018-07-03 05:29 - 2018-07-03 05:29 - 000000000 ____D C:\Users\Sebo\AppData\Local\dtcmwrp
2018-07-03 04:24 - 2018-07-03 04:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\scndhtb
2018-07-03 03:38 - 2018-07-03 03:38 - 000000000 ____D C:\Users\Sebo\AppData\Local\tihudmp
2018-07-03 03:15 - 2018-07-03 03:15 - 000000000 ____D C:\Users\Sebo\AppData\Local\nvdxegl
2018-07-03 02:41 - 2018-07-03 02:41 - 000000000 ____D C:\Users\Sebo\AppData\Local\nvkizhm
2018-07-03 02:25 - 2018-07-12 21:40 - 000000000 ____D C:\Users\TEMP\AppData\Local\iareput
2018-07-03 02:22 - 2018-07-03 02:27 - 000000000 ____D C:\users\TEMP
2018-07-03 01:40 - 2018-07-03 01:40 - 000000000 ____D C:\Users\Sebo\AppData\Local\sphtrgd
2018-07-03 01:14 - 2018-07-03 01:14 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdmrkts
2018-07-02 22:59 - 2018-07-02 22:59 - 000000000 ____D C:\Users\Sebo\AppData\Local\lsbahgi
2018-07-02 22:18 - 2018-07-02 22:18 - 000000000 ____D C:\Users\Sebo\AppData\Local\lsivzgu
2018-07-02 22:02 - 2018-07-02 22:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\cshenbo
2018-07-02 21:25 - 2018-07-02 21:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\wibench
2018-07-02 21:07 - 2018-07-02 21:07 - 000000000 ____D C:\Program Files\Malwarebytes
2018-07-02 21:04 - 2018-07-02 21:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmhcdkx
2018-07-02 20:24 - 2018-07-02 20:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmeprvn
2018-07-02 19:36 - 2018-07-02 19:36 - 000000000 ____D C:\Users\Sebo\AppData\Local\wiokrdv
2018-07-02 19:28 - 2018-07-02 19:28 - 000000000 ____D C:\Users\Sebo\AppData\Local\zascerp
2018-07-02 08:33 - 2018-07-02 08:33 - 000000000 ____D C:\Users\Sebo\AppData\Local\timnkaz
2018-07-02 08:04 - 2018-07-02 08:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\usizwov
2018-07-02 07:58 - 2018-07-02 07:58 - 000000000 ____D C:\Users\Sebo\AppData\Local\cwdxblr
2018-07-02 07:28 - 2018-07-02 07:28 - 000000000 ____D C:\Users\Sebo\AppData\Local\seiuvgd
2018-07-02 06:56 - 2018-07-02 06:56 - 000000000 ____D C:\Users\Sebo\AppData\Local\wimhxba
2018-07-02 06:24 - 2018-07-02 06:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\ausdbit
2018-07-01 19:17 - 2018-07-01 19:17 - 000000000 ____D C:\Users\Sebo\AppData\Local\msaoetl
2018-07-01 19:10 - 2018-07-01 19:10 - 000000000 ____D C:\Users\Sebo\AppData\Local\rtipdeu
2018-07-01 17:13 - 2018-07-01 17:13 - 000000000 ____D C:\Users\Sebo\AppData\Local\ramevgn
2018-07-01 16:26 - 2018-07-01 16:26 - 000000000 ____D C:\Users\Sebo\AppData\Local\costkpr
2018-07-01 15:48 - 2018-07-01 15:48 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaowbpd
2018-07-01 15:02 - 2018-07-01 15:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\seduzgp
2018-07-01 14:13 - 2018-07-01 14:13 - 000000000 ____D C:\Users\Sebo\AppData\Local\raicplo
2018-07-01 13:32 - 2018-07-01 13:32 - 000000000 ____D C:\Users\Sebo\AppData\Local\sckohub
2018-07-01 12:42 - 2018-07-01 12:42 - 000000000 ____D C:\Users\Sebo\AppData\Local\iaetrlv
2018-07-01 11:00 - 2018-07-01 11:00 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdeopba
2018-06-30 18:56 - 2018-06-30 18:56 - 000000000 ____D C:\Users\Sebo\AppData\Local\vsaiodu
2018-06-30 18:18 - 2018-06-30 18:18 - 000000000 ____D C:\Users\Sebo\AppData\Local\conghre
2018-06-30 17:32 - 2018-06-30 17:32 - 000000000 ____D C:\Users\Sebo\AppData\Local\cgovwzx
2018-06-30 15:24 - 2018-06-30 15:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\atdmwkc
2018-06-30 15:16 - 2018-06-30 15:16 - 000000000 ____D C:\Users\Sebo\AppData\Local\scnkhld
2018-06-30 13:32 - 2018-06-30 13:32 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsawout
2018-06-30 11:20 - 2018-06-30 11:22 - 055362610 _____ C:\Users\Sebo\Desktop\fot li.wav
2018-06-30 10:58 - 2018-06-30 10:58 - 000000000 ____D C:\Users\Sebo\AppData\Local\sceipnv
2018-06-30 09:03 - 2018-06-30 09:03 - 000000000 ____D C:\Users\Sebo\AppData\Local\exbndvr
2018-06-30 09:00 - 2018-06-30 09:00 - 000000000 ____D C:\ProgramData\PACE
2018-06-30 08:52 - 2018-06-30 08:52 - 000000000 ____D C:\Windows\%LOCALAPPDATA%
2018-06-30 08:19 - 2018-06-30 08:19 - 000000000 ____D C:\Users\Sebo\AppData\Local\spcgzrm
2018-06-29 13:52 - 2018-06-29 13:52 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdhrkgz
2018-06-29 10:50 - 2018-06-29 10:50 - 000000000 ____D C:\Users\Sebo\AppData\Local\sndxtcp
2018-06-29 10:03 - 2018-06-29 10:03 - 000000000 ____D C:\Users\Sebo\AppData\Local\scrxliv
2018-06-29 09:11 - 2018-06-29 09:11 - 000000000 ____D C:\Users\Sebo\AppData\Local\dtaiznm
2018-06-29 08:25 - 2018-06-29 08:28 - 000000000 ____D C:\Users\Sebo\Desktop\Made Up
2018-06-29 08:20 - 2018-06-29 08:20 - 000000000 ____D C:\Users\Sebo\AppData\Local\atkdcbg
2018-06-29 08:14 - 2018-06-29 08:14 - 000000000 ____D C:\Users\Sebo\AppData\Local\psdwmck
2018-06-28 21:40 - 2018-06-28 21:40 - 000000000 ____D C:\Users\Sebo\AppData\Local\pwhxuac
2018-06-28 17:14 - 2018-06-28 17:14 - 000000000 ____D C:\Users\Sebo\AppData\Local\pcrgils
2018-06-28 12:15 - 2018-06-28 12:16 - 069194466 _____ C:\Users\Sebo\Desktop\Kendrick lamar type beat.wav
2018-06-28 08:46 - 2018-06-28 08:46 - 000000000 ____D C:\Users\Sebo\Desktop\AZS Spice Vol.2 MIDI
2018-06-28 08:43 - 2018-06-29 08:27 - 000000000 ____D C:\Users\Sebo\Desktop\Aiyn.Zahev4
2018-06-28 08:40 - 2018-06-28 08:40 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmrvxip
2018-06-27 06:19 - 2018-06-27 06:19 - 000000000 ____D C:\Users\Sebo\AppData\Local\nibtesa
2018-06-26 22:05 - 2018-06-26 22:05 - 000000000 ____D C:\Users\Sebo\AppData\Local\avormwd
2018-06-26 14:20 - 2018-06-26 14:20 - 000000000 ____D C:\Users\Sebo\AppData\Local\uprlhwo
2018-06-26 09:55 - 2018-06-26 09:55 - 000000000 ____D C:\Users\Sebo\AppData\Local\uskotmn
2018-06-25 17:35 - 2018-06-25 17:35 - 000000000 ____D C:\Users\Sebo\AppData\Local\sbrnuch
2018-06-25 09:07 - 2018-06-25 09:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\cwcuonp
2018-06-24 13:24 - 2018-06-28 08:55 - 000000000 ____D C:\Users\Sebo\Downloads\Dune Synapse Audio
2018-06-24 13:04 - 2018-06-24 13:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\uskohzn
2018-06-23 16:30 - 2018-06-23 16:30 - 000000000 ____D C:\Users\Sebo\AppData\Local\wistzol
2018-06-23 10:09 - 2018-06-23 10:09 - 000000000 ____D C:\Users\Sebo\AppData\Local\upbmnwo
2018-06-22 10:06 - 2018-06-22 10:06 - 000000000 ____D C:\Users\Sebo\AppData\Local\sekzduo
2018-06-21 07:07 - 2018-06-21 07:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdsavun
2018-06-20 09:14 - 2018-06-20 09:14 - 002257964 _____ C:\Users\Sebo\Downloads\looperman-l-0159051-0130110-chapter-vi-1.wav
2018-06-20 08:51 - 2018-06-20 08:51 - 000000000 ____D C:\Users\Sebo\AppData\Local\svbtuog
2018-06-19 16:47 - 2018-06-19 16:47 - 000000000 ____D C:\Users\Sebo\AppData\Local\pwanglx
2018-06-19 11:42 - 2018-06-19 11:42 - 000000000 ____D C:\Users\Sebo\AppData\Local\sichtvg
2018-06-18 08:00 - 2018-06-18 08:00 - 000000000 ____D C:\Users\Sebo\AppData\Local\csbpldo
2018-06-17 09:10 - 2018-06-17 09:10 - 000000000 ____D C:\Users\Sebo\AppData\Local\avaompx
2018-06-16 12:28 - 2018-06-16 12:28 - 000000000 ____D C:\Users\Sebo\AppData\Local\exksnap
2018-06-16 06:24 - 2018-06-16 06:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\vsecang
2018-06-15 18:22 - 2018-06-15 18:22 - 001239791 _____ C:\Users\Sebo\Downloads\XO Tour Life FLP.rar
2018-06-15 08:02 - 2018-06-15 08:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\scrudph
2018-06-14 12:14 - 2018-06-14 12:14 - 000000000 ____D C:\Users\Sebo\AppData\Local\iabkmlv
2018-06-13 07:55 - 2018-06-13 07:55 - 000000000 ____D C:\Users\Sebo\AppData\Local\vsetkxu
2018-06-12 18:28 - 2018-06-12 18:28 - 000000000 ____D C:\Users\Sebo\AppData\Local\athugvr
2018-06-12 06:43 - 2018-06-12 06:43 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaadibh
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-12 21:39 - 2018-06-08 08:21 - 000000000 ____D C:\Users\Sebo\AppData\Local\containersvc
2018-07-12 21:39 - 2018-05-07 22:34 - 000000000 ____D C:\Users\avril_000\AppData\Local\wmcagent
2018-07-12 21:39 - 2018-05-07 22:29 - 000000000 ____D C:\Users\avril_000\AppData\Local\reapwbz
2018-07-12 17:28 - 2017-10-06 10:51 - 000003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6A2B2756-5422-4727-90D6-6DA6E2530DFE}
2018-07-12 16:25 - 2018-04-14 15:08 - 002888704 _____ C:\Windows\System32\dwrkxizsvc.exe
2018-07-12 16:24 - 2013-08-22 05:25 - 046399488 _____ C:\Windows\System32\config\HARDWARE
2018-07-12 16:23 - 2013-08-22 06:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-12 07:16 - 2013-08-22 07:20 - 000000000 ____D C:\Windows\CbsTemp
2018-07-12 06:48 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\rescache
2018-07-12 06:20 - 2017-10-06 10:53 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3491979019-2275402679-4232920000-1001
2018-07-12 05:48 - 2017-10-06 20:51 - 000000000 ____D C:\Windows\System32\appraiser
2018-07-12 05:17 - 2013-08-22 05:36 - 000000000 ____D C:\Windows\Inf
2018-07-11 17:51 - 2017-10-05 19:12 - 000000000 ____D C:\users\Sebo
2018-07-11 09:40 - 2017-10-26 20:09 - 000000000 ____D C:\Users\Sebo\AppData\Roaming\Maize Sampler Player
2018-07-11 05:39 - 2017-10-26 21:13 - 000000000 ____D C:\ProgramData\AVAST Software
2018-07-10 23:24 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\SysWOW64\inetsrv
2018-07-10 23:24 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\System32\inetsrv
2018-07-10 23:14 - 2013-08-22 06:44 - 000354104 _____ C:\Windows\System32\FNTCACHE.DAT
2018-07-10 23:12 - 2018-03-01 22:34 - 000000000 ____D C:\Users\Sebo\AppData\Local\CrashDumps
2018-07-10 23:03 - 2018-04-19 20:13 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-10 00:13 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\AppReadiness
2018-07-09 23:44 - 2013-08-22 05:25 - 000524288 ___SH C:\Windows\System32\config\BBI
2018-07-08 21:34 - 2014-05-30 01:13 - 000000000 ____D C:\Program Files\Hewlett-Packard
2018-07-07 01:00 - 2018-05-07 22:26 - 000000000 ____D C:\users\avril_000
2018-07-05 20:27 - 2014-05-30 01:18 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-07-03 19:59 - 2013-08-22 07:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-02 22:15 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\LiveKernelReports
2018-07-02 06:28 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\System32\NDF
2018-07-01 13:01 - 2017-10-06 13:07 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2018-06-28 14:07 - 2018-01-10 20:12 - 000835064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-06-28 14:07 - 2018-01-10 20:12 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-19 17:00 - 2018-05-05 20:09 - 000000000 ____D C:\Users\Sebo\AppData\Roaming\Scaler
 
Some files in TEMP:
====================
2018-07-12 12:50 - 2014-10-28 18:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\15012.exe
2018-07-12 12:53 - 2014-10-28 18:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\15486.exe
2018-07-12 15:45 - 2014-10-28 18:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\16464.exe
2018-07-12 12:58 - 2014-10-28 18:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\16466.exe
2018-07-12 16:06 - 2014-10-28 18:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\20553.exe
2017-10-21 18:24 - 2017-10-06 03:22 - 000965176 _____ (BlueStack Systems, Inc.) C:\Users\Sebo\AppData\Local\Temp\BlueStacksClientUninstaller.exe
2018-07-11 05:38 - 2018-07-11 05:38 - 000066192 _____ (AVAST Software) C:\Users\Sebo\AppData\Local\Temp\dlhz3cpp.g5m.exe
2018-07-08 21:36 - 2018-07-06 22:54 - 011576808 _____ (SurfRight B.V.) C:\Users\Sebo\AppData\Local\Temp\HitmanPro.exe
2017-10-15 14:50 - 2017-09-20 14:08 - 000651400 _____ (HP Inc.) C:\Users\Sebo\AppData\Local\Temp\HPSFUpdater.exe
2018-04-14 14:50 - 2018-04-14 14:50 - 000312820 _____ (My Company, Inc.                                            ) C:\Users\Sebo\AppData\Local\Temp\install.exe
2018-04-14 14:52 - 2018-04-14 14:52 - 000596696 _____ (Alexander Roshal) C:\Users\Sebo\AppData\Local\Temp\iuyuirr.exe
2017-10-21 18:24 - 2017-10-06 03:22 - 000421400 _____ (CodeTitans) C:\Users\Sebo\AppData\Local\Temp\JSON.dll
2017-10-06 11:59 - 2017-10-06 12:01 - 064108904 _____ (SweetLabs,Inc.) C:\Users\Sebo\AppData\Local\Temp\oct53F9.tmp.exe
2015-05-30 07:00 - 2015-05-30 07:00 - 000028672 _____ () C:\Users\Sebo\AppData\Local\Temp\R2RTOOL.dll
2017-10-22 12:49 - 2017-09-27 08:33 - 000172400 _____ (HP Inc.) C:\Users\Sebo\AppData\Local\Temp\UninstallHPSA.exe
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2018-01-09 15:35] - [2018-01-01 20:32] - 000571392 _____ (Microsoft Corporation) 4294D7AD504EA206A4A03DB29311B6C2
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2018-01-09 15:35] - [2018-01-01 20:29] - 000817664 _____ (Microsoft Corporation) 2928249E4DD39C2ADD3E74F02427AB8B
 
C:\Windows\System32\dnsapi.dll
[2017-10-10 15:24] - [2017-09-07 12:08] - 000656896 _____ (Microsoft Corporation) 764E397D1664C3CE690AC35D3DD7085A
 
C:\Windows\SysWOW64\dnsapi.dll
[2017-10-10 15:24] - [2017-09-07 10:24] - 000499200 _____ (Microsoft Corporation) 19992FFEC28B2CE8BDFCE1E7F51C4FAF
 
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 17%
Total physical RAM: 3985.95 MB
Available physical RAM: 3291.83 MB
Total Virtual: 3985.95 MB
Available Virtual: 3316.25 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:445.05 GB) (Free:174.61 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.69 GB) (Free:1.95 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (WINRE) (Fixed) (Total:0.63 GB) (Free:0.38 GB) NTFS
Drive g: (STORE N GO) (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 8387E6EE)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
 
LastRegBack: 2018-07-12 17:44
 
==================== End of FRST.txt ============================


#11 Sebo119

Sebo119
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 12 July 2018 - 08:11 PM

the power button thing works



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:17 PM

Posted 12 July 2018 - 08:31 PM

Thank you.

Please run a FRST scan in Normal Boot and copy/paste both reports in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Sebo119

Sebo119
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 12 July 2018 - 08:57 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Sebo (administrator) on SEBOPC (12-07-2018 22:51:53)
Running from C:\Users\Sebo\Desktop
Loaded Profiles: Sebo (Available Profiles: Sebo & avril_000)
Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-05] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3491979019-2275402679-4232920000-1001\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-3491979019-2275402679-4232920000-1001\...\Run: [utweb] => "C:\Users\Sebo\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BED17E2B-9F1C-40FD-A0F8-AA3295E2C9EE}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E960BB35-E858-4473-A47B-BFB3FAD12BB6}: [DhcpNameServer] 40.22.1.201 40.22.1.203
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131682202674597520&GUID=D04B0693-844B-93F6-88EF-62523EB8B034
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131682202674607720&GUID=D04B0693-844B-93F6-88EF-62523EB8B034
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3491979019-2275402679-4232920000-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES007&pc=UE06
HKU\S-1-5-21-3491979019-2275402679-4232920000-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3491979019-2275402679-4232920000-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {F91ED0B2-0A32-4CAB-84A7-CEE2474649A8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3491979019-2275402679-4232920000-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll => No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll => No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default [2018-07-12]
CHR Extension: (Slides) - C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-20]
CHR Extension: (Docs) - C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-20]
CHR Extension: (Google Drive) - C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-20]
CHR Extension: (YouTube) - C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-20]
CHR Extension: (Sheets) - C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-20]
CHR Extension: (Google Docs Offline) - C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-20]
CHR Extension: (Gmail) - C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-20]
CHR Extension: (Chrome Media Router) - C:\Users\Sebo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-14]
CHR HKLM-x32\...\Chrome\Extension: [pfkielbdojghpkdojeegellggecfnccd] - <no Path/update_url>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 BitDefenderCOM; "C:\Program Files\BDServices\BitDefenderCom.exe" [X]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-19] (Samsung Electronics Co., Ltd.)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
R1 MpKsl5531f75a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{53DC0F6C-DDA4-4459-8547-4E5E521E10DD}\MpKsl5531f75a.sys [58120 2018-07-12] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-08-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [6393856 2016-12-29] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-19] (Samsung Electronics Co., Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [442848 2018-02-22] (BitDefender S.R.L.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-23] (HP)
U3 aswbdisk; no ImagePath
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-12 22:51 - 2018-07-12 22:52 - 000013358 _____ C:\Users\Sebo\Desktop\FRST.txt
2018-07-12 22:24 - 2018-07-12 22:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\pskreva
2018-07-12 21:52 - 2018-07-12 21:52 - 002412544 _____ (Farbar) C:\Users\Sebo\Desktop\FRST64.exe
2018-07-12 21:10 - 2018-07-12 21:10 - 000000000 ____D C:\Users\Sebo\AppData\Local\racdueh
2018-07-12 21:05 - 2018-07-12 21:05 - 000001947 _____ C:\Users\Sebo\Downloads\RecoveryEnvironment.bat
2018-07-12 21:00 - 2018-07-12 21:00 - 000000000 ____D C:\Users\Sebo\AppData\Local\cgirhtv
2018-07-12 20:45 - 2018-07-12 20:45 - 000000000 ____D C:\Users\Sebo\AppData\Local\vsirgkp
2018-07-12 18:01 - 2018-07-12 18:01 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmmzuwe
2018-07-12 17:56 - 2018-07-12 17:56 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdmgupb
2018-07-12 17:54 - 2018-07-12 17:54 - 000000000 ____D C:\Users\Sebo\AppData\Local\cgoxnkl
2018-07-12 17:49 - 2018-07-12 17:49 - 000001947 _____ C:\Users\Sebo\Desktop\RecoveryEnvironment.bat
2018-07-12 17:44 - 2018-07-12 17:44 - 000000000 ____D C:\Users\Sebo\AppData\Local\wmnarhz
2018-07-12 13:35 - 2018-07-12 13:35 - 000000000 ____D C:\Users\Sebo\AppData\Local\usrbwog
2018-07-12 11:46 - 2018-07-12 11:46 - 000000000 ____D C:\Users\Sebo\AppData\Local\sboamxz
2018-07-12 11:07 - 2018-07-12 11:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\tiogbnm
2018-07-12 11:04 - 2018-07-12 11:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsnhzpo
2018-07-12 10:58 - 2018-07-12 10:58 - 000000000 ____D C:\Users\Sebo\AppData\Local\atsmbno
2018-07-12 10:53 - 2018-07-12 10:53 - 000000000 ____D C:\Users\Sebo\AppData\Local\ranwcsx
2018-07-12 10:40 - 2018-07-12 10:40 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaokhtm
2018-07-12 10:25 - 2018-07-12 10:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\upkmtde
2018-07-12 10:11 - 2018-07-12 10:11 - 000000000 ____D C:\Users\Sebo\AppData\Local\upkslmd
2018-07-12 07:55 - 2018-07-12 07:55 - 000000000 ____D C:\Users\Sebo\AppData\Local\iastxwz
2018-07-12 05:07 - 2018-07-12 05:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdbolum
2018-07-11 23:12 - 2018-07-11 23:12 - 000039792 _____ C:\Users\Sebo\Downloads\FRST_11-07-2018 23.08.27.txt
2018-07-11 23:03 - 2018-07-12 22:00 - 000042751 _____ C:\Users\Sebo\Downloads\FRST.txt
2018-07-11 22:57 - 2018-07-11 22:57 - 000000000 ____D C:\Users\Sebo\AppData\Local\psmntuo
2018-07-11 22:55 - 2018-07-11 22:55 - 000000000 ____D C:\Users\Sebo\AppData\Local\aterwkn
2018-07-11 22:29 - 2018-07-13 02:39 - 000000000 ____D C:\Users\Sebo\AppData\Local\scczuwg
2018-07-11 22:26 - 2018-07-11 22:26 - 000000000 ____D C:\Users\Sebo\AppData\Local\ianmtbz
2018-07-11 14:36 - 2018-06-12 16:01 - 000149632 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-07-11 14:36 - 2018-06-08 10:15 - 001602048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-07-11 14:36 - 2018-06-08 10:15 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-07-11 14:36 - 2018-06-08 10:15 - 000612352 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-07-11 14:36 - 2018-06-08 10:15 - 000443392 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-07-11 14:36 - 2018-06-08 10:15 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-07-11 14:36 - 2018-06-08 10:15 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-07-11 14:35 - 2018-06-08 10:15 - 002860032 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-07-11 14:35 - 2018-06-08 10:15 - 000783872 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-07-11 14:35 - 2018-06-08 10:15 - 000470016 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-07-11 14:27 - 2018-07-11 14:27 - 000000000 ____D C:\Users\Sebo\AppData\Local\usmegcx
2018-07-11 14:20 - 2018-07-11 14:20 - 000000000 ____D C:\Users\Sebo\AppData\Local\sidarev
2018-07-11 14:11 - 2018-07-12 22:00 - 000041098 _____ C:\Users\Sebo\Downloads\Addition.txt
2018-07-11 14:08 - 2018-07-12 22:51 - 000000000 ____D C:\FRST
2018-07-11 13:35 - 2018-07-11 13:35 - 000000000 ____D C:\SUPERDelete
2018-07-11 13:05 - 2018-07-11 13:05 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmmgcep
2018-07-11 12:39 - 2018-07-11 12:39 - 000000000 ____D C:\Users\Sebo\Desktop\Fatal flute - Copy
2018-07-11 12:39 - 2018-07-11 12:39 - 000000000 ____D C:\Users\Sebo\AppData\Local\atokpzn
2018-07-11 10:52 - 2018-07-11 10:55 - 034339440 _____ (SUPERAntiSpyware) C:\Users\Sebo\Downloads\SUPERAntiSpyware.exe
2018-07-11 10:52 - 2018-07-11 10:53 - 000359021 _____ C:\Users\Sebo\Downloads\InsaneCryptDecrypter.zip
2018-07-11 10:50 - 2018-07-11 10:50 - 001790024 _____ (Malwarebytes) C:\Users\Sebo\Downloads\JRT.exe
2018-07-11 10:49 - 2018-07-11 10:50 - 007395536 _____ (Malwarebytes) C:\Users\Sebo\Downloads\AdwCleaner.exe
2018-07-11 10:43 - 2018-07-11 10:44 - 005336387 _____ C:\Users\Sebo\Downloads\rakhnidecryptor.zip
2018-07-11 10:42 - 2018-07-11 10:42 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Sebo\Downloads\rkill.exe
2018-07-11 10:40 - 2018-07-11 10:40 - 000000000 ____D C:\Program Files\AVAST Software
2018-07-11 10:38 - 2018-07-11 23:00 - 000000000 ____D C:\Users\Sebo\AppData\Local\Opera Software
2018-07-11 10:38 - 2018-07-11 10:49 - 031209595 ____R C:\Users\Sebo\Downloads\SpyHunter 4.9.10.3956 Final incl patch-SND.rar
2018-07-11 10:37 - 2018-07-11 23:00 - 000000000 ____D C:\Users\Sebo\AppData\Roaming\Opera Software
2018-07-11 10:33 - 2018-07-11 23:00 - 000000000 ____D C:\Program Files\Opera
2018-07-11 10:33 - 2018-07-11 13:46 - 000000000 ____D C:\Users\Sebo\AppData\Roaming\uTorrent
2018-07-11 10:33 - 2018-07-11 13:06 - 000000000 ____D C:\Users\Sebo\AppData\LocalLow\uTorrent
2018-07-11 10:33 - 2018-07-11 10:33 - 000000865 _____ C:\Users\Sebo\Desktop\µTorrent.lnk
2018-07-11 10:33 - 2018-07-11 10:33 - 000000845 _____ C:\Users\Sebo\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2018-07-11 10:29 - 2018-07-11 10:30 - 002948240 _____ (BitTorrent Inc.) C:\Users\Sebo\Downloads\uTorrent.exe
2018-07-11 10:25 - 2018-07-11 10:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\nvorphx
2018-07-11 04:31 - 2018-07-11 04:31 - 000000000 ____D C:\Users\Sebo\AppData\Local\lscntmw
2018-07-11 04:16 - 2018-07-11 04:16 - 000000000 ____D C:\Users\Sebo\AppData\Local\atbdire
2018-07-11 04:03 - 2018-07-11 04:03 - 000002246 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-11 03:24 - 2018-07-11 03:24 - 000001830 _____ C:\Users\Sebo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2018-07-11 03:21 - 2018-07-11 03:23 - 021020664 _____ (BitTorrent, Inc.) C:\Users\Sebo\Downloads\utweb_installer.exe
2018-07-11 03:19 - 2018-07-11 03:19 - 000000000 ____D C:\Users\Sebo\AppData\Local\snhztxi
2018-07-11 02:53 - 2018-07-11 02:53 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmrnckg
2018-07-10 09:22 - 2018-07-10 09:22 - 000000000 ____D C:\Users\Sebo\AppData\Local\nvdzlgs
2018-07-10 08:46 - 2018-07-10 08:46 - 000000000 ____D C:\Users\Sebo\AppData\Local\dtenlgo
2018-07-10 07:48 - 2018-07-10 07:48 - 000000000 ____D C:\Users\Sebo\AppData\Local\tismcoh
2018-07-10 06:34 - 2018-07-10 06:34 - 000000000 ____D C:\Users\Sebo\AppData\Local\rtsigwk
2018-07-10 05:45 - 2018-07-10 05:45 - 000000000 ____D C:\Users\Sebo\AppData\Local\pcdlvgb
2018-07-10 05:24 - 2018-07-10 05:24 - 000007597 _____ C:\Users\Sebo\AppData\Local\Resmon.ResmonCfg
2018-07-10 04:47 - 2018-07-10 04:47 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdrxsue
2018-07-10 04:34 - 2018-07-10 04:34 - 000000000 ____D C:\Users\Sebo\AppData\Local\seozcpd
2018-07-09 02:27 - 2018-07-09 02:27 - 000000000 ____D C:\Users\Sebo\AppData\Local\reizbcg
2018-07-07 11:20 - 2018-07-07 11:20 - 000000000 ____D C:\Users\Sebo\AppData\Local\dwitmav
2018-07-07 04:18 - 2018-07-07 04:18 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2018-07-07 04:18 - 2018-07-07 04:18 - 000001750 _____ C:\Windows\system32\bootdelete.lst
2018-07-07 03:50 - 2018-07-07 03:50 - 000000000 ____D C:\Users\Sebo\AppData\Local\snhbaxg
2018-07-07 02:53 - 2018-07-10 04:32 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-07-07 02:53 - 2018-07-09 03:36 - 000070255 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-07-07 02:53 - 2018-07-09 02:38 - 000057398 _____ C:\Windows\ZAM.krnl.trace
2018-07-07 02:53 - 2018-07-07 02:53 - 000000000 ____D C:\Users\Sebo\AppData\Local\Zemana
2018-07-07 02:50 - 2018-07-07 02:50 - 000000000 ____D C:\Users\Sebo\AppData\Local\wmhregi
2018-07-07 01:35 - 2018-07-07 01:35 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmhknco
2018-07-06 12:08 - 2018-07-06 12:08 - 000000000 ____D C:\Users\Sebo\AppData\Local\wmdablg
2018-07-06 10:36 - 2018-07-06 10:36 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdrvnbc
2018-07-06 07:16 - 2018-07-06 07:16 - 000000000 ____D C:\Users\Sebo\AppData\Local\pwecikg
2018-07-06 06:23 - 2018-07-06 06:23 - 000000000 ____D C:\Users\Sebo\AppData\Local\sccoxak
2018-07-06 01:31 - 2018-07-06 01:31 - 000000000 ____D C:\Users\Sebo\AppData\Local\csripux
2018-07-06 00:58 - 2018-07-06 00:58 - 000000000 ____D C:\Users\Sebo\AppData\Local\audpksx
2018-07-06 00:13 - 2018-07-06 00:13 - 000000000 ____D C:\Users\Sebo\AppData\Local\tirnczg
2018-07-06 00:11 - 2018-07-12 22:31 - 000966402 _____ C:\Windows\ntbtlog.txt
2018-07-06 00:10 - 2018-07-06 00:10 - 000000000 ____D C:\Windows\pss
2018-07-05 23:52 - 2018-07-05 23:52 - 000000000 ____D C:\Users\Sebo\AppData\Local\reniumt
2018-07-05 15:25 - 2018-07-05 15:25 - 000000000 ____D C:\Program Files (x86)\Trojan Killer
2018-07-05 15:17 - 2018-07-05 15:17 - 000000000 ____D C:\Users\Sebo\AppData\Local\svdhwxe
2018-07-05 14:30 - 2018-07-05 14:30 - 000000000 ____D C:\Users\Sebo\AppData\Local\dworbeg
2018-07-05 14:23 - 2018-07-05 14:23 - 000000000 ____D C:\Users\Sebo\AppData\Local\spbvhlk
2018-07-05 13:52 - 2018-07-05 13:52 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsspenh
2018-07-05 11:43 - 2018-07-05 11:43 - 000000000 ____D C:\Users\Sebo\AppData\Local\aubrvgp
2018-07-05 11:36 - 2018-07-07 04:18 - 000000000 ____D C:\ProgramData\HitmanPro
2018-07-05 11:26 - 2018-07-05 11:26 - 000000000 ____D C:\Users\Sebo\AppData\Local\wemhlop
2018-07-05 11:12 - 2018-07-05 11:12 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaimedt
2018-07-05 10:50 - 2018-07-05 10:50 - 000000000 ____D C:\Users\Sebo\Desktop\New folder
2018-07-05 10:45 - 2018-07-05 10:45 - 000000000 ____D C:\Users\Sebo\AppData\Local\wikvoea
2018-07-05 10:37 - 2018-07-05 10:48 - 000000000 ____D C:\Users\Sebo\Downloads\SpyHunter 4.1.11.0 + Crack
2018-07-05 10:18 - 2018-07-05 10:18 - 000000000 ____D C:\Users\Sebo\AppData\Local\scrgoiw
2018-07-05 10:08 - 2018-07-07 03:43 - 000000000 ____D C:\Program Files\BDServices
2018-07-05 09:25 - 2018-07-05 09:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\sckedtw
2018-07-05 09:16 - 2018-07-05 09:16 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsbapic
2018-07-05 06:04 - 2018-07-05 06:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\sekmxlb
2018-07-05 06:02 - 2018-07-05 06:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\snalxtp
2018-07-05 05:49 - 2018-07-05 05:49 - 000000000 ____D C:\Users\Sebo\AppData\Local\wmohvai
2018-07-05 04:49 - 2018-07-05 04:49 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaixcwn
2018-07-05 04:44 - 2018-07-05 04:44 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdkowrn
2018-07-05 04:36 - 2018-07-05 04:36 - 000000000 ____D C:\Users\Sebo\AppData\Local\avnetks
2018-07-05 04:33 - 2018-07-05 04:33 - 000000000 ____D C:\Users\Sebo\AppData\Local\mskoatb
2018-07-05 04:22 - 2018-07-05 04:22 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdbacop
2018-07-05 04:16 - 2018-07-05 04:16 - 000000000 ____D C:\Users\Sebo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2018-07-05 04:16 - 2018-07-05 04:16 - 000000000 ____D C:\Program Files\Unlocker
2018-07-05 04:07 - 2018-07-05 04:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\psnbdwg
2018-07-05 02:28 - 2018-07-05 02:28 - 000000000 ____D C:\Program Files (x86)\HP
2018-07-05 02:13 - 2018-07-05 02:13 - 000000000 ____D C:\Users\Sebo\AppData\Local\nicktga
2018-07-04 13:39 - 2018-07-04 13:39 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdomvel
2018-07-04 12:25 - 2018-07-04 12:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\ninzlcp
2018-07-04 11:57 - 2018-07-04 11:57 - 000000000 ____D C:\Users\Sebo\AppData\Local\pskiwcx
2018-07-04 11:26 - 2018-07-04 11:26 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmagnus
2018-07-04 10:50 - 2018-07-04 10:50 - 000000000 ____D C:\Users\Sebo\AppData\Local\avitwxl
2018-07-04 09:36 - 2018-07-04 09:36 - 000000000 ____D C:\Users\Sebo\AppData\Local\sbdkvxa
2018-07-04 09:02 - 2018-07-04 09:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\nidrmcp
2018-07-04 08:22 - 2018-07-04 08:22 - 000000000 ____D C:\Users\Sebo\AppData\Local\cgsunrm
2018-07-04 08:16 - 2018-07-04 08:18 - 000000000 ____D C:\AdwCleaner
2018-07-04 07:23 - 2018-07-04 07:23 - 000000000 ____D C:\Users\Sebo\AppData\Local\wembnxl
2018-07-04 06:59 - 2018-07-04 06:59 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsavocb
2018-07-04 06:53 - 2018-07-04 06:53 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdmacol
2018-07-04 06:30 - 2018-07-04 06:30 - 000000000 ____D C:\Users\Sebo\AppData\Local\spsrktw
2018-07-04 00:52 - 2018-07-04 11:32 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3491979019-2275402679-4232920000-1003
2018-07-04 00:25 - 2018-07-04 00:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\vshzxra
2018-07-03 10:29 - 2018-07-03 10:29 - 000000000 ____D C:\Users\Sebo\AppData\Local\dtcmwrp
2018-07-03 09:24 - 2018-07-03 09:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\scndhtb
2018-07-03 08:38 - 2018-07-03 08:38 - 000000000 ____D C:\Users\Sebo\AppData\Local\tihudmp
2018-07-03 08:15 - 2018-07-03 08:15 - 000000000 ____D C:\Users\Sebo\AppData\Local\nvdxegl
2018-07-03 07:41 - 2018-07-03 07:41 - 000000000 ____D C:\Users\Sebo\AppData\Local\nvkizhm
2018-07-03 07:25 - 2018-07-13 02:40 - 000000000 ____D C:\Users\TEMP\AppData\Local\iareput
2018-07-03 07:22 - 2018-07-03 07:27 - 000000000 ____D C:\Users\TEMP
2018-07-03 06:40 - 2018-07-03 06:40 - 000000000 ____D C:\Users\Sebo\AppData\Local\sphtrgd
2018-07-03 06:14 - 2018-07-03 06:14 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdmrkts
2018-07-03 03:59 - 2018-07-03 03:59 - 000000000 ____D C:\Users\Sebo\AppData\Local\lsbahgi
2018-07-03 03:18 - 2018-07-03 03:18 - 000000000 ____D C:\Users\Sebo\AppData\Local\lsivzgu
2018-07-03 03:02 - 2018-07-03 03:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\cshenbo
2018-07-03 02:25 - 2018-07-03 02:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\wibench
2018-07-03 02:07 - 2018-07-03 02:07 - 000000000 ____D C:\Program Files\Malwarebytes
2018-07-03 02:04 - 2018-07-03 02:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmhcdkx
2018-07-03 01:24 - 2018-07-03 01:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmeprvn
2018-07-03 00:36 - 2018-07-03 00:36 - 000000000 ____D C:\Users\Sebo\AppData\Local\wiokrdv
2018-07-03 00:28 - 2018-07-03 00:28 - 000000000 ____D C:\Users\Sebo\AppData\Local\zascerp
2018-07-02 13:33 - 2018-07-02 13:33 - 000000000 ____D C:\Users\Sebo\AppData\Local\timnkaz
2018-07-02 13:04 - 2018-07-02 13:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\usizwov
2018-07-02 12:58 - 2018-07-02 12:58 - 000000000 ____D C:\Users\Sebo\AppData\Local\cwdxblr
2018-07-02 12:28 - 2018-07-02 12:28 - 000000000 ____D C:\Users\Sebo\AppData\Local\seiuvgd
2018-07-02 11:56 - 2018-07-02 11:56 - 000000000 ____D C:\Users\Sebo\AppData\Local\wimhxba
2018-07-02 11:24 - 2018-07-02 11:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\ausdbit
2018-07-02 00:17 - 2018-07-02 00:17 - 000000000 ____D C:\Users\Sebo\AppData\Local\msaoetl
2018-07-02 00:10 - 2018-07-02 00:10 - 000000000 ____D C:\Users\Sebo\AppData\Local\rtipdeu
2018-07-01 22:13 - 2018-07-01 22:13 - 000000000 ____D C:\Users\Sebo\AppData\Local\ramevgn
2018-07-01 21:26 - 2018-07-01 21:26 - 000000000 ____D C:\Users\Sebo\AppData\Local\costkpr
2018-07-01 20:48 - 2018-07-01 20:48 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaowbpd
2018-07-01 20:02 - 2018-07-01 20:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\seduzgp
2018-07-01 19:13 - 2018-07-01 19:13 - 000000000 ____D C:\Users\Sebo\AppData\Local\raicplo
2018-07-01 18:32 - 2018-07-01 18:32 - 000000000 ____D C:\Users\Sebo\AppData\Local\sckohub
2018-07-01 17:42 - 2018-07-01 17:42 - 000000000 ____D C:\Users\Sebo\AppData\Local\iaetrlv
2018-07-01 16:00 - 2018-07-01 16:00 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdeopba
2018-06-30 23:56 - 2018-06-30 23:56 - 000000000 ____D C:\Users\Sebo\AppData\Local\vsaiodu
2018-06-30 23:18 - 2018-06-30 23:18 - 000000000 ____D C:\Users\Sebo\AppData\Local\conghre
2018-06-30 22:32 - 2018-06-30 22:32 - 000000000 ____D C:\Users\Sebo\AppData\Local\cgovwzx
2018-06-30 20:24 - 2018-06-30 20:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\atdmwkc
2018-06-30 20:16 - 2018-06-30 20:16 - 000000000 ____D C:\Users\Sebo\AppData\Local\scnkhld
2018-06-30 18:32 - 2018-06-30 18:32 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsawout
2018-06-30 15:58 - 2018-06-30 15:58 - 000000000 ____D C:\Users\Sebo\AppData\Local\sceipnv
2018-06-30 14:03 - 2018-06-30 14:03 - 000000000 ____D C:\Users\Sebo\AppData\Local\exbndvr
2018-06-30 14:00 - 2018-06-30 14:00 - 000000000 ____D C:\ProgramData\PACE
2018-06-30 13:52 - 2018-06-30 13:52 - 000000000 ____D C:\Windows\%LOCALAPPDATA%
2018-06-30 13:19 - 2018-06-30 13:19 - 000000000 ____D C:\Users\Sebo\AppData\Local\spcgzrm
2018-06-29 18:52 - 2018-06-29 18:52 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdhrkgz
2018-06-29 15:50 - 2018-06-29 15:50 - 000000000 ____D C:\Users\Sebo\AppData\Local\sndxtcp
2018-06-29 15:03 - 2018-06-29 15:03 - 000000000 ____D C:\Users\Sebo\AppData\Local\scrxliv
2018-06-29 14:11 - 2018-06-29 14:11 - 000000000 ____D C:\Users\Sebo\AppData\Local\dtaiznm
2018-06-29 13:25 - 2018-06-29 13:28 - 000000000 ____D C:\Users\Sebo\Desktop\Made Up
2018-06-29 13:20 - 2018-06-29 13:20 - 000000000 ____D C:\Users\Sebo\AppData\Local\atkdcbg
2018-06-29 13:14 - 2018-06-29 13:14 - 000000000 ____D C:\Users\Sebo\AppData\Local\psdwmck
2018-06-29 02:40 - 2018-06-29 02:40 - 000000000 ____D C:\Users\Sebo\AppData\Local\pwhxuac
2018-06-28 22:14 - 2018-06-28 22:14 - 000000000 ____D C:\Users\Sebo\AppData\Local\pcrgils
2018-06-28 17:15 - 2018-06-28 17:16 - 069194466 _____ C:\Users\Sebo\Desktop\Kendrick lamar type beat.wav
2018-06-28 13:46 - 2018-06-28 13:46 - 000000000 ____D C:\Users\Sebo\Desktop\AZS Spice Vol.2 MIDI
2018-06-28 13:43 - 2018-06-29 13:27 - 000000000 ____D C:\Users\Sebo\Desktop\Aiyn.Zahev4
2018-06-28 13:40 - 2018-06-28 13:40 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmrvxip
2018-06-27 11:19 - 2018-06-27 11:19 - 000000000 ____D C:\Users\Sebo\AppData\Local\nibtesa
2018-06-27 03:05 - 2018-06-27 03:05 - 000000000 ____D C:\Users\Sebo\AppData\Local\avormwd
2018-06-26 19:20 - 2018-06-26 19:20 - 000000000 ____D C:\Users\Sebo\AppData\Local\uprlhwo
2018-06-26 14:55 - 2018-06-26 14:55 - 000000000 ____D C:\Users\Sebo\AppData\Local\uskotmn
2018-06-25 22:35 - 2018-06-25 22:35 - 000000000 ____D C:\Users\Sebo\AppData\Local\sbrnuch
2018-06-25 14:07 - 2018-06-25 14:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\cwcuonp
2018-06-24 18:24 - 2018-06-28 13:55 - 000000000 ____D C:\Users\Sebo\Downloads\Dune Synapse Audio
2018-06-24 18:04 - 2018-06-24 18:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\uskohzn
2018-06-23 21:30 - 2018-06-23 21:30 - 000000000 ____D C:\Users\Sebo\AppData\Local\wistzol
2018-06-23 15:09 - 2018-06-23 15:09 - 000000000 ____D C:\Users\Sebo\AppData\Local\upbmnwo
2018-06-22 15:06 - 2018-06-22 15:06 - 000000000 ____D C:\Users\Sebo\AppData\Local\sekzduo
2018-06-21 12:07 - 2018-06-21 12:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdsavun
2018-06-20 14:14 - 2018-06-20 14:14 - 002257964 _____ C:\Users\Sebo\Downloads\looperman-l-0159051-0130110-chapter-vi-1.wav
2018-06-20 13:51 - 2018-06-20 13:51 - 000000000 ____D C:\Users\Sebo\AppData\Local\svbtuog
2018-06-19 21:47 - 2018-06-19 21:47 - 000000000 ____D C:\Users\Sebo\AppData\Local\pwanglx
2018-06-19 16:42 - 2018-06-19 16:42 - 000000000 ____D C:\Users\Sebo\AppData\Local\sichtvg
2018-06-18 13:00 - 2018-06-18 13:00 - 000000000 ____D C:\Users\Sebo\AppData\Local\csbpldo
2018-06-17 14:10 - 2018-06-17 14:10 - 000000000 ____D C:\Users\Sebo\AppData\Local\avaompx
2018-06-16 17:28 - 2018-06-16 17:28 - 000000000 ____D C:\Users\Sebo\AppData\Local\exksnap
2018-06-16 11:24 - 2018-06-16 11:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\vsecang
2018-06-15 23:22 - 2018-06-15 23:22 - 001239791 _____ C:\Users\Sebo\Downloads\XO Tour Life FLP.rar
2018-06-15 13:02 - 2018-06-15 13:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\scrudph
2018-06-14 17:14 - 2018-06-14 17:14 - 000000000 ____D C:\Users\Sebo\AppData\Local\iabkmlv
2018-06-13 12:55 - 2018-06-13 12:55 - 000000000 ____D C:\Users\Sebo\AppData\Local\vsetkxu
2018-06-12 23:28 - 2018-06-12 23:28 - 000000000 ____D C:\Users\Sebo\AppData\Local\athugvr
2018-06-12 11:43 - 2018-06-12 11:43 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaadibh
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-13 02:39 - 2018-06-08 13:21 - 000000000 ____D C:\Users\Sebo\AppData\Local\containersvc
2018-07-12 22:50 - 2018-04-14 19:53 - 000000000 ____D C:\Windows\system32\zaopwgu
2018-07-12 22:28 - 2017-10-06 15:51 - 000003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6A2B2756-5422-4727-90D6-6DA6E2530DFE}
2018-07-12 22:10 - 2014-03-18 06:53 - 000957952 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-12 22:10 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\Inf
2018-07-12 21:43 - 2013-08-22 11:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-12 21:25 - 2018-04-14 20:08 - 002888704 _____ C:\Windows\system32\dwrkxizsvc.exe
2018-07-12 21:24 - 2013-08-22 10:25 - 046399488 _____ C:\Windows\system32\config\HARDWARE
2018-07-12 12:19 - 2013-08-22 12:20 - 000000000 ____D C:\Windows\CbsTemp
2018-07-12 11:48 - 2013-08-22 12:36 - 000000000 ____D C:\Windows\rescache
2018-07-12 11:20 - 2017-10-06 15:53 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3491979019-2275402679-4232920000-1001
2018-07-12 10:48 - 2017-10-07 01:51 - 000000000 ____D C:\Windows\system32\appraiser
2018-07-11 22:51 - 2017-10-06 00:12 - 000000000 ____D C:\Users\Sebo
2018-07-11 14:40 - 2017-10-27 01:09 - 000000000 ____D C:\Users\Sebo\AppData\Roaming\Maize Sampler Player
2018-07-11 10:39 - 2017-10-27 02:13 - 000000000 ____D C:\ProgramData\AVAST Software
2018-07-11 04:24 - 2013-08-22 12:36 - 000000000 ____D C:\Windows\SysWOW64\inetsrv
2018-07-11 04:24 - 2013-08-22 12:36 - 000000000 ____D C:\Windows\system32\inetsrv
2018-07-11 04:14 - 2013-08-22 11:44 - 000354104 _____ C:\Windows\system32\FNTCACHE.DAT
2018-07-11 04:12 - 2018-03-02 03:34 - 000000000 ____D C:\Users\Sebo\AppData\Local\CrashDumps
2018-07-11 04:03 - 2018-04-20 01:16 - 000002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-11 04:03 - 2018-04-20 01:13 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-10 05:13 - 2013-08-22 12:36 - 000000000 ____D C:\Windows\AppReadiness
2018-07-10 04:44 - 2013-08-22 10:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2018-07-09 02:34 - 2014-05-30 06:13 - 000000000 ____D C:\Program Files\Hewlett-Packard
2018-07-07 06:00 - 2018-05-08 03:26 - 000000000 ____D C:\Users\avril_000
2018-07-06 01:27 - 2014-05-30 06:18 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-07-04 00:59 - 2013-08-22 12:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-03 03:15 - 2013-08-22 12:36 - 000000000 ____D C:\Windows\LiveKernelReports
2018-07-02 11:28 - 2013-08-22 12:36 - 000000000 ____D C:\Windows\system32\NDF
2018-07-01 18:01 - 2017-10-06 18:07 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2018-06-28 19:07 - 2018-01-11 01:12 - 000835064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-06-28 19:07 - 2018-01-11 01:12 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-19 22:00 - 2018-05-06 01:09 - 000000000 ____D C:\Users\Sebo\AppData\Roaming\Scaler
 
==================== Files in the root of some directories =======
 
2014-01-08 12:00 - 2014-01-08 12:00 - 001732608 _____ (Waves Audio Ltd.) C:\Program Files (x86)\WaveShell-VST 9.2.dll
2018-05-03 00:12 - 2018-05-03 00:12 - 000000001 _____ () C:\Users\Sebo\AppData\Local\llftool.4.40.agreement
2018-07-10 05:24 - 2018-07-10 05:24 - 000007597 _____ () C:\Users\Sebo\AppData\Local\Resmon.ResmonCfg
2018-04-14 19:51 - 2018-04-14 19:51 - 000000003 _____ () C:\Users\Sebo\AppData\Local\wbem.ini
 
Some files in TEMP:
====================
2018-07-12 17:50 - 2014-10-28 23:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\15012.exe
2018-07-12 17:53 - 2014-10-28 23:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\15486.exe
2018-07-12 20:45 - 2014-10-28 23:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\16464.exe
2018-07-12 17:58 - 2014-10-28 23:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\16466.exe
2018-07-12 21:06 - 2014-10-28 23:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\20553.exe
2017-10-21 23:24 - 2017-10-06 08:22 - 000965176 _____ (BlueStack Systems, Inc.) C:\Users\Sebo\AppData\Local\Temp\BlueStacksClientUninstaller.exe
2018-07-11 10:38 - 2018-07-11 10:38 - 000066192 _____ (AVAST Software) C:\Users\Sebo\AppData\Local\Temp\dlhz3cpp.g5m.exe
2018-07-09 02:36 - 2018-07-07 03:54 - 011576808 _____ (SurfRight B.V.) C:\Users\Sebo\AppData\Local\Temp\HitmanPro.exe
2017-10-15 19:50 - 2017-09-20 19:08 - 000651400 _____ (HP Inc.) C:\Users\Sebo\AppData\Local\Temp\HPSFUpdater.exe
2018-04-14 19:50 - 2018-04-14 19:50 - 000312820 _____ (My Company, Inc.                                            ) C:\Users\Sebo\AppData\Local\Temp\install.exe
2018-04-14 19:52 - 2018-04-14 19:52 - 000596696 _____ (Alexander Roshal) C:\Users\Sebo\AppData\Local\Temp\iuyuirr.exe
2017-10-21 23:24 - 2017-10-06 08:22 - 000421400 _____ (CodeTitans) C:\Users\Sebo\AppData\Local\Temp\JSON.dll
2017-10-06 16:59 - 2017-10-06 17:01 - 064108904 _____ (SweetLabs,Inc.) C:\Users\Sebo\AppData\Local\Temp\oct53F9.tmp.exe
2015-05-30 12:00 - 2015-05-30 12:00 - 000028672 _____ () C:\Users\Sebo\AppData\Local\Temp\R2RTOOL.dll
2017-10-22 17:49 - 2017-09-27 13:33 - 000172400 _____ (HP Inc.) C:\Users\Sebo\AppData\Local\Temp\UninstallHPSA.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-07-12 22:44
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Sebo (12-07-2018 22:53:36)
Running from C:\Users\Sebo\Desktop
Windows 8.1 Connected (Update) (X64) (2017-10-06 03:12:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3491979019-2275402679-4232920000-500 - Administrator - Disabled)
avril_000 (S-1-5-21-3491979019-2275402679-4232920000-1003 - Limited - Enabled) => C:\Users\avril_000
Guest (S-1-5-21-3491979019-2275402679-4232920000-501 - Limited - Disabled)
Sebo (S-1-5-21-3491979019-2275402679-4232920000-1001 - Administrator - Enabled) => C:\Users\Sebo
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3491979019-2275402679-4232920000-1001\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)
AMD Catalyst Install Manager (HKLM\...\{DE74B890-4025-A7BE-8EBC-F374528DCFFD}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cableguys HalfTime 1.0 (HKLM\...\HalfTime_is1) (Version: 1.0 - Cableguys)
Camel Audio CamelCrusher (HKLM-x32\...\Camel Audio CamelCrusher) (Version: 1.01.0 - Camel Audio)
Celemony Melodyne Studio 4 (HKLM\...\Melodyne Studio 4_is1) (Version: 4.1.1.011 - Celemony)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
DaVinci Resolve (HKLM\...\{B038DE18-6092-4C56-ACD4-E268DCFE2B20}) (Version: 14.3.0014 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{332552D0-B8EE-49BF-B904-E038A72BD2B2}) (Version: 1.1.2.0 - Blackmagic Design)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DUNE 2 (HKLM-x32\...\DUNE 2_is1) (Version:  - Synapse Audio Software)
Edirol HQ Orchestral v1.01 (HKLM-x32\...\Edirol HQ Orchestral v1.01) (Version:  - )
Effectrix 1.4 (HKLM\...\Effectrix_is1) (Version: 1.4 - Sugar Bytes)
Electra2 full (HKLM-x32\...\Tone2 Electra2 full_is1) (Version: 2.1.0 - Tone2)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Goodgame Empire (HKLM-x32\...\Goodgame Empire) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP Documentation (HKLM-x32\...\{DCB0919F-F0A6-4C63-800F-B6825D6C0434}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.9.18.3 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{82E6836B-9400-4965-9FD2-46BD64D8BE41}) (Version: 2.4.7 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
LUXONIX Purity (HKLM-x32\...\LUXONIX_Purity) (Version: 1.2.4 - LUXONIX)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e52a6842-b0ac-476e-b48f-378a97a67346}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{f325f05b-f963-4640-a43b-c8a494cdda0f}) (Version: 14.10.25017.0 - Microsoft Corporation)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.5.0.409 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.5.0.533 - Native Instruments)
Native Instruments Xpress Keyboards (HKLM-x32\...\Native Instruments Xpress Keyboards) (Version:  - )
Plugin Boutique Scaler (HKLM\...\Scaler_is1) (Version: 1.2.0 - Plugin Boutique)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.23 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
Reveal Sound Spire (HKLM\...\Spire_is1) (Version: 1.1.12 - Reveal Sound)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sylenth1 v2.21 (HKLM-x32\...\Sylenth1_is1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Trap Boom 3 % (HKLM-x32\...\Trap Boom 3 %) (Version: 1.00 - StudioLinked)
u-he Hive (HKLM-x32\...\u-he Hive) (Version: 1.1.0.3898 - u-he)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Waves Complete V9r15 (HKLM-x32\...\{91000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.1.15 - Waves)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-02-21] (Cyberlink)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-10] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-10] (Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-02-21] (Cyberlink)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-01-17] (Intel Corporation)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-10] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-10] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04EB23A2-EF20-4BCD-9DBE-1895B656A8B0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {057F1176-437F-46AA-87A5-A6A8E74BC4FF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {40D3DC57-1573-48B0-9C6D-8A020513FB29} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {681E816E-C4FF-4D5F-AA56-728B820FB42D} - \SweetLabs App Platform -> No File <==== ATTENTION
Task: {78FA5920-2E15-400B-BFD1-74332481F515} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-09-27] (HP Inc.)
Task: {8DE10FF6-652B-4C53-8093-335059F32876} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {97353867-A5E9-4AD4-BB3D-F465F5795D46} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {B520CEC0-EDC4-45D1-968B-814C6E833561} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-20] (Google Inc.)
Task: {C46CB045-D145-445E-AC11-9E37E4C48309} - System32\Tasks\AdobeServism => C:\ProgramData\Flashm\MSACuiLm.exe [2018-04-14] ()
Task: {D0A0F9FB-B35D-417F-B551-41D6DE7AB3EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-27] (HP Inc.)
Task: {DD434F47-B7FC-4D39-AB12-E42D97192B79} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-20] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-28 17:31 - 2014-03-28 17:31 - 002110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 17:27 - 2014-03-28 17:27 - 000021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 17:27 - 2014-03-28 17:27 - 000035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 17:27 - 2014-03-28 17:27 - 000055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 17:48 - 2014-03-28 17:48 - 000367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 17:48 - 2014-03-28 17:48 - 000712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2010-07-15 01:44 - 2010-07-15 01:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 10:25 - 2018-05-06 01:07 - 000002120 _____ C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3491979019-2275402679-4232920000-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sebo\Downloads\39594050-the-best-wallpapers.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{452861CA-0F01-4991-B386-4DC0701014FD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{46F4705D-7AF2-4ED3-805A-9417E6186CF3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{88BA0ECF-19F1-4D12-B6D2-4C9B3D54A9B1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{0E2F82B4-D4E9-4477-A2DF-5C8FA0238024}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{504F6199-FBBA-4F5F-85EC-C5A29AB36E88}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{2E845E73-E1D1-419C-87C6-94EEDE3628F5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{E5511F8B-7A20-470D-82EB-14D2815053BC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{9C16410C-3FFB-4731-8C58-B8227119541A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{77F8320C-B889-4BD5-ACE2-51B7328E7DC3}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{343D8A0F-7450-454A-9A80-A106EA056F0A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{E6026FA7-5C71-4050-83BE-A673563C0017}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{F1116113-7F12-4531-BF35-1406C191021A}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{558AA55D-F565-4251-9BD9-048EBF2EE22F}] => (Allow) C:\Users\Sebo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8CEC048D-FDE0-45D5-BAF0-74C90DA99161}] => (Allow) C:\Users\Sebo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BB64E317-BC34-426F-9D77-B2C54AB0FC5E}] => (Allow) C:\Users\Sebo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{96D36CAE-54D7-48AF-AC25-A380B5FBF120}] => (Allow) C:\Users\Sebo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4F8F0E02-96CD-49A3-9C75-6106D5514C2D}] => (Allow) C:\Users\Sebo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{59AC7295-B3D6-4B27-BF39-38F360C90ADE}] => (Allow) C:\Users\Sebo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7CF66E22-F60B-4CB5-9FBB-F74F8637F8CE}C:\program files (x86)\image-line\fl studio 12\fl.exe] => (Allow) C:\program files (x86)\image-line\fl studio 12\fl.exe
FirewallRules: [UDP Query User{61CEC5A4-18F8-4DC5-A568-4F9B70653610}C:\program files (x86)\image-line\fl studio 12\fl.exe] => (Allow) C:\program files (x86)\image-line\fl studio 12\fl.exe
FirewallRules: [{69CC5844-CD1D-4DF2-A6E3-10C179D7903F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C614188B-BBB7-45C9-8FE8-E6FE3C561E97}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6F7720BC-E3D1-4E74-8CB8-68CEDD601F27}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E7D1F0FD-A4F4-4227-A3DB-D8A3EC378C23}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BC2DF345-253B-47E9-AB31-0DBD3BB25F35}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{1A68E083-DF6A-49FD-B5B8-E2FE80490478}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{8FDAFC56-08F3-4EA7-9BCB-7B1FEF5E42BB}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe
FirewallRules: [{58229AF9-E0FD-4644-99D5-129140C8638F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{6A0FF046-EC5D-4E65-8150-22B3083B2046}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{9C9F85E0-FEAA-4E8A-A4D1-5FD0815E522F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{B1EB806B-BD5C-476E-A893-2CE7761D7CF6}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{8B96EC10-17B4-4788-BCFB-46E15CD13FE9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe
FirewallRules: [{1A6690F3-4204-43CB-9F21-27C450FCAA48}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{B6EEE55E-4A60-4642-8585-169E4464232C}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [TCP Query User{03D281D8-BD84-4A1D-B755-4C264F6F38BA}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe
FirewallRules: [UDP Query User{AA0ABC10-2990-4EB6-9C58-8A84ADEC569C}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe
FirewallRules: [TCP Query User{B9B0E9D8-17E1-4056-8FA4-23D4E463376A}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe
FirewallRules: [UDP Query User{8C249541-C721-4661-83F1-623889D6A0F8}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe
FirewallRules: [TCP Query User{B0906AE7-6D2A-4800-8C17-C29A3C7BE7CC}C:\program files\blackmagic design\davinci resolve\vstscanner.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\vstscanner.exe
FirewallRules: [UDP Query User{70FBE1D5-739F-4FD5-B9FE-B50EEBFE6BD1}C:\program files\blackmagic design\davinci resolve\vstscanner.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\vstscanner.exe
FirewallRules: [TCP Query User{7D32AE65-2274-4C59-9ED1-1320326F549E}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{C412A9EE-61FC-4F45-818D-94FB5737DA11}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{CCE83427-2F05-4247-BFF2-AD5377CD84DD}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{2CB89734-9232-450D-8ED6-69BFB0849051}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AC2A5B06-3DEE-4B6B-9FE4-BD112CEDCF70}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{49F32A55-94E2-472F-BA4B-E65860CA69EC}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{70E06728-E8A6-43E5-A36D-853952CD42C3}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{11315328-7353-40A1-B904-A3629C806527}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{36AD58E4-9F59-4EBB-A6F1-EC553AA2A727}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E516C18A-F1C5-42F2-BEA9-EA236742208C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F220A850-08AD-4A54-892D-A3FD6A325BE2}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{995BD226-9FE3-491B-9DEE-74021A0E9651}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{27A53E54-1A84-4C61-8517-6BFEBAC5083D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{105F6B7D-FBF7-4BD1-84EE-B994B6B2D8D3}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{417B6364-9907-41D0-A744-0DED42B1E903}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1FF0107C-08D3-45CD-A34C-04688365F82B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F3555465-EF69-4AC5-AB0A-DEE395AE54A9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0FB0C316-E45C-46B9-B306-D56A4A36E16D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{DC6CB4F7-1FBB-4113-AD64-F29C1C03324F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A016AA47-A4B9-4799-B957-DA41268B07E3}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6A7EBEA4-60D7-46F4-BD1C-3943A09EA881}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{14FBDB57-3B6A-4D06-ADC0-6CD7842F40A9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4B1C3703-FFDD-49AA-B754-47311720A522}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C559C7B6-3460-4F48-9A90-510BC24E2EF7}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{2D453DA5-9959-44E5-9880-31128F7126D2}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{14FD4162-73D4-4F3F-8FFF-9A35AF114310}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{70CB167C-EEAE-4349-BF47-8801C769E208}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{62529948-71F9-4505-95CE-2E52AAA64775}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B1823B12-6B92-4937-9BE8-49039594DBD6}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D3E94A12-DEF3-4CF5-9D35-623F6D832AEC}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0765A7DA-D4A4-4B04-BAEE-82153ADB991D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1F16A830-A3F2-45B0-877C-B0C5328293E6}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C82A0A20-FFA7-4E26-8581-C272652F303C}] => (Allow) C:\Users\Sebo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D213272F-F47E-4D3B-A71B-1D3047446F5D}] => (Allow) C:\Users\Sebo\AppData\Roaming\uTorrent\uTorrent.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/12/2018 11:01:32 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-06-18T14:01:32Z. Error Code: 0x80071A2D.
 
Error: (07/12/2018 11:01:02 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-06-18T14:01:02Z. Error Code: 0x80071A2D.
 
Error: (07/12/2018 11:00:31 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-06-18T14:00:31Z. Error Code: 0x80071A2D.
 
Error: (07/12/2018 11:00:01 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-06-18T14:00:01Z. Error Code: 0x80071A2D.
 
Error: (07/12/2018 10:41:19 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 00000000000001EC,0x00560038,000000F0E328C980,0,000000F0E328B970,4096,[0]).
 
 
Operation:
   Processing PostFinalCommitSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (07/11/2018 11:32:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FL.exe version 1.1.47.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1054
 
Start Time: 01d41985e1710c59
 
Termination Time: 107
 
Application Path: C:\Program Files (x86)\Image-Line\FL Studio 12\FL.exe
 
Report Id: bf9c4cd0-857b-11e8-8332-6cc2176e0efd
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/11/2018 10:43:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.18460 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 438
 
Start Time: 01d4197f21cf765e
 
Termination Time: 0
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: f0cb561b-8574-11e8-8330-6cc2176e0efd
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/11/2018 10:30:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-06-18T01:30:52Z. Error Code: 0x80071A2D.
 
 
System errors:
=============
Error: (07/12/2018 09:43:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BitDefenderCOM service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/12/2018 09:08:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/12/2018 09:08:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Defender Service service to connect.
 
Error: (07/12/2018 09:08:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BitDefenderCOM service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/12/2018 09:08:16 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (07/12/2018 09:08:16 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (07/12/2018 09:08:16 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (07/12/2018 09:08:16 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
Windows Defender:
===================================
Date: 2018-07-12 22:50:59.362
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Name: VirTool:Win64/Detrahere
ID: 2147727738
Severity: Severe
Category: Tool
Path: file:_C:\Windows\system32\zaopwgu\dwrkxiz.sys
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.271.849.0, AS: 1.271.849.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15000.2, NIS: 2.1.14600.4
 
Date: 2018-07-12 22:50:59.362
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Detrahere!reg
ID: 2147727777
Severity: Severe
Category: Trojan
Path: regkeyvalue:_HKLM\SYSTEM\CurrentControlSet\Control\Network\\set_pt
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.271.849.0, AS: 1.271.849.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15000.2, NIS: 2.1.14600.4
 
Date: 2018-07-12 22:21:33.042
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Detrahere!reg
ID: 2147727777
Severity: Severe
Category: Trojan
Path: regkeyvalue:_HKLM\SYSTEM\CurrentControlSet\Control\Network\\set_pt
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.271.849.0, AS: 1.271.849.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15000.2, NIS: 2.1.14600.4
 
Date: 2018-07-12 22:21:33.042
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Name: VirTool:Win64/Detrahere
ID: 2147727738
Severity: Severe
Category: Tool
Path: file:_C:\Windows\system32\zaopwgu\dwrkxiz.sys
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.271.849.0, AS: 1.271.849.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15000.2, NIS: 2.1.14600.4
 
Date: 2018-07-12 08:28:48.091
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Detrahere!reg
ID: 2147727777
Severity: Severe
Category: Trojan
Path: regkeyvalue:_HKLM\SYSTEM\CurrentControlSet\Control\Network\\set_pt
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.271.778.0, AS: 1.271.778.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15000.2, NIS: 2.1.14600.4
 
Date: 2018-07-12 22:02:42.481
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.271.778.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15000.2
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-07-12 22:02:42.481
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.271.778.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15000.2
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-07-12 22:02:31.754
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 
Update Source: User
Signature Type: 
Update Type: 
Current Engine Version: 
Previous Engine Version: 
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-07-12 22:02:31.754
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 
Update Source: User
Signature Type: 
Update Type: 
Current Engine Version: 
Previous Engine Version: 
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-07-12 22:00:58.041
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.271.778.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15000.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2018-07-04 07:33:08.047
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-07-04 07:33:05.010
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-07-03 03:36:47.287
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-07-03 03:36:45.529
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-07-03 03:36:41.326
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-07-03 03:36:38.845
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-06-30 13:52:52.846
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-04-03 22:04:04.927
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 39%
Total physical RAM: 3985.95 MB
Available physical RAM: 2425.89 MB
Total Virtual: 4753.95 MB
Available Virtual: 3345.59 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:445.05 GB) (Free:175.02 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.69 GB) (Free:1.95 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{77b44587-17f1-410f-a72e-bd398a03233a}\ (WINRE) (Fixed) (Total:0.63 GB) (Free:0.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 8387E6EE)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:17 PM

Posted 12 July 2018 - 09:26 PM

Thank you.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
  • The information will be copied invisibly and will be "pasted" into FRST automatically when you click Fix as instructed below
Start::
CreateRestorePoint:
CloseProcesses:
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll => No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
CHR HKLM-x32\...\Chrome\Extension: [pfkielbdojghpkdojeegellggecfnccd]
S2 BitDefenderCOM; "C:\Program Files\BDServices\BitDefenderCom.exe" [X]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
U3 aswbdisk; no ImagePath
Task: {681E816E-C4FF-4D5F-AA56-728B820FB42D} - \SweetLabs App Platform -> No File <==== ATTENTION
Task: {C46CB045-D145-445E-AC11-9E37E4C48309} - System32\Tasks\AdobeServism => C:\ProgramData\Flashm\MSACuiLm.exe [2018-04-14] ()
C:\ProgramData\Flashm
2018-07-12 17:24 - 2018-07-12 17:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\pskreva
2018-07-12 16:10 - 2018-07-12 16:10 - 000000000 ____D C:\Users\Sebo\AppData\Local\racdueh
2018-07-12 16:00 - 2018-07-12 16:00 - 000000000 ____D C:\Users\Sebo\AppData\Local\cgirhtv
2018-07-12 15:45 - 2018-07-12 15:45 - 000000000 ____D C:\Users\Sebo\AppData\Local\vsirgkp
2018-07-12 13:01 - 2018-07-12 13:01 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmmzuwe
2018-07-12 12:56 - 2018-07-12 12:56 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdmgupb
2018-07-12 12:54 - 2018-07-12 12:54 - 000000000 ____D C:\Users\Sebo\AppData\Local\cgoxnkl
2018-07-12 12:44 - 2018-07-12 12:44 - 000000000 ____D C:\Users\Sebo\AppData\Local\wmnarhz
2018-07-12 08:35 - 2018-07-12 08:35 - 000000000 ____D C:\Users\Sebo\AppData\Local\usrbwog
2018-07-12 06:46 - 2018-07-12 06:46 - 000000000 ____D C:\Users\Sebo\AppData\Local\sboamxz
2018-07-12 06:07 - 2018-07-12 06:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\tiogbnm
2018-07-12 06:04 - 2018-07-12 06:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsnhzpo
2018-07-12 05:58 - 2018-07-12 05:58 - 000000000 ____D C:\Users\Sebo\AppData\Local\atsmbno
2018-07-12 05:53 - 2018-07-12 05:53 - 000000000 ____D C:\Users\Sebo\AppData\Local\ranwcsx
2018-07-12 05:40 - 2018-07-12 05:40 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaokhtm
2018-07-12 05:25 - 2018-07-12 05:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\upkmtde
2018-07-12 05:11 - 2018-07-12 05:11 - 000000000 ____D C:\Users\Sebo\AppData\Local\upkslmd
2018-07-12 02:55 - 2018-07-12 02:55 - 000000000 ____D C:\Users\Sebo\AppData\Local\iastxwz
2018-07-12 00:07 - 2018-07-12 00:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdbolum
2018-07-11 17:57 - 2018-07-11 17:57 - 000000000 ____D C:\Users\Sebo\AppData\Local\psmntuo
2018-07-11 17:55 - 2018-07-11 17:55 - 000000000 ____D C:\Users\Sebo\AppData\Local\aterwkn
2018-07-11 17:29 - 2018-07-12 21:39 - 000000000 ____D C:\Users\Sebo\AppData\Local\scczuwg
2018-07-11 17:26 - 2018-07-11 17:26 - 000000000 ____D C:\Users\Sebo\AppData\Local\ianmtbz
2018-07-11 09:27 - 2018-07-11 09:27 - 000000000 ____D C:\Users\Sebo\AppData\Local\usmegcx
2018-07-11 09:20 - 2018-07-11 09:20 - 000000000 ____D C:\Users\Sebo\AppData\Local\sidarev
2018-07-11 08:05 - 2018-07-11 08:05 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmmgcep
2018-07-11 07:39 - 2018-07-11 07:39 - 000000000 ____D C:\Users\Sebo\Desktop\Fatal flute - Copy
2018-07-11 07:39 - 2018-07-11 07:39 - 000000000 ____D C:\Users\Sebo\AppData\Local\atokpzn
2018-07-11 05:25 - 2018-07-11 05:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\nvorphx
2018-07-10 23:31 - 2018-07-10 23:31 - 000000000 ____D C:\Users\Sebo\AppData\Local\lscntmw
2018-07-10 23:16 - 2018-07-10 23:16 - 000000000 ____D C:\Users\Sebo\AppData\Local\atbdire
2018-07-10 22:19 - 2018-07-10 22:19 - 000000000 ____D C:\Users\Sebo\AppData\Local\snhztxi
2018-07-10 21:53 - 2018-07-10 21:53 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmrnckg
2018-07-10 04:22 - 2018-07-10 04:22 - 000000000 ____D C:\Users\Sebo\AppData\Local\nvdzlgs
2018-07-10 03:46 - 2018-07-10 03:46 - 000000000 ____D C:\Users\Sebo\AppData\Local\dtenlgo
2018-07-10 02:48 - 2018-07-10 02:48 - 000000000 ____D C:\Users\Sebo\AppData\Local\tismcoh
2018-07-10 01:34 - 2018-07-10 01:34 - 000000000 ____D C:\Users\Sebo\AppData\Local\rtsigwk
2018-07-10 00:45 - 2018-07-10 00:45 - 000000000 ____D C:\Users\Sebo\AppData\Local\pcdlvgb
2018-07-09 23:47 - 2018-07-09 23:47 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdrxsue
2018-07-09 23:34 - 2018-07-09 23:34 - 000000000 ____D C:\Users\Sebo\AppData\Local\seozcpd
2018-07-08 21:27 - 2018-07-08 21:27 - 000000000 ____D C:\Users\Sebo\AppData\Local\reizbcg
2018-07-07 06:20 - 2018-07-07 06:20 - 000000000 ____D C:\Users\Sebo\AppData\Local\dwitmav
2018-07-06 22:50 - 2018-07-06 22:50 - 000000000 ____D C:\Users\Sebo\AppData\Local\snhbaxg
2018-07-06 21:50 - 2018-07-06 21:50 - 000000000 ____D C:\Users\Sebo\AppData\Local\wmhregi
2018-07-06 20:35 - 2018-07-06 20:35 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmhknco
2018-07-06 07:08 - 2018-07-06 07:08 - 000000000 ____D C:\Users\Sebo\AppData\Local\wmdablg
2018-07-06 05:36 - 2018-07-06 05:36 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdrvnbc
2018-07-06 02:16 - 2018-07-06 02:16 - 000000000 ____D C:\Users\Sebo\AppData\Local\pwecikg
2018-07-06 01:23 - 2018-07-06 01:23 - 000000000 ____D C:\Users\Sebo\AppData\Local\sccoxak
2018-07-05 20:31 - 2018-07-05 20:31 - 000000000 ____D C:\Users\Sebo\AppData\Local\csripux
2018-07-05 19:58 - 2018-07-05 19:58 - 000000000 ____D C:\Users\Sebo\AppData\Local\audpksx
2018-07-05 19:13 - 2018-07-05 19:13 - 000000000 ____D C:\Users\Sebo\AppData\Local\tirnczg
2018-07-05 18:52 - 2018-07-05 18:52 - 000000000 ____D C:\Users\Sebo\AppData\Local\reniumt
2018-07-05 10:17 - 2018-07-05 10:17 - 000000000 ____D C:\Users\Sebo\AppData\Local\svdhwxe
2018-07-05 09:30 - 2018-07-05 09:30 - 000000000 ____D C:\Users\Sebo\AppData\Local\dworbeg
2018-07-05 09:23 - 2018-07-05 09:23 - 000000000 ____D C:\Users\Sebo\AppData\Local\spbvhlk
2018-07-05 08:52 - 2018-07-05 08:52 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsspenh
2018-07-05 06:43 - 2018-07-05 06:43 - 000000000 ____D C:\Users\Sebo\AppData\Local\aubrvgp
2018-07-05 06:26 - 2018-07-05 06:26 - 000000000 ____D C:\Users\Sebo\AppData\Local\wemhlop
2018-07-05 06:12 - 2018-07-05 06:12 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaimedt
2018-07-05 05:50 - 2018-07-05 05:50 - 000000000 ____D C:\Users\Sebo\Desktop\New folder
2018-07-05 05:45 - 2018-07-05 05:45 - 000000000 ____D C:\Users\Sebo\AppData\Local\wikvoea
2018-07-05 05:18 - 2018-07-05 05:18 - 000000000 ____D C:\Users\Sebo\AppData\Local\scrgoiw
2018-07-05 05:08 - 2018-07-06 22:43 - 000000000 ____D C:\Program Files\BDServices
2018-07-05 04:25 - 2018-07-05 04:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\sckedtw
2018-07-05 04:16 - 2018-07-05 04:16 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsbapic
2018-07-05 01:04 - 2018-07-05 01:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\sekmxlb
2018-07-05 01:02 - 2018-07-05 01:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\snalxtp
2018-07-05 00:49 - 2018-07-05 00:49 - 000000000 ____D C:\Users\Sebo\AppData\Local\wmohvai
2018-07-04 23:49 - 2018-07-04 23:49 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaixcwn
2018-07-04 23:44 - 2018-07-04 23:44 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdkowrn
2018-07-04 23:36 - 2018-07-04 23:36 - 000000000 ____D C:\Users\Sebo\AppData\Local\avnetks
2018-07-04 23:33 - 2018-07-04 23:33 - 000000000 ____D C:\Users\Sebo\AppData\Local\mskoatb
2018-07-04 23:22 - 2018-07-04 23:22 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdbacop
2018-07-04 23:07 - 2018-07-04 23:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\psnbdwg
2018-07-04 21:13 - 2018-07-04 21:13 - 000000000 ____D C:\Users\Sebo\AppData\Local\nicktga
2018-07-04 08:39 - 2018-07-04 08:39 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdomvel
2018-07-04 07:25 - 2018-07-04 07:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\ninzlcp
2018-07-04 06:57 - 2018-07-04 06:57 - 000000000 ____D C:\Users\Sebo\AppData\Local\pskiwcx
2018-07-04 06:26 - 2018-07-04 06:26 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmagnus
2018-07-04 05:50 - 2018-07-04 05:50 - 000000000 ____D C:\Users\Sebo\AppData\Local\avitwxl
2018-07-04 04:36 - 2018-07-04 04:36 - 000000000 ____D C:\Users\Sebo\AppData\Local\sbdkvxa
2018-07-04 04:02 - 2018-07-04 04:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\nidrmcp
2018-07-04 03:22 - 2018-07-04 03:22 - 000000000 ____D C:\Users\Sebo\AppData\Local\cgsunrm
2018-07-04 02:23 - 2018-07-04 02:23 - 000000000 ____D C:\Users\Sebo\AppData\Local\wembnxl
2018-07-04 01:59 - 2018-07-04 01:59 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsavocb
2018-07-04 01:53 - 2018-07-04 01:53 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdmacol
2018-07-04 01:30 - 2018-07-04 01:30 - 000000000 ____D C:\Users\Sebo\AppData\Local\spsrktw
2018-07-03 19:25 - 2018-07-03 19:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\vshzxra
2018-07-03 05:29 - 2018-07-03 05:29 - 000000000 ____D C:\Users\Sebo\AppData\Local\dtcmwrp
2018-07-03 04:24 - 2018-07-03 04:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\scndhtb
2018-07-03 03:38 - 2018-07-03 03:38 - 000000000 ____D C:\Users\Sebo\AppData\Local\tihudmp
2018-07-03 03:15 - 2018-07-03 03:15 - 000000000 ____D C:\Users\Sebo\AppData\Local\nvdxegl
2018-07-03 02:41 - 2018-07-03 02:41 - 000000000 ____D C:\Users\Sebo\AppData\Local\nvkizhm
2018-07-03 02:25 - 2018-07-12 21:40 - 000000000 ____D C:\Users\TEMP\AppData\Local\iareput
2018-07-03 02:22 - 2018-07-03 02:27 - 000000000 ____D C:\users\TEMP
2018-07-03 01:40 - 2018-07-03 01:40 - 000000000 ____D C:\Users\Sebo\AppData\Local\sphtrgd
2018-07-03 01:14 - 2018-07-03 01:14 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdmrkts
2018-07-02 22:59 - 2018-07-02 22:59 - 000000000 ____D C:\Users\Sebo\AppData\Local\lsbahgi
2018-07-02 22:18 - 2018-07-02 22:18 - 000000000 ____D C:\Users\Sebo\AppData\Local\lsivzgu
2018-07-02 22:02 - 2018-07-02 22:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\cshenbo
2018-07-02 21:25 - 2018-07-02 21:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\wibench
2018-07-02 21:04 - 2018-07-02 21:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmhcdkx
2018-07-02 20:24 - 2018-07-02 20:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmeprvn
2018-07-02 19:36 - 2018-07-02 19:36 - 000000000 ____D C:\Users\Sebo\AppData\Local\wiokrdv
2018-07-02 19:28 - 2018-07-02 19:28 - 000000000 ____D C:\Users\Sebo\AppData\Local\zascerp
2018-07-02 08:33 - 2018-07-02 08:33 - 000000000 ____D C:\Users\Sebo\AppData\Local\timnkaz
2018-07-02 08:04 - 2018-07-02 08:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\usizwov
2018-07-02 07:58 - 2018-07-02 07:58 - 000000000 ____D C:\Users\Sebo\AppData\Local\cwdxblr
2018-07-02 07:28 - 2018-07-02 07:28 - 000000000 ____D C:\Users\Sebo\AppData\Local\seiuvgd
2018-07-02 06:56 - 2018-07-02 06:56 - 000000000 ____D C:\Users\Sebo\AppData\Local\wimhxba
2018-07-02 06:24 - 2018-07-02 06:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\ausdbit
2018-07-01 19:17 - 2018-07-01 19:17 - 000000000 ____D C:\Users\Sebo\AppData\Local\msaoetl
2018-07-01 19:10 - 2018-07-01 19:10 - 000000000 ____D C:\Users\Sebo\AppData\Local\rtipdeu
2018-07-01 17:13 - 2018-07-01 17:13 - 000000000 ____D C:\Users\Sebo\AppData\Local\ramevgn
2018-07-01 16:26 - 2018-07-01 16:26 - 000000000 ____D C:\Users\Sebo\AppData\Local\costkpr
2018-07-01 15:48 - 2018-07-01 15:48 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaowbpd
2018-07-01 15:02 - 2018-07-01 15:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\seduzgp
2018-07-01 14:13 - 2018-07-01 14:13 - 000000000 ____D C:\Users\Sebo\AppData\Local\raicplo
2018-07-01 13:32 - 2018-07-01 13:32 - 000000000 ____D C:\Users\Sebo\AppData\Local\sckohub
2018-07-01 12:42 - 2018-07-01 12:42 - 000000000 ____D C:\Users\Sebo\AppData\Local\iaetrlv
2018-07-01 11:00 - 2018-07-01 11:00 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdeopba
2018-06-30 18:56 - 2018-06-30 18:56 - 000000000 ____D C:\Users\Sebo\AppData\Local\vsaiodu
2018-06-30 18:18 - 2018-06-30 18:18 - 000000000 ____D C:\Users\Sebo\AppData\Local\conghre
2018-06-30 17:32 - 2018-06-30 17:32 - 000000000 ____D C:\Users\Sebo\AppData\Local\cgovwzx
2018-06-30 15:24 - 2018-06-30 15:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\atdmwkc
2018-06-30 15:16 - 2018-06-30 15:16 - 000000000 ____D C:\Users\Sebo\AppData\Local\scnkhld
2018-06-30 13:32 - 2018-06-30 13:32 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsawout
2018-06-30 11:20 - 2018-06-30 11:22 - 055362610 _____ C:\Users\Sebo\Desktop\fot li.wav
2018-06-30 10:58 - 2018-06-30 10:58 - 000000000 ____D C:\Users\Sebo\AppData\Local\sceipnv
2018-06-30 09:03 - 2018-06-30 09:03 - 000000000 ____D C:\Users\Sebo\AppData\Local\exbndvr
2018-06-30 08:52 - 2018-06-30 08:52 - 000000000 ____D C:\Windows\%LOCALAPPDATA%
2018-06-30 08:19 - 2018-06-30 08:19 - 000000000 ____D C:\Users\Sebo\AppData\Local\spcgzrm
2018-06-29 13:52 - 2018-06-29 13:52 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdhrkgz
2018-06-29 10:50 - 2018-06-29 10:50 - 000000000 ____D C:\Users\Sebo\AppData\Local\sndxtcp
2018-06-29 10:03 - 2018-06-29 10:03 - 000000000 ____D C:\Users\Sebo\AppData\Local\scrxliv
2018-06-29 09:11 - 2018-06-29 09:11 - 000000000 ____D C:\Users\Sebo\AppData\Local\dtaiznm
2018-06-29 08:25 - 2018-06-29 08:28 - 000000000 ____D C:\Users\Sebo\Desktop\Made Up
2018-06-29 08:20 - 2018-06-29 08:20 - 000000000 ____D C:\Users\Sebo\AppData\Local\atkdcbg
2018-06-29 08:14 - 2018-06-29 08:14 - 000000000 ____D C:\Users\Sebo\AppData\Local\psdwmck
2018-06-28 21:40 - 2018-06-28 21:40 - 000000000 ____D C:\Users\Sebo\AppData\Local\pwhxuac
2018-06-28 17:14 - 2018-06-28 17:14 - 000000000 ____D C:\Users\Sebo\AppData\Local\pcrgils
2018-06-28 08:40 - 2018-06-28 08:40 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmrvxip
2018-06-27 06:19 - 2018-06-27 06:19 - 000000000 ____D C:\Users\Sebo\AppData\Local\nibtesa
2018-06-26 22:05 - 2018-06-26 22:05 - 000000000 ____D C:\Users\Sebo\AppData\Local\avormwd
2018-06-26 14:20 - 2018-06-26 14:20 - 000000000 ____D C:\Users\Sebo\AppData\Local\uprlhwo
2018-06-26 09:55 - 2018-06-26 09:55 - 000000000 ____D C:\Users\Sebo\AppData\Local\uskotmn
2018-06-25 17:35 - 2018-06-25 17:35 - 000000000 ____D C:\Users\Sebo\AppData\Local\sbrnuch
2018-06-25 09:07 - 2018-06-25 09:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\cwcuonp
2018-06-24 13:04 - 2018-06-24 13:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\uskohzn
2018-06-23 16:30 - 2018-06-23 16:30 - 000000000 ____D C:\Users\Sebo\AppData\Local\wistzol
2018-06-23 10:09 - 2018-06-23 10:09 - 000000000 ____D C:\Users\Sebo\AppData\Local\upbmnwo
2018-06-22 10:06 - 2018-06-22 10:06 - 000000000 ____D C:\Users\Sebo\AppData\Local\sekzduo
2018-06-21 07:07 - 2018-06-21 07:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdsavun
2018-06-20 08:51 - 2018-06-20 08:51 - 000000000 ____D C:\Users\Sebo\AppData\Local\svbtuog
2018-06-19 16:47 - 2018-06-19 16:47 - 000000000 ____D C:\Users\Sebo\AppData\Local\pwanglx
2018-06-19 11:42 - 2018-06-19 11:42 - 000000000 ____D C:\Users\Sebo\AppData\Local\sichtvg
2018-06-18 08:00 - 2018-06-18 08:00 - 000000000 ____D C:\Users\Sebo\AppData\Local\csbpldo
2018-06-17 09:10 - 2018-06-17 09:10 - 000000000 ____D C:\Users\Sebo\AppData\Local\avaompx
2018-06-16 12:28 - 2018-06-16 12:28 - 000000000 ____D C:\Users\Sebo\AppData\Local\exksnap
2018-06-16 06:24 - 2018-06-16 06:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\vsecang
2018-06-15 08:02 - 2018-06-15 08:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\scrudph
2018-06-14 12:14 - 2018-06-14 12:14 - 000000000 ____D C:\Users\Sebo\AppData\Local\iabkmlv
2018-06-13 07:55 - 2018-06-13 07:55 - 000000000 ____D C:\Users\Sebo\AppData\Local\vsetkxu
2018-06-12 18:28 - 2018-06-12 18:28 - 000000000 ____D C:\Users\Sebo\AppData\Local\athugvr
2018-06-12 06:43 - 2018-06-12 06:43 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaadibh
2018-07-12 21:39 - 2018-05-07 22:29 - 000000000 ____D C:\Users\avril_000\AppData\Local\reapwbz
2018-07-12 16:25 - 2018-04-14 15:08 - 002888704 _____ C:\Windows\System32\dwrkxizsvc.exe
2018-07-12 12:50 - 2014-10-28 18:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\15012.exe
2018-07-12 12:53 - 2014-10-28 18:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\15486.exe
2018-07-12 15:45 - 2014-10-28 18:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\16464.exe
2018-07-12 12:58 - 2014-10-28 18:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\16466.exe
2018-07-12 16:06 - 2014-10-28 18:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\20553.exe
2018-07-11 05:38 - 2018-07-11 05:38 - 000066192 _____ (AVAST Software) C:\Users\Sebo\AppData\Local\Temp\dlhz3cpp.g5m.exe
2018-07-08 21:36 - 2018-07-06 22:54 - 011576808 _____ (SurfRight B.V.) C:\Users\Sebo\AppData\Local\Temp\HitmanPro.exe
2018-04-14 19:51 - 2018-04-14 19:51 - 000000003 _____ () C:\Users\Sebo\AppData\Local\wbem.ini
DeleteValue: HKLM\SYSTEM\CurrentControlSet\Control\Network|set_pt
Folder: C:\Users\Sebo\AppData\Roaming\Scaler
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [442848 2018-02-22] (BitDefender S.R.L.)
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
2018-07-11 10:38 - 2018-07-11 10:49 - 031209595 ____R C:\Users\Sebo\Downloads\SpyHunter 4.9.10.3956 Final incl patch-SND.rar
2018-07-07 02:53 - 2018-07-10 04:32 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-07-07 02:53 - 2018-07-09 03:36 - 000070255 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-07-07 02:53 - 2018-07-09 02:38 - 000057398 _____ C:\Windows\ZAM.krnl.trace
2018-07-07 02:53 - 2018-07-07 02:53 - 000000000 ____D C:\Users\Sebo\AppData\Local\Zemana
2018-07-05 15:25 - 2018-07-05 15:25 - 000000000 ____D C:\Program Files (x86)\Trojan Killer
2018-07-05 11:36 - 2018-07-07 04:18 - 000000000 ____D C:\ProgramData\HitmanPro
2018-07-05 10:37 - 2018-07-05 10:48 - 000000000 ____D C:\Users\Sebo\Downloads\SpyHunter 4.1.11.0 + Crack
2018-07-05 04:16 - 2018-07-05 04:16 - 000000000 ____D C:\Users\Sebo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2018-07-05 04:16 - 2018-07-05 04:16 - 000000000 ____D C:\Program Files\Unlocker
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Sebo119

Sebo119
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 12 July 2018 - 09:44 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Sebo (12-07-2018 23:32:58) Run:2
Running from C:\Users\Sebo\Desktop
Loaded Profiles: Sebo (Available Profiles: Sebo & avril_000)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll => No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
CHR HKLM-x32\...\Chrome\Extension: [pfkielbdojghpkdojeegellggecfnccd]
S2 BitDefenderCOM; "C:\Program Files\BDServices\BitDefenderCom.exe" [X]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
U3 aswbdisk; no ImagePath
Task: {681E816E-C4FF-4D5F-AA56-728B820FB42D} - \SweetLabs App Platform -> No File <==== ATTENTION
Task: {C46CB045-D145-445E-AC11-9E37E4C48309} - System32\Tasks\AdobeServism => C:\ProgramData\Flashm\MSACuiLm.exe [2018-04-14] ()
C:\ProgramData\Flashm
2018-07-12 17:24 - 2018-07-12 17:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\pskreva
2018-07-12 16:10 - 2018-07-12 16:10 - 000000000 ____D C:\Users\Sebo\AppData\Local\racdueh
2018-07-12 16:00 - 2018-07-12 16:00 - 000000000 ____D C:\Users\Sebo\AppData\Local\cgirhtv
2018-07-12 15:45 - 2018-07-12 15:45 - 000000000 ____D C:\Users\Sebo\AppData\Local\vsirgkp
2018-07-12 13:01 - 2018-07-12 13:01 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmmzuwe
2018-07-12 12:56 - 2018-07-12 12:56 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdmgupb
2018-07-12 12:54 - 2018-07-12 12:54 - 000000000 ____D C:\Users\Sebo\AppData\Local\cgoxnkl
2018-07-12 12:44 - 2018-07-12 12:44 - 000000000 ____D C:\Users\Sebo\AppData\Local\wmnarhz
2018-07-12 08:35 - 2018-07-12 08:35 - 000000000 ____D C:\Users\Sebo\AppData\Local\usrbwog
2018-07-12 06:46 - 2018-07-12 06:46 - 000000000 ____D C:\Users\Sebo\AppData\Local\sboamxz
2018-07-12 06:07 - 2018-07-12 06:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\tiogbnm
2018-07-12 06:04 - 2018-07-12 06:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsnhzpo
2018-07-12 05:58 - 2018-07-12 05:58 - 000000000 ____D C:\Users\Sebo\AppData\Local\atsmbno
2018-07-12 05:53 - 2018-07-12 05:53 - 000000000 ____D C:\Users\Sebo\AppData\Local\ranwcsx
2018-07-12 05:40 - 2018-07-12 05:40 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaokhtm
2018-07-12 05:25 - 2018-07-12 05:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\upkmtde
2018-07-12 05:11 - 2018-07-12 05:11 - 000000000 ____D C:\Users\Sebo\AppData\Local\upkslmd
2018-07-12 02:55 - 2018-07-12 02:55 - 000000000 ____D C:\Users\Sebo\AppData\Local\iastxwz
2018-07-12 00:07 - 2018-07-12 00:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdbolum
2018-07-11 17:57 - 2018-07-11 17:57 - 000000000 ____D C:\Users\Sebo\AppData\Local\psmntuo
2018-07-11 17:55 - 2018-07-11 17:55 - 000000000 ____D C:\Users\Sebo\AppData\Local\aterwkn
2018-07-11 17:29 - 2018-07-12 21:39 - 000000000 ____D C:\Users\Sebo\AppData\Local\scczuwg
2018-07-11 17:26 - 2018-07-11 17:26 - 000000000 ____D C:\Users\Sebo\AppData\Local\ianmtbz
2018-07-11 09:27 - 2018-07-11 09:27 - 000000000 ____D C:\Users\Sebo\AppData\Local\usmegcx
2018-07-11 09:20 - 2018-07-11 09:20 - 000000000 ____D C:\Users\Sebo\AppData\Local\sidarev
2018-07-11 08:05 - 2018-07-11 08:05 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmmgcep
2018-07-11 07:39 - 2018-07-11 07:39 - 000000000 ____D C:\Users\Sebo\Desktop\Fatal flute - Copy
2018-07-11 07:39 - 2018-07-11 07:39 - 000000000 ____D C:\Users\Sebo\AppData\Local\atokpzn
2018-07-11 05:25 - 2018-07-11 05:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\nvorphx
2018-07-10 23:31 - 2018-07-10 23:31 - 000000000 ____D C:\Users\Sebo\AppData\Local\lscntmw
2018-07-10 23:16 - 2018-07-10 23:16 - 000000000 ____D C:\Users\Sebo\AppData\Local\atbdire
2018-07-10 22:19 - 2018-07-10 22:19 - 000000000 ____D C:\Users\Sebo\AppData\Local\snhztxi
2018-07-10 21:53 - 2018-07-10 21:53 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmrnckg
2018-07-10 04:22 - 2018-07-10 04:22 - 000000000 ____D C:\Users\Sebo\AppData\Local\nvdzlgs
2018-07-10 03:46 - 2018-07-10 03:46 - 000000000 ____D C:\Users\Sebo\AppData\Local\dtenlgo
2018-07-10 02:48 - 2018-07-10 02:48 - 000000000 ____D C:\Users\Sebo\AppData\Local\tismcoh
2018-07-10 01:34 - 2018-07-10 01:34 - 000000000 ____D C:\Users\Sebo\AppData\Local\rtsigwk
2018-07-10 00:45 - 2018-07-10 00:45 - 000000000 ____D C:\Users\Sebo\AppData\Local\pcdlvgb
2018-07-09 23:47 - 2018-07-09 23:47 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdrxsue
2018-07-09 23:34 - 2018-07-09 23:34 - 000000000 ____D C:\Users\Sebo\AppData\Local\seozcpd
2018-07-08 21:27 - 2018-07-08 21:27 - 000000000 ____D C:\Users\Sebo\AppData\Local\reizbcg
2018-07-07 06:20 - 2018-07-07 06:20 - 000000000 ____D C:\Users\Sebo\AppData\Local\dwitmav
2018-07-06 22:50 - 2018-07-06 22:50 - 000000000 ____D C:\Users\Sebo\AppData\Local\snhbaxg
2018-07-06 21:50 - 2018-07-06 21:50 - 000000000 ____D C:\Users\Sebo\AppData\Local\wmhregi
2018-07-06 20:35 - 2018-07-06 20:35 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmhknco
2018-07-06 07:08 - 2018-07-06 07:08 - 000000000 ____D C:\Users\Sebo\AppData\Local\wmdablg
2018-07-06 05:36 - 2018-07-06 05:36 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdrvnbc
2018-07-06 02:16 - 2018-07-06 02:16 - 000000000 ____D C:\Users\Sebo\AppData\Local\pwecikg
2018-07-06 01:23 - 2018-07-06 01:23 - 000000000 ____D C:\Users\Sebo\AppData\Local\sccoxak
2018-07-05 20:31 - 2018-07-05 20:31 - 000000000 ____D C:\Users\Sebo\AppData\Local\csripux
2018-07-05 19:58 - 2018-07-05 19:58 - 000000000 ____D C:\Users\Sebo\AppData\Local\audpksx
2018-07-05 19:13 - 2018-07-05 19:13 - 000000000 ____D C:\Users\Sebo\AppData\Local\tirnczg
2018-07-05 18:52 - 2018-07-05 18:52 - 000000000 ____D C:\Users\Sebo\AppData\Local\reniumt
2018-07-05 10:17 - 2018-07-05 10:17 - 000000000 ____D C:\Users\Sebo\AppData\Local\svdhwxe
2018-07-05 09:30 - 2018-07-05 09:30 - 000000000 ____D C:\Users\Sebo\AppData\Local\dworbeg
2018-07-05 09:23 - 2018-07-05 09:23 - 000000000 ____D C:\Users\Sebo\AppData\Local\spbvhlk
2018-07-05 08:52 - 2018-07-05 08:52 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsspenh
2018-07-05 06:43 - 2018-07-05 06:43 - 000000000 ____D C:\Users\Sebo\AppData\Local\aubrvgp
2018-07-05 06:26 - 2018-07-05 06:26 - 000000000 ____D C:\Users\Sebo\AppData\Local\wemhlop
2018-07-05 06:12 - 2018-07-05 06:12 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaimedt
2018-07-05 05:50 - 2018-07-05 05:50 - 000000000 ____D C:\Users\Sebo\Desktop\New folder
2018-07-05 05:45 - 2018-07-05 05:45 - 000000000 ____D C:\Users\Sebo\AppData\Local\wikvoea
2018-07-05 05:18 - 2018-07-05 05:18 - 000000000 ____D C:\Users\Sebo\AppData\Local\scrgoiw
2018-07-05 05:08 - 2018-07-06 22:43 - 000000000 ____D C:\Program Files\BDServices
2018-07-05 04:25 - 2018-07-05 04:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\sckedtw
2018-07-05 04:16 - 2018-07-05 04:16 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsbapic
2018-07-05 01:04 - 2018-07-05 01:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\sekmxlb
2018-07-05 01:02 - 2018-07-05 01:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\snalxtp
2018-07-05 00:49 - 2018-07-05 00:49 - 000000000 ____D C:\Users\Sebo\AppData\Local\wmohvai
2018-07-04 23:49 - 2018-07-04 23:49 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaixcwn
2018-07-04 23:44 - 2018-07-04 23:44 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdkowrn
2018-07-04 23:36 - 2018-07-04 23:36 - 000000000 ____D C:\Users\Sebo\AppData\Local\avnetks
2018-07-04 23:33 - 2018-07-04 23:33 - 000000000 ____D C:\Users\Sebo\AppData\Local\mskoatb
2018-07-04 23:22 - 2018-07-04 23:22 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdbacop
2018-07-04 23:07 - 2018-07-04 23:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\psnbdwg
2018-07-04 21:13 - 2018-07-04 21:13 - 000000000 ____D C:\Users\Sebo\AppData\Local\nicktga
2018-07-04 08:39 - 2018-07-04 08:39 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdomvel
2018-07-04 07:25 - 2018-07-04 07:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\ninzlcp
2018-07-04 06:57 - 2018-07-04 06:57 - 000000000 ____D C:\Users\Sebo\AppData\Local\pskiwcx
2018-07-04 06:26 - 2018-07-04 06:26 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmagnus
2018-07-04 05:50 - 2018-07-04 05:50 - 000000000 ____D C:\Users\Sebo\AppData\Local\avitwxl
2018-07-04 04:36 - 2018-07-04 04:36 - 000000000 ____D C:\Users\Sebo\AppData\Local\sbdkvxa
2018-07-04 04:02 - 2018-07-04 04:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\nidrmcp
2018-07-04 03:22 - 2018-07-04 03:22 - 000000000 ____D C:\Users\Sebo\AppData\Local\cgsunrm
2018-07-04 02:23 - 2018-07-04 02:23 - 000000000 ____D C:\Users\Sebo\AppData\Local\wembnxl
2018-07-04 01:59 - 2018-07-04 01:59 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsavocb
2018-07-04 01:53 - 2018-07-04 01:53 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdmacol
2018-07-04 01:30 - 2018-07-04 01:30 - 000000000 ____D C:\Users\Sebo\AppData\Local\spsrktw
2018-07-03 19:25 - 2018-07-03 19:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\vshzxra
2018-07-03 05:29 - 2018-07-03 05:29 - 000000000 ____D C:\Users\Sebo\AppData\Local\dtcmwrp
2018-07-03 04:24 - 2018-07-03 04:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\scndhtb
2018-07-03 03:38 - 2018-07-03 03:38 - 000000000 ____D C:\Users\Sebo\AppData\Local\tihudmp
2018-07-03 03:15 - 2018-07-03 03:15 - 000000000 ____D C:\Users\Sebo\AppData\Local\nvdxegl
2018-07-03 02:41 - 2018-07-03 02:41 - 000000000 ____D C:\Users\Sebo\AppData\Local\nvkizhm
2018-07-03 02:25 - 2018-07-12 21:40 - 000000000 ____D C:\Users\TEMP\AppData\Local\iareput
2018-07-03 02:22 - 2018-07-03 02:27 - 000000000 ____D C:\users\TEMP
2018-07-03 01:40 - 2018-07-03 01:40 - 000000000 ____D C:\Users\Sebo\AppData\Local\sphtrgd
2018-07-03 01:14 - 2018-07-03 01:14 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdmrkts
2018-07-02 22:59 - 2018-07-02 22:59 - 000000000 ____D C:\Users\Sebo\AppData\Local\lsbahgi
2018-07-02 22:18 - 2018-07-02 22:18 - 000000000 ____D C:\Users\Sebo\AppData\Local\lsivzgu
2018-07-02 22:02 - 2018-07-02 22:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\cshenbo
2018-07-02 21:25 - 2018-07-02 21:25 - 000000000 ____D C:\Users\Sebo\AppData\Local\wibench
2018-07-02 21:04 - 2018-07-02 21:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmhcdkx
2018-07-02 20:24 - 2018-07-02 20:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmeprvn
2018-07-02 19:36 - 2018-07-02 19:36 - 000000000 ____D C:\Users\Sebo\AppData\Local\wiokrdv
2018-07-02 19:28 - 2018-07-02 19:28 - 000000000 ____D C:\Users\Sebo\AppData\Local\zascerp
2018-07-02 08:33 - 2018-07-02 08:33 - 000000000 ____D C:\Users\Sebo\AppData\Local\timnkaz
2018-07-02 08:04 - 2018-07-02 08:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\usizwov
2018-07-02 07:58 - 2018-07-02 07:58 - 000000000 ____D C:\Users\Sebo\AppData\Local\cwdxblr
2018-07-02 07:28 - 2018-07-02 07:28 - 000000000 ____D C:\Users\Sebo\AppData\Local\seiuvgd
2018-07-02 06:56 - 2018-07-02 06:56 - 000000000 ____D C:\Users\Sebo\AppData\Local\wimhxba
2018-07-02 06:24 - 2018-07-02 06:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\ausdbit
2018-07-01 19:17 - 2018-07-01 19:17 - 000000000 ____D C:\Users\Sebo\AppData\Local\msaoetl
2018-07-01 19:10 - 2018-07-01 19:10 - 000000000 ____D C:\Users\Sebo\AppData\Local\rtipdeu
2018-07-01 17:13 - 2018-07-01 17:13 - 000000000 ____D C:\Users\Sebo\AppData\Local\ramevgn
2018-07-01 16:26 - 2018-07-01 16:26 - 000000000 ____D C:\Users\Sebo\AppData\Local\costkpr
2018-07-01 15:48 - 2018-07-01 15:48 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaowbpd
2018-07-01 15:02 - 2018-07-01 15:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\seduzgp
2018-07-01 14:13 - 2018-07-01 14:13 - 000000000 ____D C:\Users\Sebo\AppData\Local\raicplo
2018-07-01 13:32 - 2018-07-01 13:32 - 000000000 ____D C:\Users\Sebo\AppData\Local\sckohub
2018-07-01 12:42 - 2018-07-01 12:42 - 000000000 ____D C:\Users\Sebo\AppData\Local\iaetrlv
2018-07-01 11:00 - 2018-07-01 11:00 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdeopba
2018-06-30 18:56 - 2018-06-30 18:56 - 000000000 ____D C:\Users\Sebo\AppData\Local\vsaiodu
2018-06-30 18:18 - 2018-06-30 18:18 - 000000000 ____D C:\Users\Sebo\AppData\Local\conghre
2018-06-30 17:32 - 2018-06-30 17:32 - 000000000 ____D C:\Users\Sebo\AppData\Local\cgovwzx
2018-06-30 15:24 - 2018-06-30 15:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\atdmwkc
2018-06-30 15:16 - 2018-06-30 15:16 - 000000000 ____D C:\Users\Sebo\AppData\Local\scnkhld
2018-06-30 13:32 - 2018-06-30 13:32 - 000000000 ____D C:\Users\Sebo\AppData\Local\dsawout
2018-06-30 11:20 - 2018-06-30 11:22 - 055362610 _____ C:\Users\Sebo\Desktop\fot li.wav
2018-06-30 10:58 - 2018-06-30 10:58 - 000000000 ____D C:\Users\Sebo\AppData\Local\sceipnv
2018-06-30 09:03 - 2018-06-30 09:03 - 000000000 ____D C:\Users\Sebo\AppData\Local\exbndvr
2018-06-30 08:52 - 2018-06-30 08:52 - 000000000 ____D C:\Windows\%LOCALAPPDATA%
2018-06-30 08:19 - 2018-06-30 08:19 - 000000000 ____D C:\Users\Sebo\AppData\Local\spcgzrm
2018-06-29 13:52 - 2018-06-29 13:52 - 000000000 ____D C:\Users\Sebo\AppData\Local\vdhrkgz
2018-06-29 10:50 - 2018-06-29 10:50 - 000000000 ____D C:\Users\Sebo\AppData\Local\sndxtcp
2018-06-29 10:03 - 2018-06-29 10:03 - 000000000 ____D C:\Users\Sebo\AppData\Local\scrxliv
2018-06-29 09:11 - 2018-06-29 09:11 - 000000000 ____D C:\Users\Sebo\AppData\Local\dtaiznm
2018-06-29 08:25 - 2018-06-29 08:28 - 000000000 ____D C:\Users\Sebo\Desktop\Made Up
2018-06-29 08:20 - 2018-06-29 08:20 - 000000000 ____D C:\Users\Sebo\AppData\Local\atkdcbg
2018-06-29 08:14 - 2018-06-29 08:14 - 000000000 ____D C:\Users\Sebo\AppData\Local\psdwmck
2018-06-28 21:40 - 2018-06-28 21:40 - 000000000 ____D C:\Users\Sebo\AppData\Local\pwhxuac
2018-06-28 17:14 - 2018-06-28 17:14 - 000000000 ____D C:\Users\Sebo\AppData\Local\pcrgils
2018-06-28 08:40 - 2018-06-28 08:40 - 000000000 ____D C:\Users\Sebo\AppData\Local\lmrvxip
2018-06-27 06:19 - 2018-06-27 06:19 - 000000000 ____D C:\Users\Sebo\AppData\Local\nibtesa
2018-06-26 22:05 - 2018-06-26 22:05 - 000000000 ____D C:\Users\Sebo\AppData\Local\avormwd
2018-06-26 14:20 - 2018-06-26 14:20 - 000000000 ____D C:\Users\Sebo\AppData\Local\uprlhwo
2018-06-26 09:55 - 2018-06-26 09:55 - 000000000 ____D C:\Users\Sebo\AppData\Local\uskotmn
2018-06-25 17:35 - 2018-06-25 17:35 - 000000000 ____D C:\Users\Sebo\AppData\Local\sbrnuch
2018-06-25 09:07 - 2018-06-25 09:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\cwcuonp
2018-06-24 13:04 - 2018-06-24 13:04 - 000000000 ____D C:\Users\Sebo\AppData\Local\uskohzn
2018-06-23 16:30 - 2018-06-23 16:30 - 000000000 ____D C:\Users\Sebo\AppData\Local\wistzol
2018-06-23 10:09 - 2018-06-23 10:09 - 000000000 ____D C:\Users\Sebo\AppData\Local\upbmnwo
2018-06-22 10:06 - 2018-06-22 10:06 - 000000000 ____D C:\Users\Sebo\AppData\Local\sekzduo
2018-06-21 07:07 - 2018-06-21 07:07 - 000000000 ____D C:\Users\Sebo\AppData\Local\wdsavun
2018-06-20 08:51 - 2018-06-20 08:51 - 000000000 ____D C:\Users\Sebo\AppData\Local\svbtuog
2018-06-19 16:47 - 2018-06-19 16:47 - 000000000 ____D C:\Users\Sebo\AppData\Local\pwanglx
2018-06-19 11:42 - 2018-06-19 11:42 - 000000000 ____D C:\Users\Sebo\AppData\Local\sichtvg
2018-06-18 08:00 - 2018-06-18 08:00 - 000000000 ____D C:\Users\Sebo\AppData\Local\csbpldo
2018-06-17 09:10 - 2018-06-17 09:10 - 000000000 ____D C:\Users\Sebo\AppData\Local\avaompx
2018-06-16 12:28 - 2018-06-16 12:28 - 000000000 ____D C:\Users\Sebo\AppData\Local\exksnap
2018-06-16 06:24 - 2018-06-16 06:24 - 000000000 ____D C:\Users\Sebo\AppData\Local\vsecang
2018-06-15 08:02 - 2018-06-15 08:02 - 000000000 ____D C:\Users\Sebo\AppData\Local\scrudph
2018-06-14 12:14 - 2018-06-14 12:14 - 000000000 ____D C:\Users\Sebo\AppData\Local\iabkmlv
2018-06-13 07:55 - 2018-06-13 07:55 - 000000000 ____D C:\Users\Sebo\AppData\Local\vsetkxu
2018-06-12 18:28 - 2018-06-12 18:28 - 000000000 ____D C:\Users\Sebo\AppData\Local\athugvr
2018-06-12 06:43 - 2018-06-12 06:43 - 000000000 ____D C:\Users\Sebo\AppData\Local\zaadibh
2018-07-12 21:39 - 2018-05-07 22:29 - 000000000 ____D C:\Users\avril_000\AppData\Local\reapwbz
2018-07-12 16:25 - 2018-04-14 15:08 - 002888704 _____ C:\Windows\System32\dwrkxizsvc.exe
2018-07-12 12:50 - 2014-10-28 18:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\15012.exe
2018-07-12 12:53 - 2014-10-28 18:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\15486.exe
2018-07-12 15:45 - 2014-10-28 18:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\16464.exe
2018-07-12 12:58 - 2014-10-28 18:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\16466.exe
2018-07-12 16:06 - 2014-10-28 18:41 - 000025600 _____ (Microsoft Corporation) C:\Users\Sebo\AppData\Local\Temp\20553.exe
2018-07-11 05:38 - 2018-07-11 05:38 - 000066192 _____ (AVAST Software) C:\Users\Sebo\AppData\Local\Temp\dlhz3cpp.g5m.exe
2018-07-08 21:36 - 2018-07-06 22:54 - 011576808 _____ (SurfRight B.V.) C:\Users\Sebo\AppData\Local\Temp\HitmanPro.exe
2018-04-14 19:51 - 2018-04-14 19:51 - 000000003 _____ () C:\Users\Sebo\AppData\Local\wbem.ini
DeleteValue: HKLM\SYSTEM\CurrentControlSet\Control\Network|set_pt
Folder: C:\Users\Sebo\AppData\Roaming\Scaler
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [442848 2018-02-22] (BitDefender S.R.L.)
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
2018-07-11 10:38 - 2018-07-11 10:49 - 031209595 ____R C:\Users\Sebo\Downloads\SpyHunter 4.9.10.3956 Final incl patch-SND.rar
2018-07-07 02:53 - 2018-07-10 04:32 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-07-07 02:53 - 2018-07-09 03:36 - 000070255 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-07-07 02:53 - 2018-07-09 02:38 - 000057398 _____ C:\Windows\ZAM.krnl.trace
2018-07-07 02:53 - 2018-07-07 02:53 - 000000000 ____D C:\Users\Sebo\AppData\Local\Zemana
2018-07-05 15:25 - 2018-07-05 15:25 - 000000000 ____D C:\Program Files (x86)\Trojan Killer
2018-07-05 11:36 - 2018-07-07 04:18 - 000000000 ____D C:\ProgramData\HitmanPro
2018-07-05 10:37 - 2018-07-05 10:48 - 000000000 ____D C:\Users\Sebo\Downloads\SpyHunter 4.1.11.0 + Crack
2018-07-05 04:16 - 2018-07-05 04:16 - 000000000 ____D C:\Users\Sebo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2018-07-05 04:16 - 2018-07-05 04:16 - 000000000 ____D C:\Program Files\Unlocker
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => removed successfully
"HKLM\Software\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => removed successfully
"HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully
"HKLM\Software\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\CHR HKLM-x32\...\Chrome\Extension: [pfkielbdojghpkdojeegellggecfnccd]" => not found
"HKLM\System\CurrentControlSet\Services\BitDefenderCOM" => removed successfully
BitDefenderCOM => service removed successfully
"HKLM\System\CurrentControlSet\Services\gusvc" => removed successfully
gusvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\aswbdisk" => removed successfully
aswbdisk => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{681E816E-C4FF-4D5F-AA56-728B820FB42D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{681E816E-C4FF-4D5F-AA56-728B820FB42D}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C46CB045-D145-445E-AC11-9E37E4C48309}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C46CB045-D145-445E-AC11-9E37E4C48309}" => removed successfully
C:\Windows\System32\Tasks\AdobeServism => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeServism" => removed successfully
C:\ProgramData\Flashm => moved successfully
C:\Users\Sebo\AppData\Local\pskreva => moved successfully
C:\Users\Sebo\AppData\Local\racdueh => moved successfully
C:\Users\Sebo\AppData\Local\cgirhtv => moved successfully
C:\Users\Sebo\AppData\Local\vsirgkp => moved successfully
C:\Users\Sebo\AppData\Local\lmmzuwe => moved successfully
C:\Users\Sebo\AppData\Local\wdmgupb => moved successfully
C:\Users\Sebo\AppData\Local\cgoxnkl => moved successfully
C:\Users\Sebo\AppData\Local\wmnarhz => moved successfully
C:\Users\Sebo\AppData\Local\usrbwog => moved successfully
C:\Users\Sebo\AppData\Local\sboamxz => moved successfully
C:\Users\Sebo\AppData\Local\tiogbnm => moved successfully
C:\Users\Sebo\AppData\Local\dsnhzpo => moved successfully
C:\Users\Sebo\AppData\Local\atsmbno => moved successfully
C:\Users\Sebo\AppData\Local\ranwcsx => moved successfully
C:\Users\Sebo\AppData\Local\zaokhtm => moved successfully
C:\Users\Sebo\AppData\Local\upkmtde => moved successfully
C:\Users\Sebo\AppData\Local\upkslmd => moved successfully
C:\Users\Sebo\AppData\Local\iastxwz => moved successfully
C:\Users\Sebo\AppData\Local\wdbolum => moved successfully
C:\Users\Sebo\AppData\Local\psmntuo => moved successfully
C:\Users\Sebo\AppData\Local\aterwkn => moved successfully
C:\Users\Sebo\AppData\Local\scczuwg => moved successfully
C:\Users\Sebo\AppData\Local\ianmtbz => moved successfully
C:\Users\Sebo\AppData\Local\usmegcx => moved successfully
C:\Users\Sebo\AppData\Local\sidarev => moved successfully
C:\Users\Sebo\AppData\Local\lmmgcep => moved successfully
C:\Users\Sebo\Desktop\Fatal flute - Copy => moved successfully
C:\Users\Sebo\AppData\Local\atokpzn => moved successfully
C:\Users\Sebo\AppData\Local\nvorphx => moved successfully
C:\Users\Sebo\AppData\Local\lscntmw => moved successfully
C:\Users\Sebo\AppData\Local\atbdire => moved successfully
C:\Users\Sebo\AppData\Local\snhztxi => moved successfully
C:\Users\Sebo\AppData\Local\lmrnckg => moved successfully
C:\Users\Sebo\AppData\Local\nvdzlgs => moved successfully
C:\Users\Sebo\AppData\Local\dtenlgo => moved successfully
C:\Users\Sebo\AppData\Local\tismcoh => moved successfully
C:\Users\Sebo\AppData\Local\rtsigwk => moved successfully
C:\Users\Sebo\AppData\Local\pcdlvgb => moved successfully
C:\Users\Sebo\AppData\Local\wdrxsue => moved successfully
C:\Users\Sebo\AppData\Local\seozcpd => moved successfully
C:\Users\Sebo\AppData\Local\reizbcg => moved successfully
C:\Users\Sebo\AppData\Local\dwitmav => moved successfully
C:\Users\Sebo\AppData\Local\snhbaxg => moved successfully
C:\Users\Sebo\AppData\Local\wmhregi => moved successfully
C:\Users\Sebo\AppData\Local\lmhknco => moved successfully
C:\Users\Sebo\AppData\Local\wmdablg => moved successfully
C:\Users\Sebo\AppData\Local\wdrvnbc => moved successfully
C:\Users\Sebo\AppData\Local\pwecikg => moved successfully
C:\Users\Sebo\AppData\Local\sccoxak => moved successfully
C:\Users\Sebo\AppData\Local\csripux => moved successfully
C:\Users\Sebo\AppData\Local\audpksx => moved successfully
C:\Users\Sebo\AppData\Local\tirnczg => moved successfully
C:\Users\Sebo\AppData\Local\reniumt => moved successfully
C:\Users\Sebo\AppData\Local\svdhwxe => moved successfully
C:\Users\Sebo\AppData\Local\dworbeg => moved successfully
C:\Users\Sebo\AppData\Local\spbvhlk => moved successfully
C:\Users\Sebo\AppData\Local\dsspenh => moved successfully
C:\Users\Sebo\AppData\Local\aubrvgp => moved successfully
C:\Users\Sebo\AppData\Local\wemhlop => moved successfully
C:\Users\Sebo\AppData\Local\zaimedt => moved successfully
C:\Users\Sebo\Desktop\New folder => moved successfully
C:\Users\Sebo\AppData\Local\wikvoea => moved successfully
C:\Users\Sebo\AppData\Local\scrgoiw => moved successfully
C:\Program Files\BDServices => moved successfully
C:\Users\Sebo\AppData\Local\sckedtw => moved successfully
C:\Users\Sebo\AppData\Local\dsbapic => moved successfully
C:\Users\Sebo\AppData\Local\sekmxlb => moved successfully
C:\Users\Sebo\AppData\Local\snalxtp => moved successfully
C:\Users\Sebo\AppData\Local\wmohvai => moved successfully
C:\Users\Sebo\AppData\Local\zaixcwn => moved successfully
C:\Users\Sebo\AppData\Local\vdkowrn => moved successfully
C:\Users\Sebo\AppData\Local\avnetks => moved successfully
C:\Users\Sebo\AppData\Local\mskoatb => moved successfully
C:\Users\Sebo\AppData\Local\wdbacop => moved successfully
C:\Users\Sebo\AppData\Local\psnbdwg => moved successfully
C:\Users\Sebo\AppData\Local\nicktga => moved successfully
C:\Users\Sebo\AppData\Local\wdomvel => moved successfully
C:\Users\Sebo\AppData\Local\ninzlcp => moved successfully
C:\Users\Sebo\AppData\Local\pskiwcx => moved successfully
C:\Users\Sebo\AppData\Local\lmagnus => moved successfully
C:\Users\Sebo\AppData\Local\avitwxl => moved successfully
C:\Users\Sebo\AppData\Local\sbdkvxa => moved successfully
C:\Users\Sebo\AppData\Local\nidrmcp => moved successfully
C:\Users\Sebo\AppData\Local\cgsunrm => moved successfully
C:\Users\Sebo\AppData\Local\wembnxl => moved successfully
C:\Users\Sebo\AppData\Local\dsavocb => moved successfully
C:\Users\Sebo\AppData\Local\vdmacol => moved successfully
C:\Users\Sebo\AppData\Local\spsrktw => moved successfully
C:\Users\Sebo\AppData\Local\vshzxra => moved successfully
C:\Users\Sebo\AppData\Local\dtcmwrp => moved successfully
C:\Users\Sebo\AppData\Local\scndhtb => moved successfully
C:\Users\Sebo\AppData\Local\tihudmp => moved successfully
C:\Users\Sebo\AppData\Local\nvdxegl => moved successfully
C:\Users\Sebo\AppData\Local\nvkizhm => moved successfully
C:\Users\TEMP\AppData\Local\iareput => moved successfully
C:\users\TEMP => moved successfully
C:\Users\Sebo\AppData\Local\sphtrgd => moved successfully
C:\Users\Sebo\AppData\Local\vdmrkts => moved successfully
C:\Users\Sebo\AppData\Local\lsbahgi => moved successfully
C:\Users\Sebo\AppData\Local\lsivzgu => moved successfully
C:\Users\Sebo\AppData\Local\cshenbo => moved successfully
C:\Users\Sebo\AppData\Local\wibench => moved successfully
C:\Users\Sebo\AppData\Local\lmhcdkx => moved successfully
C:\Users\Sebo\AppData\Local\lmeprvn => moved successfully
C:\Users\Sebo\AppData\Local\wiokrdv => moved successfully
C:\Users\Sebo\AppData\Local\zascerp => moved successfully
C:\Users\Sebo\AppData\Local\timnkaz => moved successfully
C:\Users\Sebo\AppData\Local\usizwov => moved successfully
C:\Users\Sebo\AppData\Local\cwdxblr => moved successfully
C:\Users\Sebo\AppData\Local\seiuvgd => moved successfully
C:\Users\Sebo\AppData\Local\wimhxba => moved successfully
C:\Users\Sebo\AppData\Local\ausdbit => moved successfully
C:\Users\Sebo\AppData\Local\msaoetl => moved successfully
C:\Users\Sebo\AppData\Local\rtipdeu => moved successfully
C:\Users\Sebo\AppData\Local\ramevgn => moved successfully
C:\Users\Sebo\AppData\Local\costkpr => moved successfully
C:\Users\Sebo\AppData\Local\zaowbpd => moved successfully
C:\Users\Sebo\AppData\Local\seduzgp => moved successfully
C:\Users\Sebo\AppData\Local\raicplo => moved successfully
C:\Users\Sebo\AppData\Local\sckohub => moved successfully
C:\Users\Sebo\AppData\Local\iaetrlv => moved successfully
C:\Users\Sebo\AppData\Local\vdeopba => moved successfully
C:\Users\Sebo\AppData\Local\vsaiodu => moved successfully
C:\Users\Sebo\AppData\Local\conghre => moved successfully
C:\Users\Sebo\AppData\Local\cgovwzx => moved successfully
C:\Users\Sebo\AppData\Local\atdmwkc => moved successfully
C:\Users\Sebo\AppData\Local\scnkhld => moved successfully
C:\Users\Sebo\AppData\Local\dsawout => moved successfully
"C:\Users\Sebo\Desktop\fot li.wav" => not found
C:\Users\Sebo\AppData\Local\sceipnv => moved successfully
C:\Users\Sebo\AppData\Local\exbndvr => moved successfully
C:\Windows\%LOCALAPPDATA% => moved successfully
C:\Users\Sebo\AppData\Local\spcgzrm => moved successfully
C:\Users\Sebo\AppData\Local\vdhrkgz => moved successfully
C:\Users\Sebo\AppData\Local\sndxtcp => moved successfully
C:\Users\Sebo\AppData\Local\scrxliv => moved successfully
C:\Users\Sebo\AppData\Local\dtaiznm => moved successfully
C:\Users\Sebo\Desktop\Made Up => moved successfully
C:\Users\Sebo\AppData\Local\atkdcbg => moved successfully
C:\Users\Sebo\AppData\Local\psdwmck => moved successfully
C:\Users\Sebo\AppData\Local\pwhxuac => moved successfully
C:\Users\Sebo\AppData\Local\pcrgils => moved successfully
C:\Users\Sebo\AppData\Local\lmrvxip => moved successfully
C:\Users\Sebo\AppData\Local\nibtesa => moved successfully
C:\Users\Sebo\AppData\Local\avormwd => moved successfully
C:\Users\Sebo\AppData\Local\uprlhwo => moved successfully
C:\Users\Sebo\AppData\Local\uskotmn => moved successfully
C:\Users\Sebo\AppData\Local\sbrnuch => moved successfully
C:\Users\Sebo\AppData\Local\cwcuonp => moved successfully
C:\Users\Sebo\AppData\Local\uskohzn => moved successfully
C:\Users\Sebo\AppData\Local\wistzol => moved successfully
C:\Users\Sebo\AppData\Local\upbmnwo => moved successfully
C:\Users\Sebo\AppData\Local\sekzduo => moved successfully
C:\Users\Sebo\AppData\Local\wdsavun => moved successfully
C:\Users\Sebo\AppData\Local\svbtuog => moved successfully
C:\Users\Sebo\AppData\Local\pwanglx => moved successfully
C:\Users\Sebo\AppData\Local\sichtvg => moved successfully
C:\Users\Sebo\AppData\Local\csbpldo => moved successfully
C:\Users\Sebo\AppData\Local\avaompx => moved successfully
C:\Users\Sebo\AppData\Local\exksnap => moved successfully
C:\Users\Sebo\AppData\Local\vsecang => moved successfully
C:\Users\Sebo\AppData\Local\scrudph => moved successfully
C:\Users\Sebo\AppData\Local\iabkmlv => moved successfully
C:\Users\Sebo\AppData\Local\vsetkxu => moved successfully
C:\Users\Sebo\AppData\Local\athugvr => moved successfully
C:\Users\Sebo\AppData\Local\zaadibh => moved successfully
"C:\Users\avril_000\AppData\Local\reapwbz" => not found
C:\Windows\System32\dwrkxizsvc.exe => moved successfully
C:\Users\Sebo\AppData\Local\Temp\15012.exe => moved successfully
C:\Users\Sebo\AppData\Local\Temp\15486.exe => moved successfully
C:\Users\Sebo\AppData\Local\Temp\16464.exe => moved successfully
C:\Users\Sebo\AppData\Local\Temp\16466.exe => moved successfully
C:\Users\Sebo\AppData\Local\Temp\20553.exe => moved successfully
C:\Users\Sebo\AppData\Local\Temp\dlhz3cpp.g5m.exe => moved successfully
C:\Users\Sebo\AppData\Local\Temp\HitmanPro.exe => moved successfully
C:\Users\Sebo\AppData\Local\wbem.ini => moved successfully
"HKLM\SYSTEM\CurrentControlSet\Control\Network\\set_pt" => not found
 
========================= Folder: C:\Users\Sebo\AppData\Roaming\Scaler ========================
 
2018-05-06 01:09 - 2018-06-19 22:00 - 000000307 ____A [92F131088EE540347DAA04B0B55B4AC7] () C:\Users\Sebo\AppData\Roaming\Scaler\Scaler.data
2018-05-15 19:16 - 2018-06-11 18:28 - 000000189 ____A [93FDC3970E3155DEED66FCA4CF3965B8] () C:\Users\Sebo\AppData\Roaming\Scaler\Scaler.settings
 
====== End of Folder: ======
 
"HKLM\System\CurrentControlSet\Services\Trufos" => removed successfully
Trufos => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZAM" => removed successfully
ZAM => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZAM_Guard" => removed successfully
ZAM_Guard => service removed successfully
C:\Users\Sebo\Downloads\SpyHunter 4.9.10.3956 Final incl patch-SND.rar => moved successfully
C:\Program Files (x86)\Zemana AntiMalware => moved successfully
C:\Windows\ZAM_Guard.krnl.trace => moved successfully
C:\Windows\ZAM.krnl.trace => moved successfully
C:\Users\Sebo\AppData\Local\Zemana => moved successfully
C:\Program Files (x86)\Trojan Killer => moved successfully
C:\ProgramData\HitmanPro => moved successfully
C:\Users\Sebo\Downloads\SpyHunter 4.1.11.0 + Crack => moved successfully
C:\Users\Sebo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker => moved successfully
C:\Program Files\Unlocker => moved successfully
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {ABC8EA03-7E70-467A-A7E6-F2D0B601676C}.
Unable to cancel {1587D6FB-03A2-4201-9BB6-75A2897ADC3D}.
0 out of 2 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3491979019-2275402679-4232920000-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3491979019-2275402679-4232920000-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20903222 B
Java, Flash, Steam htmlcache => 735 B
Windows/system/drivers => 22691771 B
Edge => 0 B
Chrome => 199346358 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 252115 B
systemprofile32 => 128 B
LocalService => 93646 B
NetworkService => 28948972 B
Sebo => 2494509583 B
avril_000 => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 2.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 23:38:06 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users