[RESOLVED] Just wanted a check up
Page 1 of 2 12 LastLast
Results 1 to 15 of 27

Thread: [RESOLVED] Just wanted a check up

  1. #1
    Join Date
    May 2005
    Posts
    122

    Resolved [RESOLVED] Just wanted a check up

    FRST Addition.txt part 1 of 2:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
    Ran by admin (12-08-2018 11:52:14)
    Running from C:\Users\admin\Desktop
    Windows 10 Pro Version 1803 17134.165 (X64) (2018-05-14 00:33:53)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    admin (S-1-5-21-2848961991-288533299-670403562-1000 - Administrator - Enabled) => C:\Users\admin
    Administrator (S-1-5-21-2848961991-288533299-670403562-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2848961991-288533299-670403562-503 - Limited - Disabled)
    Guest (S-1-5-21-2848961991-288533299-670403562-501 - Limited - Disabled)
    test (S-1-5-21-2848961991-288533299-670403562-1003 - Administrator - Enabled) => C:\Users\test
    WDAGUtilityAccount (S-1-5-21-2848961991-288533299-670403562-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Disabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}
    AS: Avast Antivirus (Disabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
    FW: Bitdefender Firewall (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
    A360 Desktop (HKLM\...\{A74E6AC6-623F-4DFE-B362-32C7986EE871}) (Version: 6.2.10.1700 - Autodesk)
    ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden
    ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
    Adobe Connect (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Adobe Connect App) (Version: 11.9.985.57 - Adobe Systems Inc.)
    Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
    Akamai NetSession Interface (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
    Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
    AutoCAD 2016 - English (HKLM\...\{5783F2D7-F001-0409-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
    AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.107.0 - Autodesk) Hidden
    AutoCAD 2016 Language Pack - English (HKLM\...\{5783F2D7-F001-0409-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
    Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
    Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
    Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk)
    Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
    Autodesk AutoCAD 2016 SP 1 (HKLM\...\AutoCAD 2016 SP1) (Version: 20.1.107.0 - Autodesk)
    Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
    Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
    Autodesk Content Service (HKLM\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
    Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
    Autodesk Content Service Language Pack (HKLM\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
    Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
    Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
    Autodesk ReCap 2016 (HKLM\...\{F6FD1651-0000-1033-0102-387BAF9B3B0A}) (Version: 1.5.0.33 - Autodesk) Hidden
    Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
    Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.24.36 - Bitdefender)
    Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 22.0.8.114 - Bitdefender)
    Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 22.0.8.118 - Bitdefender)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking)
    CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
    COMODO Antivirus (HKLM\...\{04833277-EE61-4251-9273-0CF86C0FE710}) (Version: 10.0.1.6223 - COMODO Security Solutions Inc.)
    Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.4.39 - PC Drivers HeadQuarters LP) <==== ATTENTION
    Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.1.0.0 - Foxit Corporation)
    Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    Grammarly for Microsoft® Office Suite (HKLM\...\{2CC6EE9C-51D8-479E-8B0B-F061F658FC9B}) (Version: 6.5.57 - Grammarly) Hidden
    Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\{b1eb8775-bc01-49f5-9885-9ff3c9b4a7a3}) (Version: 6.5.57 - Grammarly)
    HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
    HP ENVY 5660 series Basic Device Software (HKLM\...\{D3D38A38-586A-49AA-81C8-26A48B7DCFD4}) (Version: 40.11.1135.17143 - HP Inc.)
    HP ENVY 5660 series Help (HKLM-x32\...\{607F50D9-40BD-4F17-A584-152F563293B4}) (Version: 34.0.0 - Hewlett Packard)
    HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
    iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
    iExplorer (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\2ee35ebaf226322a) (Version: 4.1.14.0 - Macroplant LLC)
    Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
    Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.2 - Intel)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
    IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
    iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
    Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
    McAfee Safe Connect (HKLM-x32\...\{8DF95C34-C5EB-4026-9C86-E49F2A94677A}) (Version: 1.6.0.223 - McAfee, Inc)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.717.1 - McAfee, Inc.)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E534493E-80D2-4E37-8020-3ECAC55D9DB5}) (Version: 10.53.6000.34 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Movavi Video Editor 14 (x64) (HKLM\...\Movavi Video Editor 14 (x64)) (Version: 14.3.0 - Movavi)
    Popcorn Time Offical version 0.8.0.4 (HKLM-x32\...\{8F38178C-CFE2-476C-9DC8-F4203C2395FF}_is1) (Version: 0.8.0.4 - Popcorn Time Offical) <==== ATTENTION
    Product Improvement Study for HP ENVY 5660 series (HKLM\...\{1385A641-227E-4F7F-BF9B-927828ACDBEB}) (Version: 40.11.1135.17143 - HP Inc.)
    RAR File Open Knife - Free Opener (HKLM-x32\...\RAR File Open Knife - Free Opener) (Version: 7 - Philipp Winterberg)
    ScottradeELITE v5 (HKLM-x32\...\{7E94DCE4-F1F3-47AF-A2D4-8A81008D9B1F}) (Version: 5.3.0.0 - Scottrade Inc.)
    SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
    Spotify (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Spotify) (Version: 1.0.80.474.gef6b503e - Spotify AB)
    SSOption (HKLM-x32\...\EtaKnight) (Version: 2.0.9.1 - EtaKnight Corp.)
    TI Connect™ CE (HKLM-x32\...\{8B1F3A89-E195-48CD-8487-A37BA5308E76}) (Version: 5.3.0.384 - Texas Instruments Inc.)
    Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.35 - Tweaking.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
    WinZip 22.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24119}) (Version: 22.0.12706 - Corel Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2848961991-288533299-670403562-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2848961991-288533299-670403562-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2848961991-288533299-670403562-1000_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2848961991-288533299-670403562-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-2848961991-288533299-670403562-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll ()
    CustomCLSID: HKU\S-1-5-21-2848961991-288533299-670403562-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-12] (AVAST Software)
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2015-02-05] (Autodesk, Inc.)
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
    ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2015-02-05] (Autodesk)
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-12] (AVAST Software)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
    ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-12] (AVAST Software)
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
    ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-12] (AVAST Software)
    ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {04A6D2BE-9E43-4E45-BE3B-D8F718B129FC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-14] (Adobe Systems Incorporated)
    Task: {0531C61D-483F-4330-813A-968FA887D640} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
    Task: {0563F32C-810D-4E1F-B81B-7CED23F3A24F} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {0F184481-2CBE-41B1-8E6A-D17B6D913915} - System32\Tasks\{86A5956A-7BAE-4AC5-962F-1C16B9B9C048} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\TrueKey\Mcafee.TrueKey.Uninstaller.Exe"
    Task: {35584097-F753-4B07-8EDA-01CF6C163D18} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {37C72455-B4DB-4667-A074-01837B5F28B9} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {37D59D0E-D465-452D-81D4-6B6991600B85} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
    Task: {3B13BD23-B924-4C25-9391-552F3FE5851A} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    Task: {48F68B36-6B09-4AFD-839C-5021D6F5816B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {4D89F8EC-9278-43A8-AA34-7AA1DA84D00B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-11] (Google Inc.)
    Task: {5369E13E-0ADA-4681-BC40-D517D73A2B4F} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-05-16] (Bitdefender)
    Task: {5D99F936-D2FC-48E1-BFA5-A93D348A1264} - System32\Tasks\HPCustParticipation HP ENVY 5660 series => C:\Program Files\HP\HP ENVY 5660 series\Bin\HPCustPartic.exe [2017-05-23] (HP Inc.)
    Task: {65518EA1-023E-404D-92FC-AEACE9B86CBD} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
    Task: {6D02B3E2-AE9F-4BB9-BB9F-47559086B016} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-08-12] (AVAST Software)
    Task: {6E55944E-F328-4D0D-A2C4-F522719AC048} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
    Task: {72D01A58-2DA9-463E-B146-01F93D0AF30E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-12] (Piriform Ltd)
    Task: {7C0FD21A-3726-4CD2-B7DD-BA4951A22BC8} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {7F2E741F-8434-4552-AFB6-77E1ABAF8DA9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {9612C1E4-A45D-4726-A522-92A8DB97C1D2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-14] (Adobe Systems Incorporated)
    Task: {AF65C8F0-89CB-4EF2-9497-E47000A0481A} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {B6E07D0E-E7FA-4C16-A566-230BD6B2D2F1} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
    Task: {BB5D1227-A296-4EB9-AD54-B484B72371F9} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-12-11] (WinZip)
    Task: {C29134A1-E8F5-4B94-AF37-CDFF1131703F} - System32\Tasks\{C754CC6B-A7E4-4453-A26E-845EF72EABFE} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\admin\AppData\Local\{A46B9237-80C3-FE8F-ED5B-DB67C93327FF}\uninst.exe -c -FN="C:\Users\admin\AppData\Local\{A436928D-8164-FFFB-EA52-D82936802517}\Updater.exe"-P=/Uninstall /s /noun /DelSelfDir
    Task: {C62C8799-FE59-46F3-960F-33398CAE94B3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-12] (Piriform Ltd)
    Task: {CAA220D5-E8EA-4229-AAA1-87B0B4B3F76A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
    Task: {DCE8B9F1-3AE2-45AE-B5C2-000A9B9BDB45} - System32\Tasks\HPCustPartic.exe_{60E2E0F2-CC6F-42F5-9CFE-498B1CF4579F} => C:\Program Files\HP\HP ENVY 5660 series\Bin\HPCustPartic.exe [2017-05-23] (HP Inc.)
    Task: {DFE0693A-0EAA-44D1-B564-AADD94C88DD0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-08-12] (AVAST Software)
    Task: {E31B5EAF-E4DD-4735-B216-278EA3729479} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    Task: {E8CA25F0-3EC4-404F-943F-F82197BE02F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-11] (Google Inc.)
    Task: {F5E25228-3B11-4700-BF4B-DF856CB65A83} - System32\Tasks\HPCeeScheduleForadmin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {FC6C9A93-8E67-4592-8FAE-9837A91A8F00} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForadmin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\SPARKvue.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=iimbdmgkimpbhimdjnmiffmeefbppijo
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Vernier Graphical Analysis.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=dncgedbnidfkppmdgfgidcepclnokpkb
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\54006d977149216d\SMS from Gmail ™ & Facebook™ (MightyText).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=iffdacemhfpnchinokehhnppllonacfj

    ==================== Loaded Modules (Whitelisted) ==============

    2018-07-18 08:16 - 2018-07-18 08:17 - 000993728 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02751_003\ashttpbr.mdl
    2018-07-18 08:16 - 2018-07-18 08:17 - 000544880 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02751_003\ashttpdsp.mdl
    2018-07-18 08:16 - 2018-07-18 08:17 - 003232216 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02751_003\ashttpph.mdl
    2018-07-18 08:16 - 2018-07-18 08:17 - 001528320 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02751_003\ashttprbl.mdl
    2018-01-05 01:14 - 2018-01-05 01:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2018-07-17 23:00 - 2018-07-17 23:01 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2018-07-17 23:00 - 2018-07-17 23:01 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2018-07-17 23:00 - 2018-07-17 23:01 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2018-07-17 23:00 - 2018-07-17 23:01 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
    2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-07-10 19:04 - 2018-07-05 23:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-07-07 11:19 - 2017-06-27 11:15 - 066355808 _____ () C:\Program Files\Intel Security\True Key\Application\libcef.dll
    2016-01-06 09:41 - 2016-01-06 09:41 - 000062168 _____ () C:\Program Files\CCleaner\branding.dll
    2018-07-26 13:16 - 2018-07-26 13:17 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2018-07-26 13:16 - 2018-07-26 13:16 - 068154880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2017-10-05 09:26 - 2017-10-05 09:29 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
    2018-07-20 08:54 - 2018-07-20 08:57 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
    2018-07-20 08:54 - 2018-07-20 08:57 - 004139008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
    2018-05-03 14:49 - 2018-05-03 14:50 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
    2018-07-20 08:54 - 2018-07-20 08:57 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
    2018-03-29 13:23 - 2018-03-29 13:26 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
    2018-07-26 13:16 - 2018-07-26 13:17 - 014919168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
    2018-07-20 08:54 - 2018-07-20 08:57 - 003982848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngine.dll
    2018-07-26 13:16 - 2018-07-26 13:16 - 002938880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
    2018-05-27 08:45 - 2018-05-27 08:46 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
    2018-07-20 08:54 - 2018-07-20 08:57 - 001396224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
    2018-07-26 13:16 - 2018-07-26 13:17 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-08-09 21:48 - 2018-08-07 17:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
    2018-08-09 21:48 - 2018-08-07 17:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
    2018-01-05 01:14 - 2018-01-05 01:14 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2018-01-05 01:14 - 2018-01-05 01:14 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2018-01-05 01:14 - 2018-01-05 01:14 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-08-10 08:24 - 2017-08-10 08:24 - 072940016 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
    2018-08-12 11:24 - 2018-08-12 11:24 - 000483544 _____ () c:\program files\avast software\avast\streamback.dll
    2018-08-12 11:28 - 2018-08-12 11:28 - 005737088 _____ () c:\program files\avast software\avast\defs\18081201\algo.dll
    2018-08-12 11:24 - 2018-08-12 11:24 - 000532696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
    2018-08-12 11:23 - 2018-08-12 11:23 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
    2018-08-12 11:24 - 2018-08-12 11:24 - 000985304 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
    2018-08-12 11:36 - 2018-08-12 11:36 - 005654160 _____ () c:\program files\avast software\avast\defs\18081204\algo.dll
    2018-08-12 11:33 - 2018-08-12 11:33 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2018-08-12 11:23 - 2018-08-12 11:23 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\CustomModeApp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\CustomModeAppv2_0.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID [130]
    AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\igfxCUIService.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiVAD64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\ivusb.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [130]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Users\admin\Downloads\Firefox Setup Stub 40.0.3.exe:$CmdTcID [64]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKU\S-1-5-21-2848961991-288533299-670403562-1000\Software\Classes\.scr: scrfile => <==== ATTENTION

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-11-09 18:26 - 2018-08-12 11:31 - 000000028 _____ C:\WINDOWS\system32\Drivers\etc\hosts

    0.0.0.1 mssplus.mcafee.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2848961991-288533299-670403562-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-21-2848961991-288533299-670403562-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: AdAppMgrSvc => 2
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: Autodesk Content Service => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: cmdvirth => 3
    MSCONFIG\Services: DevMgmtService => 2
    MSCONFIG\Services: FlexNet Licensing Service 64 => 2
    MSCONFIG\Services: FreemakeVideoCapture => 2
    MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: McAfee Vpn Service => 3
    MSCONFIG\Services: McComponentHostService => 3
    MSCONFIG\Services: TrueKey => 2
    MSCONFIG\Services: TrueKeyScheduler => 2
    MSCONFIG\Services: TrueKeyServiceHelper => 2
    MSCONFIG\Services: WinZip Compression Smart Monitor Service => 2
    MSCONFIG\Services: WinZip Smart Monitor Service => 2
    HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
    HKLM\...\StartupApproved\Run: => "SecurityHealth"
    HKLM\...\StartupApproved\Run: => "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
    HKLM\...\StartupApproved\Run: => "WinZip FAH"
    HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
    HKLM\...\StartupApproved\Run: => "WinZip UN"
    HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
    HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "ProductUpdater"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Autodesk Sync"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Akamai NetSession Interface"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Chromium"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "AfterPlayMonitor"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "McAfeeSafeConnect"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{045630E8-186E-483F-8DE5-101DCDEF323F}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe
    FirewallRules: [{55F4A9A1-BC88-4B68-BA28-A7EF2DA02289}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe
    FirewallRules: [{D65E23F2-980F-43B2-9065-C7A2EBD806F5}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe
    FirewallRules: [{AA648B96-5F65-422A-9A95-A133A3AB7D95}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe
    FirewallRules: [{81D4C61E-F73A-4242-9948-6020DB70BBD0}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe
    FirewallRules: [{4FF3DA52-3FAF-4192-BAEF-D2F7BA137FDA}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe
    FirewallRules: [{39405740-FEA2-467A-94D8-40B14987C35B}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe
    FirewallRules: [{6180B6E9-4505-4696-A7E8-E7C544DDDA1C}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe
    FirewallRules: [{EBCAD962-12F5-44A6-89BE-D79529A5B7E6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{DA345B5E-32DB-40D7-8772-7C0471FF4388}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [{A64CED85-A815-4BAE-B1AC-E04821739A81}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe
    FirewallRules: [{3E607D95-D964-4150-BC93-794291FC221E}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe
    FirewallRules: [{9A3F94F6-1D14-41F4-AEA2-B1B23AB8B15A}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7E19\HPDiagnosticCoreUI.exe
    FirewallRules: [{2932F3DA-E743-4FFB-92F3-6CA5CCF9799C}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7E19\HPDiagnosticCoreUI.exe
    FirewallRules: [{CF1DEA46-D310-499C-AA17-BA73A3ECC6C4}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7232\HPDiagnosticCoreUI.exe
    FirewallRules: [{B92D6D09-328E-4F95-BDD7-B3EB9922C721}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7232\HPDiagnosticCoreUI.exe
    FirewallRules: [{182FCE87-E5B6-4B9E-8603-01F6958510D6}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS6679\HPDiagnosticCoreUI.exe
    FirewallRules: [{6C0124A7-AEB1-49DC-9C41-5E9E03964955}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS6679\HPDiagnosticCoreUI.exe
    FirewallRules: [{8CF6A2B3-59BD-4EC5-B6E0-731376415216}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{30783D84-8016-40BB-B4B0-468EF4A78ED8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{95CD1AA8-E84A-44B7-ABFB-A09CF1DA68B3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{14667F32-C931-4C34-8972-404D38837FBA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{3CB307AA-2DC7-4984-892A-374D8BA928F8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
    FirewallRules: [{55DCA2AA-CB65-413B-B024-EFBB6AEF849E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
    FirewallRules: [{5B809C84-4941-4E2E-A7D3-B17F8258F682}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
    FirewallRules: [{8A03454A-B710-4C0D-9FA9-C61B8E94A565}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
    FirewallRules: [UDP Query User{50DA4D58-6612-4FF7-8EF6-66C3A6C8F8D3}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\admin\appdata\local\akamai\netsession_win.exe
    FirewallRules: [TCP Query User{EE84B819-D1EE-4A6E-8192-3623D4D237A7}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\admin\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{49105C15-6D06-4038-BFB9-487888D38FF2}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{20C2EE6F-BB06-446A-968B-2E8DC33AAD68}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{3222933B-AB7D-4706-A60B-F056838A70F4}] => (Allow) LPort=50248
    FirewallRules: [UDP Query User{4AF32029-E6DC-4B44-A019-7F21F3D1CACF}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\admin\appdata\local\akamai\netsession_win.exe
    FirewallRules: [TCP Query User{4E752B87-E112-4068-AA65-4CAB5770B635}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\admin\appdata\local\akamai\netsession_win.exe
    FirewallRules: [TCP Query User{1361D9A1-184E-46FA-A496-DC624C32A6C8}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\admin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{E702AB62-E09E-4AE0-9164-5CB2A03F572C}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\admin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{E6FF717D-D762-4D20-83DA-383E6FCABBDD}] => (Allow) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    FirewallRules: [{D3A09AF4-9739-43E4-9A06-1041E6BB6299}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS2403\HPDiagnosticCoreUI.exe
    FirewallRules: [{83A22F8F-C005-4458-9885-C781CC523327}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS2403\HPDiagnosticCoreUI.exe
    FirewallRules: [{808C33CF-AEBB-4BD5-933A-75EE1927F365}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS24A0\HPDiagnosticCoreUI.exe
    FirewallRules: [{CF58BA79-68C7-40E5-A9A3-4D9D5011A543}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS24A0\HPDiagnosticCoreUI.exe
    FirewallRules: [{99A27AB0-568B-4382-81FC-B946297CBE41}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS5DD0\HPDiagnosticCoreUI.exe
    FirewallRules: [{C4638C61-C2D5-464B-AB0C-06C000F8C031}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS5DD0\HPDiagnosticCoreUI.exe
    FirewallRules: [{090A6C85-F13B-4233-A6BB-FBA9EC7FF739}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS530D\HPDiagnosticCoreUI.exe
    FirewallRules: [{3B4BB1C0-776C-4AE3-A2B4-B1A9A0928565}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS530D\HPDiagnosticCoreUI.exe
    FirewallRules: [{129EFD3A-26ED-4D07-B7DB-D148FA6FB635}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS41B6\HPDiagnosticCoreUI.exe
    FirewallRules: [{AE2F7BCC-7D3D-45DF-9CD2-2F3486763270}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS41B6\HPDiagnosticCoreUI.exe
    FirewallRules: [{06ED8793-251E-4650-A3EE-8C09FF040356}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS44ED\HPDiagnosticCoreUI.exe
    FirewallRules: [{9F08467F-0E68-4BE3-9F4C-A54D043EB237}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS44ED\HPDiagnosticCoreUI.exe
    FirewallRules: [{7EE8E09D-64C6-46B6-A7C4-615A4A720182}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS456C\HPDiagnosticCoreUI.exe
    FirewallRules: [{E062B003-D826-4BBB-B3BF-F3293262AFA4}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS456C\HPDiagnosticCoreUI.exe
    FirewallRules: [{A9D7B99F-BEF0-4BE5-A00A-C671BCAD56F5}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0FF7\HPDiagnosticCoreUI.exe
    FirewallRules: [{38D19241-E76C-4C52-ABC7-2D80BA593224}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0FF7\HPDiagnosticCoreUI.exe
    FirewallRules: [{60F532E2-DF75-47BD-AC55-1D59CD9B9733}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS3D4D\HPDiagnosticCoreUI.exe
    FirewallRules: [{5D396C44-BCE9-4368-A8AF-D2E8CEEF93E1}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS3D4D\HPDiagnosticCoreUI.exe
    FirewallRules: [{8054A7A7-F7CC-4C88-8762-F2704659F7B6}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0F2B\HPDiagnosticCoreUI.exe
    FirewallRules: [{7F70D801-2D8A-486B-83FD-0601C0160ADA}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0F2B\HPDiagnosticCoreUI.exe
    FirewallRules: [{160448D9-ECE9-4261-9F55-A84F808F17D9}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS65D3\HP.EasyStart.exe
    FirewallRules: [{E4B3F583-FC98-45C8-994F-6C0139A80AB2}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS6DE3\HP.EasyStart.exe
    FirewallRules: [{495DB74B-4812-4E07-8201-3B8BD892E2D7}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\DeviceSetup.exe
    FirewallRules: [{EA11A5E9-E56C-451F-9AF7-6B9F81AD209A}] => (Allow) LPort=5357
    FirewallRules: [{51F78C7D-B6F3-483D-9961-3BF770A7E24A}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{87CDB79B-C1D2-40D9-B30F-C65CC66278E8}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS2375\HP.EasyStart.exe
    FirewallRules: [{5073659A-010B-4E58-B0B2-5D7104998141}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0511\HPDiagnosticCoreUI.exe
    FirewallRules: [{CA0630C3-B651-41B0-84A7-4D696ACF1D29}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0511\HPDiagnosticCoreUI.exe
    FirewallRules: [{73AF51E0-4C4E-4935-A4EA-6D93510B8F7E}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0C71\HP.EasyStart.exe
    FirewallRules: [{0D9AE5EE-A360-4282-AF9F-2DBE07C66A2E}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7767\HPDiagnosticCoreUI.exe
    FirewallRules: [{59E5435B-56BE-4237-8A6B-2A1FFBB5D593}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7767\HPDiagnosticCoreUI.exe
    FirewallRules: [{218544BD-AFE2-4557-BA8C-A21F9AED759B}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0915\HPDiagnosticCoreUI.exe
    FirewallRules: [{4F6482CB-3C58-4AFB-8EEB-3968D145399B}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0915\HPDiagnosticCoreUI.exe
    FirewallRules: [{CB1F88CE-E830-4C96-803B-15DB70033C25}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS06AB\HPDiagnosticCoreUI.exe
    FirewallRules: [{92FAA138-C64E-48AB-8831-516561152E76}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS06AB\HPDiagnosticCoreUI.exe
    FirewallRules: [{34BEA1B3-8AA0-466D-8DE4-A6F4795AAA45}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS1739\HPDiagnosticCoreUI.exe
    FirewallRules: [{90CE71C9-3409-4B02-9C5F-FED18D5563B7}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS1739\HPDiagnosticCoreUI.exe
    FirewallRules: [{F140B7AA-BBD0-4A1A-A69C-7D4352BF86B7}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS25D3\HPDiagnosticCoreUI.exe
    FirewallRules: [{3F93297B-63A0-4481-928D-C58B19FA39D1}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS25D3\HPDiagnosticCoreUI.exe
    FirewallRules: [{A416FC16-54C8-471D-ABBE-6D40E2B4235D}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0A52\HPDiagnosticCoreUI.exe
    FirewallRules: [{A72AB0C6-13AE-4E6F-AC16-17C3383DB024}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0A52\HPDiagnosticCoreUI.exe
    FirewallRules: [{5C260C40-B8F0-49D3-B9B0-C73BAC819BD4}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS13BC\HP.EasyStart.exe
    FirewallRules: [{F15A450D-6B53-480E-825C-902BE2B74F72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{62960173-84E8-46B1-AC2B-D53E4CBAA0F6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
    FirewallRules: [{41C3280A-E90B-49AA-9757-A8ED48EFCA64}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
    FirewallRules: [{FFBE735D-0197-4C4A-B2D6-E8591E7CE695}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
    FirewallRules: [{E221C328-6768-484B-8285-93D86CC7E751}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

  2. #2
    Join Date
    May 2005
    Posts
    122
    FRST Addition.txt part 2 of 2:

    ==================== Restore Points =========================

    23-07-2018 17:23:07 Scheduled Checkpoint
    05-08-2018 18:26:03 Scheduled Checkpoint
    08-08-2018 20:28:51 Removed WinZip 22.0.

    ==================== Faulty Device Manager Devices =============

    Name: 260ci WIA Driver (USB)
    Description: 260ci WIA Driver (USB)
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Kyocera
    Service: usbscan
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/12/2018 11:28:55 AM) (Source: ESENT) (EventID: 455) (User: )
    Description: taskhostw (8812,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log.

    Error: (08/12/2018 11:28:55 AM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhostw (8812,R,98) WebCacheLocal: An attempt to open the file "C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (08/12/2018 11:23:31 AM) (Source: ESENT) (EventID: 489) (User: )
    Description: taskhostw (8812,G,0) An attempt to open the file "C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (08/12/2018 11:12:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 22b4

    Start Time: 01d43267eb5fd345

    Termination Time: 6

    Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

    Report Id: 85c3922e-dcea-4288-80e3-70656b2d3d0e

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (08/12/2018 11:03:52 AM) (Source: ESENT) (EventID: 489) (User: )
    Description: taskhostw (8812,G,0) An attempt to open the file "C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (08/12/2018 11:00:33 AM) (Source: ESENT) (EventID: 489) (User: )
    Description: taskhostw (8812,G,0) An attempt to open the file "C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (08/12/2018 10:37:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program WINWORD.EXE version 12.0.6787.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 21e4

    Start Time: 01d43262ffe97f9d

    Termination Time: 19

    Application Path: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

    Report Id: ae38f309-a53b-45eb-b32d-b5a850f878ed

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (08/09/2018 03:41:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_MapsBroker, version: 10.0.17134.1, time stamp: 0xa38b9ab2
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0x8400000e
    Fault offset: 0x0000000000000000
    Faulting process id: 0x26f8
    Faulting application start time: 0x01d430320f54987e
    Faulting application path: C:\WINDOWS\System32\svchost.exe
    Faulting module path: unknown
    Report Id: ec2653e9-6aed-47f8-9550-89de015416f2
    Faulting package full name:
    Faulting package-relative application ID:


    System errors:
    =============
    Error: (08/12/2018 11:30:22 AM) (Source: DCOM) (EventID: 10016) (User: admin-PC)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user admin-PC\admin SID (S-1-5-21-2848961991-288533299-670403562-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/12/2018 11:15:25 AM) (Source: DCOM) (EventID: 10016) (User: admin-PC)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user admin-PC\admin SID (S-1-5-21-2848961991-288533299-670403562-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/12/2018 11:14:58 AM) (Source: DCOM) (EventID: 10016) (User: admin-PC)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user admin-PC\admin SID (S-1-5-21-2848961991-288533299-670403562-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/12/2018 11:13:48 AM) (Source: DCOM) (EventID: 10016) (User: admin-PC)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user admin-PC\admin SID (S-1-5-21-2848961991-288533299-670403562-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/12/2018 11:09:41 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for Start with the following error:
    Access is denied.

    Error: (08/12/2018 11:09:41 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for Start with the following error:
    Access is denied.

    Error: (08/12/2018 11:09:31 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for Start with the following error:
    Access is denied.

    Error: (08/12/2018 11:09:31 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for Start with the following error:
    Access is denied.


    Windows Defender:
    ===================================
    Date: 2018-07-29 10:17:24.816
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {C6C30E64-4297-4E77-8337-01EFB718A93A}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-07-29 09:50:01.476
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {8593DB24-A45E-41DE-AEC5-6C44AB05E081}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-07-21 11:00:15.155
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {0E9780BC-DA01-48C7-A4E7-4221C09D6F3E}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-07-21 10:51:45.504
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {ED6BEC6A-6368-4EF9-BE1E-E9A92B8FC6A2}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-07-17 17:21:24.317
    Description:
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...8&enterprise=0
    Name: SoftwareBundler:Win32/ICLoader
    ID: 222548
    Severity: High
    Category: Software Bundler
    Path: containerfile:_C:\Users\admin\Desktop\Chemistry_complete_solutions_manual_zumdahl.rar;file:_C:\Users\admin\Desktop\Chemistry_complete_solutions_manual_zumdahl.rar->Chemistry_complete_solutions_manual_zumdahl.exe
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.271.1085.0, AS: 1.271.1085.0, NIS: 1.271.1085.0
    Engine Version: AM: 1.1.15000.2, NIS: 1.1.15000.2

    CodeIntegrity:
    ===================================

    Date: 2018-08-08 20:38:26.246
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-08-04 20:37:44.833
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-08-04 15:40:47.561
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-08-02 20:33:44.564
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-07-31 21:16:56.950
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-07-21 08:59:03.698
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-07-14 07:40:11.898
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-07-12 13:52:52.030
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
    Percentage of memory in use: 50%
    Total physical RAM: 7980.45 MB
    Available physical RAM: 3966.49 MB
    Total Virtual: 10980.45 MB
    Available Virtual: 6739.37 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.22 GB) (Free:33.07 GB) NTFS

    \\?\Volume{28c6728b-cb27-11e3-b997-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
    \\?\Volume{5e4cd43b-0000-0000-0000-a05474000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 5E4CD43B)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=449 MB) - (Type=27)

    ==================== End of Addition.txt ============================

  3. #3
    Join Date
    May 2005
    Posts
    122
    FRST First.txt:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
    Ran by admin (administrator) on ADMIN-PC (12-08-2018 11:40:43)
    Running from C:\Users\admin\Desktop
    Loaded Profiles: admin & test (Available Profiles: admin & test)
    Platform: Windows 10 Pro Version 1803 17134.165 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
    (EtaKnight Corp.) C:\Program Files (x86)\Common Files\EtaKnightFBD\EtaKnightFBD.exe
    (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (HP Inc.) C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe
    (HP Inc.) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    (Microsoft Corporation) C:\Windows\System32\OpenWith.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe
    (Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-11] (WinZip)
    HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [123848 2017-12-11] (WinZip Computing, S.L.)
    HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2017-12-11] (WinZip Computing, S.L.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-08-12] (AVAST Software)
    HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-23] (Autodesk Inc.)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-08-12] (Piriform Ltd)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Akamai NetSession Interface] => C:\Users\admin\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1336320 2015-11-25] (Autodesk, Inc.)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Chromium] => c:\users\admin\appdata\local\chromium\application\chrome.exe [1068544 2016-07-20] (The Chromium Authors)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [AfterPlayMonitor] => C:\Users\admin\AppData\Roaming\Letv\AfterPlay\AfterPlayMonitor.ex
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Spotify] => C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe [23177616 2018-05-15] (Spotify Ltd)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Spotify Web Helper] => C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-05-15] (Spotify Ltd)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3769992 2017-05-23] (HP Inc.)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1112960 2018-03-14] (McAfee Inc.)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Policies\Explorer: []
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-2848961991-288533299-670403562-1003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-03-30]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Restriction ? <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: 0.0.0.1 mssplus.mcafee.com
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{46a08850-0e90-406a-8c8a-a65490766f68}: [DhcpNameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{7f012f1d-d444-46dc-89c0-6411293ce9c9}: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{9e593974-1e17-4fac-a659-147e3b723a0b}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=863135318&param1=y6bdVFVIsvuYsgEClQfz8IfaIrULFWUA2DMVetLqXBqiFV%2BtmuyqTegcVHCAouGVJjEy4I%2BJBlxjnTUWSprVhdJGgPTJKl%2FxG7fScYw9DuIplua5gaNtH9yot3htfl3OusS0KgvxytFGiu1xPLQJhsGm15jJeKMAL6MRb67v%2FYacXYgS1uNyLbhm1rSZ%2BhujnyFuUIgokBvXe%2FxFNqNyWG33oOAX%2FV8%2FIzrv%2F86abalnRZKyhBlUHfPeJl2KC3iDC%2BcMangZOTN%2B9pqfmznDMA%3D%3D
    SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=863135318&param1=y6bdVFVIsvuYsgEClQfz8IfaIrULFWUA2DMVetLqXBqiFV%2BtmuyqTegcVHCAouGVWvRSw%2FadslqYgx%2BIKWxvrElMAGX4Jg%2FkuUrDIdCM3R80%2B6%2BU45yW7ca%2F8eOx4IBMPER7DcXX%2F%2F05V8rrZfiJg2ic6Cg%2B2msXH9qGytTZ2pK9Zn8fvB1luyqm8aQloI2EUQ8ogAvu57O9KEF7u5EHwi7ChEAVT9ZEOjFxgqUVUaMv9dN%2BOLEiw%2FRqURucQGoFNzJYBq8mUKdkXg%2BdL2IXAA%3D%3D&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33010001005_10.0.1.6209_u_ds
    BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
    BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-14] (Bitdefender)
    BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
    BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-05-14] (Bitdefender)
    BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-07-30] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-30] (Oracle Corporation)
    Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
    Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-14] (Bitdefender)
    Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
    Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-05-14] (Bitdefender)
    Toolbar: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
    Toolbar: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-14] (Bitdefender)

    FireFox:
    ========
    FF DefaultProfile: lo0n6qk9.default
    FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo0n6qk9.default [2018-08-12]
    FF Homepage: Mozilla\Firefox\Profiles\lo0n6qk9.default -> www.yahoo.com/
    FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
    FF Extension: (No Name) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2017-07-14]
    FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
    FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-07-14] [Legacy] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
    FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-30] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-30] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2848961991-288533299-670403562-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\admin\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
    FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-05-11] (Cisco WebEx LLC)

    Chrome:
    =======
    CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=863135318&param1=y6bdVFVIsvuYsgEClQfz8IfaIrULFWUA2DMVetLqXBqiFV%2BtmuyqTegcVHCAouGVmtx3XgLifo%2F3ajI0t4UmyMHg0Okr%2FORFyfZy%2BweCQtHdeeFQjdZ8DAnJe8psehSLt6Sgc29QyATMMiemNSpqW1pUe748js73%2Bpy%2BExmegKL0bObVYjOx59ixKgp%2FM8MyU7HlnxTPZ7QIBxpGR2yUInuo%2BaNhHPL1zW%2BtMBhaU%2FAloFmFKol66NrNKg4StLpvbsdDmom73OYxQOOZ0UsD%2BBvVqSjO6WC09Wffb0HFDBQ%3D
    CHR StartupUrls: Default -> "hxxp://google.com/"
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
    CHR DefaultSearchKeyword: Default -> Yahoo
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
    CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2018-08-12]
    CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-12]
    CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-12]
    CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-12]
    CHR Extension: (Yahoo Partner) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep [2018-07-12]
    CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-12]
    CHR Extension: (Adobe Acrobat) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-07-12]
    CHR Extension: (hTab) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj [2018-07-12]
    CHR Extension: (Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-12]
    CHR Extension: (Bitdefender Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2018-07-12]
    CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-12]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-12]
    CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-12]
    CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-12]
    CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-12]
    CHR HKLM\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2848961991-288533299-670403562-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2848961991-288533299-670403562-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkcffmoikcgfhagefelmhiakelnjihik] - hxxps://chrome.google.com/webstore/detail/gkcffmoikcgfhagefelmhiakelnjihik
    CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    "EtaKnightFBD" => service was unlocked. <==== ATTENTION

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
    S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-08-12] (AVAST Software)
    S4 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-08-12] (AVAST Software)
    R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2137280 2018-04-17] (Bitdefender)
    R4 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [105936 2018-05-08] (Bitdefender)
    R2 EtaKnightFBD; C:\Program Files (x86)\Common Files\EtaKnightFBD\EtaKnightFBD.exe [2391288 2018-08-01] (EtaKnight Corp.) [File not signed]
    S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-11-02] (Ellora Assets Corp.) [File not signed]
    S2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-09-24] (Intel Corporation)
    S4 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [314368 2018-03-06] (AnchorFree Inc.) [File not signed]
    S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-26] (McAfee, Inc.)
    R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1275776 2018-05-16] (Bitdefender)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    S4 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
    S4 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
    S4 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [112712 2018-05-14] (Bitdefender)
    R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [1001072 2018-05-14] (Bitdefender)
    R2 vsservp; C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe [522624 2018-05-14] (Bitdefender)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-30] (Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-30] (Microsoft Corporation)
    S4 WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [495872 2017-09-01] ()
    S4 WinZip Smart Monitor Service; C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe [816896 2017-12-04] ()

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (The OpenVPN Project)
    S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [197160 2018-08-12] (AVAST Software)
    S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229392 2018-08-12] (AVAST Software)
    S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201328 2018-08-12] (AVAST Software)
    S3 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-08-12] (AVAST Software)
    S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59592 2018-08-12] (AVAST Software)
    S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-08-12] (AVAST Software)
    R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-08-12] (AVAST Software)
    S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-08-12] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159640 2018-08-12] (AVAST Software)
    S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111872 2018-08-12] (AVAST Software)
    S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-08-12] (AVAST Software)
    S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027728 2018-08-12] (AVAST Software)
    R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [463080 2018-08-12] (AVAST Software)
    S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [211160 2018-08-12] (AVAST Software)
    S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381584 2018-08-12] (AVAST Software)
    R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1177008 2018-05-14] (BitDefender S.R.L. Bucharest, ROMANIA)
    R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1723552 2018-05-14] (BitDefender)
    S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-05-14] (Bitdefender)
    R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [130840 2018-05-14] (BitDefender LLC)
    R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [45104 2018-05-14] (© Bitdefender SRL)
    R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96448 2018-05-14] (BitDefender)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-12-18] (Samsung Electronics Co., Ltd.)
    R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [189544 2018-05-14] (BitDefender LLC)
    R0 Ignis; C:\WINDOWS\System32\DRIVERS\ignis.sys [191592 2018-05-14] (Bitdefender)
    R3 LBAI; C:\WINDOWS\System32\Drivers\LBAI.sys [30432 2017-04-29] (Lenovo)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-12-18] (Samsung Electronics Co., Ltd.)
    R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [609576 2018-08-02] (Bitdefender)
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-07-30] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-07-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-30] (Microsoft Corporation)
    U3 aswbdisk; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-08-12 11:44 - 2018-08-12 11:44 - 000000000 ____D C:\Users\admin\AppData\Roaming\AVAST Software
    2018-08-12 11:40 - 2018-08-12 11:49 - 000028143 _____ C:\Users\admin\Desktop\FRST.txt
    2018-08-12 11:39 - 2018-08-12 11:40 - 000000000 ____D C:\FRST
    2018-08-12 11:38 - 2018-08-12 11:38 - 002412544 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
    2018-08-12 11:34 - 2018-08-12 11:50 - 000000000 ____D C:\Users\admin\AppData\Local\AVAST Software
    2018-08-12 11:34 - 2018-08-12 11:34 - 000001939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
    2018-08-12 11:34 - 2018-08-12 11:34 - 000001927 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2018-08-12 11:30 - 2018-08-12 11:30 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
    2018-08-12 11:29 - 2018-08-12 11:29 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
    2018-08-12 11:27 - 2018-08-12 11:25 - 000463080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2018-08-12 11:27 - 2018-08-12 11:25 - 000381584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2018-08-12 11:27 - 2018-08-12 11:25 - 000378072 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2018-08-12 11:27 - 2018-08-12 11:25 - 000211160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2018-08-12 11:27 - 2018-08-12 11:25 - 000197160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
    2018-08-12 11:27 - 2018-08-12 11:25 - 000159640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2018-08-12 11:27 - 2018-08-12 11:25 - 000111872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2018-08-12 11:27 - 2018-08-12 11:25 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2018-08-12 11:27 - 2018-08-12 11:25 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2018-08-12 11:27 - 2018-08-12 11:25 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
    2018-08-12 11:27 - 2018-08-12 11:23 - 001027728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2018-08-12 11:27 - 2018-08-12 11:23 - 000346664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
    2018-08-12 11:27 - 2018-08-12 11:23 - 000239680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
    2018-08-12 11:27 - 2018-08-12 11:23 - 000229392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
    2018-08-12 11:27 - 2018-08-12 11:23 - 000201328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
    2018-08-12 11:27 - 2018-08-12 11:23 - 000059592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
    2018-08-12 11:26 - 2018-08-12 11:26 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
    2018-08-12 11:21 - 2018-08-12 11:21 - 000000000 ____D C:\Program Files\AVAST Software
    2018-08-07 07:03 - 2018-08-07 07:03 - 001587699 _____ C:\Users\admin\Desktop\Lily's Kaiser Med Card.pdf
    2018-08-05 22:34 - 2018-08-05 22:34 - 001648128 _____ C:\Users\admin\Downloads\Ch.1 ppt - for sections 1.1 to 1.3.ppt
    2018-08-05 21:13 - 2018-08-05 23:24 - 000000000 ____D C:\Users\admin\Desktop\algebra&pre-calculus
    2018-08-03 18:29 - 2018-08-05 20:39 - 000000000 ____D C:\Users\admin\Desktop\Precalculus
    2018-08-02 20:31 - 2018-08-02 20:31 - 000001060 _____ C:\Users\Public\Desktop\PCAPro.lnk
    2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Roaming\PrUpdater
    2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrUpdater
    2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Local\PrUpdater
    2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Local\PCAPro
    2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\ProgramData\PCAPro
    2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCAPro
    2018-08-02 20:30 - 2018-08-08 21:45 - 000000000 ____D C:\Program Files (x86)\PCAPro
    2018-08-02 20:30 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Roaming\PCAPInstallFiles
    2018-08-02 13:11 - 2018-08-02 13:11 - 000066184 _____ (Hari Cs Ltd) C:\Users\admin\Downloads\Installer.exe
    2018-08-02 13:10 - 2018-08-02 13:11 - 062571332 _____ C:\Users\admin\Downloads\How To Mud & Tape Drywall Butt Joints (1).mp4
    2018-08-02 13:06 - 2018-08-02 13:06 - 000000000 ____D C:\Program Files\WinZip Smart Monitor
    2018-08-02 13:05 - 2018-08-12 11:13 - 000000000 ____D C:\Program Files\WinZip Driver Updater
    2018-08-02 13:01 - 2018-08-12 11:06 - 000003426 _____ C:\WINDOWS\System32\Tasks\ByteFence
    2018-08-02 13:00 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Local\PrimePinta
    2018-08-02 13:00 - 2018-08-02 13:00 - 000000000 ____D C:\Program Files (x86)\EtaKnight
    2018-08-02 12:59 - 2018-08-02 12:59 - 000000000 ____D C:\Program Files (x86)\ApheticUfaApheticUfa
    2018-08-02 12:48 - 2018-08-02 12:49 - 062571332 _____ C:\Users\admin\Downloads\How To Mud & Tape Drywall Butt Joints.mp4
    2018-08-01 21:26 - 2018-08-01 21:27 - 009418262 _____ C:\Users\admin\Downloads\LBPM - HOA.pdf
    2018-08-01 21:25 - 2018-08-01 21:25 - 000159744 _____ C:\Users\admin\Downloads\3918 Huron Avenue Homeowners Association Proposal.pdf
    2018-07-31 21:24 - 2018-07-31 21:24 - 000029253 _____ C:\ProgramData\agent.update.1533097466.bdinstall.bin
    2018-07-31 16:17 - 2018-07-31 16:17 - 000369206 _____ C:\Users\admin\Documents\Scan.pdf
    2018-07-31 16:03 - 2018-07-31 16:03 - 001413758 _____ C:\Users\admin\Desktop\signed papers Value Windows.pdf
    2018-07-31 12:36 - 2018-07-31 12:36 - 000457492 _____ C:\Users\admin\Downloads\installation fee.pdf
    2018-07-31 11:46 - 2018-07-31 11:46 - 000546320 _____ C:\Users\admin\Downloads\7573011 (4).pdf
    2018-07-31 11:36 - 2018-07-31 11:36 - 000546320 _____ C:\Users\admin\Downloads\7573011 (3).pdf
    2018-07-31 11:30 - 2018-07-31 11:30 - 000546320 _____ C:\Users\admin\Downloads\7573011 (2).pdf
    2018-07-31 11:21 - 2018-07-31 11:21 - 001349800 _____ C:\Users\admin\Downloads\755351507302018_0015 (2).pdf
    2018-07-31 11:21 - 2018-07-31 11:21 - 000546320 _____ C:\Users\admin\Downloads\7573011 (1).pdf
    2018-07-31 11:18 - 2018-07-31 11:18 - 001349800 _____ C:\Users\admin\Downloads\755351507302018_0015 (1).pdf
    2018-07-31 11:14 - 2018-07-31 11:14 - 000546320 _____ C:\Users\admin\Downloads\7573011.pdf
    2018-07-30 21:12 - 2018-07-30 21:12 - 001349753 _____ C:\Users\admin\Desktop\Value Windows Annie La estemate.pdf
    2018-07-30 21:11 - 2018-07-30 21:11 - 001349800 _____ C:\Users\admin\Downloads\755351507302018_0015.pdf
    2018-07-30 10:22 - 2018-07-30 10:22 - 000000000 ____D C:\Users\admin\Desktop\volunteer
    2018-07-26 21:15 - 2018-07-26 21:15 - 000063461 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (8).pdf
    2018-07-26 21:15 - 2018-07-26 21:15 - 000063461 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (7).pdf
    2018-07-26 21:14 - 2018-07-26 21:14 - 000063461 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (6).pdf
    2018-07-26 15:51 - 2018-07-26 15:51 - 001042768 _____ C:\Users\admin\Desktop\$250 12-29-17 to 6-29-18.pdf
    2018-07-26 15:51 - 2018-07-26 15:51 - 000035286 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (5).pdf
    2018-07-26 15:49 - 2018-07-26 15:49 - 001042768 _____ C:\Users\admin\Downloads\$250 12-29-17 to 6-29-18.pdf
    2018-07-26 13:59 - 2018-07-26 13:59 - 000066137 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (4).pdf
    2018-07-26 13:55 - 2018-07-26 13:55 - 000025765 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (3).pdf
    2018-07-26 13:54 - 2018-07-26 13:54 - 000025765 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (2).pdf
    2018-07-26 13:53 - 2018-07-26 13:53 - 000071911 _____ C:\Users\admin\Downloads\Files_Online2PDF.zip
    2018-07-26 13:53 - 2018-07-26 13:53 - 000025765 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (1).pdf
    2018-07-26 13:48 - 2018-07-26 13:48 - 000025709 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26.pdf
    2018-07-26 13:35 - 2018-07-26 13:35 - 000094208 _____ C:\Users\admin\Desktop\Account Details Print Friendly.pdf
    2018-07-26 13:21 - 2018-08-05 21:13 - 000000000 ____D C:\Users\admin\Desktop\print
    2018-07-25 17:30 - 2018-07-25 17:30 - 000101433 _____ C:\Users\admin\Desktop\property manager Q.pdf
    2018-07-25 12:21 - 2018-07-25 12:21 - 000437787 _____ C:\Users\admin\Desktop\owner,builders contractors license.pdf
    2018-07-23 21:01 - 2018-07-23 21:01 - 000034204 _____ C:\Users\admin\Desktop\LA world affairs council for high school student.pdf
    2018-07-23 20:08 - 2018-07-23 20:09 - 000016320 _____ C:\Users\admin\Downloads\Proposal 071618.pdf
    2018-07-21 10:34 - 2018-07-21 10:34 - 000276743 _____ C:\Users\admin\Downloads\FullBill (3).pdf
    2018-07-21 10:34 - 2018-07-21 10:34 - 000276743 _____ C:\Users\admin\Downloads\FullBill (2).pdf
    2018-07-21 10:33 - 2018-07-21 10:33 - 000152623 _____ C:\Users\admin\Downloads\FullBill (1).pdf
    2018-07-21 10:31 - 2018-07-21 10:31 - 000152623 _____ C:\Users\admin\Downloads\FullBill.pdf
    2018-07-20 09:46 - 2018-07-20 09:46 - 000000722 _____ C:\Users\admin\Downloads\invite.ics
    2018-07-20 09:33 - 2018-07-20 09:33 - 000716847 _____ C:\Users\admin\Downloads\PMC Lab Results - XU.pdf
    2018-07-20 09:32 - 2018-07-20 09:32 - 000260726 _____ C:\Users\admin\Downloads\PMC Clearance Cert- XU.pdf
    2018-07-19 17:55 - 2018-07-19 17:55 - 000118784 _____ C:\Users\admin\Desktop\guitar 2.pdf
    2018-07-18 22:18 - 2018-07-18 22:18 - 000393311 _____ C:\Users\admin\Desktop\volunteer links.pdf
    2018-07-18 22:07 - 2018-07-18 22:07 - 000103464 _____ C:\Users\admin\Desktop\volunteer opportunities.pdf
    2018-07-18 21:53 - 2018-07-18 21:53 - 000397359 _____ C:\Users\admin\Desktop\50 community service ideas for teen volunteers.pdf
    2018-07-17 19:47 - 2018-07-17 19:48 - 000413376 _____ C:\Users\admin\Downloads\joist_estimate__525___signed___xu (2).pdf
    2018-07-17 19:47 - 2018-07-17 19:47 - 000413376 _____ C:\Users\admin\Downloads\joist_estimate__525___signed___xu (1).pdf
    2018-07-17 19:42 - 2018-07-26 22:35 - 000000000 ____D C:\Users\admin\Desktop\mold
    2018-07-17 15:44 - 2018-07-17 15:44 - 000253035 _____ C:\Users\admin\Downloads\xu_payment.pdf
    2018-07-17 15:44 - 2018-07-17 15:44 - 000116073 _____ C:\Users\admin\Downloads\Invoice_13282_from_Water_Damage_Zone_and_Restoration_Inc (1).pdf
    2018-07-17 15:43 - 2018-07-17 15:43 - 000413376 _____ C:\Users\admin\Downloads\joist_estimate__525___signed___xu.pdf
    2018-07-17 15:43 - 2018-07-17 15:43 - 000116073 _____ C:\Users\admin\Downloads\Invoice_13282_from_Water_Damage_Zone_and_Restoration_Inc.pdf
    2018-07-17 14:02 - 2018-07-17 14:02 - 000040595 _____ C:\Users\admin\Downloads\Travelers claim FCR3458.pdf
    2018-07-17 10:33 - 2018-07-17 10:33 - 005018422 _____ C:\Users\admin\Downloads\Parker Stanbury #3 Mold (1).m4a
    2018-07-17 09:55 - 2018-07-17 09:55 - 005018422 _____ C:\Users\admin\Downloads\Parker Stanbury #3 Mold.m4a

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-08-12 11:48 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-08-12 11:27 - 2018-04-11 16:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2018-08-12 11:27 - 2018-04-11 14:04 - 000131072 _____ C:\WINDOWS\system32\config\ELAM
    2018-08-12 11:26 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
    2018-08-12 11:26 - 2017-08-04 19:58 - 000000000 ____D C:\ProgramData\AVAST Software
    2018-08-12 11:21 - 2015-11-11 08:00 - 000000000 ____D C:\Program Files\CCleaner
    2018-08-12 11:20 - 2018-05-13 17:29 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
    2018-08-12 11:20 - 2015-11-11 08:00 - 000000823 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2018-08-12 11:13 - 2017-03-19 12:19 - 000000000 ____D C:\ProgramData\WinZip
    2018-08-12 11:06 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-08-12 11:06 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-08-12 10:44 - 2018-05-13 17:29 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FE6F68DD-CD8C-4EAE-997E-982043BA51A1}
    2018-08-12 10:32 - 2015-05-02 20:05 - 000000000 __SHD C:\Users\admin\IntelGraphicsProfiles
    2018-08-09 21:48 - 2015-11-11 07:31 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-08-09 21:45 - 2018-05-13 16:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-08-09 19:16 - 2018-05-13 17:29 - 000003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForadmin
    2018-08-09 19:16 - 2016-07-14 21:07 - 000000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForadmin.job
    2018-08-08 20:38 - 2018-05-13 17:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-08-08 20:36 - 2018-04-11 14:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2018-08-08 20:33 - 2017-07-08 16:54 - 000038628 _____ C:\bdlog.txt
    2018-08-08 20:22 - 2018-05-18 08:28 - 000000000 ____D C:\Users\admin\AppData\Local\D3DSCache
    2018-08-07 08:03 - 2017-07-10 16:45 - 000000000 ____D C:\Users\admin\Desktop\Pali
    2018-08-07 07:44 - 2018-07-07 21:25 - 000002081 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
    2018-08-05 20:58 - 2015-11-11 11:25 - 000000000 ____D C:\Users\admin\AppData\Local\Adobe
    2018-08-04 22:59 - 2018-05-13 16:44 - 000000000 ____D C:\Users\admin
    2018-08-04 22:56 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2018-08-03 19:31 - 2017-09-03 11:22 - 000000000 ____D C:\Users\admin\Desktop\college info&AP
    2018-08-02 15:35 - 2018-07-11 06:56 - 000000000 ____D C:\ProgramData\Packages
    2018-08-02 12:11 - 2017-08-01 10:46 - 000609576 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
    2018-08-01 21:26 - 2018-06-16 21:55 - 000000000 ____D C:\Users\admin\Desktop\HOA
    2018-07-31 21:24 - 2017-07-12 10:48 - 000000000 ____D C:\Program Files\Bitdefender Agent
    2018-07-30 21:16 - 2018-04-11 09:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2018-07-26 22:22 - 2017-12-01 10:48 - 000000000 ____D C:\Users\admin\Desktop\Lisa
    2018-07-22 19:27 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
    2018-07-18 21:22 - 2018-03-15 19:21 - 000000000 ____D C:\Users\admin\Desktop\not copy pictures
    2018-07-16 17:00 - 2015-11-11 07:55 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2018-07-14 08:05 - 2017-01-12 19:33 - 000000000 ____D C:\Users\admin\Desktop\extra
    2018-07-14 07:42 - 2018-05-13 17:29 - 000004538 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2018-07-14 07:42 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2018-07-14 07:42 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed

    ==================== Files in the root of some directories =======

    2017-07-09 09:05 - 2017-04-22 15:23 - 004797632 _____ () C:\ProgramData\cis2036.exe
    2017-07-09 09:05 - 2017-04-22 15:28 - 000365248 _____ () C:\ProgramData\cmdres.dll
    2017-07-16 18:18 - 2017-07-16 18:18 - 000006144 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2017-06-29 17:39 - 2017-12-27 14:39 - 000007605 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-05-13 16:36

    ==================== End of FRST.txt ============================

  4. #4
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ==================================

    Uninstall following unwanted program:

    Driver Support

    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

  5. #5
    Join Date
    May 2005
    Posts
    122
    I've completed your last set of instructions, PC seems to be operating faster.

    RK log:
    RogueKiller V12.12.31.0 (x64) [Aug 10 2018] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.17134) 64 bits version
    Started in : Normal mode
    User : admin [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 08/12/2018 15:07:51 (Duration : 02:32:21)
    Switches : -refid

    ¤¤¤ Processes : 1 ¤¤¤
    [VT.Unknown] EtaKnightFBD.exe(3860) -- C:\Program Files (x86)\Common Files\EtaKnightFBD\EtaKnightFBD.exe[-] -> Found

    ¤¤¤ Registry : 57 ¤¤¤
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2848961991-288533299-670403562-1000\Software\csastats -> Not selected
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2848961991-288533299-670403562-1000\Software\csastats -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {045630E8-186E-483F-8DE5-101DCDEF323F} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {55F4A9A1-BC88-4B68-BA28-A7EF2DA02289} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D65E23F2-980F-43B2-9065-C7A2EBD806F5} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AA648B96-5F65-422A-9A95-A133A3AB7D95} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {81D4C61E-F73A-4242-9948-6020DB70BBD0} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4FF3DA52-3FAF-4192-BAEF-D2F7BA137FDA} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {39405740-FEA2-467A-94D8-40B14987C35B} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6180B6E9-4505-4696-A7E8-E7C544DDDA1C} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A64CED85-A815-4BAE-B1AC-E04821739A81} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3E607D95-D964-4150-BC93-794291FC221E} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9A3F94F6-1D14-41F4-AEA2-B1B23AB8B15A} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E19\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Servicessecuritytoken=1534126645-a80d5c18eb3b85e3a249b3927a40e4aa58c43d7b

  6. #6
    Join Date
    May 2005
    Posts
    122
    Re-posting, the logs did not go through last time:

    RK log:
    RogueKiller V12.12.31.0 (x64) [Aug 10 2018] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.17134) 64 bits version
    Started in : Normal mode
    User : admin [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 08/12/2018 15:07:51 (Duration : 02:32:21)
    Switches : -refid

    ¤¤¤ Processes : 1 ¤¤¤
    [VT.Unknown] EtaKnightFBD.exe(3860) -- C:\Program Files (x86)\Common Files\EtaKnightFBD\EtaKnightFBD.exe[-] -> Found

    ¤¤¤ Registry : 57 ¤¤¤
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2848961991-288533299-670403562-1000\Software\csastats -> Not selected
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2848961991-288533299-670403562-1000\Software\csastats -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {045630E8-186E-483F-8DE5-101DCDEF323F} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {55F4A9A1-BC88-4B68-BA28-A7EF2DA02289} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D65E23F2-980F-43B2-9065-C7A2EBD806F5} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AA648B96-5F65-422A-9A95-A133A3AB7D95} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {81D4C61E-F73A-4242-9948-6020DB70BBD0} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4FF3DA52-3FAF-4192-BAEF-D2F7BA137FDA} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {39405740-FEA2-467A-94D8-40B14987C35B} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6180B6E9-4505-4696-A7E8-E7C544DDDA1C} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A64CED85-A815-4BAE-B1AC-E04821739A81} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3E607D95-D964-4150-BC93-794291FC221E} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9A3F94F6-1D14-41F4-AEA2-B1B23AB8B15A} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E19\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2932F3DA-E743-4FFB-92F3-6CA5CCF9799C} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E19\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CF1DEA46-D310-499C-AA17-BA73A3ECC6C4} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7232\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B92D6D09-328E-4F95-BDD7-B3EB9922C721} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7232\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {182FCE87-E5B6-4B9E-8603-01F6958510D6} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS6679\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6C0124A7-AEB1-49DC-9C41-5E9E03964955} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS6679\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D3A09AF4-9739-43E4-9A06-1041E6BB6299} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS2403\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {83A22F8F-C005-4458-9885-C781CC523327} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS2403\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {808C33CF-AEBB-4BD5-933A-75EE1927F365} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS24A0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CF58BA79-68C7-40E5-A9A3-4D9D5011A543} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS24A0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {99A27AB0-568B-4382-81FC-B946297CBE41} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS5DD0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C4638C61-C2D5-464B-AB0C-06C000F8C031} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS5DD0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {090A6C85-F13B-4233-A6BB-FBA9EC7FF739} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS530D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3B4BB1C0-776C-4AE3-A2B4-B1A9A0928565} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS530D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {129EFD3A-26ED-4D07-B7DB-D148FA6FB635} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS41B6\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AE2F7BCC-7D3D-45DF-9CD2-2F3486763270} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS41B6\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {06ED8793-251E-4650-A3EE-8C09FF040356} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS44ED\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9F08467F-0E68-4BE3-9F4C-A54D043EB237} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS44ED\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7EE8E09D-64C6-46B6-A7C4-615A4A720182} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS456C\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E062B003-D826-4BBB-B3BF-F3293262AFA4} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS456C\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A9D7B99F-BEF0-4BE5-A00A-C671BCAD56F5} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0FF7\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {38D19241-E76C-4C52-ABC7-2D80BA593224} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0FF7\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {60F532E2-DF75-47BD-AC55-1D59CD9B9733} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS3D4D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5D396C44-BCE9-4368-A8AF-D2E8CEEF93E1} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS3D4D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8054A7A7-F7CC-4C88-8762-F2704659F7B6} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0F2B\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7F70D801-2D8A-486B-83FD-0601C0160ADA} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0F2B\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {160448D9-ECE9-4261-9F55-A84F808F17D9} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS65D3\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E4B3F583-FC98-45C8-994F-6C0139A80AB2} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS6DE3\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {87CDB79B-C1D2-40D9-B30F-C65CC66278E8} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS2375\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5073659A-010B-4E58-B0B2-5D7104998141} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0511\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CA0630C3-B651-41B0-84A7-4D696ACF1D29} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0511\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {73AF51E0-4C4E-4935-A4EA-6D93510B8F7E} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS0C71\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0D9AE5EE-A360-4282-AF9F-2DBE07C66A2E} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7767\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {59E5435B-56BE-4237-8A6B-2A1FFBB5D593} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7767\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {218544BD-AFE2-4557-BA8C-A21F9AED759B} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\admin\AppData\Local\Temp\7zS0915\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4F6482CB-3C58-4AFB-8EEB-3968D145399B} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\admin\AppData\Local\Temp\7zS0915\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CB1F88CE-E830-4C96-803B-15DB70033C25} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS06AB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {92FAA138-C64E-48AB-8831-516561152E76} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS06AB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {34BEA1B3-8AA0-466D-8DE4-A6F4795AAA45} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1739\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {90CE71C9-3409-4B02-9C5F-FED18D5563B7} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1739\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F140B7AA-BBD0-4A1A-A69C-7D4352BF86B7} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS25D3\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3F93297B-63A0-4481-928D-C58B19FA39D1} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS25D3\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A416FC16-54C8-471D-ABBE-6D40E2B4235D} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0A52\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A72AB0C6-13AE-4E6F-AC16-17C3383DB024} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0A52\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5C260C40-B8F0-49D3-B9B0-C73BAC819BD4} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS13BC\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected

    ¤¤¤ Tasks : 1 ¤¤¤
    [PUP.ByteFence|PUP.Gen1] \ByteFence -- C:\Program Files\ByteFence\ByteFence.exe (/a) -> Not selected

    ¤¤¤ Files : 1 ¤¤¤
    [PUP.Gen1][Folder] C:\Program Files\WinZip Driver Updater -> Deleted

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST9500325AS +++++
    --- User ---
    [MBR] b5acc5831cc9adb087a62a6465fb3fa7
    [BSP] 713a35468d0256ce20112474987c5972 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476388 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975851520 | Size: 449 MB
    User = LL1 ... OK
    User = LL2 ... OK



    MBAM log:
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 8/12/18
    Scan Time: 5:51 PM
    Log File: 0995531a-9e93-11e8-9b7a-4437e6b74715.json
    Administrator: Yes

    -Software Information-
    Version: 3.5.1.2522
    Components Version: 1.0.391
    Update Package Version: 1.0.6315
    License: Trial

    -System Information-
    OS: Windows 10 (Build 17134.165)
    CPU: x64
    File System: NTFS
    User: admin-PC\admin

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 396922
    Threats Detected: 247
    Threats Quarantined: 245
    Time Elapsed: 22 min, 28 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 1
    PUP.Optional.SpecialSearchOffer, C:\PROGRAM FILES (X86)\COMMON FILES\ETAKNIGHTFBD\ETAKNIGHTFBD.EXE, Quarantined, [1656], [547617],1.0.6315

    Module: 1
    PUP.Optional.SpecialSearchOffer, C:\PROGRAM FILES (X86)\COMMON FILES\ETAKNIGHTFBD\ETAKNIGHTFBD.EXE, Quarantined, [1656], [547617],1.0.6315

    Registry Key: 14
    PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ByteFence, Quarantined, [6007], [388721],1.0.6315
    PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0531C61D-483F-4330-813A-968FA887D640}, Quarantined, [6007], [388721],1.0.6315
    PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{0531C61D-483F-4330-813A-968FA887D640}, Quarantined, [6007], [388721],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinZip Smart Monitor Service, Quarantined, [1605], [456267],1.0.6315
    PUP.Optional.hTab, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\elmkjjfkkchohaaoljobaffjeedcoocj, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\elmkjjfkkchohaaoljobaffjeedcoocj, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, HKU\S-1-5-21-2848961991-288533299-670403562-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\elmkjjfkkchohaaoljobaffjeedcoocj, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bhfhojbhbnajajgihpicejdalbjlpcep, Quarantined, [291], [467247],1.0.6315
    Adware.Norassie, HKU\S-1-5-21-2848961991-288533299-670403562-1000\SOFTWARE\Norassie, Quarantined, [6974], [361347],1.0.6315
    PUP.Optional.SpecialSearchOffer.ShrtCln, HKU\S-1-5-21-2848961991-288533299-670403562-1000\SOFTWARE\SpecialSearchOffer, Quarantined, [5515], [405205],1.0.6315
    Trojan.Roraccoon, HKLM\SOFTWARE\SSO, Quarantined, [5455], [511495],1.0.6315
    PUP.Optional.SpecialSearchOffer, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EtaKnightFBD, Quarantined, [1656], [547617],1.0.6315
    PUP.Optional.SpecialSearchOffer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTALLER.EXE, Removal Failed, [1656], [532529],1.0.6315
    PUP.Optional.SpecialSearchOffer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTALLER.EXE, Removal Failed, [1656], [532529],1.0.6315

    Registry Value: 2
    Trojan.Roraccoon, HKLM\SOFTWARE\SSO|TM, Quarantined, [5455], [511495],1.0.6315
    PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0531C61D-483F-4330-813A-968FA887D640}|PATH, Quarantined, [6007], [389376],1.0.6315

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 16
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-2848961991-288533299-670403562-1000, Quarantined, [1605], [458272],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\PROGRAMDATA\WINZIP\WINZIP SMART MONITOR, Quarantined, [1605], [458272],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\_metadata, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\elmkjjfkkchohaaoljobaffjeedcoocj, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\weatherIcons, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\offlinephotos, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\_locales\en, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\_metadata, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\_locales, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\lib, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\BHFHOJBHBNAJAJGIHPICEJDALBJLPCEP, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.WinYahoo.TskLnk, C:\USERS\ADMIN\APPDATA\LOCAL\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}, Quarantined, [3725], [484244],1.0.6315

    File: 213
    PUP.Optional.ByteFence, C:\WINDOWS\SYSTEM32\TASKS\ByteFence, Quarantined, [6007], [388721],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\apps, Quarantined, [1605], [456267],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\SystemInfo-vc100-mt.dll, Quarantined, [1605], [456267],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\SystemInfo-vc100-mt.mab, Quarantined, [1605], [456267],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\Uninstall.exe, Quarantined, [1605], [456267],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe, Quarantined, [1605], [456267],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.mab, Quarantined, [1605], [456267],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe, Quarantined, [1605], [456267],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.mab, Quarantined, [1605], [456267],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-2848961991-288533299-670403562-1000\queue.data, Quarantined, [1605], [458272],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-2848961991-288533299-670403562-1000\settings.data, Quarantined, [1605], [458272],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-2848961991-288533299-670403562-1000\smsettings, Quarantined, [1605], [458272],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\_metadata\verified_contents.json, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\ctn.js, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\jquery-3.1.1.min.js, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\manifest.json, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\ntab.html, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\ntab.js, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\pp.pdf, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\search.png, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\searchicon.png, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\stats.js, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\style.css, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\tnc.pdf, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [2124], [460257],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-1.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-1@2x.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-1@3x.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-3.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-3@2x.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-3@3x.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\mlb.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\nba.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\nfl.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\nhl.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\500px.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\8tracks.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\adobe.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\airbnb.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\amazon.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\aol.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\apple.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\Arrow@2x.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\arrowCurveLeft.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bankofamerica.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bbc.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\befrugal.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\behance.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bestbuy.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bing.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bookmark.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\ce_retina_search.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\chase.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\clear.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\close_x.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\cnn.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\codepen.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\craigslist.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\dailymotion.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\document.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\dribbble.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\dropbox.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\ebay.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\espn.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\evernote.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\facebook.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\financeyahoo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\flickr.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\flickrLogo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\flickrLogo2.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\flickrLogo3.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\foxnews.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\gamesyahoo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\gear1.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\gear3.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\gettyimages.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\github.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\google.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googledocs.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googledrive.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googleinbox.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googlemaps.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googleplay.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googlesheets.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googlewebstore.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\grooveshark.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\homedepot.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\homesyahoo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\hotmail-outlook.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\icon.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\imdb.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\instagram.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\java.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\jsfiddle.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\kickstarter.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\linkedin.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mag1.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mag3.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mag4.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mailyahoo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mapquest.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mashable.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\medium.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\metacafe.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mixbit.svg, Quarantined, [291], [467247],1.0.6315%0

  7. #7
    Join Date
    May 2005
    Posts
    122
    Re-posting, the logs did not go through last time:

    RK log:
    RogueKiller V12.12.31.0 (x64) [Aug 10 2018] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.17134) 64 bits version
    Started in : Normal mode
    User : admin [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 08/12/2018 15:07:51 (Duration : 02:32:21)
    Switches : -refid

    ¤¤¤ Processes : 1 ¤¤¤
    [VT.Unknown] EtaKnightFBD.exe(3860) -- C:\Program Files (x86)\Common Files\EtaKnightFBD\EtaKnightFBD.exe[-] -> Found

    ¤¤¤ Registry : 57 ¤¤¤
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2848961991-288533299-670403562-1000\Software\csastats -> Not selected
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2848961991-288533299-670403562-1000\Software\csastats -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {045630E8-186E-483F-8DE5-101DCDEF323F} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {55F4A9A1-BC88-4B68-BA28-A7EF2DA02289} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D65E23F2-980F-43B2-9065-C7A2EBD806F5} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AA648B96-5F65-422A-9A95-A133A3AB7D95} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {81D4C61E-F73A-4242-9948-6020DB70BBD0} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4FF3DA52-3FAF-4192-BAEF-D2F7BA137FDA} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {39405740-FEA2-467A-94D8-40B14987C35B} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6180B6E9-4505-4696-A7E8-E7C544DDDA1C} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A64CED85-A815-4BAE-B1AC-E04821739A81} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3E607D95-D964-4150-BC93-794291FC221E} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9A3F94F6-1D14-41F4-AEA2-B1B23AB8B15A} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E19\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2932F3DA-E743-4FFB-92F3-6CA5CCF9799C} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E19\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CF1DEA46-D310-499C-AA17-BA73A3ECC6C4} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7232\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B92D6D09-328E-4F95-BDD7-B3EB9922C721} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7232\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {182FCE87-E5B6-4B9E-8603-01F6958510D6} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS6679\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6C0124A7-AEB1-49DC-9C41-5E9E03964955} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS6679\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D3A09AF4-9739-43E4-9A06-1041E6BB6299} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS2403\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {83A22F8F-C005-4458-9885-C781CC523327} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS2403\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {808C33CF-AEBB-4BD5-933A-75EE1927F365} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS24A0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CF58BA79-68C7-40E5-A9A3-4D9D5011A543} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS24A0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {99A27AB0-568B-4382-81FC-B946297CBE41} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS5DD0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C4638C61-C2D5-464B-AB0C-06C000F8C031} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS5DD0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {090A6C85-F13B-4233-A6BB-FBA9EC7FF739} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS530D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3B4BB1C0-776C-4AE3-A2B4-B1A9A0928565} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS530D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {129EFD3A-26ED-4D07-B7DB-D148FA6FB635} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS41B6\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AE2F7BCC-7D3D-45DF-9CD2-2F3486763270} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS41B6\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {06ED8793-251E-4650-A3EE-8C09FF040356} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS44ED\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9F08467F-0E68-4BE3-9F4C-A54D043EB237} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS44ED\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7EE8E09D-64C6-46B6-A7C4-615A4A720182} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS456C\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E062B003-D826-4BBB-B3BF-F3293262AFA4} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS456C\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A9D7B99F-BEF0-4BE5-A00A-C671BCAD56F5} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0FF7\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {38D19241-E76C-4C52-ABC7-2D80BA593224} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0FF7\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {60F532E2-DF75-47BD-AC55-1D59CD9B9733} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS3D4D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5D396C44-BCE9-4368-A8AF-D2E8CEEF93E1} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS3D4D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8054A7A7-F7CC-4C88-8762-F2704659F7B6} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0F2B\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7F70D801-2D8A-486B-83FD-0601C0160ADA} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0F2B\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {160448D9-ECE9-4261-9F55-A84F808F17D9} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS65D3\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E4B3F583-FC98-45C8-994F-6C0139A80AB2} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS6DE3\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {87CDB79B-C1D2-40D9-B30F-C65CC66278E8} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS2375\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5073659A-010B-4E58-B0B2-5D7104998141} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0511\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CA0630C3-B651-41B0-84A7-4D696ACF1D29} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0511\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {73AF51E0-4C4E-4935-A4EA-6D93510B8F7E} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS0C71\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0D9AE5EE-A360-4282-AF9F-2DBE07C66A2E} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7767\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {59E5435B-56BE-4237-8A6B-2A1FFBB5D593} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7767\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {218544BD-AFE2-4557-BA8C-A21F9AED759B} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\admin\AppData\Local\Temp\7zS0915\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4F6482CB-3C58-4AFB-8EEB-3968D145399B} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\admin\AppData\Local\Temp\7zS0915\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CB1F88CE-E830-4C96-803B-15DB70033C25} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS06AB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {92FAA138-C64E-48AB-8831-516561152E76} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS06AB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {34BEA1B3-8AA0-466D-8DE4-A6F4795AAA45} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1739\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {90CE71C9-3409-4B02-9C5F-FED18D5563B7} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1739\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F140B7AA-BBD0-4A1A-A69C-7D4352BF86B7} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS25D3\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3F93297B-63A0-4481-928D-C58B19FA39D1} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS25D3\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A416FC16-54C8-471D-ABBE-6D40E2B4235D} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0A52\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A72AB0C6-13AE-4E6F-AC16-17C3383DB024} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0A52\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5C260C40-B8F0-49D3-B9B0-C73BAC819BD4} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS13BC\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected

    ¤¤¤ Tasks : 1 ¤¤¤
    [PUP.ByteFence|PUP.Gen1] \ByteFence -- C:\Program Files\ByteFence\ByteFence.exe (/a) -> Not selected

    ¤¤¤ Files : 1 ¤¤¤
    [PUP.Gen1][Folder] C:\Program Files\WinZip Driver Updater -> Deleted

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST9500325AS +++++
    --- User ---
    [MBR] b5acc5831cc9adb087a62a6465fb3fa7
    [BSP] 713a35468d0256ce20112474987c5972 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476388 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975851520 | Size: 449 MB
    User = LL1 ... OK
    User = LL2 ... OK

  8. #8
    Join Date
    May 2005
    Posts
    122
    Here are the MBAM and AdwCleaner logs:



    MBAM log:
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 8/12/18
    Scan Time: 5:51 PM
    Log File: 0995531a-9e93-11e8-9b7a-4437e6b74715.json
    Administrator: Yes

    -Software Information-
    Version: 3.5.1.2522
    Components Version: 1.0.391
    Update Package Version: 1.0.6315
    License: Trial

    -System Information-
    OS: Windows 10 (Build 17134.165)
    CPU: x64
    File System: NTFS
    User: admin-PC\admin

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 396922
    Threats Detected: 247
    Threats Quarantined: 245
    Time Elapsed: 22 min, 28 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 1
    PUP.Optional.SpecialSearchOffer, C:\PROGRAM FILES (X86)\COMMON FILES\ETAKNIGHTFBD\ETAKNIGHTFBD.EXE, Quarantined, [1656], [547617],1.0.6315

    Module: 1
    PUP.Optional.SpecialSearchOffer, C:\PROGRAM FILES (X86)\COMMON FILES\ETAKNIGHTFBD\ETAKNIGHTFBD.EXE, Quarantined, [1656], [547617],1.0.6315

    Registry Key: 14
    PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ByteFence, Quarantined, [6007], [388721],1.0.6315
    PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0531C61D-483F-4330-813A-968FA887D640}, Quarantined, [6007], [388721],1.0.6315
    PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{0531C61D-483F-4330-813A-968FA887D640}, Quarantined, [6007], [388721],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinZip Smart Monitor Service, Quarantined, [1605], [456267],1.0.6315
    PUP.Optional.hTab, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\elmkjjfkkchohaaoljobaffjeedcoocj, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\elmkjjfkkchohaaoljobaffjeedcoocj, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, HKU\S-1-5-21-2848961991-288533299-670403562-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\elmkjjfkkchohaaoljobaffjeedcoocj, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bhfhojbhbnajajgihpicejdalbjlpcep, Quarantined, [291], [467247],1.0.6315
    Adware.Norassie, HKU\S-1-5-21-2848961991-288533299-670403562-1000\SOFTWARE\Norassie, Quarantined, [6974], [361347],1.0.6315
    PUP.Optional.SpecialSearchOffer.ShrtCln, HKU\S-1-5-21-2848961991-288533299-670403562-1000\SOFTWARE\SpecialSearchOffer, Quarantined, [5515], [405205],1.0.6315
    Trojan.Roraccoon, HKLM\SOFTWARE\SSO, Quarantined, [5455], [511495],1.0.6315
    PUP.Optional.SpecialSearchOffer, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EtaKnightFBD, Quarantined, [1656], [547617],1.0.6315
    PUP.Optional.SpecialSearchOffer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTALLER.EXE, Removal Failed, [1656], [532529],1.0.6315
    PUP.Optional.SpecialSearchOffer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTALLER.EXE, Removal Failed, [1656], [532529],1.0.6315

    Registry Value: 2
    Trojan.Roraccoon, HKLM\SOFTWARE\SSO|TM, Quarantined, [5455], [511495],1.0.6315
    PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0531C61D-483F-4330-813A-968FA887D640}|PATH, Quarantined, [6007], [389376],1.0.6315

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 16
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-2848961991-288533299-670403562-1000, Quarantined, [1605], [458272],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\PROGRAMDATA\WINZIP\WINZIP SMART MONITOR, Quarantined, [1605], [458272],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\_metadata, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\elmkjjfkkchohaaoljobaffjeedcoocj, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\weatherIcons, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\offlinephotos, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\_locales\en, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\_metadata, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\_locales, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\lib, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\BHFHOJBHBNAJAJGIHPICEJDALBJLPCEP, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.WinYahoo.TskLnk, C:\USERS\ADMIN\APPDATA\LOCAL\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}, Quarantined, [3725], [484244],1.0.6315

    File: 213
    PUP.Optional.ByteFence, C:\WINDOWS\SYSTEM32\TASKS\ByteFence, Quarantined, [6007], [388721],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\apps, Quarantined, [1605], [456267],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\SystemInfo-vc100-mt.dll, Quarantined, [1605], [456267],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\SystemInfo-vc100-mt.mab, Quarantined, [1605], [456267],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\Uninstall.exe, Quarantined, [1605], [456267],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe, Quarantined, [1605], [456267],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.mab, Quarantined, [1605], [456267],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe, Quarantined, [1605], [456267],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.mab, Quarantined, [1605], [456267],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-2848961991-288533299-670403562-1000\queue.data, Quarantined, [1605], [458272],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-2848961991-288533299-670403562-1000\settings.data, Quarantined, [1605], [458272],1.0.6315
    PUP.Optional.WinzipSystemUtilitiesSuite, C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-2848961991-288533299-670403562-1000\smsettings, Quarantined, [1605], [458272],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\_metadata\verified_contents.json, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\ctn.js, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\jquery-3.1.1.min.js, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\manifest.json, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\ntab.html, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\ntab.js, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\pp.pdf, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\search.png, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\searchicon.png, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\stats.js, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\style.css, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\tnc.pdf, Quarantined, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [2124], [460257],1.0.6315
    PUP.Optional.hTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [2124], [460257],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-1.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-1@2x.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-1@3x.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-3.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-3@2x.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-3@3x.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\mlb.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\nba.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\nfl.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\nhl.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\500px.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\8tracks.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\adobe.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\airbnb.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\amazon.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\aol.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\apple.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\Arrow@2x.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\arrowCurveLeft.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bankofamerica.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bbc.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\befrugal.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\behance.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bestbuy.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bing.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bookmark.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\ce_retina_search.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\chase.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\clear.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\close_x.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\cnn.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\codepen.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\craigslist.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\dailymotion.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\document.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\dribbble.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\dropbox.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\ebay.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\espn.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\evernote.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\facebook.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\financeyahoo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\flickr.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\flickrLogo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\flickrLogo2.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\flickrLogo3.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\foxnews.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\gamesyahoo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\gear1.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\gear3.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\gettyimages.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\github.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\google.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googledocs.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googledrive.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googleinbox.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googlemaps.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googleplay.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googlesheets.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googlewebstore.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\grooveshark.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\homedepot.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\homesyahoo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\hotmail-outlook.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\icon.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\imdb.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\instagram.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\java.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\jsfiddle.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\kickstarter.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\linkedin.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mag1.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mag3.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mag4.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mailyahoo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mapquest.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mashable.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\medium.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\metacafe.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mixbit.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\msn.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\nationalgeographic.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\netflix.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\newsyahoo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\newtab128.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\oracle.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\oracleapp.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\careersyahoo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\expand.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\gmail.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\history.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mag_purp.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\pandora.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\walmart.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\panelicon.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\paypal.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\pinterest.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\rdio.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\screenyahoo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\settings_white.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\share1.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\shoppingyahoo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\slideshare.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\soundcloud.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsyahoo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\spotify.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\target.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\techcrunch.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\ted.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\theverge.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\time.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\trendingNow.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\tumblr.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\turbotax.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\twitch.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\twitter.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\vimeo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\vine.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\weatherchannel.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\weatheryahoo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\website.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\wellsfargo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\wikipedia.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\wordpress.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\Yahoo.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\yahoo.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\yahooautos.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\yahooFinance.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\yahooFinance@2x.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\yahoofood.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\yahoomatch.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\yahootech.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\yahootravel.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\youtube.svg, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\Y_NT128.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\Y_NT16.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\Y_NT64.png, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\lib\bootstrap.min.css, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\lib\bootstrap.min.js, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\lib\jquery.min.js, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\offlinephotos\newmexico.JPG, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\_locales\en\messages.json, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\_metadata\verified_contents.json, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\brand.css, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\BreakingNews.js, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\BrowserGap.js, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\Constants.js, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\lato.ttf, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\latolight.ttf, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\main.js, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\manifest.json, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\newtab.css, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\newtab.html, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\newtab.js, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\notifyPresence.js, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\PhotoManager.js, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\SiteConfig.js, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\Tracker.js, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\TrackerEncoder.js, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\TrendingNow.js, Quarantined, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [291], [467247],1.0.6315
    PUP.Optional.RussAd, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [291], [467247],1.0.6315
    PUP.Optional.WinYahoo.TskLnk, C:\USERS\ADMIN\APPDATA\LOCAL\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}\daca, Quarantined, [3725], [484244],1.0.6315
    PUP.Optional.WinYahoo.TskLnk, C:\Users\admin\AppData\Local\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}\bapi.dat, Quarantined, [3725], [484244],1.0.6315
    PUP.Optional.WinYahoo.TskLnk, C:\Users\admin\AppData\Local\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}\come.exe, Quarantined, [3725], [484244],1.0.6315
    PUP.Optional.WinYahoo.TskLnk, C:\Users\admin\AppData\Local\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}\install.log, Quarantined, [3725], [484244],1.0.6315
    PUP.Optional.WinYahoo.TskLnk, C:\Users\admin\AppData\Local\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}\race, Quarantined, [3725], [484244],1.0.6315
    PUP.Optional.WinYahoo.TskLnk, C:\Users\admin\AppData\Local\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}\soma, Quarantined, [3725], [484244],1.0.6315
    PUP.Optional.WinYahoo.TskLnk, C:\Users\admin\AppData\Local\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}\Sqlite3.dll, Quarantined, [3725], [484244],1.0.6315
    PUP.Optional.WinYahoo.TskLnk, C:\Users\admin\AppData\Local\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}\uninst.dat, Quarantined, [3725], [484244],1.0.6315
    PUP.Optional.WinYahoo.TskLnk, C:\Users\admin\AppData\Local\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}\uninst.exe, Quarantined, [3725], [484244],1.0.6315
    PUP.Optional.SpecialSearchOffer, C:\PROGRAM FILES (X86)\COMMON FILES\ETAKNIGHTFBD\ETAKNIGHTFBD.EXE, Quarantined, [1656], [547617],1.0.6315
    PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\PCAPRO\DDR.DLL, Quarantined, [560], [546192],1.0.6315
    PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\PCAPRO\AVS.DLL, Quarantined, [560], [546192],1.0.6315
    PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\PCAPRO\PCAPROUPDATER.EXE, Quarantined, [560], [546192],1.0.6315
    PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\PCAPRO\RPCAPRO.EXE, Quarantined, [560], [546192],1.0.6315
    PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\PCAPRO\DITX.EXE, Quarantined, [560], [546192],1.0.6315
    PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\PCAPRO\DIT.EXE, Quarantined, [560], [546192],1.0.6315
    PUP.Optional.SlimCleanerPlus, C:\SLIMDRIVERS-SETUP.EXE, Quarantined, [1436], [472306],1.0.6315
    PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\PCAPRO\PCAPROAS.EXE, Quarantined, [560], [546192],1.0.6315
    PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\PCAPRO\DDRX.DLL, Quarantined, [560], [546192],1.0.6315
    PUP.Optional.DriverSupport, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\~NSUA.TMP\UN_A.EXE, Quarantined, [5678], [486292],1.0.6315
    PUP.Optional.DriverUpdate, C:\WINDOWS\SYSTEM32\DRIVERS\SWDUMON.SYS, Quarantined, [2887], [448467],1.0.6315
    PUP.Optional.DriverSupport, C:\USERS\ADMIN\DOWNLOADS\DRIVERSUPPORT.EXE, Quarantined, [5678], [486292],1.0.6315
    PUP.Optional.BundleInstaller, C:\USERS\ADMIN\DOWNLOADS\FLASHPLAYER23AX_RAIE_INSTALL_1463575169.EXE, Quarantined, [407], [435337],1.0.6315
    PUP.Optional.SpecialSearchOffer, C:\USERS\ADMIN\DOWNLOADS\INSTALLER.EXE, Quarantined, [1656], [532529],1.0.6315
    PUP.Optional.SpecialSearchOffer, C:\USERS\ADMIN\APPDATA\LOCAL\PRIMEPINTA\PU.EXE, Quarantined, [1656], [547616],1.0.6315

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)



    AdwCleaner [S00] log:
    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.2.0
    # -------------------------------
    # Build: 07-17-2018
    # Database: 2018-08-10.2
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 08-12-2018
    # Duration: 00:01:04
    # OS: Windows 10 Pro
    # Scanned: 41771
    # Detected: 13


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    PUP.Optional.Legacy C:\Program Files\WinZip Smart Monitor
    PUP.Optional.Legacy C:\Program Files\WinZip\WinZip Smart Monitor
    PUP.Optional.Legacy C:\Users\Public\Documents\Downloaded Installers

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.Optional.ByteFence HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
    PUP.Optional.FreeMakeConverter HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
    PUP.Optional.InstallCore HKCU\Software\csastats
    PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
    PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}
    PUP.Optional.WinZipRegistryOptimizer HKLM\Software\Microsoft\Shared Tools\MSConfig\services\WinZip Smart Monitor Service

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    PUP.Optional.Legacy Ask
    PUP.Optional.Legacy Ask
    PUP.Optional.Legacy AOL
    PUP.Optional.Legacy AOL

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########



    AdwCleaner [C00] log:
    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.2.0
    # -------------------------------
    # Build: 07-17-2018
    # Database: 2018-08-10.2
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 08-12-2018
    # Duration: 00:00:11
    # OS: Windows 10 Pro
    # Cleaned: 13
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    Deleted C:\Program Files\WinZip Smart Monitor
    Deleted C:\Program Files\WinZip\WinZip Smart Monitor
    Deleted C:\Users\Public\Documents\Downloaded Installers

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
    Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
    Deleted HKCU\Software\csastats
    Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
    Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}
    Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\services\WinZip Smart Monitor Service

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    Deleted Ask
    Deleted Ask
    Deleted AOL
    Deleted AOL

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [2144 octets] - [12/08/2018 18:51:01]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

  9. #9
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.


    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  10. #10
    Join Date
    May 2005
    Posts
    122
    Thanks Broni, I will re-run FRST and post later this evening.

    I did notice the hard drive seems to be completely taken over, Task Manager shows C: drive always 100% occupied, I can't believe Win 10 is responsible for that... Is that contributing to the snail-like response of my PC?

  11. #11
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    One of the issues I can see so far is this:
    Drive c: () (Fixed) (Total:465.22 GB) (Free:33.07 GB) NTFS
    You're running low on hard drive free space.

  12. #12
    Join Date
    May 2005
    Posts
    122
    Re-scanned with Farbar.

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
    Ran by admin (administrator) on ADMIN-PC (13-08-2018 17:57:37)
    Running from C:\Users\admin\Desktop\PC clean 8-12-2018
    Loaded Profiles: admin & (Available Profiles: admin & test)
    Platform: Windows 10 Pro Version 1803 17134.165 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe
    (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
    (AVAST Software) C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10325.20091.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (HP Inc.) C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (HP Inc.) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
    (Microsoft Corporation) C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-11] (WinZip)
    HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [123848 2017-12-11] (WinZip Computing, S.L.)
    HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2017-12-11] (WinZip Computing, S.L.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-08-12] (AVAST Software)
    HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-23] (Autodesk Inc.)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065702442\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065715537\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-08-12] (Piriform Ltd)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Akamai NetSession Interface] => C:\Users\admin\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1336320 2015-11-25] (Autodesk, Inc.)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Chromium] => c:\users\admin\appdata\local\chromium\application\chrome.exe [1068544 2016-07-20] (The Chromium Authors)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [AfterPlayMonitor] => C:\Users\admin\AppData\Roaming\Letv\AfterPlay\AfterPlayMonitor.ex
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Spotify] => C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe [23177616 2018-05-15] (Spotify Ltd)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Spotify Web Helper] => C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-05-15] (Spotify Ltd)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3769992 2017-05-23] (HP Inc.)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1112960 2018-03-14] (McAfee Inc.)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Policies\Explorer: []
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-08-12] (Piriform Ltd)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [Akamai NetSession Interface] => C:\Users\admin\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1336320 2015-11-25] (Autodesk, Inc.)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [Chromium] => c:\users\admin\appdata\local\chromium\application\chrome.exe [1068544 2016-07-20] (The Chromium Authors)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [AfterPlayMonitor] => C:\Users\admin\AppData\Roaming\Letv\AfterPlay\AfterPlayMonitor.ex
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [Spotify] => C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe [23177616 2018-05-15] (Spotify Ltd)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [Spotify Web Helper] => C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-05-15] (Spotify Ltd)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3769992 2017-05-23] (HP Inc.)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1112960 2018-03-14] (McAfee Inc.)
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Policies\Explorer: []
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-2848961991-288533299-670403562-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065724382\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-03-30]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Restriction ? <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: 0.0.0.1 mssplus.mcafee.com
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{46a08850-0e90-406a-8c8a-a65490766f68}: [DhcpNameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{7f012f1d-d444-46dc-89c0-6411293ce9c9}: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{9e593974-1e17-4fac-a659-147e3b723a0b}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2848961991-288533299-670403562-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065724382\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33010001005_10.0.1.6209_u_ds
    SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33010001005_10.0.1.6209_u_ds
    BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
    BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-14] (Bitdefender)
    BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
    BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-05-14] (Bitdefender)
    BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-07-30] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-30] (Oracle Corporation)
    Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
    Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-14] (Bitdefender)
    Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
    Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-05-14] (Bitdefender)
    Toolbar: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
    Toolbar: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-14] (Bitdefender)
    Toolbar: HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
    Toolbar: HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-14] (Bitdefender)

    FireFox:
    ========
    FF DefaultProfile: lo0n6qk9.default
    FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo0n6qk9.default [2018-08-12]
    FF Homepage: Mozilla\Firefox\Profiles\lo0n6qk9.default -> www.yahoo.com/
    FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
    FF Extension: (No Name) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2017-07-14]
    FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
    FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-07-14] [Legacy] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
    FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-30] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-30] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2848961991-288533299-670403562-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\admin\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
    FF Plugin HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\admin\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
    FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-05-11] (Cisco WebEx LLC)

    Chrome:
    =======
    CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=863135318&param1=y6bdVFVIsvuYsgEClQfz8IfaIrULFWUA2DMVetLqXBqiFV%2BtmuyqTegcVHCAouGVmtx3XgLifo%2F3ajI0t4UmyMHg0Okr%2FORFyfZy%2BweCQtHdeeFQjdZ8DAnJe8psehSLt6Sgc29QyATMMiemNSpqW1pUe748js73%2Bpy%2BExmegKL0bObVYjOx59ixKgp%2FM8MyU7HlnxTPZ7QIBxpGR2yUInuo%2BaNhHPL1zW%2BtMBhaU%2FAloFmFKol66NrNKg4StLpvbsdDmom73OYxQOOZ0UsD%2BBvVqSjO6WC09Wffb0HFDBQ%3D
    CHR StartupUrls: Default -> "hxxp://google.com/"
    CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2018-08-13]
    CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-12]
    CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-12]
    CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-12]
    CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-12]
    CHR Extension: (Adobe Acrobat) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-07-12]
    CHR Extension: (Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-12]
    CHR Extension: (Bitdefender Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2018-07-12]
    CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-12]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-12]
    CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-12]
    CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-12]
    CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-12]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2848961991-288533299-670403562-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkcffmoikcgfhagefelmhiakelnjihik] - hxxps://chrome.google.com/webstore/detail/gkcffmoikcgfhagefelmhiakelnjihik
    CHR HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkcffmoikcgfhagefelmhiakelnjihik] - hxxps://chrome.google.com/webstore/detail/gkcffmoikcgfhagefelmhiakelnjihik
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
    S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-08-12] (AVAST Software)
    S4 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-08-12] (AVAST Software)
    R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2137280 2018-04-17] (Bitdefender)
    S4 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [105936 2018-05-08] (Bitdefender)
    S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-11-02] (Ellora Assets Corp.) [File not signed]
    R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-09-24] (Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
    S4 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [314368 2018-03-06] (AnchorFree Inc.) [File not signed]
    S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-26] (McAfee, Inc.)
    R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1275776 2018-05-16] (Bitdefender)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    S4 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
    S4 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
    S4 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [112712 2018-05-14] (Bitdefender)
    R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [1001072 2018-05-14] (Bitdefender)
    R2 vsservp; C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe [522624 2018-05-14] (Bitdefender)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-30] (Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-30] (Microsoft Corporation)
    S4 WinZip Compression Smart Monitor Service; "C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (The OpenVPN Project)
    S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [197160 2018-08-12] (AVAST Software)
    S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229392 2018-08-12] (AVAST Software)
    S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201328 2018-08-12] (AVAST Software)
    S3 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-08-12] (AVAST Software)
    S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59592 2018-08-12] (AVAST Software)
    S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-08-12] (AVAST Software)
    R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-08-12] (AVAST Software)
    S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-08-12] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159640 2018-08-12] (AVAST Software)
    S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111872 2018-08-12] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-08-12] (AVAST Software)
    S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027728 2018-08-12] (AVAST Software)
    R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467064 2018-08-12] (AVAST Software)
    S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [211160 2018-08-12] (AVAST Software)
    S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381584 2018-08-12] (AVAST Software)
    R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1177008 2018-05-14] (BitDefender S.R.L. Bucharest, ROMANIA)
    R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1723552 2018-05-14] (BitDefender)
    S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-05-14] (Bitdefender)
    R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [130840 2018-05-14] (BitDefender LLC)
    R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [45104 2018-05-14] (© Bitdefender SRL)
    R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96448 2018-05-14] (BitDefender)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-12-18] (Samsung Electronics Co., Ltd.)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-06-19] (Malwarebytes)
    R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [189544 2018-05-14] (BitDefender LLC)
    R0 Ignis; C:\WINDOWS\System32\DRIVERS\ignis.sys [191592 2018-05-14] (Bitdefender)
    R3 LBAI; C:\WINDOWS\System32\Drivers\LBAI.sys [30432 2017-04-29] (Lenovo)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [191208 2018-08-12] (Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [114920 2018-08-13] (Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [48360 2018-08-13] (Malwarebytes)
    R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-12] (Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102632 2018-08-13] (Malwarebytes)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-12-18] (Samsung Electronics Co., Ltd.)
    R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [609576 2018-08-02] (Bitdefender)
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-07-30] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-07-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-30] (Microsoft Corporation)
    U3 aswbdisk; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-08-13 06:57 - 2018-08-13 18:00 - 000102632 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2018-08-12 19:47 - 2018-08-12 11:25 - 000378072 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2018-08-12 17:50 - 2018-08-13 06:58 - 000048360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2018-08-12 17:49 - 2018-08-13 06:58 - 000114920 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2018-08-12 17:49 - 2018-08-12 17:49 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2018-08-12 17:49 - 2018-08-12 17:49 - 000191208 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2018-08-12 17:48 - 2018-08-12 17:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-08-12 17:48 - 2018-08-12 17:48 - 000000000 ____D C:\ProgramData\Malwarebytes
    2018-08-12 17:48 - 2018-06-19 14:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2018-08-12 15:05 - 2018-08-12 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2018-08-12 15:02 - 2018-08-12 19:56 - 000000000 ____D C:\Users\admin\Desktop\PC clean 8-12-2018
    2018-08-12 11:44 - 2018-08-12 11:44 - 000000000 ____D C:\Users\admin\AppData\Roaming\AVAST Software
    2018-08-12 11:39 - 2018-08-13 17:57 - 000000000 ____D C:\FRST
    2018-08-12 11:34 - 2018-08-13 17:59 - 000000000 ____D C:\Users\admin\AppData\Local\AVAST Software
    2018-08-12 11:34 - 2018-08-12 19:50 - 000001939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
    2018-08-12 11:30 - 2018-08-12 11:30 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
    2018-08-12 11:29 - 2018-08-13 18:01 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
    2018-08-12 11:27 - 2018-08-12 15:29 - 000467064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2018-08-12 11:27 - 2018-08-12 11:25 - 000381584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2018-08-12 11:27 - 2018-08-12 11:25 - 000211160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2018-08-12 11:27 - 2018-08-12 11:25 - 000197160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
    2018-08-12 11:27 - 2018-08-12 11:25 - 000159640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2018-08-12 11:27 - 2018-08-12 11:25 - 000111872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2018-08-12 11:27 - 2018-08-12 11:25 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2018-08-12 11:27 - 2018-08-12 11:25 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2018-08-12 11:27 - 2018-08-12 11:25 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
    2018-08-12 11:27 - 2018-08-12 11:23 - 001027728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2018-08-12 11:27 - 2018-08-12 11:23 - 000346664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
    2018-08-12 11:27 - 2018-08-12 11:23 - 000239680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
    2018-08-12 11:27 - 2018-08-12 11:23 - 000229392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
    2018-08-12 11:27 - 2018-08-12 11:23 - 000201328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
    2018-08-12 11:27 - 2018-08-12 11:23 - 000059592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
    2018-08-12 11:26 - 2018-08-12 11:26 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
    2018-08-12 11:21 - 2018-08-12 11:21 - 000000000 ____D C:\Program Files\AVAST Software
    2018-08-07 07:03 - 2018-08-07 07:03 - 001587699 _____ C:\Users\admin\Desktop\Lily's Kaiser Med Card.pdf
    2018-08-05 22:34 - 2018-08-05 22:34 - 001648128 _____ C:\Users\admin\Downloads\Ch.1 ppt - for sections 1.1 to 1.3.ppt
    2018-08-05 21:13 - 2018-08-05 23:24 - 000000000 ____D C:\Users\admin\Desktop\algebra&pre-calculus
    2018-08-03 18:29 - 2018-08-05 20:39 - 000000000 ____D C:\Users\admin\Desktop\Precalculus
    2018-08-02 20:31 - 2018-08-12 16:44 - 000000000 ____D C:\Users\admin\AppData\Local\PrUpdater
    2018-08-02 20:31 - 2018-08-02 20:31 - 000001060 _____ C:\Users\Public\Desktop\PCAPro.lnk
    2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Roaming\PrUpdater
    2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrUpdater
    2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Local\PCAPro
    2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\ProgramData\PCAPro
    2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCAPro
    2018-08-02 20:30 - 2018-08-12 18:26 - 000000000 ____D C:\Program Files (x86)\PCAPro
    2018-08-02 20:30 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Roaming\PCAPInstallFiles
    2018-08-02 13:10 - 2018-08-02 13:11 - 062571332 _____ C:\Users\admin\Downloads\How To Mud & Tape Drywall Butt Joints (1).mp4
    2018-08-02 13:00 - 2018-08-12 18:26 - 000000000 ____D C:\Users\admin\AppData\Local\PrimePinta
    2018-08-02 13:00 - 2018-08-02 13:00 - 000000000 ____D C:\Program Files (x86)\EtaKnight
    2018-08-02 12:59 - 2018-08-02 12:59 - 000000000 ____D C:\Program Files (x86)\ApheticUfaApheticUfa
    2018-08-02 12:48 - 2018-08-02 12:49 - 062571332 _____ C:\Users\admin\Downloads\How To Mud & Tape Drywall Butt Joints.mp4
    2018-08-01 21:26 - 2018-08-01 21:27 - 009418262 _____ C:\Users\admin\Downloads\LBPM - HOA.pdf
    2018-08-01 21:25 - 2018-08-01 21:25 - 000159744 _____ C:\Users\admin\Downloads\3918 Huron Avenue Homeowners Association Proposal.pdf
    2018-07-31 21:24 - 2018-07-31 21:24 - 000029253 _____ C:\ProgramData\agent.update.1533097466.bdinstall.bin
    2018-07-31 16:17 - 2018-07-31 16:17 - 000369206 _____ C:\Users\admin\Documents\Scan.pdf
    2018-07-31 16:03 - 2018-07-31 16:03 - 001413758 _____ C:\Users\admin\Desktop\signed papers Value Windows.pdf
    2018-07-31 12:36 - 2018-07-31 12:36 - 000457492 _____ C:\Users\admin\Downloads\installation fee.pdf
    2018-07-31 11:46 - 2018-07-31 11:46 - 000546320 _____ C:\Users\admin\Downloads\7573011 (4).pdf
    2018-07-31 11:36 - 2018-07-31 11:36 - 000546320 _____ C:\Users\admin\Downloads\7573011 (3).pdf
    2018-07-31 11:30 - 2018-07-31 11:30 - 000546320 _____ C:\Users\admin\Downloads\7573011 (2).pdf
    2018-07-31 11:21 - 2018-07-31 11:21 - 001349800 _____ C:\Users\admin\Downloads\755351507302018_0015 (2).pdf
    2018-07-31 11:21 - 2018-07-31 11:21 - 000546320 _____ C:\Users\admin\Downloads\7573011 (1).pdf
    2018-07-31 11:18 - 2018-07-31 11:18 - 001349800 _____ C:\Users\admin\Downloads\755351507302018_0015 (1).pdf
    2018-07-31 11:14 - 2018-07-31 11:14 - 000546320 _____ C:\Users\admin\Downloads\7573011.pdf
    2018-07-30 21:12 - 2018-07-30 21:12 - 001349753 _____ C:\Users\admin\Desktop\Value Windows Annie La estemate.pdf
    2018-07-30 21:11 - 2018-07-30 21:11 - 001349800 _____ C:\Users\admin\Downloads\755351507302018_0015.pdf
    2018-07-30 10:22 - 2018-07-30 10:22 - 000000000 ____D C:\Users\admin\Desktop\volunteer
    2018-07-26 21:15 - 2018-07-26 21:15 - 000063461 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (8).pdf
    2018-07-26 21:15 - 2018-07-26 21:15 - 000063461 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (7).pdf
    2018-07-26 21:14 - 2018-07-26 21:14 - 000063461 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (6).pdf
    2018-07-26 15:51 - 2018-07-26 15:51 - 001042768 _____ C:\Users\admin\Desktop\$250 12-29-17 to 6-29-18.pdf
    2018-07-26 15:51 - 2018-07-26 15:51 - 000035286 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (5).pdf
    2018-07-26 15:49 - 2018-07-26 15:49 - 001042768 _____ C:\Users\admin\Downloads\$250 12-29-17 to 6-29-18.pdf
    2018-07-26 13:59 - 2018-07-26 13:59 - 000066137 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (4).pdf
    2018-07-26 13:55 - 2018-07-26 13:55 - 000025765 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (3).pdf
    2018-07-26 13:54 - 2018-07-26 13:54 - 000025765 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (2).pdf
    2018-07-26 13:53 - 2018-07-26 13:53 - 000071911 _____ C:\Users\admin\Downloads\Files_Online2PDF.zip
    2018-07-26 13:53 - 2018-07-26 13:53 - 000025765 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (1).pdf
    2018-07-26 13:48 - 2018-07-26 13:48 - 000025709 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26.pdf
    2018-07-26 13:35 - 2018-07-26 13:35 - 000094208 _____ C:\Users\admin\Desktop\Account Details Print Friendly.pdf
    2018-07-26 13:21 - 2018-08-05 21:13 - 000000000 ____D C:\Users\admin\Desktop\print
    2018-07-25 17:30 - 2018-07-25 17:30 - 000101433 _____ C:\Users\admin\Desktop\property manager Q.pdf
    2018-07-25 12:21 - 2018-07-25 12:21 - 000437787 _____ C:\Users\admin\Desktop\owner,builders contractors license.pdf
    2018-07-23 21:01 - 2018-07-23 21:01 - 000034204 _____ C:\Users\admin\Desktop\LA world affairs council for high school student.pdf
    2018-07-23 20:08 - 2018-07-23 20:09 - 000016320 _____ C:\Users\admin\Downloads\Proposal 071618.pdf
    2018-07-21 10:34 - 2018-07-21 10:34 - 000276743 _____ C:\Users\admin\Downloads\FullBill (3).pdf
    2018-07-21 10:34 - 2018-07-21 10:34 - 000276743 _____ C:\Users\admin\Downloads\FullBill (2).pdf
    2018-07-21 10:33 - 2018-07-21 10:33 - 000152623 _____ C:\Users\admin\Downloads\FullBill (1).pdf
    2018-07-21 10:31 - 2018-07-21 10:31 - 000152623 _____ C:\Users\admin\Downloads\FullBill.pdf
    2018-07-20 09:46 - 2018-07-20 09:46 - 000000722 _____ C:\Users\admin\Downloads\invite.ics
    2018-07-20 09:33 - 2018-07-20 09:33 - 000716847 _____ C:\Users\admin\Downloads\PMC Lab Results - XU.pdf
    2018-07-20 09:32 - 2018-07-20 09:32 - 000260726 _____ C:\Users\admin\Downloads\PMC Clearance Cert- XU.pdf
    2018-07-19 17:55 - 2018-07-19 17:55 - 000118784 _____ C:\Users\admin\Desktop\guitar 2.pdf
    2018-07-18 22:18 - 2018-07-18 22:18 - 000393311 _____ C:\Users\admin\Desktop\volunteer links.pdf
    2018-07-18 22:07 - 2018-07-18 22:07 - 000103464 _____ C:\Users\admin\Desktop\volunteer opportunities.pdf
    2018-07-18 21:53 - 2018-07-18 21:53 - 000397359 _____ C:\Users\admin\Desktop\50 community service ideas for teen volunteers.pdf
    2018-07-17 19:47 - 2018-07-17 19:48 - 000413376 _____ C:\Users\admin\Downloads\joist_estimate__525___signed___xu (2).pdf
    2018-07-17 19:47 - 2018-07-17 19:47 - 000413376 _____ C:\Users\admin\Downloads\joist_estimate__525___signed___xu (1).pdf
    2018-07-17 19:42 - 2018-07-26 22:35 - 000000000 ____D C:\Users\admin\Desktop\mold
    2018-07-17 15:44 - 2018-07-17 15:44 - 000253035 _____ C:\Users\admin\Downloads\xu_payment.pdf
    2018-07-17 15:44 - 2018-07-17 15:44 - 000116073 _____ C:\Users\admin\Downloads\Invoice_13282_from_Water_Damage_Zone_and_Restoration_Inc (1).pdf
    2018-07-17 15:43 - 2018-07-17 15:43 - 000413376 _____ C:\Users\admin\Downloads\joist_estimate__525___signed___xu.pdf
    2018-07-17 15:43 - 2018-07-17 15:43 - 000116073 _____ C:\Users\admin\Downloads\Invoice_13282_from_Water_Damage_Zone_and_Restoration_Inc.pdf
    2018-07-17 14:02 - 2018-07-17 14:02 - 000040595 _____ C:\Users\admin\Downloads\Travelers claim FCR3458.pdf
    2018-07-17 10:33 - 2018-07-17 10:33 - 005018422 _____ C:\Users\admin\Downloads\Parker Stanbury #3 Mold (1).m4a
    2018-07-17 09:55 - 2018-07-17 09:55 - 005018422 _____ C:\Users\admin\Downloads\Parker Stanbury #3 Mold.m4a

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-08-13 18:02 - 2018-05-13 17:29 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FE6F68DD-CD8C-4EAE-997E-982043BA51A1}
    2018-08-13 17:53 - 2018-04-11 14:04 - 000131072 _____ C:\WINDOWS\system32\config\ELAM
    2018-08-13 17:53 - 2015-05-02 20:05 - 000000000 __SHD C:\Users\admin\IntelGraphicsProfiles
    2018-08-13 09:37 - 2018-05-13 16:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-08-13 08:49 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-08-12 20:38 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2018-08-12 20:06 - 2018-05-13 17:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-08-12 20:04 - 2018-05-13 16:44 - 000000000 ____D C:\Users\test
    2018-08-12 20:04 - 2018-04-11 14:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2018-08-12 20:04 - 2017-07-08 16:54 - 000040251 _____ C:\bdlog.txt
    2018-08-12 19:47 - 2018-04-11 16:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2018-08-12 19:04 - 2018-01-14 18:32 - 000000000 ____D C:\Program Files\WinZip
    2018-08-12 18:51 - 2017-05-10 20:52 - 000000000 ____D C:\AdwCleaner
    2018-08-12 18:34 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-08-12 18:31 - 2016-07-14 21:07 - 000000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForadmin.job
    2018-08-12 18:30 - 2015-11-11 08:00 - 000000000 ____D C:\Program Files\CCleaner
    2018-08-12 18:19 - 2017-03-19 12:19 - 000000000 ____D C:\ProgramData\WinZip
    2018-08-12 17:45 - 2017-05-06 18:15 - 000000000 ____D C:\Program Files\RogueKiller
    2018-08-12 15:07 - 2017-05-06 18:15 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2018-08-12 12:34 - 2017-08-04 19:58 - 000000000 ____D C:\ProgramData\AVAST Software
    2018-08-12 11:26 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
    2018-08-12 11:20 - 2018-05-13 17:29 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
    2018-08-12 11:20 - 2015-11-11 08:00 - 000000823 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2018-08-12 11:06 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-08-09 21:48 - 2015-11-11 07:31 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-08-09 19:16 - 2018-05-13 17:29 - 000003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForadmin
    2018-08-08 20:22 - 2018-05-18 08:28 - 000000000 ____D C:\Users\admin\AppData\Local\D3DSCache
    2018-08-07 08:03 - 2017-07-10 16:45 - 000000000 ____D C:\Users\admin\Desktop\Pali
    2018-08-07 07:44 - 2018-07-07 21:25 - 000002081 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
    2018-08-05 20:58 - 2015-11-11 11:25 - 000000000 ____D C:\Users\admin\AppData\Local\Adobe
    2018-08-04 22:59 - 2018-05-13 16:44 - 000000000 ____D C:\Users\admin
    2018-08-03 19:31 - 2017-09-03 11:22 - 000000000 ____D C:\Users\admin\Desktop\college info&AP
    2018-08-02 15:35 - 2018-07-11 06:56 - 000000000 ____D C:\ProgramData\Packages
    2018-08-02 12:11 - 2017-08-01 10:46 - 000609576 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
    2018-08-01 21:26 - 2018-06-16 21:55 - 000000000 ____D C:\Users\admin\Desktop\HOA
    2018-07-31 21:24 - 2017-07-12 10:48 - 000000000 ____D C:\Program Files\Bitdefender Agent
    2018-07-30 21:16 - 2018-04-11 09:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2018-07-26 22:22 - 2017-12-01 10:48 - 000000000 ____D C:\Users\admin\Desktop\Lisa
    2018-07-22 19:27 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
    2018-07-18 21:22 - 2018-03-15 19:21 - 000000000 ____D C:\Users\admin\Desktop\not copy pictures
    2018-07-16 17:00 - 2015-11-11 07:55 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2018-07-14 08:05 - 2017-01-12 19:33 - 000000000 ____D C:\Users\admin\Desktop\extra
    2018-07-14 07:42 - 2018-05-13 17:29 - 000004538 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2018-07-14 07:42 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2018-07-14 07:42 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed

    ==================== Files in the root of some directories =======

    2017-07-09 09:05 - 2017-04-22 15:23 - 004797632 _____ () C:\ProgramData\cis2036.exe
    2017-07-09 09:05 - 2017-04-22 15:28 - 000365248 _____ () C:\ProgramData\cmdres.dll
    2017-07-16 18:18 - 2017-07-16 18:18 - 000006144 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2017-06-29 17:39 - 2017-12-27 14:39 - 000007605 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg

    Some files in TEMP:
    ====================
    2018-08-12 15:07 - 2018-07-06 00:25 - 001945784 _____ (Microsoft Corporation) C:\Users\admin\AppData\Local\Temp\dllnt_dump.dll

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-05-13 16:36

    ==================== End of FRST.txt ============================

  13. #13
    Join Date
    May 2005
    Posts
    122
    Addition.txt part 1 of 2

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
    Ran by admin (13-08-2018 18:04:58)
    Running from C:\Users\admin\Desktop\PC clean 8-12-2018
    Windows 10 Pro Version 1803 17134.165 (X64) (2018-05-14 00:33:53)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    admin (S-1-5-21-2848961991-288533299-670403562-1000 - Administrator - Enabled) => C:\Users\admin
    Administrator (S-1-5-21-2848961991-288533299-670403562-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2848961991-288533299-670403562-503 - Limited - Disabled)
    Guest (S-1-5-21-2848961991-288533299-670403562-501 - Limited - Disabled)
    test (S-1-5-21-2848961991-288533299-670403562-1003 - Administrator - Enabled) => C:\Users\test
    WDAGUtilityAccount (S-1-5-21-2848961991-288533299-670403562-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Disabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AV: Bitdefender Antivirus (Disabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fTask: {6E55944E-F328-4D0D-A2C4-F522719AC048} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
    Task: {72D01A58-2DA9-463E-B146-01F93D0AF30E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-12] (Piriform Ltd)
    Task: {7C0FD21A-3726-4CD2-B7DD-BA4951A22BC8} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {7F2E741F-8434-4552-AFB6-77E1ABAF8DA9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {82DACA87-E8AB-4895-81D5-342D3D327D8D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-08-12] (AVAST Software)
    Task: {9612C1E4-A45D-4726-A522-92A8DB97C1D2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-14] (Adobe Systems Incorporated)
    Task: {AF65C8F0-89CB-4EF2-9497-E47000A0481A} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {B6E07D0E-E7FA-4C16-A566-230BD6B2D2F1} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
    Task: {BB5D1227-A296-4EB9-AD54-B484B72371F9} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-12-11] (WinZip)
    Task: {C29134A1-E8F5-4B94-AF37-CDFF1131703F} - System32\Tasks\{C754CC6B-A7E4-4453-A26E-845EF72EABFE} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\admin\AppData\Local\{A46B9237-80C3-FE8F-ED5B-DB67C93327FF}\uninst.exe -c -FN="C:\Users\admin\AppData\Local\{A436928D-8164-FFFB-EA52-D82936802517}\Updater.exe"-P=/Uninstall /s /noun /DelSelfDir
    Task: {C62C8799-FE59-46F3-960F-33398CAE94B3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-12] (Piriform Ltd)
    Task: {CAA220D5-E8EA-4229-AAA1-87B0B4B3F76A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
    Task: {DCE8B9F1-3AE2-45AE-B5C2-000A9B9BDB45} - System32\Tasks\HPCustPartic.exe_{60E2E0F2-CC6F-42F5-9CFE-498B1CF4579F} => C:\Program Files\HP\HP ENVY 5660 series\Bin\HPCustPartic.exe [2017-05-23] (HP Inc.)
    Task: {E31B5EAF-E4DD-4735-B216-278EA3729479} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    Task: {E8CA25F0-3EC4-404F-943F-F82197BE02F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-11] (Google Inc.)
    Task: {F5E25228-3B11-4700-BF4B-DF856CB65A83} - System32\Tasks\HPCeeScheduleForadmin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {FC6C9A93-8E67-4592-8FAE-9837A91A8F00} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForadmin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-07-18 08:16 - 2018-07-18 08:17 - 000993728 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02751_003\ashttpbr.mdl
    2018-07-18 08:16 - 2018-07-18 08:17 - 000544880 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02751_003\ashttpdsp.mdl
    2018-07-18 08:16 - 2018-07-18 08:17 - 003232216 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02751_003\ashttpph.mdl
    2018-07-18 08:16 - 2018-07-18 08:17 - 001528320 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02751_003\ashttprbl.mdl
    2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2018-01-05 01:14 - 2018-01-05 01:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2018-08-12 17:48 - 2018-06-18 13:32 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2018-08-12 17:48 - 2018-07-03 12:59 - 002535120 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-07-10 19:04 - 2018-07-05 23:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-06-12 20:07 - 2018-06-08 02:31 - 003912608 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
    2018-06-12 20:07 - 2018-06-08 02:31 - 002506680 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
    2018-03-21 11:33 - 2018-03-21 11:33 - 043131904 _____ () C:\Program Files\WindowsApps\TDAmeritradeMobileLLC.TDAmeritrade_2.1.2.0_x64__xhqy2dhf86p7y\TDAmeritrade.dll
    2018-07-25 08:59 - 2018-07-25 09:00 - 004383232 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1807.1991.0_x64__8wekyb3d8bbwe\OneConnect.dll
    2018-07-17 23:00 - 2018-07-17 23:01 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2018-07-17 23:00 - 2018-07-17 23:01 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2018-07-17 23:00 - 2018-07-17 23:01 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2018-07-17 23:00 - 2018-07-17 23:01 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
    2018-03-27 17:51 - 2018-03-27 17:52 - 004734464 _____ () C:\Program Files\Windowae-9E44-DA132C1ACF46}
    AS: Bitdefender Antispyware (Disabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}
    AS: Avast Antivirus (Disabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
    FW: Bitdefender Firewall (Disabled) {362C5A58-E860-6396-9204-BEEEF20CA463}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
    A360 Desktop (HKLM\...\{A74E6AC6-623F-4DFE-B362-32C7986EE871}) (Version: 6.2.10.1700 - Autodesk)
    ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden
    ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
    Adobe Connect (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Adobe Connect App) (Version: 11.9.985.57 - Adobe Systems Inc.)
    Adobe Connect (HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Adobe Connect App) (Version: 11.9.985.57 - Adobe Systems Inc.)
    Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
    Akamai NetSession Interface (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
    Akamai NetSession Interface (HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Akamai) (Version: - Akamai Technologies, Inc)
    Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
    AutoCAD 2016 - English (HKLM\...\{5783F2D7-F001-0409-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
    AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.107.0 - Autodesk) Hidden
    AutoCAD 2016 Language Pack - English (HKLM\...\{5783F2D7-F001-0409-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
    Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
    Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
    Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk)
    Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
    Autodesk AutoCAD 2016 SP 1 (HKLM\...\AutoCAD 2016 SP1) (Version: 20.1.107.0 - Autodesk)
    Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
    Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
    Autodesk Content Service (HKLM\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
    Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
    Autodesk Content Service Language Pack (HKLM\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
    Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
    Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
    Autodesk ReCap 2016 (HKLM\...\{F6FD1651-0000-1033-0102-387BAF9B3B0A}) (Version: 1.5.0.33 - Autodesk) Hidden
    Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
    Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.24.36 - Bitdefender)
    Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 22.0.8.114 - Bitdefender)
    Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 22.0.8.118 - Bitdefender)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking)
    CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
    COMODO Antivirus (HKLM\...\{04833277-EE61-4251-9273-0CF86C0FE710}) (Version: 10.0.1.6223 - COMODO Security Solutions Inc.)
    Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.1.0.0 - Foxit Corporation)
    Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    Grammarly for Microsoft® Office Suite (HKLM\...\{2CC6EE9C-51D8-479E-8B0B-F061F658FC9B}) (Version: 6.5.57 - Grammarly) Hidden
    Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\{b1eb8775-bc01-49f5-9885-9ff3c9b4a7a3}) (Version: 6.5.57 - Grammarly)
    Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\{b1eb8775-bc01-49f5-9885-9ff3c9b4a7a3}) (Version: 6.5.57 - Grammarly)
    HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
    HP ENVY 5660 series Basic Device Software (HKLM\...\{D3D38A38-586A-49AA-81C8-26A48B7DCFD4}) (Version: 40.11.1135.17143 - HP Inc.)
    HP ENVY 5660 series Help (HKLM-x32\...\{607F50D9-40BD-4F17-A584-152F563293B4}) (Version: 34.0.0 - Hewlett Packard)
    HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
    iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
    iExplorer (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\2ee35ebaf226322a) (Version: 4.1.14.0 - Macroplant LLC)
    iExplorer (HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\2ee35ebaf226322a) (Version%sApps\Microsoft.Wallet_2.2.18065.0_x64__8wekyb3d8bbwe\Microsoft.Wallet.dll
    2018-08-12 11:02 - 2018-08-12 11:02 - 035124224 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
    2018-08-12 11:02 - 2018-08-12 11:02 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\SharedUI.dll
    2018-08-12 11:02 - 2018-08-12 11:02 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntCommon.dll
    2017-09-26 10:31 - 2017-09-26 10:31 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-08-12 11:02 - 2018-08-12 11:02 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntPlat.dll
    2018-01-05 01:14 - 2018-01-05 01:14 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2018-01-05 01:14 - 2018-01-05 01:14 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2018-01-05 01:14 - 2018-01-05 01:14 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2018-08-12 11:33 - 2018-08-12 11:33 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2018-08-12 11:24 - 2018-08-12 11:24 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
    2018-08-12 11:23 - 2018-08-12 11:23 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\CustomModeApp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\CustomModeAppv2_0.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID [130]
    AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\igfxCUIService.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiVAD64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\ivusb.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [130]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Users\admin\Downloads\Firefox Setup Stub 40.0.3.exe:$CmdTcID [64]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKU\S-1-5-21-2848961991-288533299-670403562-1000\Software\Classes\.scr: scrfile => <==== ATTENTION

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-11-09 18:26 - 2018-08-13 17:53 - 000000028 _____ C:\WINDOWS\system32\Drivers\etc\hosts

    0.0.0.1 mssplus.mcafee.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065702442\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065715537\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-21-2848961991-288533299-670403562-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065724382\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: AdAppMgrSvc => 2
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: Autodesk Content Service => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: cmdvirth => 3
    MSCONFIG\Services: DevMgmtService => 2
    MSCONFIG\Services: FlexNet Licensing Service 64 => 2
    MSCONFIG\Services: FreemakeVideoCapture => 2
    MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: McAfee Vpn Service => 3
    MSCONFIG\Services: McComponentHostService => 3
    MSCONFIG\Services: TrueKey => 2
    MSCONFIG\Services: TrueKeyScheduler => 2
    MSCONFIG\Services: TrueKeyServiceHelper => 2
    MSCONFIG\Services: WinZip Compression Smart Monitor Service => 2
    HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
    HKLM\...\StartupApproved\Run: => "SecurityHealth"
    HKLM\...\StartupApproved\Run: => "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
    HKLM\...\StartupApproved\Run: => "WinZip FAH"
    HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
    HKLM\...\StartupApproved\Run: => "WinZip UN"
    HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
    HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Autodesk Sync"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Akamai NetSession Interface"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Chromium"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "AfterPlayMonitor"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "McAfeeSafeConnect"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "Autodesk Sync"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "Akamai NetSession Interface"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "Chromium"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "AfterPlayMonitor"
    HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "McAfeeSafeConnect"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{045630E8-186E-483F-8DE5-101DCDEF323F}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe
    FirewallRules: [{55F4A9A1-BC88-4B68-BA28-A7EF2DA02289}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe
    FirewallRules: [{D65E23F2-980F-43B2-9065-C7A2EBD806F5}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe
    FirewallRules: [{AA648B96-5F65-422A-9A95-A133A3AB7D95}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe
    FirewallRules: [{81D4C61E-F73A-4242-9948-6020DB70BBD0}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe
    FirewallRules: [{4FF3DA52-3FAF-4192-BAEF-D2F7BA137FDA}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe
    FirewallRules: [{39405740-FEA2-467A-94D8-40B14987C35B}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe
    FirewallRules: [{6180B6E9-4505-4696-A7E8-E7C544DDDA1C}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe
    FirewallRules: [{EBCAD962-12F5-44A6-89BE-D79529A5B7E6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{DA345B5E-32DB-40D7-8772-7C0471FF4388}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [{A64CED85-A815-4BAE-B1AC-E04821739A81}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe
    FirewallRules: [{3E607D95-D964-4150-BC93-794291FC221E}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe
    FirewallRules: [{9A3F94F6-1D14-41F4-AEA2-B1B23AB8B15A}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7E19\HPDiagnosticCoreUI.exe
    FirewallRules: [{2932F3DA-E743-4FFB-92F3-6CA5CCF9799C}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7E19\HPDiagnosticCoreUI.exe
    FirewallRules: [{CF1DEA46-D310-499C-AA17-BA73A3ECC6C4}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7232\HPDiagnosticCoreUI.exe
    FirewallRules: [{B92D6D09-328E-4F95-BDD7-B3EB9922C721}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7232\HPDiagnosticCoreUI.exe
    FirewallRules: [{182FCE87-E5B6-4B9E-8603-01F6958510D6}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS6679\HPDiagnosticCoreUI.exe
    FirewallRules: [{6C0124A7-AEB1-49DC-9C41-5E9E03964955}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS6679\HPDiagnosticCoreUI.exe
    FirewallRules: [{8CF6A2B3-59BD-4EC5-B6E0-731376415216}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{30783D84-8016-40BB-B4B0-468EF4A78ED8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{95CD1AA8-E84A-44B7-ABFB-A09CF1DA68B3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{14667F32-C931-4C34-8972-404D38837FBA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{3CB307AA-2DC7-4984-892A-374D8BA928F8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
    FirewallRules: [{55DCA2AA-CB65-413B-B024-EFBB6AEF849E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
    FirewallRules: [{5B809C84-4941-4E2E-A7D3-B17F8258F682}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
    FirewallRules: [{8A03454A-B710-4C0D-9FA9-C61B8E94A565}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
    FirewallRules: [UDP Query User{50DA4D58-6612-4FF7-8EF6-66C3A6C8F8D3}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\admin\appdata\local\akamai\netsession_win.exe
    FirewallRules: [TCP Query User{EE84B819-D1EE-4A6E-8192-3623D4D237A7}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\admin\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{49105C15-6D06-4038-BFB9-487888D38FF2}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{20C2EE6F-BB06-446A-968B-2E8DC33AAD68}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{3222933B-AB7D-4706-A60B-F056838A70F4}] => (Allow) LPort=50248
    FirewallRules: [UDP Query User{4AF32029-E6DC-4B44-A019-7F21F3D1CACF}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\admin\appdata\local\akamai\netsession_win.exe
    FirewallRules: [TCP Query User{4E752B87-E112-4068-AA65-4CAB5770B635}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\admin\appdata\local\akamai\netsession_win.exe
    FirewallRules: [TCP Query User{1361D9A1-184E-46FA-A496-DC624C32A6C8}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\admin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{E702AB62-E09E-4AE0-9164-5CB2A03F572C}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\admin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{E6FF717D-D762-4D20-83DA-383E6FCABBDD}] => (Allow) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    FirewallRules: [{D3A09AF4-9739-43E4-9A06-1041E6BB6299}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS2403\HPDiagnosticCoreUI.exe
    FirewallRules: [{83A22F8F-C005-4458-9885-C781CC523327}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS2403\HPDiagnosticCoreUI.exe
    FirewallRules: [{808C33CF-AEBB-4BD5-933A-75EE1927F365}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS24A0\HPDiagnosticCoreUI.exe
    FirewallRules: [{CF58BA79-68C7-40E5-A9A3-4D9D5011A543}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS24A0\HPDiagnosticCoreUI.exe
    FirewallRules: [{99A27AB0-568B-4382-81FC-B946297CBE41}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS5DD0\HPDiagnosticCoreUI.exe
    FirewallRules: [{C4638C61-C2D5-464B-AB0C-06C000F8C031}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS5DD0\HPDiagnosticCoreUI.exe
    FirewallRules: [{090A6C85-F13B-4233-A6BB-FBA9EC7FF739}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS530D\HPDiagnosticCoreUI.exe
    FirewallRules: [{3B4BB1C0-776C-4AE3-A2B4-B1A9A0928565}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS530D\HPDiagnosticCoreUI.exe
    FirewallRules: [{129EFD3A-26ED-4D07-B7DB-D148FA6FB635}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS41B6\HPDiagnosticCoreUI.exe
    FirewallRules: [{AE2F7BCC-7D3D-45DF-9CD2-2F3486763270}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS41B6\HPDiagnosticCoreUI.exe
    FirewallRules: [{06ED8793-251E-4650-A3EE-8C09FF040356}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS44ED\HPDiagnosticCoreUI.exe
    FirewallRules: [{9F08467F-0E68-4BE3-9F4C-A54D043EB237}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS44ED\HPDiagnosticCoreUI.exe
    FirewallRules: [{7EE8E09D-64C6-46B6-A7C4-615A4A720182}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS456C\HPDiagnosticCoreUI.exe
    FirewallRules: [{E062B003-D826-4BBB-B3BF-F3293262AFA4}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS456C\HPDiagnosticCoreUI.exe
    FirewallRules: [{A9D7B99F-BEF0-4BE5-A00A-C671BCAD56F5}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0FF7\HPDiagnosticCoreUI.exe
    FirewallRules: [{38D19241-E76C-4C52-ABC7-2D80BA593224}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0FF7\HPDiagnosticCoreUI.exe
    FirewallRules: [{60F532E2-DF75-47BD-AC55-1D59CD9B9733}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS3D4D\HPDiagnosticCoreUI.exe
    FirewallRules: [{5D396C44-BCE9-4368-A8AF-D2E8CEEF93E1}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS3D4D\HPDiagnosticCoreUI.exe
    FirewallRules: [{8054A7A7-F7CC-4C88-8762-F2704659F7B6}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0F2B\HPDiagnosticCoreUI.exe
    FirewallRules: [{7F70D801-2D8A-486B-83FD-0601C0160ADA}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0F2B\HPDiagnosticCoreUI.exe
    FirewallRules: [{160448D9-ECE9-4261-9F55-A84F808F17D9}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS65D3\HP.EasyStart.exe
    FirewallRules: [{E4B3F583-FC98-45C8-994F-6C0139A80AB2}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS6DE3\HP.EasyStart.exe
    FirewallRules: [{495DB74B-4812-4E07-8201-3B8BD892E2D7}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\DeviceSetup.exe
    FirewallRules: [{EA11A5E9-E56C-451F-9AF7-6B9F81AD209A}] => (Allow) LPort=5357
    FirewallRules: [{51F78C7D-B6F3-483D-9961-3BF770A7E24A}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{87CDB79B-C1D2-40D9-B30F-C65CC66278E8}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS2375\HP.EasyStart.exe
    FirewallRules: [{5073659A-010B-4E58-B0B2-5D7104998141}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0511\HPDiagnosticCoreUI.exe
    FirewallRules: [{CA0630C3-B651-41B0-84A7-4D696ACF1D29}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0511\HPDiagnosticCoreUI.exe
    FirewallRules: [{73AF51E0-4C4E-4935-A4EA-6D93510B8F7E}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0C71\HP.EasyStart.exe
    FirewallRules: [{0D9AE5EE-A360-4282-AF9F-2DBE07C66A2E}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7767\HPDiagnosticCoreUI.exe
    FirewallRules: [{59E5435B-56BE-4237-8A6B-2A1FFBB5D593}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7767\HPDiagnosticCoreUI.exe
    FirewallRules: [{218544BD-AFE2-4557-BA8C-A21F9AED759B}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0915\HPDiagnosticCoreUI.exe
    FirewallRules: [{4F6482CB-3C58-4AFB-8EEB-3968D145399B}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0915\HPDiagnosticCoreUI.exe
    FirewallRules: [{CB1F88CE-E830-4C96-803B-15DB70033C25}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS06AB\HPDiagnosticCoreUI.exe
    FirewallRules: [{92FAA138-C64E-48AB-8831-516561152E76}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS06AB\HPDiagnosticCoreUI.exe
    FirewallRules: [{34BEA1B3-8AA0-466D-8DE4-A6F4795AAA45}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS1739\HPDiagnosticCoreUI.exe
    FirewallRules: [{90CE71C9-3409-4B02-9C5F-FED18D5563B7}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS1739\HPDiagnosticCoreUI.exe
    FirewallRules: [{F140B7AA-BBD0-4A1A-A69C-7D4352BF86B7}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS25D3\HPDiagnosticCoreUI.exe
    FirewallRules: [{3F93297B-63A0-4481-928D-C58B19FA39D1}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS25D3\HPDiagnosticCoreUI.exe
    FirewallRules: [{A416FC16-54C8-471D-ABBE-6D40E2B4235D}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0A52\HPDiagnosticCoreUI.exe
    FirewallRules: [{A72AB0C6-13AE-4E6F-AC16-17C3383DB024}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0A52\HPDiagnosticCoreUI.exe
    FirewallRules: [{5C260C40-B8F0-49D3-B9B0-C73BAC819BD4}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS13BC\HP.EasyStart.exe
    FirewallRules: [{F15A450D-6B53-480E-825C-902BE2B74F72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{62960173-84E8-46B1-AC2B-D53E4CBAA0F6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
    FirewallRules: [{41C3280A-E90B-49AA-9757-A8ED48EFCA64}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
    FirewallRules: [{FFBE735D-0197-4C4A-B2D6-E8591E7CE695}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
    FirewallRules: [{E221C328-6768-484B-8285-93D86CC7E751}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

    ==================== Restore Points =========================

    23-07-2018 17:23:07 Scheduled Checkpoint
    05-08-2018 18:26:03 Scheduled Checkpoint
    08-08-2018 20:28:51 Removed WinZip 22.0.
    12-08-2018 20:30:56 Removed COMODO Antivirus

    ==================== Faulty Device Manager Devices =============

    Name: 260ci WIA Driver (USB)
    Description: 260ci WIA Driver (USB)
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Kyocera
    Service: usbscan
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

  14. #14
    Join Date
    May 2005
    Posts
    122
    Addition.txt part 2 of 2

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/13/2018 06:57:15 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbamservice.exe, version: 3.1.0.667, time stamp: 0x5ad8e0a1
    Faulting module name: ntdll.dll, version: 10.0.17134.165, time stamp: 0xf4df6dc2
    Exception code: 0xc0000005
    Fault offset: 0x000000000001d979
    Faulting process id: 0x15d0
    Faulting application start time: 0x01d432b2c05d7166
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: ba4ce2b1-9f87-48b5-8580-d9b51d2b507e
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (08/12/2018 08:29:48 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: taskhostw (4716,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log.

    Error: (08/12/2018 08:29:48 PM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhostw (4716,R,98) WebCacheLocal: An attempt to open the file "C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (08/12/2018 08:29:38 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: taskhostw (4716,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log.

    Error: (08/12/2018 08:29:38 PM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhostw (4716,R,98) WebCacheLocal: An attempt to open the file "C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (08/12/2018 08:29:28 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: taskhostw (4716,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log.

    Error: (08/12/2018 08:29:28 PM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhostw (4716,R,98) WebCacheLocal: An attempt to open the file "C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (08/12/2018 08:29:17 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: taskhostw (4716,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log.


    System errors:
    =============
    Error: (08/13/2018 06:00:26 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (08/13/2018 06:00:23 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (08/13/2018 06:00:20 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (08/13/2018 06:00:17 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (08/13/2018 05:59:03 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (08/13/2018 05:58:58 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (08/13/2018 05:58:52 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (08/13/2018 05:58:47 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.


    Windows Defender:
    ===================================
    Date: 2018-07-29 10:17:24.816
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {C6C30E64-4297-4E77-8337-01EFB718A93A}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-07-29 09:50:01.476
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {8593DB24-A45E-41DE-AEC5-6C44AB05E081}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-07-21 11:00:15.155
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {0E9780BC-DA01-48C7-A4E7-4221C09D6F3E}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-07-21 10:51:45.504
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {ED6BEC6A-6368-4EF9-BE1E-E9A92B8FC6A2}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-07-17 17:21:24.317
    Description:
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...8&enterprise=0
    Name: SoftwareBundler:Win32/ICLoader
    ID: 222548
    Severity: High
    Category: Software Bundler
    Path: containerfile:_C:\Users\admin\Desktop\Chemistry_complete_solutions_manual_zumdahl.rar;file:_C:\Users\admin\Desktop\Chemistry_complete_solutions_manual_zumdahl.rar->Chemistry_complete_solutions_manual_zumdahl.exe
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.271.1085.0, AS: 1.271.1085.0, NIS: 1.271.1085.0
    Engine Version: AM: 1.1.15000.2, NIS: 1.1.15000.2

    CodeIntegrity:
    ===================================

    Date: 2018-08-13 08:19:22.424
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-08-13 08:19:22.418
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-08-13 08:19:22.417
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-08-13 08:19:22.412
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-08-13 08:19:22.411
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-08-12 20:25:58.821
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-08-12 19:35:05.375
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-08-12 19:35:05.375
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
    Percentage of memory in use: 31%
    Total physical RAM: 7980.45 MB
    Available physical RAM: 5457.86 MB
    Total Virtual: 10980.45 MB
    Available Virtual: 8374.9 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.22 GB) (Free:30.51 GB) NTFS

    \\?\Volume{28c6728b-cb27-11e3-b997-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
    \\?\Volume{5e4cd43b-0000-0000-0000-a05474000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 5E4CD43B)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=449 MB) - (Type=27)

    ==================== End of Addition.txt ============================

  15. #15
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    In your Event Viewer I see number of these:

    Error: (08/13/2018 06:00:26 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    I suggest running hard drive diagnostic.

    Run hard drive diagnostics: http://www.bleepingcomputer.com/foru...ost__p__160520
    Make sure, you select tool, which is appropriate for the brand of your hard drive.
    Depending on the program, it'll create bootable floppy, or bootable CD.
    If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
    For Toshiba hard drives, see here: http://storage.toshiba.com/storage-s...ies#diagnostic

    Note : If you do not know how to set your computer to boot from CD follow the steps here

    ==============================================

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Attached Files Attached Files

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •