August 12th, 2018, 03:06 PM
#1
[RESOLVED] Just wanted a check up
FRST Addition.txt part 1 of 2:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by admin (12-08-2018 11:52:14)
Running from C:\Users\admin\Desktop
Windows 10 Pro Version 1803 17134.165 (X64) (2018-05-14 00:33:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
admin (S-1-5-21-2848961991-288533299-670403562-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2848961991-288533299-670403562-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2848961991-288533299-670403562-503 - Limited - Disabled)
Guest (S-1-5-21-2848961991-288533299-670403562-501 - Limited - Disabled)
test (S-1-5-21-2848961991-288533299-670403562-1003 - Administrator - Enabled) => C:\Users\test
WDAGUtilityAccount (S-1-5-21-2848961991-288533299-670403562-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Disabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}
AS: Avast Antivirus (Disabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Bitdefender Firewall (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
A360 Desktop (HKLM\...\{A74E6AC6-623F-4DFE-B362-32C7986EE871}) (Version: 6.2.10.1700 - Autodesk)
ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Connect (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Adobe Connect App) (Version: 11.9.985.57 - Adobe Systems Inc.)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
AutoCAD 2016 - English (HKLM\...\{5783F2D7-F001-0409-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.107.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (HKLM\...\{5783F2D7-F001-0409-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD 2016 SP 1 (HKLM\...\AutoCAD 2016 SP1) (Version: 20.1.107.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk ReCap 2016 (HKLM\...\{F6FD1651-0000-1033-0102-387BAF9B3B0A}) (Version: 1.5.0.33 - Autodesk) Hidden
Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.24.36 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 22.0.8.114 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 22.0.8.118 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
COMODO Antivirus (HKLM\...\{04833277-EE61-4251-9273-0CF86C0FE710}) (Version: 10.0.1.6223 - COMODO Security Solutions Inc.)
Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.4.39 - PC Drivers HeadQuarters LP) <==== ATTENTION
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.1.0.0 - Foxit Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Grammarly for Microsoft® Office Suite (HKLM\...\{2CC6EE9C-51D8-479E-8B0B-F061F658FC9B}) (Version: 6.5.57 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\{b1eb8775-bc01-49f5-9885-9ff3c9b4a7a3}) (Version: 6.5.57 - Grammarly)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 5660 series Basic Device Software (HKLM\...\{D3D38A38-586A-49AA-81C8-26A48B7DCFD4}) (Version: 40.11.1135.17143 - HP Inc.)
HP ENVY 5660 series Help (HKLM-x32\...\{607F50D9-40BD-4F17-A584-152F563293B4}) (Version: 34.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
iExplorer (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\2ee35ebaf226322a) (Version: 4.1.14.0 - Macroplant LLC)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.2 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
McAfee Safe Connect (HKLM-x32\...\{8DF95C34-C5EB-4026-9C86-E49F2A94677A}) (Version: 1.6.0.223 - McAfee, Inc)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.717.1 - McAfee, Inc.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E534493E-80D2-4E37-8020-3ECAC55D9DB5}) (Version: 10.53.6000.34 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movavi Video Editor 14 (x64) (HKLM\...\Movavi Video Editor 14 (x64)) (Version: 14.3.0 - Movavi)
Popcorn Time Offical version 0.8.0.4 (HKLM-x32\...\{8F38178C-CFE2-476C-9DC8-F4203C2395FF}_is1) (Version: 0.8.0.4 - Popcorn Time Offical) <==== ATTENTION
Product Improvement Study for HP ENVY 5660 series (HKLM\...\{1385A641-227E-4F7F-BF9B-927828ACDBEB}) (Version: 40.11.1135.17143 - HP Inc.)
RAR File Open Knife - Free Opener (HKLM-x32\...\RAR File Open Knife - Free Opener) (Version: 7 - Philipp Winterberg)
ScottradeELITE v5 (HKLM-x32\...\{7E94DCE4-F1F3-47AF-A2D4-8A81008D9B1F}) (Version: 5.3.0.0 - Scottrade Inc.)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Spotify (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Spotify) (Version: 1.0.80.474.gef6b503e - Spotify AB)
SSOption (HKLM-x32\...\EtaKnight) (Version: 2.0.9.1 - EtaKnight Corp.)
TI Connect™ CE (HKLM-x32\...\{8B1F3A89-E195-48CD-8487-A37BA5308E76}) (Version: 5.3.0.384 - Texas Instruments Inc.)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.35 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
WinZip 22.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24119}) (Version: 22.0.12706 - Corel Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2848961991-288533299-670403562-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2848961991-288533299-670403562-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2848961991-288533299-670403562-1000_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2848961991-288533299-670403562-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2848961991-288533299-670403562-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll ()
CustomCLSID: HKU\S-1-5-21-2848961991-288533299-670403562-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-12] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2015-02-05] (Autodesk, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2015-02-05] (Autodesk)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-12] (AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-12] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-12] (AVAST Software)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04A6D2BE-9E43-4E45-BE3B-D8F718B129FC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-14] (Adobe Systems Incorporated)
Task: {0531C61D-483F-4330-813A-968FA887D640} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
Task: {0563F32C-810D-4E1F-B81B-7CED23F3A24F} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {0F184481-2CBE-41B1-8E6A-D17B6D913915} - System32\Tasks\{86A5956A-7BAE-4AC5-962F-1C16B9B9C048} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\TrueKey\Mcafee.TrueKey.Uninstaller.Exe"
Task: {35584097-F753-4B07-8EDA-01CF6C163D18} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {37C72455-B4DB-4667-A074-01837B5F28B9} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {37D59D0E-D465-452D-81D4-6B6991600B85} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {3B13BD23-B924-4C25-9391-552F3FE5851A} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {48F68B36-6B09-4AFD-839C-5021D6F5816B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {4D89F8EC-9278-43A8-AA34-7AA1DA84D00B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-11] (Google Inc.)
Task: {5369E13E-0ADA-4681-BC40-D517D73A2B4F} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-05-16] (Bitdefender)
Task: {5D99F936-D2FC-48E1-BFA5-A93D348A1264} - System32\Tasks\HPCustParticipation HP ENVY 5660 series => C:\Program Files\HP\HP ENVY 5660 series\Bin\HPCustPartic.exe [2017-05-23] (HP Inc.)
Task: {65518EA1-023E-404D-92FC-AEACE9B86CBD} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6D02B3E2-AE9F-4BB9-BB9F-47559086B016} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-08-12] (AVAST Software)
Task: {6E55944E-F328-4D0D-A2C4-F522719AC048} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {72D01A58-2DA9-463E-B146-01F93D0AF30E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-12] (Piriform Ltd)
Task: {7C0FD21A-3726-4CD2-B7DD-BA4951A22BC8} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {7F2E741F-8434-4552-AFB6-77E1ABAF8DA9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {9612C1E4-A45D-4726-A522-92A8DB97C1D2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-14] (Adobe Systems Incorporated)
Task: {AF65C8F0-89CB-4EF2-9497-E47000A0481A} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {B6E07D0E-E7FA-4C16-A566-230BD6B2D2F1} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
Task: {BB5D1227-A296-4EB9-AD54-B484B72371F9} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-12-11] (WinZip)
Task: {C29134A1-E8F5-4B94-AF37-CDFF1131703F} - System32\Tasks\{C754CC6B-A7E4-4453-A26E-845EF72EABFE} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\admin\AppData\Local\{A46B9237-80C3-FE8F-ED5B-DB67C93327FF}\uninst.exe -c -FN="C:\Users\admin\AppData\Local\{A436928D-8164-FFFB-EA52-D82936802517}\Updater.exe"-P=/Uninstall /s /noun /DelSelfDir
Task: {C62C8799-FE59-46F3-960F-33398CAE94B3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-12] (Piriform Ltd)
Task: {CAA220D5-E8EA-4229-AAA1-87B0B4B3F76A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {DCE8B9F1-3AE2-45AE-B5C2-000A9B9BDB45} - System32\Tasks\HPCustPartic.exe_{60E2E0F2-CC6F-42F5-9CFE-498B1CF4579F} => C:\Program Files\HP\HP ENVY 5660 series\Bin\HPCustPartic.exe [2017-05-23] (HP Inc.)
Task: {DFE0693A-0EAA-44D1-B564-AADD94C88DD0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-08-12] (AVAST Software)
Task: {E31B5EAF-E4DD-4735-B216-278EA3729479} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
Task: {E8CA25F0-3EC4-404F-943F-F82197BE02F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-11] (Google Inc.)
Task: {F5E25228-3B11-4700-BF4B-DF856CB65A83} - System32\Tasks\HPCeeScheduleForadmin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {FC6C9A93-8E67-4592-8FAE-9837A91A8F00} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForadmin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\SPARKvue.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=iimbdmgkimpbhimdjnmiffmeefbppijo
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Vernier Graphical Analysis.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=dncgedbnidfkppmdgfgidcepclnokpkb
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\54006d977149216d\SMS from Gmail ™ & Facebook™ (MightyText).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=iffdacemhfpnchinokehhnppllonacfj
==================== Loaded Modules (Whitelisted) ==============
2018-07-18 08:16 - 2018-07-18 08:17 - 000993728 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02751_003\ashttpbr.mdl
2018-07-18 08:16 - 2018-07-18 08:17 - 000544880 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02751_003\ashttpdsp.mdl
2018-07-18 08:16 - 2018-07-18 08:17 - 003232216 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02751_003\ashttpph.mdl
2018-07-18 08:16 - 2018-07-18 08:17 - 001528320 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02751_003\ashttprbl.mdl
2018-01-05 01:14 - 2018-01-05 01:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-07-17 23:00 - 2018-07-17 23:01 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 23:00 - 2018-07-17 23:01 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 23:00 - 2018-07-17 23:01 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 23:00 - 2018-07-17 23:01 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-10 19:04 - 2018-07-05 23:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-07 11:19 - 2017-06-27 11:15 - 066355808 _____ () C:\Program Files\Intel Security\True Key\Application\libcef.dll
2016-01-06 09:41 - 2016-01-06 09:41 - 000062168 _____ () C:\Program Files\CCleaner\branding.dll
2018-07-26 13:16 - 2018-07-26 13:17 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-07-26 13:16 - 2018-07-26 13:16 - 068154880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 09:26 - 2017-10-05 09:29 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-07-20 08:54 - 2018-07-20 08:57 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-07-20 08:54 - 2018-07-20 08:57 - 004139008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-03 14:49 - 2018-05-03 14:50 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-07-20 08:54 - 2018-07-20 08:57 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-03-29 13:23 - 2018-03-29 13:26 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-07-26 13:16 - 2018-07-26 13:17 - 014919168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-07-20 08:54 - 2018-07-20 08:57 - 003982848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-07-26 13:16 - 2018-07-26 13:16 - 002938880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-27 08:45 - 2018-05-27 08:46 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-20 08:54 - 2018-07-20 08:57 - 001396224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-07-26 13:16 - 2018-07-26 13:17 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-08-09 21:48 - 2018-08-07 17:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-09 21:48 - 2018-08-07 17:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-08-10 08:24 - 2017-08-10 08:24 - 072940016 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
2018-08-12 11:24 - 2018-08-12 11:24 - 000483544 _____ () c:\program files\avast software\avast\streamback.dll
2018-08-12 11:28 - 2018-08-12 11:28 - 005737088 _____ () c:\program files\avast software\avast\defs\18081201\algo.dll
2018-08-12 11:24 - 2018-08-12 11:24 - 000532696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-08-12 11:23 - 2018-08-12 11:23 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-08-12 11:24 - 2018-08-12 11:24 - 000985304 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-08-12 11:36 - 2018-08-12 11:36 - 005654160 _____ () c:\program files\avast software\avast\defs\18081204\algo.dll
2018-08-12 11:33 - 2018-08-12 11:33 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-08-12 11:23 - 2018-08-12 11:23 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CustomModeApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CustomModeAppv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxCUIService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiVAD64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ivusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\admin\Downloads\Firefox Setup Stub 40.0.3.exe:$CmdTcID [64]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\Software\Classes\.scr: scrfile => <==== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-11-09 18:26 - 2018-08-12 11:31 - 000000028 _____ C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2848961991-288533299-670403562-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdAppMgrSvc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Autodesk Content Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cmdvirth => 3
MSCONFIG\Services: DevMgmtService => 2
MSCONFIG\Services: FlexNet Licensing Service 64 => 2
MSCONFIG\Services: FreemakeVideoCapture => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McAfee Vpn Service => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: TrueKey => 2
MSCONFIG\Services: TrueKeyScheduler => 2
MSCONFIG\Services: TrueKeyServiceHelper => 2
MSCONFIG\Services: WinZip Compression Smart Monitor Service => 2
MSCONFIG\Services: WinZip Smart Monitor Service => 2
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "WinZip FAH"
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "AfterPlayMonitor"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "McAfeeSafeConnect"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{045630E8-186E-483F-8DE5-101DCDEF323F}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe
FirewallRules: [{55F4A9A1-BC88-4B68-BA28-A7EF2DA02289}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe
FirewallRules: [{D65E23F2-980F-43B2-9065-C7A2EBD806F5}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe
FirewallRules: [{AA648B96-5F65-422A-9A95-A133A3AB7D95}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe
FirewallRules: [{81D4C61E-F73A-4242-9948-6020DB70BBD0}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe
FirewallRules: [{4FF3DA52-3FAF-4192-BAEF-D2F7BA137FDA}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe
FirewallRules: [{39405740-FEA2-467A-94D8-40B14987C35B}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe
FirewallRules: [{6180B6E9-4505-4696-A7E8-E7C544DDDA1C}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe
FirewallRules: [{EBCAD962-12F5-44A6-89BE-D79529A5B7E6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DA345B5E-32DB-40D7-8772-7C0471FF4388}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{A64CED85-A815-4BAE-B1AC-E04821739A81}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe
FirewallRules: [{3E607D95-D964-4150-BC93-794291FC221E}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe
FirewallRules: [{9A3F94F6-1D14-41F4-AEA2-B1B23AB8B15A}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7E19\HPDiagnosticCoreUI.exe
FirewallRules: [{2932F3DA-E743-4FFB-92F3-6CA5CCF9799C}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7E19\HPDiagnosticCoreUI.exe
FirewallRules: [{CF1DEA46-D310-499C-AA17-BA73A3ECC6C4}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7232\HPDiagnosticCoreUI.exe
FirewallRules: [{B92D6D09-328E-4F95-BDD7-B3EB9922C721}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7232\HPDiagnosticCoreUI.exe
FirewallRules: [{182FCE87-E5B6-4B9E-8603-01F6958510D6}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS6679\HPDiagnosticCoreUI.exe
FirewallRules: [{6C0124A7-AEB1-49DC-9C41-5E9E03964955}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS6679\HPDiagnosticCoreUI.exe
FirewallRules: [{8CF6A2B3-59BD-4EC5-B6E0-731376415216}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{30783D84-8016-40BB-B4B0-468EF4A78ED8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{95CD1AA8-E84A-44B7-ABFB-A09CF1DA68B3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{14667F32-C931-4C34-8972-404D38837FBA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3CB307AA-2DC7-4984-892A-374D8BA928F8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{55DCA2AA-CB65-413B-B024-EFBB6AEF849E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{5B809C84-4941-4E2E-A7D3-B17F8258F682}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{8A03454A-B710-4C0D-9FA9-C61B8E94A565}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [UDP Query User{50DA4D58-6612-4FF7-8EF6-66C3A6C8F8D3}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\admin\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{EE84B819-D1EE-4A6E-8192-3623D4D237A7}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\admin\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{49105C15-6D06-4038-BFB9-487888D38FF2}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{20C2EE6F-BB06-446A-968B-2E8DC33AAD68}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3222933B-AB7D-4706-A60B-F056838A70F4}] => (Allow) LPort=50248
FirewallRules: [UDP Query User{4AF32029-E6DC-4B44-A019-7F21F3D1CACF}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\admin\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{4E752B87-E112-4068-AA65-4CAB5770B635}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\admin\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{1361D9A1-184E-46FA-A496-DC624C32A6C8}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E702AB62-E09E-4AE0-9164-5CB2A03F572C}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E6FF717D-D762-4D20-83DA-383E6FCABBDD}] => (Allow) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{D3A09AF4-9739-43E4-9A06-1041E6BB6299}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS2403\HPDiagnosticCoreUI.exe
FirewallRules: [{83A22F8F-C005-4458-9885-C781CC523327}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS2403\HPDiagnosticCoreUI.exe
FirewallRules: [{808C33CF-AEBB-4BD5-933A-75EE1927F365}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS24A0\HPDiagnosticCoreUI.exe
FirewallRules: [{CF58BA79-68C7-40E5-A9A3-4D9D5011A543}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS24A0\HPDiagnosticCoreUI.exe
FirewallRules: [{99A27AB0-568B-4382-81FC-B946297CBE41}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS5DD0\HPDiagnosticCoreUI.exe
FirewallRules: [{C4638C61-C2D5-464B-AB0C-06C000F8C031}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS5DD0\HPDiagnosticCoreUI.exe
FirewallRules: [{090A6C85-F13B-4233-A6BB-FBA9EC7FF739}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS530D\HPDiagnosticCoreUI.exe
FirewallRules: [{3B4BB1C0-776C-4AE3-A2B4-B1A9A0928565}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS530D\HPDiagnosticCoreUI.exe
FirewallRules: [{129EFD3A-26ED-4D07-B7DB-D148FA6FB635}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS41B6\HPDiagnosticCoreUI.exe
FirewallRules: [{AE2F7BCC-7D3D-45DF-9CD2-2F3486763270}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS41B6\HPDiagnosticCoreUI.exe
FirewallRules: [{06ED8793-251E-4650-A3EE-8C09FF040356}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS44ED\HPDiagnosticCoreUI.exe
FirewallRules: [{9F08467F-0E68-4BE3-9F4C-A54D043EB237}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS44ED\HPDiagnosticCoreUI.exe
FirewallRules: [{7EE8E09D-64C6-46B6-A7C4-615A4A720182}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS456C\HPDiagnosticCoreUI.exe
FirewallRules: [{E062B003-D826-4BBB-B3BF-F3293262AFA4}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS456C\HPDiagnosticCoreUI.exe
FirewallRules: [{A9D7B99F-BEF0-4BE5-A00A-C671BCAD56F5}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0FF7\HPDiagnosticCoreUI.exe
FirewallRules: [{38D19241-E76C-4C52-ABC7-2D80BA593224}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0FF7\HPDiagnosticCoreUI.exe
FirewallRules: [{60F532E2-DF75-47BD-AC55-1D59CD9B9733}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS3D4D\HPDiagnosticCoreUI.exe
FirewallRules: [{5D396C44-BCE9-4368-A8AF-D2E8CEEF93E1}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS3D4D\HPDiagnosticCoreUI.exe
FirewallRules: [{8054A7A7-F7CC-4C88-8762-F2704659F7B6}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0F2B\HPDiagnosticCoreUI.exe
FirewallRules: [{7F70D801-2D8A-486B-83FD-0601C0160ADA}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0F2B\HPDiagnosticCoreUI.exe
FirewallRules: [{160448D9-ECE9-4261-9F55-A84F808F17D9}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS65D3\HP.EasyStart.exe
FirewallRules: [{E4B3F583-FC98-45C8-994F-6C0139A80AB2}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS6DE3\HP.EasyStart.exe
FirewallRules: [{495DB74B-4812-4E07-8201-3B8BD892E2D7}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\DeviceSetup.exe
FirewallRules: [{EA11A5E9-E56C-451F-9AF7-6B9F81AD209A}] => (Allow) LPort=5357
FirewallRules: [{51F78C7D-B6F3-483D-9961-3BF770A7E24A}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{87CDB79B-C1D2-40D9-B30F-C65CC66278E8}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS2375\HP.EasyStart.exe
FirewallRules: [{5073659A-010B-4E58-B0B2-5D7104998141}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0511\HPDiagnosticCoreUI.exe
FirewallRules: [{CA0630C3-B651-41B0-84A7-4D696ACF1D29}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0511\HPDiagnosticCoreUI.exe
FirewallRules: [{73AF51E0-4C4E-4935-A4EA-6D93510B8F7E}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0C71\HP.EasyStart.exe
FirewallRules: [{0D9AE5EE-A360-4282-AF9F-2DBE07C66A2E}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7767\HPDiagnosticCoreUI.exe
FirewallRules: [{59E5435B-56BE-4237-8A6B-2A1FFBB5D593}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7767\HPDiagnosticCoreUI.exe
FirewallRules: [{218544BD-AFE2-4557-BA8C-A21F9AED759B}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0915\HPDiagnosticCoreUI.exe
FirewallRules: [{4F6482CB-3C58-4AFB-8EEB-3968D145399B}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0915\HPDiagnosticCoreUI.exe
FirewallRules: [{CB1F88CE-E830-4C96-803B-15DB70033C25}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS06AB\HPDiagnosticCoreUI.exe
FirewallRules: [{92FAA138-C64E-48AB-8831-516561152E76}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS06AB\HPDiagnosticCoreUI.exe
FirewallRules: [{34BEA1B3-8AA0-466D-8DE4-A6F4795AAA45}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS1739\HPDiagnosticCoreUI.exe
FirewallRules: [{90CE71C9-3409-4B02-9C5F-FED18D5563B7}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS1739\HPDiagnosticCoreUI.exe
FirewallRules: [{F140B7AA-BBD0-4A1A-A69C-7D4352BF86B7}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS25D3\HPDiagnosticCoreUI.exe
FirewallRules: [{3F93297B-63A0-4481-928D-C58B19FA39D1}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS25D3\HPDiagnosticCoreUI.exe
FirewallRules: [{A416FC16-54C8-471D-ABBE-6D40E2B4235D}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0A52\HPDiagnosticCoreUI.exe
FirewallRules: [{A72AB0C6-13AE-4E6F-AC16-17C3383DB024}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0A52\HPDiagnosticCoreUI.exe
FirewallRules: [{5C260C40-B8F0-49D3-B9B0-C73BAC819BD4}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS13BC\HP.EasyStart.exe
FirewallRules: [{F15A450D-6B53-480E-825C-902BE2B74F72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{62960173-84E8-46B1-AC2B-D53E4CBAA0F6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{41C3280A-E90B-49AA-9757-A8ED48EFCA64}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{FFBE735D-0197-4C4A-B2D6-E8591E7CE695}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{E221C328-6768-484B-8285-93D86CC7E751}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
August 12th, 2018, 03:08 PM
#2
FRST Addition.txt part 2 of 2:
==================== Restore Points =========================
23-07-2018 17:23:07 Scheduled Checkpoint
05-08-2018 18:26:03 Scheduled Checkpoint
08-08-2018 20:28:51 Removed WinZip 22.0.
==================== Faulty Device Manager Devices =============
Name: 260ci WIA Driver (USB)
Description: 260ci WIA Driver (USB)
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Kyocera
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/12/2018 11:28:55 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (8812,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error: (08/12/2018 11:28:55 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (8812,R,98) WebCacheLocal: An attempt to open the file "C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (08/12/2018 11:23:31 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (8812,G,0) An attempt to open the file "C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (08/12/2018 11:12:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 22b4
Start Time: 01d43267eb5fd345
Termination Time: 6
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report Id: 85c3922e-dcea-4288-80e3-70656b2d3d0e
Faulting package full name:
Faulting package-relative application ID:
Error: (08/12/2018 11:03:52 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (8812,G,0) An attempt to open the file "C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (08/12/2018 11:00:33 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (8812,G,0) An attempt to open the file "C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (08/12/2018 10:37:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 12.0.6787.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 21e4
Start Time: 01d43262ffe97f9d
Termination Time: 19
Application Path: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Report Id: ae38f309-a53b-45eb-b32d-b5a850f878ed
Faulting package full name:
Faulting package-relative application ID:
Error: (08/09/2018 03:41:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_MapsBroker, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x8400000e
Fault offset: 0x0000000000000000
Faulting process id: 0x26f8
Faulting application start time: 0x01d430320f54987e
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: unknown
Report Id: ec2653e9-6aed-47f8-9550-89de015416f2
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (08/12/2018 11:30:22 AM) (Source: DCOM) (EventID: 10016) (User: admin-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user admin-PC\admin SID (S-1-5-21-2848961991-288533299-670403562-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/12/2018 11:15:25 AM) (Source: DCOM) (EventID: 10016) (User: admin-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user admin-PC\admin SID (S-1-5-21-2848961991-288533299-670403562-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/12/2018 11:14:58 AM) (Source: DCOM) (EventID: 10016) (User: admin-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user admin-PC\admin SID (S-1-5-21-2848961991-288533299-670403562-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/12/2018 11:13:48 AM) (Source: DCOM) (EventID: 10016) (User: admin-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user admin-PC\admin SID (S-1-5-21-2848961991-288533299-670403562-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/12/2018 11:09:41 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (08/12/2018 11:09:41 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (08/12/2018 11:09:31 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (08/12/2018 11:09:31 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Windows Defender:
===================================
Date: 2018-07-29 10:17:24.816
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C6C30E64-4297-4E77-8337-01EFB718A93A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-29 09:50:01.476
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8593DB24-A45E-41DE-AEC5-6C44AB05E081}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-21 11:00:15.155
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0E9780BC-DA01-48C7-A4E7-4221C09D6F3E}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-21 10:51:45.504
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {ED6BEC6A-6368-4EF9-BE1E-E9A92B8FC6A2}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-17 17:21:24.317
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?lin...8&enterprise=0
Name: SoftwareBundler:Win32/ICLoader
ID: 222548
Severity: High
Category: Software Bundler
Path: containerfile:_C:\Users\admin\Desktop\Chemistry_complete_solutions_manual_zumdahl.rar;file:_C:\Users\admin\Desktop\Chemistry_complete_solutions_manual_zumdahl.rar->Chemistry_complete_solutions_manual_zumdahl.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.271.1085.0, AS: 1.271.1085.0, NIS: 1.271.1085.0
Engine Version: AM: 1.1.15000.2, NIS: 1.1.15000.2
CodeIntegrity:
===================================
Date: 2018-08-08 20:38:26.246
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-08-04 20:37:44.833
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-08-04 15:40:47.561
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-08-02 20:33:44.564
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-07-31 21:16:56.950
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-07-21 08:59:03.698
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-07-14 07:40:11.898
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-07-12 13:52:52.030
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 50%
Total physical RAM: 7980.45 MB
Available physical RAM: 3966.49 MB
Total Virtual: 10980.45 MB
Available Virtual: 6739.37 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.22 GB) (Free:33.07 GB) NTFS
\\?\Volume{28c6728b-cb27-11e3-b997-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{5e4cd43b-0000-0000-0000-a05474000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 5E4CD43B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)
==================== End of Addition.txt ============================
August 12th, 2018, 03:09 PM
#3
FRST First.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by admin (administrator) on ADMIN-PC (12-08-2018 11:40:43)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin & test (Available Profiles: admin & test)
Platform: Windows 10 Pro Version 1803 17134.165 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(EtaKnight Corp.) C:\Program Files (x86)\Common Files\EtaKnightFBD\EtaKnightFBD.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(HP Inc.) C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe
(HP Inc.) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe
(Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-11] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [123848 2017-12-11] (WinZip Computing, S.L.)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2017-12-11] (WinZip Computing, S.L.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-08-12] (AVAST Software)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-23] (Autodesk Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-08-12] (Piriform Ltd)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Akamai NetSession Interface] => C:\Users\admin\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1336320 2015-11-25] (Autodesk, Inc.)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Chromium] => c:\users\admin\appdata\local\chromium\application\chrome.exe [1068544 2016-07-20] (The Chromium Authors)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [AfterPlayMonitor] => C:\Users\admin\AppData\Roaming\Letv\AfterPlay\AfterPlayMonitor.ex
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Spotify] => C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe [23177616 2018-05-15] (Spotify Ltd)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Spotify Web Helper] => C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-05-15] (Spotify Ltd)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3769992 2017-05-23] (HP Inc.)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1112960 2018-03-14] (McAfee Inc.)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Policies\Explorer: []
HKU\S-1-5-21-2848961991-288533299-670403562-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2848961991-288533299-670403562-1003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-03-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{46a08850-0e90-406a-8c8a-a65490766f68}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{7f012f1d-d444-46dc-89c0-6411293ce9c9}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9e593974-1e17-4fac-a659-147e3b723a0b}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about :blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about :blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2848961991-288533299-670403562-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=863135318¶m1=y6bdVFVIsvuYsgEClQfz8IfaIrULFWUA2DMVetLqXBqiFV%2BtmuyqTegcVHCAouGVJjEy4I%2BJBlxjnTUWSprVhdJGgPTJKl%2FxG7fScYw9DuIplua5gaNtH9yot3htfl3OusS0KgvxytFGiu1xPLQJhsGm15jJeKMAL6MRb67v%2FYacXYgS1uNyLbhm1rSZ%2BhujnyFuUIgokBvXe%2FxFNqNyWG33oOAX%2FV8%2FIzrv%2F86abalnRZKyhBlUHfPeJl2KC3iDC%2BcMangZOTN%2B9pqfmznDMA%3D%3D
SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=863135318¶m1=y6bdVFVIsvuYsgEClQfz8IfaIrULFWUA2DMVetLqXBqiFV%2BtmuyqTegcVHCAouGVWvRSw%2FadslqYgx%2BIKWxvrElMAGX4Jg%2FkuUrDIdCM3R80%2B6%2BU45yW7ca%2F8eOx4IBMPER7DcXX%2F%2F05V8rrZfiJg2ic6Cg%2B2msXH9qGytTZ2pK9Zn8fvB1luyqm8aQloI2EUQ8ogAvu57O9KEF7u5EHwi7ChEAVT9ZEOjFxgqUVUaMv9dN%2BOLEiw%2FRqURucQGoFNzJYBq8mUKdkXg%2BdL2IXAA%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33010001005_10.0.1.6209_u_ds
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-14] (Bitdefender)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-05-14] (Bitdefender)
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-07-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-30] (Oracle Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-14] (Bitdefender)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-05-14] (Bitdefender)
Toolbar: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-14] (Bitdefender)
FireFox:
========
FF DefaultProfile: lo0n6qk9.default
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo0n6qk9.default [2018-08-12]
FF Homepage: Mozilla\Firefox\Profiles\lo0n6qk9.default -> www.yahoo.com/
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF Extension: (No Name) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2017-07-14]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-07-14] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2848961991-288533299-670403562-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\admin\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-05-11] (Cisco WebEx LLC)
Chrome:
=======
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=863135318¶m1=y6bdVFVIsvuYsgEClQfz8IfaIrULFWUA2DMVetLqXBqiFV%2BtmuyqTegcVHCAouGVmtx3XgLifo%2F3ajI0t4UmyMHg0Okr%2FORFyfZy%2BweCQtHdeeFQjdZ8DAnJe8psehSLt6Sgc29QyATMMiemNSpqW1pUe748js73%2Bpy%2BExmegKL0bObVYjOx59ixKgp%2FM8MyU7HlnxTPZ7QIBxpGR2yUInuo%2BaNhHPL1zW%2BtMBhaU%2FAloFmFKol66NrNKg4StLpvbsdDmom73OYxQOOZ0UsD%2BBvVqSjO6WC09Wffb0HFDBQ%3D
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2018-08-12]
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-12]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-12]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-12]
CHR Extension: (Yahoo Partner) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep [2018-07-12]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-12]
CHR Extension: (Adobe Acrobat) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-07-12]
CHR Extension: (hTab) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj [2018-07-12]
CHR Extension: (Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-12]
CHR Extension: (Bitdefender Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2018-07-12]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-12]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-12]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-12]
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-12]
CHR HKLM\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2848961991-288533299-670403562-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2848961991-288533299-670403562-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkcffmoikcgfhagefelmhiakelnjihik] - hxxps://chrome.google.com/webstore/detail/gkcffmoikcgfhagefelmhiakelnjihik
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
"EtaKnightFBD" => service was unlocked. <==== ATTENTION
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-08-12] (AVAST Software)
S4 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-08-12] (AVAST Software)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2137280 2018-04-17] (Bitdefender)
R4 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [105936 2018-05-08] (Bitdefender)
R2 EtaKnightFBD; C:\Program Files (x86)\Common Files\EtaKnightFBD\EtaKnightFBD.exe [2391288 2018-08-01] (EtaKnight Corp.) [File not signed]
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-11-02] (Ellora Assets Corp.) [File not signed]
S2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-09-24] (Intel Corporation)
S4 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [314368 2018-03-06] (AnchorFree Inc.) [File not signed]
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-26] (McAfee, Inc.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1275776 2018-05-16] (Bitdefender)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S4 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
S4 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S4 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [112712 2018-05-14] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [1001072 2018-05-14] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe [522624 2018-05-14] (Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-30] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-30] (Microsoft Corporation)
S4 WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [495872 2017-09-01] ()
S4 WinZip Smart Monitor Service; C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe [816896 2017-12-04] ()
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (The OpenVPN Project)
S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [197160 2018-08-12] (AVAST Software)
S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229392 2018-08-12] (AVAST Software)
S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201328 2018-08-12] (AVAST Software)
S3 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-08-12] (AVAST Software)
S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59592 2018-08-12] (AVAST Software)
S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-08-12] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-08-12] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-08-12] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159640 2018-08-12] (AVAST Software)
S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111872 2018-08-12] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-08-12] (AVAST Software)
S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027728 2018-08-12] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [463080 2018-08-12] (AVAST Software)
S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [211160 2018-08-12] (AVAST Software)
S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381584 2018-08-12] (AVAST Software)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1177008 2018-05-14] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1723552 2018-05-14] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-05-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [130840 2018-05-14] (BitDefender LLC)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [45104 2018-05-14] (© Bitdefender SRL)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96448 2018-05-14] (BitDefender)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-12-18] (Samsung Electronics Co., Ltd.)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [189544 2018-05-14] (BitDefender LLC)
R0 Ignis; C:\WINDOWS\System32\DRIVERS\ignis.sys [191592 2018-05-14] (Bitdefender)
R3 LBAI; C:\WINDOWS\System32\Drivers\LBAI.sys [30432 2017-04-29] (Lenovo)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-12-18] (Samsung Electronics Co., Ltd.)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [609576 2018-08-02] (Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-07-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-07-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-30] (Microsoft Corporation)
U3 aswbdisk; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-12 11:44 - 2018-08-12 11:44 - 000000000 ____D C:\Users\admin\AppData\Roaming\AVAST Software
2018-08-12 11:40 - 2018-08-12 11:49 - 000028143 _____ C:\Users\admin\Desktop\FRST.txt
2018-08-12 11:39 - 2018-08-12 11:40 - 000000000 ____D C:\FRST
2018-08-12 11:38 - 2018-08-12 11:38 - 002412544 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2018-08-12 11:34 - 2018-08-12 11:50 - 000000000 ____D C:\Users\admin\AppData\Local\AVAST Software
2018-08-12 11:34 - 2018-08-12 11:34 - 000001939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-08-12 11:34 - 2018-08-12 11:34 - 000001927 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-08-12 11:30 - 2018-08-12 11:30 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-08-12 11:29 - 2018-08-12 11:29 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-08-12 11:27 - 2018-08-12 11:25 - 000463080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-08-12 11:27 - 2018-08-12 11:25 - 000381584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-08-12 11:27 - 2018-08-12 11:25 - 000378072 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-08-12 11:27 - 2018-08-12 11:25 - 000211160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-08-12 11:27 - 2018-08-12 11:25 - 000197160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-08-12 11:27 - 2018-08-12 11:25 - 000159640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-08-12 11:27 - 2018-08-12 11:25 - 000111872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-08-12 11:27 - 2018-08-12 11:25 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-08-12 11:27 - 2018-08-12 11:25 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-08-12 11:27 - 2018-08-12 11:25 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2018-08-12 11:27 - 2018-08-12 11:23 - 001027728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-08-12 11:27 - 2018-08-12 11:23 - 000346664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-08-12 11:27 - 2018-08-12 11:23 - 000239680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-08-12 11:27 - 2018-08-12 11:23 - 000229392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-08-12 11:27 - 2018-08-12 11:23 - 000201328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-08-12 11:27 - 2018-08-12 11:23 - 000059592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-08-12 11:26 - 2018-08-12 11:26 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-08-12 11:21 - 2018-08-12 11:21 - 000000000 ____D C:\Program Files\AVAST Software
2018-08-07 07:03 - 2018-08-07 07:03 - 001587699 _____ C:\Users\admin\Desktop\Lily's Kaiser Med Card.pdf
2018-08-05 22:34 - 2018-08-05 22:34 - 001648128 _____ C:\Users\admin\Downloads\Ch.1 ppt - for sections 1.1 to 1.3.ppt
2018-08-05 21:13 - 2018-08-05 23:24 - 000000000 ____D C:\Users\admin\Desktop\algebra&pre-calculus
2018-08-03 18:29 - 2018-08-05 20:39 - 000000000 ____D C:\Users\admin\Desktop\Precalculus
2018-08-02 20:31 - 2018-08-02 20:31 - 000001060 _____ C:\Users\Public\Desktop\PCAPro.lnk
2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Roaming\PrUpdater
2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrUpdater
2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Local\PrUpdater
2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Local\PCAPro
2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\ProgramData\PCAPro
2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCAPro
2018-08-02 20:30 - 2018-08-08 21:45 - 000000000 ____D C:\Program Files (x86)\PCAPro
2018-08-02 20:30 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Roaming\PCAPInstallFiles
2018-08-02 13:11 - 2018-08-02 13:11 - 000066184 _____ (Hari Cs Ltd) C:\Users\admin\Downloads\Installer.exe
2018-08-02 13:10 - 2018-08-02 13:11 - 062571332 _____ C:\Users\admin\Downloads\How To Mud & Tape Drywall Butt Joints (1).mp4
2018-08-02 13:06 - 2018-08-02 13:06 - 000000000 ____D C:\Program Files\WinZip Smart Monitor
2018-08-02 13:05 - 2018-08-12 11:13 - 000000000 ____D C:\Program Files\WinZip Driver Updater
2018-08-02 13:01 - 2018-08-12 11:06 - 000003426 _____ C:\WINDOWS\System32\Tasks\ByteFence
2018-08-02 13:00 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Local\PrimePinta
2018-08-02 13:00 - 2018-08-02 13:00 - 000000000 ____D C:\Program Files (x86)\EtaKnight
2018-08-02 12:59 - 2018-08-02 12:59 - 000000000 ____D C:\Program Files (x86)\ApheticUfaApheticUfa
2018-08-02 12:48 - 2018-08-02 12:49 - 062571332 _____ C:\Users\admin\Downloads\How To Mud & Tape Drywall Butt Joints.mp4
2018-08-01 21:26 - 2018-08-01 21:27 - 009418262 _____ C:\Users\admin\Downloads\LBPM - HOA.pdf
2018-08-01 21:25 - 2018-08-01 21:25 - 000159744 _____ C:\Users\admin\Downloads\3918 Huron Avenue Homeowners Association Proposal.pdf
2018-07-31 21:24 - 2018-07-31 21:24 - 000029253 _____ C:\ProgramData\agent.update.1533097466.bdinstall.bin
2018-07-31 16:17 - 2018-07-31 16:17 - 000369206 _____ C:\Users\admin\Documents\Scan.pdf
2018-07-31 16:03 - 2018-07-31 16:03 - 001413758 _____ C:\Users\admin\Desktop\signed papers Value Windows.pdf
2018-07-31 12:36 - 2018-07-31 12:36 - 000457492 _____ C:\Users\admin\Downloads\installation fee.pdf
2018-07-31 11:46 - 2018-07-31 11:46 - 000546320 _____ C:\Users\admin\Downloads\7573011 (4).pdf
2018-07-31 11:36 - 2018-07-31 11:36 - 000546320 _____ C:\Users\admin\Downloads\7573011 (3).pdf
2018-07-31 11:30 - 2018-07-31 11:30 - 000546320 _____ C:\Users\admin\Downloads\7573011 (2).pdf
2018-07-31 11:21 - 2018-07-31 11:21 - 001349800 _____ C:\Users\admin\Downloads\755351507302018_0015 (2).pdf
2018-07-31 11:21 - 2018-07-31 11:21 - 000546320 _____ C:\Users\admin\Downloads\7573011 (1).pdf
2018-07-31 11:18 - 2018-07-31 11:18 - 001349800 _____ C:\Users\admin\Downloads\755351507302018_0015 (1).pdf
2018-07-31 11:14 - 2018-07-31 11:14 - 000546320 _____ C:\Users\admin\Downloads\7573011.pdf
2018-07-30 21:12 - 2018-07-30 21:12 - 001349753 _____ C:\Users\admin\Desktop\Value Windows Annie La estemate.pdf
2018-07-30 21:11 - 2018-07-30 21:11 - 001349800 _____ C:\Users\admin\Downloads\755351507302018_0015.pdf
2018-07-30 10:22 - 2018-07-30 10:22 - 000000000 ____D C:\Users\admin\Desktop\volunteer
2018-07-26 21:15 - 2018-07-26 21:15 - 000063461 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (8).pdf
2018-07-26 21:15 - 2018-07-26 21:15 - 000063461 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (7).pdf
2018-07-26 21:14 - 2018-07-26 21:14 - 000063461 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (6).pdf
2018-07-26 15:51 - 2018-07-26 15:51 - 001042768 _____ C:\Users\admin\Desktop\$250 12-29-17 to 6-29-18.pdf
2018-07-26 15:51 - 2018-07-26 15:51 - 000035286 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (5).pdf
2018-07-26 15:49 - 2018-07-26 15:49 - 001042768 _____ C:\Users\admin\Downloads\$250 12-29-17 to 6-29-18.pdf
2018-07-26 13:59 - 2018-07-26 13:59 - 000066137 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (4).pdf
2018-07-26 13:55 - 2018-07-26 13:55 - 000025765 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (3).pdf
2018-07-26 13:54 - 2018-07-26 13:54 - 000025765 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (2).pdf
2018-07-26 13:53 - 2018-07-26 13:53 - 000071911 _____ C:\Users\admin\Downloads\Files_Online2PDF.zip
2018-07-26 13:53 - 2018-07-26 13:53 - 000025765 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (1).pdf
2018-07-26 13:48 - 2018-07-26 13:48 - 000025709 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26.pdf
2018-07-26 13:35 - 2018-07-26 13:35 - 000094208 _____ C:\Users\admin\Desktop\Account Details Print Friendly.pdf
2018-07-26 13:21 - 2018-08-05 21:13 - 000000000 ____D C:\Users\admin\Desktop\print
2018-07-25 17:30 - 2018-07-25 17:30 - 000101433 _____ C:\Users\admin\Desktop\property manager Q.pdf
2018-07-25 12:21 - 2018-07-25 12:21 - 000437787 _____ C:\Users\admin\Desktop\owner,builders contractors license.pdf
2018-07-23 21:01 - 2018-07-23 21:01 - 000034204 _____ C:\Users\admin\Desktop\LA world affairs council for high school student.pdf
2018-07-23 20:08 - 2018-07-23 20:09 - 000016320 _____ C:\Users\admin\Downloads\Proposal 071618.pdf
2018-07-21 10:34 - 2018-07-21 10:34 - 000276743 _____ C:\Users\admin\Downloads\FullBill (3).pdf
2018-07-21 10:34 - 2018-07-21 10:34 - 000276743 _____ C:\Users\admin\Downloads\FullBill (2).pdf
2018-07-21 10:33 - 2018-07-21 10:33 - 000152623 _____ C:\Users\admin\Downloads\FullBill (1).pdf
2018-07-21 10:31 - 2018-07-21 10:31 - 000152623 _____ C:\Users\admin\Downloads\FullBill.pdf
2018-07-20 09:46 - 2018-07-20 09:46 - 000000722 _____ C:\Users\admin\Downloads\invite.ics
2018-07-20 09:33 - 2018-07-20 09:33 - 000716847 _____ C:\Users\admin\Downloads\PMC Lab Results - XU.pdf
2018-07-20 09:32 - 2018-07-20 09:32 - 000260726 _____ C:\Users\admin\Downloads\PMC Clearance Cert- XU.pdf
2018-07-19 17:55 - 2018-07-19 17:55 - 000118784 _____ C:\Users\admin\Desktop\guitar 2.pdf
2018-07-18 22:18 - 2018-07-18 22:18 - 000393311 _____ C:\Users\admin\Desktop\volunteer links.pdf
2018-07-18 22:07 - 2018-07-18 22:07 - 000103464 _____ C:\Users\admin\Desktop\volunteer opportunities.pdf
2018-07-18 21:53 - 2018-07-18 21:53 - 000397359 _____ C:\Users\admin\Desktop\50 community service ideas for teen volunteers.pdf
2018-07-17 19:47 - 2018-07-17 19:48 - 000413376 _____ C:\Users\admin\Downloads\joist_estimate__525___signed___xu (2).pdf
2018-07-17 19:47 - 2018-07-17 19:47 - 000413376 _____ C:\Users\admin\Downloads\joist_estimate__525___signed___xu (1).pdf
2018-07-17 19:42 - 2018-07-26 22:35 - 000000000 ____D C:\Users\admin\Desktop\mold
2018-07-17 15:44 - 2018-07-17 15:44 - 000253035 _____ C:\Users\admin\Downloads\xu_payment.pdf
2018-07-17 15:44 - 2018-07-17 15:44 - 000116073 _____ C:\Users\admin\Downloads\Invoice_13282_from_Water_Damage_Zone_and_Restoration_Inc (1).pdf
2018-07-17 15:43 - 2018-07-17 15:43 - 000413376 _____ C:\Users\admin\Downloads\joist_estimate__525___signed___xu.pdf
2018-07-17 15:43 - 2018-07-17 15:43 - 000116073 _____ C:\Users\admin\Downloads\Invoice_13282_from_Water_Damage_Zone_and_Restoration_Inc.pdf
2018-07-17 14:02 - 2018-07-17 14:02 - 000040595 _____ C:\Users\admin\Downloads\Travelers claim FCR3458.pdf
2018-07-17 10:33 - 2018-07-17 10:33 - 005018422 _____ C:\Users\admin\Downloads\Parker Stanbury #3 Mold (1).m4a
2018-07-17 09:55 - 2018-07-17 09:55 - 005018422 _____ C:\Users\admin\Downloads\Parker Stanbury #3 Mold.m4a
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-12 11:48 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-12 11:27 - 2018-04-11 16:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-08-12 11:27 - 2018-04-11 14:04 - 000131072 _____ C:\WINDOWS\system32\config\ELAM
2018-08-12 11:26 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-12 11:26 - 2017-08-04 19:58 - 000000000 ____D C:\ProgramData\AVAST Software
2018-08-12 11:21 - 2015-11-11 08:00 - 000000000 ____D C:\Program Files\CCleaner
2018-08-12 11:20 - 2018-05-13 17:29 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-08-12 11:20 - 2015-11-11 08:00 - 000000823 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-08-12 11:13 - 2017-03-19 12:19 - 000000000 ____D C:\ProgramData\WinZip
2018-08-12 11:06 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-12 11:06 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-12 10:44 - 2018-05-13 17:29 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FE6F68DD-CD8C-4EAE-997E-982043BA51A1}
2018-08-12 10:32 - 2015-05-02 20:05 - 000000000 __SHD C:\Users\admin\IntelGraphicsProfiles
2018-08-09 21:48 - 2015-11-11 07:31 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-09 21:45 - 2018-05-13 16:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-09 19:16 - 2018-05-13 17:29 - 000003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForadmin
2018-08-09 19:16 - 2016-07-14 21:07 - 000000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForadmin.job
2018-08-08 20:38 - 2018-05-13 17:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-08 20:36 - 2018-04-11 14:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-08-08 20:33 - 2017-07-08 16:54 - 000038628 _____ C:\bdlog.txt
2018-08-08 20:22 - 2018-05-18 08:28 - 000000000 ____D C:\Users\admin\AppData\Local\D3DSCache
2018-08-07 08:03 - 2017-07-10 16:45 - 000000000 ____D C:\Users\admin\Desktop\Pali
2018-08-07 07:44 - 2018-07-07 21:25 - 000002081 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2018-08-05 20:58 - 2015-11-11 11:25 - 000000000 ____D C:\Users\admin\AppData\Local\Adobe
2018-08-04 22:59 - 2018-05-13 16:44 - 000000000 ____D C:\Users\admin
2018-08-04 22:56 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-08-03 19:31 - 2017-09-03 11:22 - 000000000 ____D C:\Users\admin\Desktop\college info&AP
2018-08-02 15:35 - 2018-07-11 06:56 - 000000000 ____D C:\ProgramData\Packages
2018-08-02 12:11 - 2017-08-01 10:46 - 000609576 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2018-08-01 21:26 - 2018-06-16 21:55 - 000000000 ____D C:\Users\admin\Desktop\HOA
2018-07-31 21:24 - 2017-07-12 10:48 - 000000000 ____D C:\Program Files\Bitdefender Agent
2018-07-30 21:16 - 2018-04-11 09:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-07-26 22:22 - 2017-12-01 10:48 - 000000000 ____D C:\Users\admin\Desktop\Lisa
2018-07-22 19:27 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-07-18 21:22 - 2018-03-15 19:21 - 000000000 ____D C:\Users\admin\Desktop\not copy pictures
2018-07-16 17:00 - 2015-11-11 07:55 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-14 08:05 - 2017-01-12 19:33 - 000000000 ____D C:\Users\admin\Desktop\extra
2018-07-14 07:42 - 2018-05-13 17:29 - 000004538 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-07-14 07:42 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-14 07:42 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
==================== Files in the root of some directories =======
2017-07-09 09:05 - 2017-04-22 15:23 - 004797632 _____ () C:\ProgramData\cis2036.exe
2017-07-09 09:05 - 2017-04-22 15:28 - 000365248 _____ () C:\ProgramData\cmdres.dll
2017-07-16 18:18 - 2017-07-16 18:18 - 000006144 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-06-29 17:39 - 2017-12-27 14:39 - 000007605 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-13 16:36
==================== End of FRST.txt ============================
August 12th, 2018, 05:33 PM
#4
Please, observe following rules:
Read all of my instructions very carefully . Your mistakes during cleaning process may have very serious consequences, like unbootable computer.If you're stuck, or you're not sure about certain step, always ask before doing anything else. Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest. Never run more than one scan at a time. Keep updating me regarding your computer behavior, good, or bad. The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know. If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum. I close my topics if you have not replied in 5 days . If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
==================================
Uninstall following unwanted program:
Driver Support
Download RogueKiller from one of the following links and save it to your Desktop:
Link 1
Link 2
Close all the running programs Double click on downloaded setup.exe file to install the program. Click on Start Scan button. Click on another Start Scan button. Wait until the Status box shows Scan Finished Click on Remove Selected . Wait until the Status box shows Deleting Finished . Click on Report and copy/paste the content of the Notepad into your next reply. RKreport.txt could also be found on your desktop.If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish . Once the program has fully updated, select Scan Now on the Dashboard . Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected . Restart your computer when prompted to do so. The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
Vista /Windows 7/8/10 users right-click and select Run As Administrator The tool will start to update the database if one is required. Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. After the scan has finished, click on the Logfile button. A window will open which lists the logs of your scans. Click on the Scan tab . Double-click the most recent scan which will be at the top of the list....the log will appear. Review the results...see note below After reviewing the log, click on the Clean button. Press OK when asked to close all programs and follow the onscreen prompts. Press OK again to allow AdwCleaner to restart the computer and complete the removal process. After rebooting, a logfile report (AdwCleaner[CX].txt ) will open automatically (where the largest value of X represents the most recent report). To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list. Copy and paste the contents of AdwCleaner[CX].txt in your next reply. A copy of all logfiles are saved to C:\AdwCleaner.
-- Note : The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning ...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
August 12th, 2018, 10:22 PM
#5
I've completed your last set of instructions, PC seems to be operating faster.
RK log:
RogueKiller V12.12.31.0 (x64) [Aug 10 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : admin [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 08/12/2018 15:07:51 (Duration : 02:32:21)
Switches : -refid
¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] EtaKnightFBD.exe(3860) -- C:\Program Files (x86)\Common Files\EtaKnightFBD\EtaKnightFBD.exe[-] -> Found
¤¤¤ Registry : 57 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2848961991-288533299-670403562-1000\Software\csastats -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2848961991-288533299-670403562-1000\Software\csastats -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {045630E8-186E-483F-8DE5-101DCDEF323F} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {55F4A9A1-BC88-4B68-BA28-A7EF2DA02289} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D65E23F2-980F-43B2-9065-C7A2EBD806F5} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AA648B96-5F65-422A-9A95-A133A3AB7D95} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {81D4C61E-F73A-4242-9948-6020DB70BBD0} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4FF3DA52-3FAF-4192-BAEF-D2F7BA137FDA} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {39405740-FEA2-467A-94D8-40B14987C35B} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6180B6E9-4505-4696-A7E8-E7C544DDDA1C} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A64CED85-A815-4BAE-B1AC-E04821739A81} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3E607D95-D964-4150-BC93-794291FC221E} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9A3F94F6-1D14-41F4-AEA2-B1B23AB8B15A} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E19\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Servicessecuritytoken=1534126645-a80d5c18eb3b85e3a249b3927a40e4aa58c43d7b
August 12th, 2018, 10:26 PM
#6
Re-posting, the logs did not go through last time:
RK log:
RogueKiller V12.12.31.0 (x64) [Aug 10 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : admin [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 08/12/2018 15:07:51 (Duration : 02:32:21)
Switches : -refid
¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] EtaKnightFBD.exe(3860) -- C:\Program Files (x86)\Common Files\EtaKnightFBD\EtaKnightFBD.exe[-] -> Found
¤¤¤ Registry : 57 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2848961991-288533299-670403562-1000\Software\csastats -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2848961991-288533299-670403562-1000\Software\csastats -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {045630E8-186E-483F-8DE5-101DCDEF323F} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {55F4A9A1-BC88-4B68-BA28-A7EF2DA02289} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D65E23F2-980F-43B2-9065-C7A2EBD806F5} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AA648B96-5F65-422A-9A95-A133A3AB7D95} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {81D4C61E-F73A-4242-9948-6020DB70BBD0} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4FF3DA52-3FAF-4192-BAEF-D2F7BA137FDA} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {39405740-FEA2-467A-94D8-40B14987C35B} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6180B6E9-4505-4696-A7E8-E7C544DDDA1C} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A64CED85-A815-4BAE-B1AC-E04821739A81} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3E607D95-D964-4150-BC93-794291FC221E} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9A3F94F6-1D14-41F4-AEA2-B1B23AB8B15A} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E19\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2932F3DA-E743-4FFB-92F3-6CA5CCF9799C} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E19\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CF1DEA46-D310-499C-AA17-BA73A3ECC6C4} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7232\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B92D6D09-328E-4F95-BDD7-B3EB9922C721} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7232\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {182FCE87-E5B6-4B9E-8603-01F6958510D6} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS6679\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6C0124A7-AEB1-49DC-9C41-5E9E03964955} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS6679\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D3A09AF4-9739-43E4-9A06-1041E6BB6299} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS2403\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {83A22F8F-C005-4458-9885-C781CC523327} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS2403\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {808C33CF-AEBB-4BD5-933A-75EE1927F365} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS24A0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CF58BA79-68C7-40E5-A9A3-4D9D5011A543} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS24A0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {99A27AB0-568B-4382-81FC-B946297CBE41} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS5DD0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C4638C61-C2D5-464B-AB0C-06C000F8C031} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS5DD0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {090A6C85-F13B-4233-A6BB-FBA9EC7FF739} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS530D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3B4BB1C0-776C-4AE3-A2B4-B1A9A0928565} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS530D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {129EFD3A-26ED-4D07-B7DB-D148FA6FB635} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS41B6\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AE2F7BCC-7D3D-45DF-9CD2-2F3486763270} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS41B6\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {06ED8793-251E-4650-A3EE-8C09FF040356} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS44ED\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9F08467F-0E68-4BE3-9F4C-A54D043EB237} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS44ED\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7EE8E09D-64C6-46B6-A7C4-615A4A720182} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS456C\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E062B003-D826-4BBB-B3BF-F3293262AFA4} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS456C\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A9D7B99F-BEF0-4BE5-A00A-C671BCAD56F5} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0FF7\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {38D19241-E76C-4C52-ABC7-2D80BA593224} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0FF7\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {60F532E2-DF75-47BD-AC55-1D59CD9B9733} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS3D4D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5D396C44-BCE9-4368-A8AF-D2E8CEEF93E1} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS3D4D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8054A7A7-F7CC-4C88-8762-F2704659F7B6} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0F2B\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7F70D801-2D8A-486B-83FD-0601C0160ADA} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0F2B\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {160448D9-ECE9-4261-9F55-A84F808F17D9} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS65D3\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E4B3F583-FC98-45C8-994F-6C0139A80AB2} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS6DE3\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {87CDB79B-C1D2-40D9-B30F-C65CC66278E8} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS2375\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5073659A-010B-4E58-B0B2-5D7104998141} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0511\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CA0630C3-B651-41B0-84A7-4D696ACF1D29} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0511\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {73AF51E0-4C4E-4935-A4EA-6D93510B8F7E} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS0C71\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0D9AE5EE-A360-4282-AF9F-2DBE07C66A2E} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7767\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {59E5435B-56BE-4237-8A6B-2A1FFBB5D593} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7767\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {218544BD-AFE2-4557-BA8C-A21F9AED759B} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\admin\AppData\Local\Temp\7zS0915\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4F6482CB-3C58-4AFB-8EEB-3968D145399B} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\admin\AppData\Local\Temp\7zS0915\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CB1F88CE-E830-4C96-803B-15DB70033C25} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS06AB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {92FAA138-C64E-48AB-8831-516561152E76} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS06AB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {34BEA1B3-8AA0-466D-8DE4-A6F4795AAA45} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1739\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {90CE71C9-3409-4B02-9C5F-FED18D5563B7} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1739\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F140B7AA-BBD0-4A1A-A69C-7D4352BF86B7} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS25D3\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3F93297B-63A0-4481-928D-C58B19FA39D1} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS25D3\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A416FC16-54C8-471D-ABBE-6D40E2B4235D} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0A52\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A72AB0C6-13AE-4E6F-AC16-17C3383DB024} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0A52\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5C260C40-B8F0-49D3-B9B0-C73BAC819BD4} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS13BC\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected
¤¤¤ Tasks : 1 ¤¤¤
[PUP.ByteFence|PUP.Gen1] \ByteFence -- C:\Program Files\ByteFence\ByteFence.exe (/a) -> Not selected
¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Program Files\WinZip Driver Updater -> Deleted
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] b5acc5831cc9adb087a62a6465fb3fa7
[BSP] 713a35468d0256ce20112474987c5972 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476388 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975851520 | Size: 449 MB
User = LL1 ... OK
User = LL2 ... OK
MBAM log:
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 8/12/18
Scan Time: 5:51 PM
Log File: 0995531a-9e93-11e8-9b7a-4437e6b74715.json
Administrator: Yes
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.6315
License: Trial
-System Information-
OS: Windows 10 (Build 17134.165)
CPU: x64
File System: NTFS
User: admin-PC\admin
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 396922
Threats Detected: 247
Threats Quarantined: 245
Time Elapsed: 22 min, 28 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 1
PUP.Optional.SpecialSearchOffer, C:\PROGRAM FILES (X86)\COMMON FILES\ETAKNIGHTFBD\ETAKNIGHTFBD.EXE, Quarantined, [1656], [547617],1.0.6315
Module: 1
PUP.Optional.SpecialSearchOffer, C:\PROGRAM FILES (X86)\COMMON FILES\ETAKNIGHTFBD\ETAKNIGHTFBD.EXE, Quarantined, [1656], [547617],1.0.6315
Registry Key: 14
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ByteFence, Quarantined, [6007], [388721],1.0.6315
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0531C61D-483F-4330-813A-968FA887D640}, Quarantined, [6007], [388721],1.0.6315
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{0531C61D-483F-4330-813A-968FA887D640}, Quarantined, [6007], [388721],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinZip Smart Monitor Service, Quarantined, [1605], [456267],1.0.6315
PUP.Optional.hTab, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\elmkjjfkkchohaaoljobaffjeedcoocj, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\elmkjjfkkchohaaoljobaffjeedcoocj, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, HKU\S-1-5-21-2848961991-288533299-670403562-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\elmkjjfkkchohaaoljobaffjeedcoocj, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bhfhojbhbnajajgihpicejdalbjlpcep, Quarantined, [291], [467247],1.0.6315
Adware.Norassie, HKU\S-1-5-21-2848961991-288533299-670403562-1000\SOFTWARE\Norassie, Quarantined, [6974], [361347],1.0.6315
PUP.Optional.SpecialSearchOffer.ShrtCln, HKU\S-1-5-21-2848961991-288533299-670403562-1000\SOFTWARE\SpecialSearchOffer, Quarantined, [5515], [405205],1.0.6315
Trojan.Roraccoon, HKLM\SOFTWARE\SSO, Quarantined, [5455], [511495],1.0.6315
PUP.Optional.SpecialSearchOffer, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EtaKnightFBD, Quarantined, [1656], [547617],1.0.6315
PUP.Optional.SpecialSearchOffer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTALLER.EXE, Removal Failed, [1656], [532529],1.0.6315
PUP.Optional.SpecialSearchOffer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTALLER.EXE, Removal Failed, [1656], [532529],1.0.6315
Registry Value: 2
Trojan.Roraccoon, HKLM\SOFTWARE\SSO|TM, Quarantined, [5455], [511495],1.0.6315
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0531C61D-483F-4330-813A-968FA887D640}|PATH, Quarantined, [6007], [389376],1.0.6315
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 16
PUP.Optional.WinzipSystemUtilitiesSuite, C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-2848961991-288533299-670403562-1000, Quarantined, [1605], [458272],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\PROGRAMDATA\WINZIP\WINZIP SMART MONITOR, Quarantined, [1605], [458272],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\_metadata, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\elmkjjfkkchohaaoljobaffjeedcoocj, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\weatherIcons, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\offlinephotos, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\_locales\en, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\_metadata, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\_locales, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\lib, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\BHFHOJBHBNAJAJGIHPICEJDALBJLPCEP, Quarantined, [291], [467247],1.0.6315
PUP.Optional.WinYahoo.TskLnk, C:\USERS\ADMIN\APPDATA\LOCAL\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}, Quarantined, [3725], [484244],1.0.6315
File: 213
PUP.Optional.ByteFence, C:\WINDOWS\SYSTEM32\TASKS\ByteFence, Quarantined, [6007], [388721],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\apps, Quarantined, [1605], [456267],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\SystemInfo-vc100-mt.dll, Quarantined, [1605], [456267],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\SystemInfo-vc100-mt.mab, Quarantined, [1605], [456267],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\Uninstall.exe, Quarantined, [1605], [456267],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe, Quarantined, [1605], [456267],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.mab, Quarantined, [1605], [456267],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe, Quarantined, [1605], [456267],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.mab, Quarantined, [1605], [456267],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-2848961991-288533299-670403562-1000\queue.data, Quarantined, [1605], [458272],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-2848961991-288533299-670403562-1000\settings.data, Quarantined, [1605], [458272],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-2848961991-288533299-670403562-1000\smsettings, Quarantined, [1605], [458272],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\_metadata\verified_contents.json, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\ctn.js, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\jquery-3.1.1.min.js, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\manifest.json, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\ntab.html, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\ntab.js, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\pp.pdf, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\search.png, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\searchicon.png, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\stats.js, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\style.css, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\tnc.pdf, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [2124], [460257],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-1.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-1@2x.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-1@3x.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-3.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-3@2x.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-3@3x.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\mlb.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\nba.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\nfl.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\nhl.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\500px.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\8tracks.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\adobe.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\airbnb.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\amazon.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\aol.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\apple.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\Arrow@2x.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\arrowCurveLeft.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bankofamerica.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bbc.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\befrugal.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\behance.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bestbuy.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bing.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bookmark.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\ce_retina_search.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\chase.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\clear.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\close_x.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\cnn.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\codepen.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\craigslist.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\dailymotion.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\document.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\dribbble.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\dropbox.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\ebay.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\espn.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\evernote.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\facebook.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\financeyahoo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\flickr.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\flickrLogo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\flickrLogo2.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\flickrLogo3.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\foxnews.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\gamesyahoo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\gear1.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\gear3.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\gettyimages.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\github.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\google.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googledocs.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googledrive.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googleinbox.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googlemaps.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googleplay.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googlesheets.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googlewebstore.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\grooveshark.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\homedepot.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\homesyahoo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\hotmail-outlook.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\icon.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\imdb.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\instagram.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\java.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\jsfiddle.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\kickstarter.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\linkedin.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mag1.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mag3.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mag4.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mailyahoo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mapquest.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mashable.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\medium.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\metacafe.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mixbit.svg, Quarantined, [291], [467247],1.0.6315%0
August 12th, 2018, 10:27 PM
#7
Re-posting, the logs did not go through last time:
RK log:
RogueKiller V12.12.31.0 (x64) [Aug 10 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : admin [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 08/12/2018 15:07:51 (Duration : 02:32:21)
Switches : -refid
¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] EtaKnightFBD.exe(3860) -- C:\Program Files (x86)\Common Files\EtaKnightFBD\EtaKnightFBD.exe[-] -> Found
¤¤¤ Registry : 57 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2848961991-288533299-670403562-1000\Software\csastats -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2848961991-288533299-670403562-1000\Software\csastats -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {045630E8-186E-483F-8DE5-101DCDEF323F} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {55F4A9A1-BC88-4B68-BA28-A7EF2DA02289} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D65E23F2-980F-43B2-9065-C7A2EBD806F5} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AA648B96-5F65-422A-9A95-A133A3AB7D95} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {81D4C61E-F73A-4242-9948-6020DB70BBD0} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4FF3DA52-3FAF-4192-BAEF-D2F7BA137FDA} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {39405740-FEA2-467A-94D8-40B14987C35B} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6180B6E9-4505-4696-A7E8-E7C544DDDA1C} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A64CED85-A815-4BAE-B1AC-E04821739A81} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3E607D95-D964-4150-BC93-794291FC221E} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9A3F94F6-1D14-41F4-AEA2-B1B23AB8B15A} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E19\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2932F3DA-E743-4FFB-92F3-6CA5CCF9799C} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7E19\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CF1DEA46-D310-499C-AA17-BA73A3ECC6C4} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7232\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B92D6D09-328E-4F95-BDD7-B3EB9922C721} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7232\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {182FCE87-E5B6-4B9E-8603-01F6958510D6} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS6679\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6C0124A7-AEB1-49DC-9C41-5E9E03964955} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS6679\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D3A09AF4-9739-43E4-9A06-1041E6BB6299} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS2403\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {83A22F8F-C005-4458-9885-C781CC523327} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS2403\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {808C33CF-AEBB-4BD5-933A-75EE1927F365} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS24A0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CF58BA79-68C7-40E5-A9A3-4D9D5011A543} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS24A0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {99A27AB0-568B-4382-81FC-B946297CBE41} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS5DD0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C4638C61-C2D5-464B-AB0C-06C000F8C031} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS5DD0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {090A6C85-F13B-4233-A6BB-FBA9EC7FF739} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS530D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3B4BB1C0-776C-4AE3-A2B4-B1A9A0928565} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS530D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {129EFD3A-26ED-4D07-B7DB-D148FA6FB635} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS41B6\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AE2F7BCC-7D3D-45DF-9CD2-2F3486763270} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS41B6\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {06ED8793-251E-4650-A3EE-8C09FF040356} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS44ED\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9F08467F-0E68-4BE3-9F4C-A54D043EB237} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS44ED\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7EE8E09D-64C6-46B6-A7C4-615A4A720182} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS456C\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E062B003-D826-4BBB-B3BF-F3293262AFA4} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS456C\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A9D7B99F-BEF0-4BE5-A00A-C671BCAD56F5} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0FF7\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {38D19241-E76C-4C52-ABC7-2D80BA593224} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0FF7\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {60F532E2-DF75-47BD-AC55-1D59CD9B9733} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS3D4D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5D396C44-BCE9-4368-A8AF-D2E8CEEF93E1} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS3D4D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8054A7A7-F7CC-4C88-8762-F2704659F7B6} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0F2B\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7F70D801-2D8A-486B-83FD-0601C0160ADA} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0F2B\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {160448D9-ECE9-4261-9F55-A84F808F17D9} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS65D3\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E4B3F583-FC98-45C8-994F-6C0139A80AB2} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS6DE3\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {87CDB79B-C1D2-40D9-B30F-C65CC66278E8} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS2375\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5073659A-010B-4E58-B0B2-5D7104998141} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0511\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CA0630C3-B651-41B0-84A7-4D696ACF1D29} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0511\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {73AF51E0-4C4E-4935-A4EA-6D93510B8F7E} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS0C71\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0D9AE5EE-A360-4282-AF9F-2DBE07C66A2E} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7767\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {59E5435B-56BE-4237-8A6B-2A1FFBB5D593} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS7767\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {218544BD-AFE2-4557-BA8C-A21F9AED759B} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\admin\AppData\Local\Temp\7zS0915\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4F6482CB-3C58-4AFB-8EEB-3968D145399B} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\admin\AppData\Local\Temp\7zS0915\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CB1F88CE-E830-4C96-803B-15DB70033C25} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS06AB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {92FAA138-C64E-48AB-8831-516561152E76} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS06AB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {34BEA1B3-8AA0-466D-8DE4-A6F4795AAA45} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1739\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {90CE71C9-3409-4B02-9C5F-FED18D5563B7} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS1739\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F140B7AA-BBD0-4A1A-A69C-7D4352BF86B7} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS25D3\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3F93297B-63A0-4481-928D-C58B19FA39D1} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS25D3\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A416FC16-54C8-471D-ABBE-6D40E2B4235D} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0A52\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A72AB0C6-13AE-4E6F-AC16-17C3383DB024} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\admin\AppData\Local\Temp\7zS0A52\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5C260C40-B8F0-49D3-B9B0-C73BAC819BD4} : v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\admin\AppData\Local\Temp\7zS13BC\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected
¤¤¤ Tasks : 1 ¤¤¤
[PUP.ByteFence|PUP.Gen1] \ByteFence -- C:\Program Files\ByteFence\ByteFence.exe (/a) -> Not selected
¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Program Files\WinZip Driver Updater -> Deleted
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] b5acc5831cc9adb087a62a6465fb3fa7
[BSP] 713a35468d0256ce20112474987c5972 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476388 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975851520 | Size: 449 MB
User = LL1 ... OK
User = LL2 ... OK
August 12th, 2018, 10:28 PM
#8
Here are the MBAM and AdwCleaner logs:
MBAM log:
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 8/12/18
Scan Time: 5:51 PM
Log File: 0995531a-9e93-11e8-9b7a-4437e6b74715.json
Administrator: Yes
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.6315
License: Trial
-System Information-
OS: Windows 10 (Build 17134.165)
CPU: x64
File System: NTFS
User: admin-PC\admin
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 396922
Threats Detected: 247
Threats Quarantined: 245
Time Elapsed: 22 min, 28 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 1
PUP.Optional.SpecialSearchOffer, C:\PROGRAM FILES (X86)\COMMON FILES\ETAKNIGHTFBD\ETAKNIGHTFBD.EXE, Quarantined, [1656], [547617],1.0.6315
Module: 1
PUP.Optional.SpecialSearchOffer, C:\PROGRAM FILES (X86)\COMMON FILES\ETAKNIGHTFBD\ETAKNIGHTFBD.EXE, Quarantined, [1656], [547617],1.0.6315
Registry Key: 14
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ByteFence, Quarantined, [6007], [388721],1.0.6315
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0531C61D-483F-4330-813A-968FA887D640}, Quarantined, [6007], [388721],1.0.6315
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{0531C61D-483F-4330-813A-968FA887D640}, Quarantined, [6007], [388721],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinZip Smart Monitor Service, Quarantined, [1605], [456267],1.0.6315
PUP.Optional.hTab, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\elmkjjfkkchohaaoljobaffjeedcoocj, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\elmkjjfkkchohaaoljobaffjeedcoocj, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, HKU\S-1-5-21-2848961991-288533299-670403562-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\elmkjjfkkchohaaoljobaffjeedcoocj, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bhfhojbhbnajajgihpicejdalbjlpcep, Quarantined, [291], [467247],1.0.6315
Adware.Norassie, HKU\S-1-5-21-2848961991-288533299-670403562-1000\SOFTWARE\Norassie, Quarantined, [6974], [361347],1.0.6315
PUP.Optional.SpecialSearchOffer.ShrtCln, HKU\S-1-5-21-2848961991-288533299-670403562-1000\SOFTWARE\SpecialSearchOffer, Quarantined, [5515], [405205],1.0.6315
Trojan.Roraccoon, HKLM\SOFTWARE\SSO, Quarantined, [5455], [511495],1.0.6315
PUP.Optional.SpecialSearchOffer, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EtaKnightFBD, Quarantined, [1656], [547617],1.0.6315
PUP.Optional.SpecialSearchOffer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTALLER.EXE, Removal Failed, [1656], [532529],1.0.6315
PUP.Optional.SpecialSearchOffer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTALLER.EXE, Removal Failed, [1656], [532529],1.0.6315
Registry Value: 2
Trojan.Roraccoon, HKLM\SOFTWARE\SSO|TM, Quarantined, [5455], [511495],1.0.6315
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0531C61D-483F-4330-813A-968FA887D640}|PATH, Quarantined, [6007], [389376],1.0.6315
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 16
PUP.Optional.WinzipSystemUtilitiesSuite, C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-2848961991-288533299-670403562-1000, Quarantined, [1605], [458272],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\PROGRAMDATA\WINZIP\WINZIP SMART MONITOR, Quarantined, [1605], [458272],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\_metadata, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\elmkjjfkkchohaaoljobaffjeedcoocj, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\weatherIcons, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\offlinephotos, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\_locales\en, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\_metadata, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\_locales, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\lib, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\BHFHOJBHBNAJAJGIHPICEJDALBJLPCEP, Quarantined, [291], [467247],1.0.6315
PUP.Optional.WinYahoo.TskLnk, C:\USERS\ADMIN\APPDATA\LOCAL\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}, Quarantined, [3725], [484244],1.0.6315
File: 213
PUP.Optional.ByteFence, C:\WINDOWS\SYSTEM32\TASKS\ByteFence, Quarantined, [6007], [388721],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\apps, Quarantined, [1605], [456267],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\SystemInfo-vc100-mt.dll, Quarantined, [1605], [456267],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\SystemInfo-vc100-mt.mab, Quarantined, [1605], [456267],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\Uninstall.exe, Quarantined, [1605], [456267],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe, Quarantined, [1605], [456267],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.mab, Quarantined, [1605], [456267],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe, Quarantined, [1605], [456267],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.mab, Quarantined, [1605], [456267],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-2848961991-288533299-670403562-1000\queue.data, Quarantined, [1605], [458272],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-2848961991-288533299-670403562-1000\settings.data, Quarantined, [1605], [458272],1.0.6315
PUP.Optional.WinzipSystemUtilitiesSuite, C:\ProgramData\WinZip\WinZip Smart Monitor\S-1-5-21-2848961991-288533299-670403562-1000\smsettings, Quarantined, [1605], [458272],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\_metadata\verified_contents.json, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\ctn.js, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\jquery-3.1.1.min.js, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\manifest.json, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\ntab.html, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\ntab.js, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\pp.pdf, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\search.png, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\searchicon.png, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\stats.js, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\style.css, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj\1.1.0_0\tnc.pdf, Quarantined, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [2124], [460257],1.0.6315
PUP.Optional.hTab, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [2124], [460257],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-1.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-1@2x.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-1@3x.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-3.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-3@2x.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\fill-3@3x.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\mlb.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\nba.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\nfl.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsIcons\nhl.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\500px.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\8tracks.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\adobe.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\airbnb.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\amazon.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\aol.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\apple.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\Arrow@2x.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\arrowCurveLeft.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bankofamerica.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bbc.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\befrugal.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\behance.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bestbuy.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bing.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\bookmark.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\ce_retina_search.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\chase.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\clear.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\close_x.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\cnn.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\codepen.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\craigslist.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\dailymotion.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\document.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\dribbble.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\dropbox.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\ebay.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\espn.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\evernote.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\facebook.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\financeyahoo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\flickr.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\flickrLogo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\flickrLogo2.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\flickrLogo3.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\foxnews.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\gamesyahoo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\gear1.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\gear3.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\gettyimages.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\github.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\google.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googledocs.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googledrive.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googleinbox.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googlemaps.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googleplay.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googlesheets.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\googlewebstore.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\grooveshark.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\homedepot.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\homesyahoo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\hotmail-outlook.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\icon.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\imdb.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\instagram.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\java.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\jsfiddle.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\kickstarter.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\linkedin.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mag1.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mag3.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mag4.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mailyahoo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mapquest.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mashable.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\medium.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\metacafe.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mixbit.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\msn.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\nationalgeographic.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\netflix.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\newsyahoo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\newtab128.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\oracle.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\oracleapp.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\careersyahoo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\expand.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\gmail.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\history.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\mag_purp.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\pandora.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\walmart.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\panelicon.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\paypal.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\pinterest.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\rdio.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\screenyahoo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\settings_white.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\share1.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\shoppingyahoo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\slideshare.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\soundcloud.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\sportsyahoo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\spotify.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\target.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\techcrunch.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\ted.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\theverge.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\time.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\trendingNow.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\tumblr.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\turbotax.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\twitch.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\twitter.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\vimeo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\vine.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\weatherchannel.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\weatheryahoo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\website.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\wellsfargo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\wikipedia.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\wordpress.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\Yahoo.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\yahoo.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\yahooautos.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\yahooFinance.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\yahooFinance@2x.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\yahoofood.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\yahoomatch.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\yahootech.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\yahootravel.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\youtube.svg, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\Y_NT128.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\Y_NT16.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\icons\Y_NT64.png, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\lib\bootstrap.min.css, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\lib\bootstrap.min.js, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\lib\jquery.min.js, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\offlinephotos\newmexico.JPG, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\_locales\en\messages.json, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\_metadata\verified_contents.json, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\brand.css, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\BreakingNews.js, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\BrowserGap.js, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\Constants.js, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\lato.ttf, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\latolight.ttf, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\main.js, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\manifest.json, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\newtab.css, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\newtab.html, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\newtab.js, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\notifyPresence.js, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\PhotoManager.js, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\SiteConfig.js, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\Tracker.js, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\TrackerEncoder.js, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep\1.2.6_0\TrendingNow.js, Quarantined, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [291], [467247],1.0.6315
PUP.Optional.RussAd, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [291], [467247],1.0.6315
PUP.Optional.WinYahoo.TskLnk, C:\USERS\ADMIN\APPDATA\LOCAL\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}\daca, Quarantined, [3725], [484244],1.0.6315
PUP.Optional.WinYahoo.TskLnk, C:\Users\admin\AppData\Local\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}\bapi.dat, Quarantined, [3725], [484244],1.0.6315
PUP.Optional.WinYahoo.TskLnk, C:\Users\admin\AppData\Local\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}\come.exe, Quarantined, [3725], [484244],1.0.6315
PUP.Optional.WinYahoo.TskLnk, C:\Users\admin\AppData\Local\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}\install.log, Quarantined, [3725], [484244],1.0.6315
PUP.Optional.WinYahoo.TskLnk, C:\Users\admin\AppData\Local\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}\race, Quarantined, [3725], [484244],1.0.6315
PUP.Optional.WinYahoo.TskLnk, C:\Users\admin\AppData\Local\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}\soma, Quarantined, [3725], [484244],1.0.6315
PUP.Optional.WinYahoo.TskLnk, C:\Users\admin\AppData\Local\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}\Sqlite3.dll, Quarantined, [3725], [484244],1.0.6315
PUP.Optional.WinYahoo.TskLnk, C:\Users\admin\AppData\Local\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}\uninst.dat, Quarantined, [3725], [484244],1.0.6315
PUP.Optional.WinYahoo.TskLnk, C:\Users\admin\AppData\Local\{895ABF06-ADF2-D3BE-C06A-F656E4020ACE}\uninst.exe, Quarantined, [3725], [484244],1.0.6315
PUP.Optional.SpecialSearchOffer, C:\PROGRAM FILES (X86)\COMMON FILES\ETAKNIGHTFBD\ETAKNIGHTFBD.EXE, Quarantined, [1656], [547617],1.0.6315
PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\PCAPRO\DDR.DLL, Quarantined, [560], [546192],1.0.6315
PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\PCAPRO\AVS.DLL, Quarantined, [560], [546192],1.0.6315
PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\PCAPRO\PCAPROUPDATER.EXE, Quarantined, [560], [546192],1.0.6315
PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\PCAPRO\RPCAPRO.EXE, Quarantined, [560], [546192],1.0.6315
PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\PCAPRO\DITX.EXE, Quarantined, [560], [546192],1.0.6315
PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\PCAPRO\DIT.EXE, Quarantined, [560], [546192],1.0.6315
PUP.Optional.SlimCleanerPlus, C:\SLIMDRIVERS-SETUP.EXE, Quarantined, [1436], [472306],1.0.6315
PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\PCAPRO\PCAPROAS.EXE, Quarantined, [560], [546192],1.0.6315
PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\PCAPRO\DDRX.DLL, Quarantined, [560], [546192],1.0.6315
PUP.Optional.DriverSupport, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\~NSUA.TMP\UN_A.EXE, Quarantined, [5678], [486292],1.0.6315
PUP.Optional.DriverUpdate, C:\WINDOWS\SYSTEM32\DRIVERS\SWDUMON.SYS, Quarantined, [2887], [448467],1.0.6315
PUP.Optional.DriverSupport, C:\USERS\ADMIN\DOWNLOADS\DRIVERSUPPORT.EXE, Quarantined, [5678], [486292],1.0.6315
PUP.Optional.BundleInstaller, C:\USERS\ADMIN\DOWNLOADS\FLASHPLAYER23AX_RAIE_INSTALL_1463575169.EXE, Quarantined, [407], [435337],1.0.6315
PUP.Optional.SpecialSearchOffer, C:\USERS\ADMIN\DOWNLOADS\INSTALLER.EXE, Quarantined, [1656], [532529],1.0.6315
PUP.Optional.SpecialSearchOffer, C:\USERS\ADMIN\APPDATA\LOCAL\PRIMEPINTA\PU.EXE, Quarantined, [1656], [547616],1.0.6315
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
AdwCleaner [S00] log:
# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-08-10.2
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-12-2018
# Duration: 00:01:04
# OS: Windows 10 Pro
# Scanned: 41771
# Detected: 13
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy C:\Program Files\WinZip Smart Monitor
PUP.Optional.Legacy C:\Program Files\WinZip\WinZip Smart Monitor
PUP.Optional.Legacy C:\Users\Public\Documents\Downloaded Installers
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.ByteFence HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
PUP.Optional.FreeMakeConverter HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
PUP.Optional.InstallCore HKCU\Software\csastats
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}
PUP.Optional.WinZipRegistryOptimizer HKLM\Software\Microsoft\Shared Tools\MSConfig\services\WinZip Smart Monitor Service
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
PUP.Optional.Legacy Ask
PUP.Optional.Legacy Ask
PUP.Optional.Legacy AOL
PUP.Optional.Legacy AOL
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
AdwCleaner [C00] log:
# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-08-10.2
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-12-2018
# Duration: 00:00:11
# OS: Windows 10 Pro
# Cleaned: 13
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files\WinZip Smart Monitor
Deleted C:\Program Files\WinZip\WinZip Smart Monitor
Deleted C:\Users\Public\Documents\Downloaded Installers
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted HKCU\Software\csastats
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\services\WinZip Smart Monitor Service
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted Ask
Deleted Ask
Deleted AOL
Deleted AOL
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2144 octets] - [12/08/2018 18:51:01]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
August 12th, 2018, 11:33 PM
#9
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
Double click to run it. Make sure you checkmark Addition.txt box. Press Scan button. Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
August 13th, 2018, 10:46 AM
#10
Thanks Broni, I will re-run FRST and post later this evening.
I did notice the hard drive seems to be completely taken over, Task Manager shows C: drive always 100% occupied, I can't believe Win 10 is responsible for that... Is that contributing to the snail-like response of my PC?
August 13th, 2018, 05:15 PM
#11
One of the issues I can see so far is this:
Drive c: () (Fixed) (Total:465.22 GB) (Free:33.07 GB ) NTFS
You're running low on hard drive free space.
August 13th, 2018, 09:48 PM
#12
Re-scanned with Farbar.
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by admin (administrator) on ADMIN-PC (13-08-2018 17:57:37)
Running from C:\Users\admin\Desktop\PC clean 8-12-2018
Loaded Profiles: admin & (Available Profiles: admin & test)
Platform: Windows 10 Pro Version 1803 17134.165 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(AVAST Software) C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10325.20091.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(HP Inc.) C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(HP Inc.) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-11] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [123848 2017-12-11] (WinZip Computing, S.L.)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2017-12-11] (WinZip Computing, S.L.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-08-12] (AVAST Software)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-23] (Autodesk Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065702442\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065715537\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-08-12] (Piriform Ltd)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Akamai NetSession Interface] => C:\Users\admin\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1336320 2015-11-25] (Autodesk, Inc.)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Chromium] => c:\users\admin\appdata\local\chromium\application\chrome.exe [1068544 2016-07-20] (The Chromium Authors)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [AfterPlayMonitor] => C:\Users\admin\AppData\Roaming\Letv\AfterPlay\AfterPlayMonitor.ex
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Spotify] => C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe [23177616 2018-05-15] (Spotify Ltd)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [Spotify Web Helper] => C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-05-15] (Spotify Ltd)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3769992 2017-05-23] (HP Inc.)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1112960 2018-03-14] (McAfee Inc.)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Policies\Explorer: []
HKU\S-1-5-21-2848961991-288533299-670403562-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-08-12] (Piriform Ltd)
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [Akamai NetSession Interface] => C:\Users\admin\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1336320 2015-11-25] (Autodesk, Inc.)
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [Chromium] => c:\users\admin\appdata\local\chromium\application\chrome.exe [1068544 2016-07-20] (The Chromium Authors)
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [AfterPlayMonitor] => C:\Users\admin\AppData\Roaming\Letv\AfterPlay\AfterPlayMonitor.ex
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [Spotify] => C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe [23177616 2018-05-15] (Spotify Ltd)
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [Spotify Web Helper] => C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-05-15] (Spotify Ltd)
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3769992 2017-05-23] (HP Inc.)
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1112960 2018-03-14] (McAfee Inc.)
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Policies\Explorer: []
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2848961991-288533299-670403562-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065724382\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-03-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{46a08850-0e90-406a-8c8a-a65490766f68}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{7f012f1d-d444-46dc-89c0-6411293ce9c9}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9e593974-1e17-4fac-a659-147e3b723a0b}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about :blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about :blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2848961991-288533299-670403562-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065724382\Software\Microsoft\Internet Explorer\Main,Start Page = about :blank
SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33010001005_10.0.1.6209_u_ds
SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33010001005_10.0.1.6209_u_ds
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-14] (Bitdefender)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-05-14] (Bitdefender)
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-07-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-30] (Oracle Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-14] (Bitdefender)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-05-14] (Bitdefender)
Toolbar: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKU\S-1-5-21-2848961991-288533299-670403562-1000 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-14] (Bitdefender)
Toolbar: HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-14] (Bitdefender)
FireFox:
========
FF DefaultProfile: lo0n6qk9.default
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo0n6qk9.default [2018-08-12]
FF Homepage: Mozilla\Firefox\Profiles\lo0n6qk9.default -> www.yahoo.com/
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF Extension: (No Name) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2017-07-14]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-07-14] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2848961991-288533299-670403562-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\admin\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\admin\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-05-11] (Cisco WebEx LLC)
Chrome:
=======
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=863135318¶m1=y6bdVFVIsvuYsgEClQfz8IfaIrULFWUA2DMVetLqXBqiFV%2BtmuyqTegcVHCAouGVmtx3XgLifo%2F3ajI0t4UmyMHg0Okr%2FORFyfZy%2BweCQtHdeeFQjdZ8DAnJe8psehSLt6Sgc29QyATMMiemNSpqW1pUe748js73%2Bpy%2BExmegKL0bObVYjOx59ixKgp%2FM8MyU7HlnxTPZ7QIBxpGR2yUInuo%2BaNhHPL1zW%2BtMBhaU%2FAloFmFKol66NrNKg4StLpvbsdDmom73OYxQOOZ0UsD%2BBvVqSjO6WC09Wffb0HFDBQ%3D
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2018-08-13]
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-12]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-12]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-12]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-12]
CHR Extension: (Adobe Acrobat) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-07-12]
CHR Extension: (Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-12]
CHR Extension: (Bitdefender Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2018-07-12]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-12]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-12]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-12]
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-12]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2848961991-288533299-670403562-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkcffmoikcgfhagefelmhiakelnjihik] - hxxps://chrome.google.com/webstore/detail/gkcffmoikcgfhagefelmhiakelnjihik
CHR HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkcffmoikcgfhagefelmhiakelnjihik] - hxxps://chrome.google.com/webstore/detail/gkcffmoikcgfhagefelmhiakelnjihik
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-08-12] (AVAST Software)
S4 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-08-12] (AVAST Software)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2137280 2018-04-17] (Bitdefender)
S4 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [105936 2018-05-08] (Bitdefender)
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-11-02] (Ellora Assets Corp.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-09-24] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S4 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [314368 2018-03-06] (AnchorFree Inc.) [File not signed]
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-26] (McAfee, Inc.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1275776 2018-05-16] (Bitdefender)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S4 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
S4 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S4 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [112712 2018-05-14] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [1001072 2018-05-14] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe [522624 2018-05-14] (Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-30] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-30] (Microsoft Corporation)
S4 WinZip Compression Smart Monitor Service; "C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (The OpenVPN Project)
S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [197160 2018-08-12] (AVAST Software)
S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229392 2018-08-12] (AVAST Software)
S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201328 2018-08-12] (AVAST Software)
S3 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-08-12] (AVAST Software)
S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59592 2018-08-12] (AVAST Software)
S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-08-12] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-08-12] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-08-12] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159640 2018-08-12] (AVAST Software)
S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111872 2018-08-12] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-08-12] (AVAST Software)
S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027728 2018-08-12] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467064 2018-08-12] (AVAST Software)
S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [211160 2018-08-12] (AVAST Software)
S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381584 2018-08-12] (AVAST Software)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1177008 2018-05-14] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1723552 2018-05-14] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-05-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [130840 2018-05-14] (BitDefender LLC)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [45104 2018-05-14] (© Bitdefender SRL)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96448 2018-05-14] (BitDefender)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-12-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-06-19] (Malwarebytes)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [189544 2018-05-14] (BitDefender LLC)
R0 Ignis; C:\WINDOWS\System32\DRIVERS\ignis.sys [191592 2018-05-14] (Bitdefender)
R3 LBAI; C:\WINDOWS\System32\Drivers\LBAI.sys [30432 2017-04-29] (Lenovo)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [191208 2018-08-12] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [114920 2018-08-13] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [48360 2018-08-13] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-12] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102632 2018-08-13] (Malwarebytes)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-12-18] (Samsung Electronics Co., Ltd.)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [609576 2018-08-02] (Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-07-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-07-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-30] (Microsoft Corporation)
U3 aswbdisk; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-13 06:57 - 2018-08-13 18:00 - 000102632 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-08-12 19:47 - 2018-08-12 11:25 - 000378072 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-08-12 17:50 - 2018-08-13 06:58 - 000048360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-08-12 17:49 - 2018-08-13 06:58 - 000114920 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-08-12 17:49 - 2018-08-12 17:49 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-08-12 17:49 - 2018-08-12 17:49 - 000191208 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-08-12 17:48 - 2018-08-12 17:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-08-12 17:48 - 2018-08-12 17:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-08-12 17:48 - 2018-06-19 14:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-08-12 15:05 - 2018-08-12 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-08-12 15:02 - 2018-08-12 19:56 - 000000000 ____D C:\Users\admin\Desktop\PC clean 8-12-2018
2018-08-12 11:44 - 2018-08-12 11:44 - 000000000 ____D C:\Users\admin\AppData\Roaming\AVAST Software
2018-08-12 11:39 - 2018-08-13 17:57 - 000000000 ____D C:\FRST
2018-08-12 11:34 - 2018-08-13 17:59 - 000000000 ____D C:\Users\admin\AppData\Local\AVAST Software
2018-08-12 11:34 - 2018-08-12 19:50 - 000001939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-08-12 11:30 - 2018-08-12 11:30 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-08-12 11:29 - 2018-08-13 18:01 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-08-12 11:27 - 2018-08-12 15:29 - 000467064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-08-12 11:27 - 2018-08-12 11:25 - 000381584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-08-12 11:27 - 2018-08-12 11:25 - 000211160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-08-12 11:27 - 2018-08-12 11:25 - 000197160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-08-12 11:27 - 2018-08-12 11:25 - 000159640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-08-12 11:27 - 2018-08-12 11:25 - 000111872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-08-12 11:27 - 2018-08-12 11:25 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-08-12 11:27 - 2018-08-12 11:25 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-08-12 11:27 - 2018-08-12 11:25 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2018-08-12 11:27 - 2018-08-12 11:23 - 001027728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-08-12 11:27 - 2018-08-12 11:23 - 000346664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-08-12 11:27 - 2018-08-12 11:23 - 000239680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-08-12 11:27 - 2018-08-12 11:23 - 000229392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-08-12 11:27 - 2018-08-12 11:23 - 000201328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-08-12 11:27 - 2018-08-12 11:23 - 000059592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-08-12 11:26 - 2018-08-12 11:26 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-08-12 11:21 - 2018-08-12 11:21 - 000000000 ____D C:\Program Files\AVAST Software
2018-08-07 07:03 - 2018-08-07 07:03 - 001587699 _____ C:\Users\admin\Desktop\Lily's Kaiser Med Card.pdf
2018-08-05 22:34 - 2018-08-05 22:34 - 001648128 _____ C:\Users\admin\Downloads\Ch.1 ppt - for sections 1.1 to 1.3.ppt
2018-08-05 21:13 - 2018-08-05 23:24 - 000000000 ____D C:\Users\admin\Desktop\algebra&pre-calculus
2018-08-03 18:29 - 2018-08-05 20:39 - 000000000 ____D C:\Users\admin\Desktop\Precalculus
2018-08-02 20:31 - 2018-08-12 16:44 - 000000000 ____D C:\Users\admin\AppData\Local\PrUpdater
2018-08-02 20:31 - 2018-08-02 20:31 - 000001060 _____ C:\Users\Public\Desktop\PCAPro.lnk
2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Roaming\PrUpdater
2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrUpdater
2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Local\PCAPro
2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\ProgramData\PCAPro
2018-08-02 20:31 - 2018-08-02 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCAPro
2018-08-02 20:30 - 2018-08-12 18:26 - 000000000 ____D C:\Program Files (x86)\PCAPro
2018-08-02 20:30 - 2018-08-02 20:31 - 000000000 ____D C:\Users\admin\AppData\Roaming\PCAPInstallFiles
2018-08-02 13:10 - 2018-08-02 13:11 - 062571332 _____ C:\Users\admin\Downloads\How To Mud & Tape Drywall Butt Joints (1).mp4
2018-08-02 13:00 - 2018-08-12 18:26 - 000000000 ____D C:\Users\admin\AppData\Local\PrimePinta
2018-08-02 13:00 - 2018-08-02 13:00 - 000000000 ____D C:\Program Files (x86)\EtaKnight
2018-08-02 12:59 - 2018-08-02 12:59 - 000000000 ____D C:\Program Files (x86)\ApheticUfaApheticUfa
2018-08-02 12:48 - 2018-08-02 12:49 - 062571332 _____ C:\Users\admin\Downloads\How To Mud & Tape Drywall Butt Joints.mp4
2018-08-01 21:26 - 2018-08-01 21:27 - 009418262 _____ C:\Users\admin\Downloads\LBPM - HOA.pdf
2018-08-01 21:25 - 2018-08-01 21:25 - 000159744 _____ C:\Users\admin\Downloads\3918 Huron Avenue Homeowners Association Proposal.pdf
2018-07-31 21:24 - 2018-07-31 21:24 - 000029253 _____ C:\ProgramData\agent.update.1533097466.bdinstall.bin
2018-07-31 16:17 - 2018-07-31 16:17 - 000369206 _____ C:\Users\admin\Documents\Scan.pdf
2018-07-31 16:03 - 2018-07-31 16:03 - 001413758 _____ C:\Users\admin\Desktop\signed papers Value Windows.pdf
2018-07-31 12:36 - 2018-07-31 12:36 - 000457492 _____ C:\Users\admin\Downloads\installation fee.pdf
2018-07-31 11:46 - 2018-07-31 11:46 - 000546320 _____ C:\Users\admin\Downloads\7573011 (4).pdf
2018-07-31 11:36 - 2018-07-31 11:36 - 000546320 _____ C:\Users\admin\Downloads\7573011 (3).pdf
2018-07-31 11:30 - 2018-07-31 11:30 - 000546320 _____ C:\Users\admin\Downloads\7573011 (2).pdf
2018-07-31 11:21 - 2018-07-31 11:21 - 001349800 _____ C:\Users\admin\Downloads\755351507302018_0015 (2).pdf
2018-07-31 11:21 - 2018-07-31 11:21 - 000546320 _____ C:\Users\admin\Downloads\7573011 (1).pdf
2018-07-31 11:18 - 2018-07-31 11:18 - 001349800 _____ C:\Users\admin\Downloads\755351507302018_0015 (1).pdf
2018-07-31 11:14 - 2018-07-31 11:14 - 000546320 _____ C:\Users\admin\Downloads\7573011.pdf
2018-07-30 21:12 - 2018-07-30 21:12 - 001349753 _____ C:\Users\admin\Desktop\Value Windows Annie La estemate.pdf
2018-07-30 21:11 - 2018-07-30 21:11 - 001349800 _____ C:\Users\admin\Downloads\755351507302018_0015.pdf
2018-07-30 10:22 - 2018-07-30 10:22 - 000000000 ____D C:\Users\admin\Desktop\volunteer
2018-07-26 21:15 - 2018-07-26 21:15 - 000063461 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (8).pdf
2018-07-26 21:15 - 2018-07-26 21:15 - 000063461 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (7).pdf
2018-07-26 21:14 - 2018-07-26 21:14 - 000063461 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (6).pdf
2018-07-26 15:51 - 2018-07-26 15:51 - 001042768 _____ C:\Users\admin\Desktop\$250 12-29-17 to 6-29-18.pdf
2018-07-26 15:51 - 2018-07-26 15:51 - 000035286 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (5).pdf
2018-07-26 15:49 - 2018-07-26 15:49 - 001042768 _____ C:\Users\admin\Downloads\$250 12-29-17 to 6-29-18.pdf
2018-07-26 13:59 - 2018-07-26 13:59 - 000066137 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (4).pdf
2018-07-26 13:55 - 2018-07-26 13:55 - 000025765 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (3).pdf
2018-07-26 13:54 - 2018-07-26 13:54 - 000025765 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (2).pdf
2018-07-26 13:53 - 2018-07-26 13:53 - 000071911 _____ C:\Users\admin\Downloads\Files_Online2PDF.zip
2018-07-26 13:53 - 2018-07-26 13:53 - 000025765 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26 (1).pdf
2018-07-26 13:48 - 2018-07-26 13:48 - 000025709 _____ C:\Users\admin\Downloads\HOA dues,expenses 7-26.pdf
2018-07-26 13:35 - 2018-07-26 13:35 - 000094208 _____ C:\Users\admin\Desktop\Account Details Print Friendly.pdf
2018-07-26 13:21 - 2018-08-05 21:13 - 000000000 ____D C:\Users\admin\Desktop\print
2018-07-25 17:30 - 2018-07-25 17:30 - 000101433 _____ C:\Users\admin\Desktop\property manager Q.pdf
2018-07-25 12:21 - 2018-07-25 12:21 - 000437787 _____ C:\Users\admin\Desktop\owner,builders contractors license.pdf
2018-07-23 21:01 - 2018-07-23 21:01 - 000034204 _____ C:\Users\admin\Desktop\LA world affairs council for high school student.pdf
2018-07-23 20:08 - 2018-07-23 20:09 - 000016320 _____ C:\Users\admin\Downloads\Proposal 071618.pdf
2018-07-21 10:34 - 2018-07-21 10:34 - 000276743 _____ C:\Users\admin\Downloads\FullBill (3).pdf
2018-07-21 10:34 - 2018-07-21 10:34 - 000276743 _____ C:\Users\admin\Downloads\FullBill (2).pdf
2018-07-21 10:33 - 2018-07-21 10:33 - 000152623 _____ C:\Users\admin\Downloads\FullBill (1).pdf
2018-07-21 10:31 - 2018-07-21 10:31 - 000152623 _____ C:\Users\admin\Downloads\FullBill.pdf
2018-07-20 09:46 - 2018-07-20 09:46 - 000000722 _____ C:\Users\admin\Downloads\invite.ics
2018-07-20 09:33 - 2018-07-20 09:33 - 000716847 _____ C:\Users\admin\Downloads\PMC Lab Results - XU.pdf
2018-07-20 09:32 - 2018-07-20 09:32 - 000260726 _____ C:\Users\admin\Downloads\PMC Clearance Cert- XU.pdf
2018-07-19 17:55 - 2018-07-19 17:55 - 000118784 _____ C:\Users\admin\Desktop\guitar 2.pdf
2018-07-18 22:18 - 2018-07-18 22:18 - 000393311 _____ C:\Users\admin\Desktop\volunteer links.pdf
2018-07-18 22:07 - 2018-07-18 22:07 - 000103464 _____ C:\Users\admin\Desktop\volunteer opportunities.pdf
2018-07-18 21:53 - 2018-07-18 21:53 - 000397359 _____ C:\Users\admin\Desktop\50 community service ideas for teen volunteers.pdf
2018-07-17 19:47 - 2018-07-17 19:48 - 000413376 _____ C:\Users\admin\Downloads\joist_estimate__525___signed___xu (2).pdf
2018-07-17 19:47 - 2018-07-17 19:47 - 000413376 _____ C:\Users\admin\Downloads\joist_estimate__525___signed___xu (1).pdf
2018-07-17 19:42 - 2018-07-26 22:35 - 000000000 ____D C:\Users\admin\Desktop\mold
2018-07-17 15:44 - 2018-07-17 15:44 - 000253035 _____ C:\Users\admin\Downloads\xu_payment.pdf
2018-07-17 15:44 - 2018-07-17 15:44 - 000116073 _____ C:\Users\admin\Downloads\Invoice_13282_from_Water_Damage_Zone_and_Restoration_Inc (1).pdf
2018-07-17 15:43 - 2018-07-17 15:43 - 000413376 _____ C:\Users\admin\Downloads\joist_estimate__525___signed___xu.pdf
2018-07-17 15:43 - 2018-07-17 15:43 - 000116073 _____ C:\Users\admin\Downloads\Invoice_13282_from_Water_Damage_Zone_and_Restoration_Inc.pdf
2018-07-17 14:02 - 2018-07-17 14:02 - 000040595 _____ C:\Users\admin\Downloads\Travelers claim FCR3458.pdf
2018-07-17 10:33 - 2018-07-17 10:33 - 005018422 _____ C:\Users\admin\Downloads\Parker Stanbury #3 Mold (1).m4a
2018-07-17 09:55 - 2018-07-17 09:55 - 005018422 _____ C:\Users\admin\Downloads\Parker Stanbury #3 Mold.m4a
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-13 18:02 - 2018-05-13 17:29 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FE6F68DD-CD8C-4EAE-997E-982043BA51A1}
2018-08-13 17:53 - 2018-04-11 14:04 - 000131072 _____ C:\WINDOWS\system32\config\ELAM
2018-08-13 17:53 - 2015-05-02 20:05 - 000000000 __SHD C:\Users\admin\IntelGraphicsProfiles
2018-08-13 09:37 - 2018-05-13 16:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-13 08:49 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-12 20:38 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-08-12 20:06 - 2018-05-13 17:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-12 20:04 - 2018-05-13 16:44 - 000000000 ____D C:\Users\test
2018-08-12 20:04 - 2018-04-11 14:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-08-12 20:04 - 2017-07-08 16:54 - 000040251 _____ C:\bdlog.txt
2018-08-12 19:47 - 2018-04-11 16:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-08-12 19:04 - 2018-01-14 18:32 - 000000000 ____D C:\Program Files\WinZip
2018-08-12 18:51 - 2017-05-10 20:52 - 000000000 ____D C:\AdwCleaner
2018-08-12 18:34 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-12 18:31 - 2016-07-14 21:07 - 000000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForadmin.job
2018-08-12 18:30 - 2015-11-11 08:00 - 000000000 ____D C:\Program Files\CCleaner
2018-08-12 18:19 - 2017-03-19 12:19 - 000000000 ____D C:\ProgramData\WinZip
2018-08-12 17:45 - 2017-05-06 18:15 - 000000000 ____D C:\Program Files\RogueKiller
2018-08-12 15:07 - 2017-05-06 18:15 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-08-12 12:34 - 2017-08-04 19:58 - 000000000 ____D C:\ProgramData\AVAST Software
2018-08-12 11:26 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-12 11:20 - 2018-05-13 17:29 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-08-12 11:20 - 2015-11-11 08:00 - 000000823 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-08-12 11:06 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-09 21:48 - 2015-11-11 07:31 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-09 19:16 - 2018-05-13 17:29 - 000003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForadmin
2018-08-08 20:22 - 2018-05-18 08:28 - 000000000 ____D C:\Users\admin\AppData\Local\D3DSCache
2018-08-07 08:03 - 2017-07-10 16:45 - 000000000 ____D C:\Users\admin\Desktop\Pali
2018-08-07 07:44 - 2018-07-07 21:25 - 000002081 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2018-08-05 20:58 - 2015-11-11 11:25 - 000000000 ____D C:\Users\admin\AppData\Local\Adobe
2018-08-04 22:59 - 2018-05-13 16:44 - 000000000 ____D C:\Users\admin
2018-08-03 19:31 - 2017-09-03 11:22 - 000000000 ____D C:\Users\admin\Desktop\college info&AP
2018-08-02 15:35 - 2018-07-11 06:56 - 000000000 ____D C:\ProgramData\Packages
2018-08-02 12:11 - 2017-08-01 10:46 - 000609576 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2018-08-01 21:26 - 2018-06-16 21:55 - 000000000 ____D C:\Users\admin\Desktop\HOA
2018-07-31 21:24 - 2017-07-12 10:48 - 000000000 ____D C:\Program Files\Bitdefender Agent
2018-07-30 21:16 - 2018-04-11 09:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-07-26 22:22 - 2017-12-01 10:48 - 000000000 ____D C:\Users\admin\Desktop\Lisa
2018-07-22 19:27 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-07-18 21:22 - 2018-03-15 19:21 - 000000000 ____D C:\Users\admin\Desktop\not copy pictures
2018-07-16 17:00 - 2015-11-11 07:55 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-14 08:05 - 2017-01-12 19:33 - 000000000 ____D C:\Users\admin\Desktop\extra
2018-07-14 07:42 - 2018-05-13 17:29 - 000004538 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-07-14 07:42 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-14 07:42 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
==================== Files in the root of some directories =======
2017-07-09 09:05 - 2017-04-22 15:23 - 004797632 _____ () C:\ProgramData\cis2036.exe
2017-07-09 09:05 - 2017-04-22 15:28 - 000365248 _____ () C:\ProgramData\cmdres.dll
2017-07-16 18:18 - 2017-07-16 18:18 - 000006144 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-06-29 17:39 - 2017-12-27 14:39 - 000007605 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
2018-08-12 15:07 - 2018-07-06 00:25 - 001945784 _____ (Microsoft Corporation) C:\Users\admin\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-13 16:36
==================== End of FRST.txt ============================
August 13th, 2018, 09:51 PM
#13
Addition.txt part 1 of 2
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by admin (13-08-2018 18:04:58)
Running from C:\Users\admin\Desktop\PC clean 8-12-2018
Windows 10 Pro Version 1803 17134.165 (X64) (2018-05-14 00:33:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
admin (S-1-5-21-2848961991-288533299-670403562-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2848961991-288533299-670403562-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2848961991-288533299-670403562-503 - Limited - Disabled)
Guest (S-1-5-21-2848961991-288533299-670403562-501 - Limited - Disabled)
test (S-1-5-21-2848961991-288533299-670403562-1003 - Administrator - Enabled) => C:\Users\test
WDAGUtilityAccount (S-1-5-21-2848961991-288533299-670403562-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Disabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Bitdefender Antivirus (Disabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fTask: {6E55944E-F328-4D0D-A2C4-F522719AC048} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {72D01A58-2DA9-463E-B146-01F93D0AF30E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-12] (Piriform Ltd)
Task: {7C0FD21A-3726-4CD2-B7DD-BA4951A22BC8} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {7F2E741F-8434-4552-AFB6-77E1ABAF8DA9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {82DACA87-E8AB-4895-81D5-342D3D327D8D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-08-12] (AVAST Software)
Task: {9612C1E4-A45D-4726-A522-92A8DB97C1D2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-14] (Adobe Systems Incorporated)
Task: {AF65C8F0-89CB-4EF2-9497-E47000A0481A} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {B6E07D0E-E7FA-4C16-A566-230BD6B2D2F1} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
Task: {BB5D1227-A296-4EB9-AD54-B484B72371F9} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-12-11] (WinZip)
Task: {C29134A1-E8F5-4B94-AF37-CDFF1131703F} - System32\Tasks\{C754CC6B-A7E4-4453-A26E-845EF72EABFE} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\admin\AppData\Local\{A46B9237-80C3-FE8F-ED5B-DB67C93327FF}\uninst.exe -c -FN="C:\Users\admin\AppData\Local\{A436928D-8164-FFFB-EA52-D82936802517}\Updater.exe"-P=/Uninstall /s /noun /DelSelfDir
Task: {C62C8799-FE59-46F3-960F-33398CAE94B3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-12] (Piriform Ltd)
Task: {CAA220D5-E8EA-4229-AAA1-87B0B4B3F76A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {DCE8B9F1-3AE2-45AE-B5C2-000A9B9BDB45} - System32\Tasks\HPCustPartic.exe_{60E2E0F2-CC6F-42F5-9CFE-498B1CF4579F} => C:\Program Files\HP\HP ENVY 5660 series\Bin\HPCustPartic.exe [2017-05-23] (HP Inc.)
Task: {E31B5EAF-E4DD-4735-B216-278EA3729479} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
Task: {E8CA25F0-3EC4-404F-943F-F82197BE02F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-11] (Google Inc.)
Task: {F5E25228-3B11-4700-BF4B-DF856CB65A83} - System32\Tasks\HPCeeScheduleForadmin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {FC6C9A93-8E67-4592-8FAE-9837A91A8F00} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForadmin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-07-18 08:16 - 2018-07-18 08:17 - 000993728 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02751_003\ashttpbr.mdl
2018-07-18 08:16 - 2018-07-18 08:17 - 000544880 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02751_003\ashttpdsp.mdl
2018-07-18 08:16 - 2018-07-18 08:17 - 003232216 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02751_003\ashttpph.mdl
2018-07-18 08:16 - 2018-07-18 08:17 - 001528320 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02751_003\ashttprbl.mdl
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-08-12 17:48 - 2018-06-18 13:32 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-08-12 17:48 - 2018-07-03 12:59 - 002535120 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-10 19:04 - 2018-07-05 23:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-06-12 20:07 - 2018-06-08 02:31 - 003912608 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-06-12 20:07 - 2018-06-08 02:31 - 002506680 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2018-03-21 11:33 - 2018-03-21 11:33 - 043131904 _____ () C:\Program Files\WindowsApps\TDAmeritradeMobileLLC.TDAmeritrade_2.1.2.0_x64__xhqy2dhf86p7y\TDAmeritrade.dll
2018-07-25 08:59 - 2018-07-25 09:00 - 004383232 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1807.1991.0_x64__8wekyb3d8bbwe\OneConnect.dll
2018-07-17 23:00 - 2018-07-17 23:01 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 23:00 - 2018-07-17 23:01 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 23:00 - 2018-07-17 23:01 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 23:00 - 2018-07-17 23:01 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-27 17:51 - 2018-03-27 17:52 - 004734464 _____ () C:\Program Files\Windowae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Disabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}
AS: Avast Antivirus (Disabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Bitdefender Firewall (Disabled) {362C5A58-E860-6396-9204-BEEEF20CA463}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
A360 Desktop (HKLM\...\{A74E6AC6-623F-4DFE-B362-32C7986EE871}) (Version: 6.2.10.1700 - Autodesk)
ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Connect (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Adobe Connect App) (Version: 11.9.985.57 - Adobe Systems Inc.)
Adobe Connect (HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Adobe Connect App) (Version: 11.9.985.57 - Adobe Systems Inc.)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
AutoCAD 2016 - English (HKLM\...\{5783F2D7-F001-0409-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.107.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (HKLM\...\{5783F2D7-F001-0409-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD 2016 SP 1 (HKLM\...\AutoCAD 2016 SP1) (Version: 20.1.107.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk ReCap 2016 (HKLM\...\{F6FD1651-0000-1033-0102-387BAF9B3B0A}) (Version: 1.5.0.33 - Autodesk) Hidden
Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.24.36 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 22.0.8.114 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 22.0.8.118 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
COMODO Antivirus (HKLM\...\{04833277-EE61-4251-9273-0CF86C0FE710}) (Version: 10.0.1.6223 - COMODO Security Solutions Inc.)
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.1.0.0 - Foxit Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Grammarly for Microsoft® Office Suite (HKLM\...\{2CC6EE9C-51D8-479E-8B0B-F061F658FC9B}) (Version: 6.5.57 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\{b1eb8775-bc01-49f5-9885-9ff3c9b4a7a3}) (Version: 6.5.57 - Grammarly)
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\{b1eb8775-bc01-49f5-9885-9ff3c9b4a7a3}) (Version: 6.5.57 - Grammarly)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 5660 series Basic Device Software (HKLM\...\{D3D38A38-586A-49AA-81C8-26A48B7DCFD4}) (Version: 40.11.1135.17143 - HP Inc.)
HP ENVY 5660 series Help (HKLM-x32\...\{607F50D9-40BD-4F17-A584-152F563293B4}) (Version: 34.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
iExplorer (HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\2ee35ebaf226322a) (Version: 4.1.14.0 - Macroplant LLC)
iExplorer (HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\2ee35ebaf226322a) (Version%sApps\Microsoft.Wallet_2.2.18065.0_x64__8wekyb3d8bbwe\Microsoft.Wallet.dll
2018-08-12 11:02 - 2018-08-12 11:02 - 035124224 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-08-12 11:02 - 2018-08-12 11:02 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-08-12 11:02 - 2018-08-12 11:02 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 10:31 - 2017-09-26 10:31 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-08-12 11:02 - 2018-08-12 11:02 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-08-12 11:33 - 2018-08-12 11:33 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-08-12 11:24 - 2018-08-12 11:24 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-08-12 11:23 - 2018-08-12 11:23 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CustomModeApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CustomModeAppv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxCUIService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiVAD64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ivusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\admin\Downloads\Firefox Setup Stub 40.0.3.exe:$CmdTcID [64]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2848961991-288533299-670403562-1000\Software\Classes\.scr: scrfile => <==== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-11-09 18:26 - 2018-08-13 17:53 - 000000028 _____ C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065702442\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065715537\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2848961991-288533299-670403562-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2848961991-288533299-670403562-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065724382\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdAppMgrSvc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Autodesk Content Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cmdvirth => 3
MSCONFIG\Services: DevMgmtService => 2
MSCONFIG\Services: FlexNet Licensing Service 64 => 2
MSCONFIG\Services: FreemakeVideoCapture => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McAfee Vpn Service => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: TrueKey => 2
MSCONFIG\Services: TrueKeyScheduler => 2
MSCONFIG\Services: TrueKeyServiceHelper => 2
MSCONFIG\Services: WinZip Compression Smart Monitor Service => 2
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "WinZip FAH"
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "AfterPlayMonitor"
HKU\S-1-5-21-2848961991-288533299-670403562-1000\...\StartupApproved\Run: => "McAfeeSafeConnect"
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57"
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "AfterPlayMonitor"
HKU\S-1-5-21-2848961991-288533299-670403562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132018065716662\...\StartupApproved\Run: => "McAfeeSafeConnect"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{045630E8-186E-483F-8DE5-101DCDEF323F}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe
FirewallRules: [{55F4A9A1-BC88-4B68-BA28-A7EF2DA02289}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS450A\HPDiagnosticCoreUI.exe
FirewallRules: [{D65E23F2-980F-43B2-9065-C7A2EBD806F5}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe
FirewallRules: [{AA648B96-5F65-422A-9A95-A133A3AB7D95}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS43DE\HPDiagnosticCoreUI.exe
FirewallRules: [{81D4C61E-F73A-4242-9948-6020DB70BBD0}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe
FirewallRules: [{4FF3DA52-3FAF-4192-BAEF-D2F7BA137FDA}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS1E7E\HPDiagnosticCoreUI.exe
FirewallRules: [{39405740-FEA2-467A-94D8-40B14987C35B}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe
FirewallRules: [{6180B6E9-4505-4696-A7E8-E7C544DDDA1C}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS59C0\HPDiagnosticCoreUI.exe
FirewallRules: [{EBCAD962-12F5-44A6-89BE-D79529A5B7E6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DA345B5E-32DB-40D7-8772-7C0471FF4388}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{A64CED85-A815-4BAE-B1AC-E04821739A81}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe
FirewallRules: [{3E607D95-D964-4150-BC93-794291FC221E}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7E95\hppiw.exe
FirewallRules: [{9A3F94F6-1D14-41F4-AEA2-B1B23AB8B15A}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7E19\HPDiagnosticCoreUI.exe
FirewallRules: [{2932F3DA-E743-4FFB-92F3-6CA5CCF9799C}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7E19\HPDiagnosticCoreUI.exe
FirewallRules: [{CF1DEA46-D310-499C-AA17-BA73A3ECC6C4}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7232\HPDiagnosticCoreUI.exe
FirewallRules: [{B92D6D09-328E-4F95-BDD7-B3EB9922C721}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7232\HPDiagnosticCoreUI.exe
FirewallRules: [{182FCE87-E5B6-4B9E-8603-01F6958510D6}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS6679\HPDiagnosticCoreUI.exe
FirewallRules: [{6C0124A7-AEB1-49DC-9C41-5E9E03964955}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS6679\HPDiagnosticCoreUI.exe
FirewallRules: [{8CF6A2B3-59BD-4EC5-B6E0-731376415216}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{30783D84-8016-40BB-B4B0-468EF4A78ED8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{95CD1AA8-E84A-44B7-ABFB-A09CF1DA68B3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{14667F32-C931-4C34-8972-404D38837FBA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3CB307AA-2DC7-4984-892A-374D8BA928F8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{55DCA2AA-CB65-413B-B024-EFBB6AEF849E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{5B809C84-4941-4E2E-A7D3-B17F8258F682}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{8A03454A-B710-4C0D-9FA9-C61B8E94A565}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [UDP Query User{50DA4D58-6612-4FF7-8EF6-66C3A6C8F8D3}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\admin\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{EE84B819-D1EE-4A6E-8192-3623D4D237A7}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\admin\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{49105C15-6D06-4038-BFB9-487888D38FF2}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{20C2EE6F-BB06-446A-968B-2E8DC33AAD68}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3222933B-AB7D-4706-A60B-F056838A70F4}] => (Allow) LPort=50248
FirewallRules: [UDP Query User{4AF32029-E6DC-4B44-A019-7F21F3D1CACF}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\admin\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{4E752B87-E112-4068-AA65-4CAB5770B635}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\admin\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{1361D9A1-184E-46FA-A496-DC624C32A6C8}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E702AB62-E09E-4AE0-9164-5CB2A03F572C}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E6FF717D-D762-4D20-83DA-383E6FCABBDD}] => (Allow) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{D3A09AF4-9739-43E4-9A06-1041E6BB6299}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS2403\HPDiagnosticCoreUI.exe
FirewallRules: [{83A22F8F-C005-4458-9885-C781CC523327}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS2403\HPDiagnosticCoreUI.exe
FirewallRules: [{808C33CF-AEBB-4BD5-933A-75EE1927F365}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS24A0\HPDiagnosticCoreUI.exe
FirewallRules: [{CF58BA79-68C7-40E5-A9A3-4D9D5011A543}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS24A0\HPDiagnosticCoreUI.exe
FirewallRules: [{99A27AB0-568B-4382-81FC-B946297CBE41}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS5DD0\HPDiagnosticCoreUI.exe
FirewallRules: [{C4638C61-C2D5-464B-AB0C-06C000F8C031}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS5DD0\HPDiagnosticCoreUI.exe
FirewallRules: [{090A6C85-F13B-4233-A6BB-FBA9EC7FF739}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS530D\HPDiagnosticCoreUI.exe
FirewallRules: [{3B4BB1C0-776C-4AE3-A2B4-B1A9A0928565}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS530D\HPDiagnosticCoreUI.exe
FirewallRules: [{129EFD3A-26ED-4D07-B7DB-D148FA6FB635}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS41B6\HPDiagnosticCoreUI.exe
FirewallRules: [{AE2F7BCC-7D3D-45DF-9CD2-2F3486763270}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS41B6\HPDiagnosticCoreUI.exe
FirewallRules: [{06ED8793-251E-4650-A3EE-8C09FF040356}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS44ED\HPDiagnosticCoreUI.exe
FirewallRules: [{9F08467F-0E68-4BE3-9F4C-A54D043EB237}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS44ED\HPDiagnosticCoreUI.exe
FirewallRules: [{7EE8E09D-64C6-46B6-A7C4-615A4A720182}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS456C\HPDiagnosticCoreUI.exe
FirewallRules: [{E062B003-D826-4BBB-B3BF-F3293262AFA4}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS456C\HPDiagnosticCoreUI.exe
FirewallRules: [{A9D7B99F-BEF0-4BE5-A00A-C671BCAD56F5}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0FF7\HPDiagnosticCoreUI.exe
FirewallRules: [{38D19241-E76C-4C52-ABC7-2D80BA593224}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0FF7\HPDiagnosticCoreUI.exe
FirewallRules: [{60F532E2-DF75-47BD-AC55-1D59CD9B9733}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS3D4D\HPDiagnosticCoreUI.exe
FirewallRules: [{5D396C44-BCE9-4368-A8AF-D2E8CEEF93E1}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS3D4D\HPDiagnosticCoreUI.exe
FirewallRules: [{8054A7A7-F7CC-4C88-8762-F2704659F7B6}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0F2B\HPDiagnosticCoreUI.exe
FirewallRules: [{7F70D801-2D8A-486B-83FD-0601C0160ADA}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0F2B\HPDiagnosticCoreUI.exe
FirewallRules: [{160448D9-ECE9-4261-9F55-A84F808F17D9}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS65D3\HP.EasyStart.exe
FirewallRules: [{E4B3F583-FC98-45C8-994F-6C0139A80AB2}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS6DE3\HP.EasyStart.exe
FirewallRules: [{495DB74B-4812-4E07-8201-3B8BD892E2D7}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\DeviceSetup.exe
FirewallRules: [{EA11A5E9-E56C-451F-9AF7-6B9F81AD209A}] => (Allow) LPort=5357
FirewallRules: [{51F78C7D-B6F3-483D-9961-3BF770A7E24A}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{87CDB79B-C1D2-40D9-B30F-C65CC66278E8}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS2375\HP.EasyStart.exe
FirewallRules: [{5073659A-010B-4E58-B0B2-5D7104998141}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0511\HPDiagnosticCoreUI.exe
FirewallRules: [{CA0630C3-B651-41B0-84A7-4D696ACF1D29}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0511\HPDiagnosticCoreUI.exe
FirewallRules: [{73AF51E0-4C4E-4935-A4EA-6D93510B8F7E}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0C71\HP.EasyStart.exe
FirewallRules: [{0D9AE5EE-A360-4282-AF9F-2DBE07C66A2E}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7767\HPDiagnosticCoreUI.exe
FirewallRules: [{59E5435B-56BE-4237-8A6B-2A1FFBB5D593}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS7767\HPDiagnosticCoreUI.exe
FirewallRules: [{218544BD-AFE2-4557-BA8C-A21F9AED759B}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0915\HPDiagnosticCoreUI.exe
FirewallRules: [{4F6482CB-3C58-4AFB-8EEB-3968D145399B}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0915\HPDiagnosticCoreUI.exe
FirewallRules: [{CB1F88CE-E830-4C96-803B-15DB70033C25}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS06AB\HPDiagnosticCoreUI.exe
FirewallRules: [{92FAA138-C64E-48AB-8831-516561152E76}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS06AB\HPDiagnosticCoreUI.exe
FirewallRules: [{34BEA1B3-8AA0-466D-8DE4-A6F4795AAA45}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS1739\HPDiagnosticCoreUI.exe
FirewallRules: [{90CE71C9-3409-4B02-9C5F-FED18D5563B7}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS1739\HPDiagnosticCoreUI.exe
FirewallRules: [{F140B7AA-BBD0-4A1A-A69C-7D4352BF86B7}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS25D3\HPDiagnosticCoreUI.exe
FirewallRules: [{3F93297B-63A0-4481-928D-C58B19FA39D1}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS25D3\HPDiagnosticCoreUI.exe
FirewallRules: [{A416FC16-54C8-471D-ABBE-6D40E2B4235D}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0A52\HPDiagnosticCoreUI.exe
FirewallRules: [{A72AB0C6-13AE-4E6F-AC16-17C3383DB024}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS0A52\HPDiagnosticCoreUI.exe
FirewallRules: [{5C260C40-B8F0-49D3-B9B0-C73BAC819BD4}] => (Allow) C:\Users\admin\AppData\Local\Temp\7zS13BC\HP.EasyStart.exe
FirewallRules: [{F15A450D-6B53-480E-825C-902BE2B74F72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{62960173-84E8-46B1-AC2B-D53E4CBAA0F6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{41C3280A-E90B-49AA-9757-A8ED48EFCA64}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{FFBE735D-0197-4C4A-B2D6-E8591E7CE695}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{E221C328-6768-484B-8285-93D86CC7E751}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
==================== Restore Points =========================
23-07-2018 17:23:07 Scheduled Checkpoint
05-08-2018 18:26:03 Scheduled Checkpoint
08-08-2018 20:28:51 Removed WinZip 22.0.
12-08-2018 20:30:56 Removed COMODO Antivirus
==================== Faulty Device Manager Devices =============
Name: 260ci WIA Driver (USB)
Description: 260ci WIA Driver (USB)
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Kyocera
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
August 13th, 2018, 09:52 PM
#14
Addition.txt part 2 of 2
==================== Event log errors: =========================
Application errors:
==================
Error: (08/13/2018 06:57:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.667, time stamp: 0x5ad8e0a1
Faulting module name: ntdll.dll, version: 10.0.17134.165, time stamp: 0xf4df6dc2
Exception code: 0xc0000005
Fault offset: 0x000000000001d979
Faulting process id: 0x15d0
Faulting application start time: 0x01d432b2c05d7166
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: ba4ce2b1-9f87-48b5-8580-d9b51d2b507e
Faulting package full name:
Faulting package-relative application ID:
Error: (08/12/2018 08:29:48 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (4716,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error: (08/12/2018 08:29:48 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (4716,R,98) WebCacheLocal: An attempt to open the file "C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (08/12/2018 08:29:38 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (4716,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error: (08/12/2018 08:29:38 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (4716,R,98) WebCacheLocal: An attempt to open the file "C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (08/12/2018 08:29:28 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (4716,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error: (08/12/2018 08:29:28 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (4716,R,98) WebCacheLocal: An attempt to open the file "C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (08/12/2018 08:29:17 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (4716,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log.
System errors:
=============
Error: (08/13/2018 06:00:26 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (08/13/2018 06:00:23 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (08/13/2018 06:00:20 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (08/13/2018 06:00:17 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (08/13/2018 05:59:03 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (08/13/2018 05:58:58 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (08/13/2018 05:58:52 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (08/13/2018 05:58:47 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Windows Defender:
===================================
Date: 2018-07-29 10:17:24.816
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C6C30E64-4297-4E77-8337-01EFB718A93A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-29 09:50:01.476
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8593DB24-A45E-41DE-AEC5-6C44AB05E081}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-21 11:00:15.155
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0E9780BC-DA01-48C7-A4E7-4221C09D6F3E}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-21 10:51:45.504
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {ED6BEC6A-6368-4EF9-BE1E-E9A92B8FC6A2}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-17 17:21:24.317
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?lin...8&enterprise=0
Name: SoftwareBundler:Win32/ICLoader
ID: 222548
Severity: High
Category: Software Bundler
Path: containerfile:_C:\Users\admin\Desktop\Chemistry_complete_solutions_manual_zumdahl.rar;file:_C:\Users\admin\Desktop\Chemistry_complete_solutions_manual_zumdahl.rar->Chemistry_complete_solutions_manual_zumdahl.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.271.1085.0, AS: 1.271.1085.0, NIS: 1.271.1085.0
Engine Version: AM: 1.1.15000.2, NIS: 1.1.15000.2
CodeIntegrity:
===================================
Date: 2018-08-13 08:19:22.424
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-08-13 08:19:22.418
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-08-13 08:19:22.417
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-08-13 08:19:22.412
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-08-13 08:19:22.411
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-08-12 20:25:58.821
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-08-12 19:35:05.375
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-08-12 19:35:05.375
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 31%
Total physical RAM: 7980.45 MB
Available physical RAM: 5457.86 MB
Total Virtual: 10980.45 MB
Available Virtual: 8374.9 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.22 GB) (Free:30.51 GB) NTFS
\\?\Volume{28c6728b-cb27-11e3-b997-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{5e4cd43b-0000-0000-0000-a05474000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 5E4CD43B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)
==================== End of Addition.txt ============================
August 13th, 2018, 10:25 PM
#15
In your Event Viewer I see number of these:
Error: (08/13/2018 06:00:26 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
I suggest running hard drive diagnostic.
Run hard drive diagnostics: http://www.bleepingcomputer.com/foru...ost__p__160520
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn : http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
For Toshiba hard drives, see here: http://storage.toshiba.com/storage-s...ies#diagnostic
Note : If you do not know how to set your computer to boot from CD follow the steps here
==============================================
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt ). Please post it to your reply.
Attached Files
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules