Jump to content

Alice94

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

 Content Type 

Everything posted by Alice94

  1. Alice94
    FRST.txt here it is. My computer stopped lagging and popping this winodw MSASCuiL.exe is still in my startup though.
  2. Alice94
    Thanks a lot. I did the scan with mb3 these are what it found. The problem is the virus wont let me open the FRST64.exe. It closes automatically right after the admin window. what should i do? Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/23/18 Scan Time: 7:12 PM Log File: 3834ad02-7700-11e8-8dd5-84ef18ad3198.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.5599 License: Expired -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: Andreas\Andreash -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 294299 Threats Detected: 56 Threats Quarantined: 56 Time Elapsed: 23 min, 7 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 3 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [4496], [398206],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [4496], [380353],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [4496], [380352],1.0.5599 Module: 6 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [4496], [398206],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [4496], [380353],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [4496], [380352],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599 Registry Key: 22 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC11_PerformanceMonitor, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{22BF8969-A290-4A32-9F18-CC9790031C82}, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{22BF8969-A290-4A32-9F18-CC9790031C82}, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC11_SkipUac_Andreash, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{930E0AB9-07B0-4E51-9A2B-DCAC4DECCC1C}, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{930E0AB9-07B0-4E51-9A2B-DCAC4DECCC1C}, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService11, Delete-on-Reboot, [4496], [380352],1.0.5599 Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{282B4048-62ED-E695-3B05-C755DD931DD9}, Delete-on-Reboot, [6063], [514917],1.0.5599 Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FE76BA8E-3119-4548-88F0-6A00EA4BBF28}, Delete-on-Reboot, [6063], [514917],1.0.5599 Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{FE76BA8E-3119-4548-88F0-6A00EA4BBF28}, Delete-on-Reboot, [6063], [514917],1.0.5599 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [6063], [-1],0.0.0 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [14221], [531742],1.0.5599 Registry Value: 1 PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-3018201572-215371730-3148437188-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 11, Delete-on-Reboot, [4496], [380353],1.0.5599 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 24 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_PerformanceMonitor, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_SkipUac_Andreash, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\USERS\ANDREASH\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\TASKBAR\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [380340],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [380338],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Delete-on-Reboot, [4496], [398206],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Delete-on-Reboot, [4496], [380353],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Delete-on-Reboot, [4496], [380352],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Delete-on-Reboot, [4496], [396386],1.0.5599 Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{282B4048-62ED-E695-3B05-C755DD931DD9}, Delete-on-Reboot, [6063], [514917],1.0.5599 Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [6063], [-1],0.0.0 Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [14221], [531742],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [396386],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, Delete-on-Reboot, [4496], [396386],1.0.5599 Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [14221], [531742],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\USERS\ANDREASH\DOWNLOADS\ADVANCED-SYSTEMCARE-SETUP.EXE, Delete-on-Reboot, [4496], [396386],1.0.5599 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  3. Alice94
    Thanks a lot. I did the scan with mb3 these are what it found. The problem is the virus wont let me open the FRST64.exe. It closes automatically right after the admin window. what should i do? Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/23/18 Scan Time: 7:12 PM Log File: 3834ad02-7700-11e8-8dd5-84ef18ad3198.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.5599 License: Expired -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: Andreas\Andreash -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 294299 Threats Detected: 56 Threats Quarantined: 56 Time Elapsed: 23 min, 7 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 3 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [4496], [398206],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [4496], [380353],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [4496], [380352],1.0.5599 Module: 6 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [4496], [398206],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [4496], [380353],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [4496], [380352],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599 Registry Key: 22 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC11_PerformanceMonitor, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{22BF8969-A290-4A32-9F18-CC9790031C82}, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{22BF8969-A290-4A32-9F18-CC9790031C82}, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC11_SkipUac_Andreash, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{930E0AB9-07B0-4E51-9A2B-DCAC4DECCC1C}, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{930E0AB9-07B0-4E51-9A2B-DCAC4DECCC1C}, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService11, Delete-on-Reboot, [4496], [380352],1.0.5599 Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{282B4048-62ED-E695-3B05-C755DD931DD9}, Delete-on-Reboot, [6063], [514917],1.0.5599 Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FE76BA8E-3119-4548-88F0-6A00EA4BBF28}, Delete-on-Reboot, [6063], [514917],1.0.5599 Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{FE76BA8E-3119-4548-88F0-6A00EA4BBF28}, Delete-on-Reboot, [6063], [514917],1.0.5599 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [6063], [-1],0.0.0 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [14221], [531742],1.0.5599 Registry Value: 1 PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-3018201572-215371730-3148437188-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 11, Delete-on-Reboot, [4496], [380353],1.0.5599 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 24 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_PerformanceMonitor, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_SkipUac_Andreash, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\USERS\ANDREASH\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\TASKBAR\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [380340],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [380338],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Delete-on-Reboot, [4496], [398206],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Delete-on-Reboot, [4496], [380353],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Delete-on-Reboot, [4496], [380352],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Delete-on-Reboot, [4496], [396386],1.0.5599 Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{282B4048-62ED-E695-3B05-C755DD931DD9}, Delete-on-Reboot, [6063], [514917],1.0.5599 Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [6063], [-1],0.0.0 Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [14221], [531742],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [396386],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, Delete-on-Reboot, [4496], [396386],1.0.5599 Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [14221], [531742],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\USERS\ANDREASH\DOWNLOADS\ADVANCED-SYSTEMCARE-SETUP.EXE, Delete-on-Reboot, [4496], [396386],1.0.5599 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  4. Alice94
    Thanks a lot. I did the scan with mb3 these are what it found. The problem is the virus wont let me open the FRST64.exe. It closes automatically right after the admin window. what should i do? Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/23/18 Scan Time: 7:12 PM Log File: 3834ad02-7700-11e8-8dd5-84ef18ad3198.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.5599 License: Expired -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: Andreas\Andreash -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 294299 Threats Detected: 56 Threats Quarantined: 56 Time Elapsed: 23 min, 7 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 3 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [4496], [398206],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [4496], [380353],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [4496], [380352],1.0.5599 Module: 6 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [4496], [398206],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [4496], [380353],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [4496], [380352],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599 Registry Key: 22 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC11_PerformanceMonitor, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{22BF8969-A290-4A32-9F18-CC9790031C82}, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{22BF8969-A290-4A32-9F18-CC9790031C82}, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC11_SkipUac_Andreash, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{930E0AB9-07B0-4E51-9A2B-DCAC4DECCC1C}, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{930E0AB9-07B0-4E51-9A2B-DCAC4DECCC1C}, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService11, Delete-on-Reboot, [4496], [380352],1.0.5599 Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{282B4048-62ED-E695-3B05-C755DD931DD9}, Delete-on-Reboot, [6063], [514917],1.0.5599 Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FE76BA8E-3119-4548-88F0-6A00EA4BBF28}, Delete-on-Reboot, [6063], [514917],1.0.5599 Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{FE76BA8E-3119-4548-88F0-6A00EA4BBF28}, Delete-on-Reboot, [6063], [514917],1.0.5599 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [6063], [-1],0.0.0 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [14221], [531742],1.0.5599 Registry Value: 1 PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-3018201572-215371730-3148437188-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 11, Delete-on-Reboot, [4496], [380353],1.0.5599 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 24 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_PerformanceMonitor, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_SkipUac_Andreash, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\USERS\ANDREASH\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\TASKBAR\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [380340],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [380338],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Delete-on-Reboot, [4496], [398206],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Delete-on-Reboot, [4496], [380353],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Delete-on-Reboot, [4496], [380352],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Delete-on-Reboot, [4496], [396386],1.0.5599 Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{282B4048-62ED-E695-3B05-C755DD931DD9}, Delete-on-Reboot, [6063], [514917],1.0.5599 Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [6063], [-1],0.0.0 Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [14221], [531742],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [396386],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, Delete-on-Reboot, [4496], [396386],1.0.5599 Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [14221], [531742],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\USERS\ANDREASH\DOWNLOADS\ADVANCED-SYSTEMCARE-SETUP.EXE, Delete-on-Reboot, [4496], [396386],1.0.5599 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  5. Alice94
    Thanks a lot. I did the scan with mb3 these are what it found. The problem is the virus wont let me open the FRST64.exe. It closes automatically right after the admin window. what should i do? Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/23/18 Scan Time: 7:12 PM Log File: 3834ad02-7700-11e8-8dd5-84ef18ad3198.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.5599 License: Expired -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: Andreas\Andreash -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 294299 Threats Detected: 56 Threats Quarantined: 56 Time Elapsed: 23 min, 7 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 3 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [4496], [398206],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [4496], [380353],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [4496], [380352],1.0.5599 Module: 6 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [4496], [398206],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [4496], [380353],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [4496], [380352],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599 Registry Key: 22 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC11_PerformanceMonitor, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{22BF8969-A290-4A32-9F18-CC9790031C82}, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{22BF8969-A290-4A32-9F18-CC9790031C82}, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC11_SkipUac_Andreash, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{930E0AB9-07B0-4E51-9A2B-DCAC4DECCC1C}, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{930E0AB9-07B0-4E51-9A2B-DCAC4DECCC1C}, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService11, Delete-on-Reboot, [4496], [380352],1.0.5599 Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{282B4048-62ED-E695-3B05-C755DD931DD9}, Delete-on-Reboot, [6063], [514917],1.0.5599 Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FE76BA8E-3119-4548-88F0-6A00EA4BBF28}, Delete-on-Reboot, [6063], [514917],1.0.5599 Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{FE76BA8E-3119-4548-88F0-6A00EA4BBF28}, Delete-on-Reboot, [6063], [514917],1.0.5599 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [6063], [-1],0.0.0 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [14221], [531742],1.0.5599 Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [14221], [531742],1.0.5599 Registry Value: 1 PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-3018201572-215371730-3148437188-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 11, Delete-on-Reboot, [4496], [380353],1.0.5599 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 24 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_PerformanceMonitor, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_SkipUac_Andreash, Delete-on-Reboot, [4496], [380341],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\USERS\ANDREASH\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\TASKBAR\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [380340],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [380338],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Delete-on-Reboot, [4496], [398206],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Delete-on-Reboot, [4496], [380353],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Delete-on-Reboot, [4496], [380352],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Delete-on-Reboot, [4496], [396386],1.0.5599 Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{282B4048-62ED-E695-3B05-C755DD931DD9}, Delete-on-Reboot, [6063], [514917],1.0.5599 Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [6063], [-1],0.0.0 Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [6063], [-1],0.0.0 Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [14221], [531742],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [396386],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, Delete-on-Reboot, [4496], [396386],1.0.5599 Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [14221], [531742],1.0.5599 PUP.Optional.AdvancedSystemCare, C:\USERS\ANDREASH\DOWNLOADS\ADVANCED-SYSTEMCARE-SETUP.EXE, Delete-on-Reboot, [4496], [396386],1.0.5599 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018 Ran by Andreash (23-06-2018 19:49:42) Running from C:\Users\Andreash\Desktop Windows 8.1 Pro (Update) (X64) (2017-01-18 13:48:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3018201572-215371730-3148437188-500 - Administrator - Disabled) Andreash (S-1-5-21-3018201572-215371730-3148437188-1001 - Administrator - Enabled) => C:\Users\Andreash Guest (S-1-5-21-3018201572-215371730-3148437188-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Advanced SystemCare 11 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 11.4.0 - IObit) Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Assassin's Creed Origins (HKLM-x32\...\{DAC281DD-7006-49D4-905B-E8BDA474A230}_is1) (Version: - Ubisoft) AutoCAD 2015 - English (HKLM\...\{5783F2D7-E001-0000-0102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden AutoCAD 2015 - English (HKLM\...\{5783F2D7-E001-0409-2102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden AutoCAD 2015 Language Pack - English (HKLM\...\{5783F2D7-E001-0409-1102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk) Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk) Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk) Autodesk Content Service (HKLM-x32\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk) Autodesk Content Service Language Pack (HKLM-x32\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.5.154 - Autodesk) Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk) Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk) Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk) Autodesk ReCap (HKLM\...\{31ABA3F2-0000-1033-0102-111D43815377}) (Version: 1.3.1.39 - Autodesk) Hidden Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk) BioShock Remastered (HKLM-x32\...\BioShock Remastered_is1) (Version: - ) Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.) CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform) Chicken Invaders 4 (HKLM-x32\...\Chicken Invaders 4 v.4.13) (Version: 4.13 - InterAction Studios) Dark Souls III (HKLM-x32\...\Dark Souls III_is1) (Version: - ) Discord (HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\Discord) (Version: 0.0.300 - Discord Inc.) Dishonored Game of the Year Edition (HKLM-x32\...\RGlzaG9ub3JlZA==_is1) (Version: 1 - ) DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.31 - NVIDIA Corporation) Hidden Dolby Audio X2 Windows API SDK (HKLM\...\{68B3293E-612B-48B4-BC0F-4CCFBF83AB96}) (Version: 0.8.2.76 - Dolby Laboratories, Inc.) Doom (HKLM-x32\...\{B6A2B3BA-C93E-4AEE-BBCF-BE91DDC84962}_is1) (Version: - id Software) Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.2.0 - IObit) Exterminate It! (HKLM-x32\...\Exterminate It!) (Version: 2.12.06.06 - CURIOLAB S.M.B.A.) Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden GRID Autosport (HKLM-x32\...\R1JJREF1dG9zcG9ydA==_is1) (Version: 1 - ) HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.294 - SurfRight B.V.) iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4542 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{aa2c2346-d0c0-4d3e-9ab1-11a48b4cb9f3}) (Version: 19.20.3 - Intel Corporation) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.2.0.933 - IObit) iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.5.0 - iolo technologies, LLC) iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.) Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains) Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Metro 2033 Redux (HKLM-x32\...\1436434037_is1) (Version: 2.0.0.2 - GOG.com) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.9330.2124 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) NBA 2K17 (HKLM-x32\...\NBA 2K17_is1) (Version: - ) NVIDIA 3D Vision Driver 397.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 397.31 - NVIDIA Corporation) NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation) NVIDIA Graphics Driver 397.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.31 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.6.1.0 - Popcorn Time) <==== ATTENTION Pro Evolution Soccer 2017 - Version 1.0.1.0.0 (HKLM-x32\...\Pro Evolution Soccer 2017_is1) (Version: 1.0.1.0.0 - RePack by VickNet) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.) Realtek Wireless LAN Adapter Software (HKLM-x32\...\{E462B252-195B-47EA-98E2-BAC3C2DF7D37}) (Version: 1.00.0048.0 - REALTEK Semiconductor Corp.) RISA-3D 11.0 Standalone (64-bit) (HKLM-x32\...\RISA-3D 11.0 Standalone (64-bit)) (Version: 11.0.2.0 - RISA Technologies, LLC) RocLab 1.0 (HKLM-x32\...\{D40FC2D6-81B9-4674-96FE-125C5F198846}) (Version: - ) RogueKiller version 12.12.16.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.16.0 - Adlice Software) Sentinel System Driver Installer 7.5.8 (HKLM-x32\...\{75BC36E7-AC24-4F35-8AE0-B5885F887744}) (Version: 7.5.8 - SafeNet, Inc.) Sid Meiers Civilization VI Proper (HKLM\...\c2lkbWVpZXJzY2l2aWxpemF0aW9udmk_is1) (Version: 1 - ) Skype version 8.22 (HKLM-x32\...\Skype_is1) (Version: 8.22 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) The Elder Scrolls V Skyrim Legendary Edition version 1.9.32.8 (HKLM-x32\...\The Elder Scrolls V Skyrim Legendary Edition_is1) (Version: 1.9.32.8 - Mr DJ) TORMOD GAMING MOUSE (HKLM-x32\...\{FB05F0C7-56F3-4021-8516-8F7786A33B68}_is1) (Version: 2.0 - TORMOD) Unity Web Player (HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3018201572-215371730-3148437188-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3018201572-215371730-3148437188-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3018201572-215371730-3148437188-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.) ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2014-02-07] (Autodesk) ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit) ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Windows\system32\Incinerator64.dll [2013-12-03] (iolo technologies, LLC) ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-24] (IObit) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-01-17] (Apple Inc.) ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.) ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit) ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Windows\system32\Incinerator64.dll [2013-12-03] (iolo technologies, LLC) ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-24] (IObit) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-01-19] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-04-22] (NVIDIA Corporation) ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-24] (IObit) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.) ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07E06068-4803-4802-B41B-58781D130A42} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.) Task: {17B6A394-4DBB-4D80-B590-87A9D0F79FCE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {1D90D9DF-EEF4-4AD4-9C50-56590F76B9B7} - System32\Tasks\Uninstaller_SkipUac_Andreash => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-01-11] (IObit) Task: {24926DDC-813B-424E-9576-5BE7139BC8F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {27E3779F-45B7-4C42-B50C-E5FDCACBCDF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {29D2536D-596F-4EB9-9CF4-AE943E9DE356} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-04-22] (NVIDIA Corporation) Task: {3165ECF7-E2E6-4B46-9F3D-68B93B614CF9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-12] (Microsoft Corporation) Task: {430F1BC2-E9D4-4C01-9F63-7C4E56F28918} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.) Task: {449ABA8D-2597-4C47-B27C-311E94BE5AFE} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-07] (Piriform Ltd) Task: {4AA2EA00-61B6-4863-98D9-F92977B0463E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-04-22] (NVIDIA Corporation) Task: {4FED957C-0274-43BF-AB2B-21B0FB49B6CD} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-04-22] (NVIDIA Corporation) Task: {5282C199-3802-4EEA-9F1B-26B8C0279B71} - \ASC10_SkipUac_Andreash -> No File <==== ATTENTION Task: {55E55BAD-A8A1-4909-8DCF-1763A34506E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-26] (Google Inc.) Task: {5AE9FBFB-EF24-4477-BB1D-E7B75BA1B3D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-06-19] (Microsoft Corporation) Task: {5FD3ADCC-7978-4136-A8C9-93213709AAD1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-19] (Microsoft Corporation) Task: {74D3AB23-0E09-4847-8FE8-B2A353FB33C2} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-04-22] (NVIDIA Corporation) Task: {89F29BCD-FA38-42B5-B5F1-4B2E09D06A7A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-06-19] (Microsoft Corporation) Task: {92649B93-7688-4D9D-84F5-0A7F60255229} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-12] (Microsoft Corporation) Task: {92DFE22D-1F13-44C6-9AEA-CD837F41C045} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2013-12-03] (iolo technologies, LLC) Task: {98DE5660-5E9A-4A60-8B5E-354B1FE3E4AE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-04-22] (NVIDIA Corporation) Task: {9E5B8911-777A-4C02-A067-43FC55479FD7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-19] (Microsoft Corporation) Task: {A691C94A-E0BF-48E3-BD52-66D8DE8171FA} - System32\Tasks\{65F193EF-C19B-4A5A-B748-34E852479319} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Serious Sam 3 BFE Deluxe Edition\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe" -d "C:\Program Files (x86)\Serious Sam 3 BFE Deluxe Edition\Steam\steamapps\common\Serious Sam 3\Bin" Task: {AFD4016F-2A82-44F0-9F18-8B8F633F913A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-26] (Google Inc.) Task: {B54A41E3-63EB-48A2-BCD0-03D8A7A2BBD8} - System32\Tasks\Driver Booster SkipUAC (Andreash) => C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe [2018-01-11] (IObit) Task: {B756E704-C749-400D-B84E-30300990001F} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>) Task: {C14C0788-AAB8-4EB0-908D-231F58AB9262} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-04-22] (NVIDIA Corporation) Task: {C24C272D-94AA-49DE-9606-876FB3F727CA} - System32\Tasks\update-S-1-5-21-3018201572-215371730-3148437188-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>) Task: {C472B2A4-F96E-46CB-A44A-7DFF6E357F8D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.) Task: {C9E2C408-CD83-4044-B372-91DDF09CBEAB} - \ASC10_PerformanceMonitor -> No File <==== ATTENTION Task: {D2B8E2EB-BABE-416A-88EE-A957520C1D20} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-04-22] (NVIDIA Corporation) Task: {DAE32ECF-DCB6-4824-8DDA-510D61BD0857} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-04-22] (NVIDIA Corporation) Task: {E2B0BC2E-15CA-448B-883D-2AD8A606B90E} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\5.2.0\Scheduler.exe [2017-12-11] (IObit) Task: {EB46B1B2-C92C-473F-804E-D3FDCB1744E5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {F2B3B89B-C255-4F11-94DA-6F361D5D62CE} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-06-19] (Microsoft Corporation) Task: {F746BF1C-ED32-43EE-8D98-48E5E7C5BC48} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {FFCABCC9-0A12-45C9-B68D-234A45229729} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-07] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Uninstaller_SkipUac_Andreash.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe Task: C:\Windows\Tasks\update-S-1-5-21-3018201572-215371730-3148437188-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-01-13 14:56 - 2017-01-13 14:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-01-13 14:56 - 2017-01-13 14:56 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-08-17 20:03 - 2012-04-24 18:42 - 001181544 _____ () C:\Program Files (x86)\TORMOD Gaming Mouse\ETGMSrv.exe 2018-05-07 03:17 - 2018-04-22 14:05 - 001267648 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2018-06-23 19:10 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2017-08-17 20:03 - 2015-11-14 00:21 - 003343360 _____ () C:\Program Files (x86)\TORMOD Gaming Mouse\lwmon.exe 2017-04-14 15:23 - 2017-03-10 13:48 - 000061944 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll 2017-04-14 15:23 - 2017-03-10 13:48 - 000110584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll 2017-01-18 21:11 - 2016-06-22 06:30 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2017-01-18 21:11 - 2016-06-22 06:29 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2017-01-18 21:11 - 2016-06-22 06:29 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl 2018-05-07 03:17 - 2018-04-22 14:05 - 001041344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2018-02-07 15:02 - 2017-10-16 11:14 - 000442144 _____ () C:\Program Files (x86)\IObit\Driver Booster\5.2.0\madExcept_.bpl 2018-02-07 15:02 - 2017-10-16 11:14 - 000210720 _____ () C:\Program Files (x86)\IObit\Driver Booster\5.2.0\madBasic_.bpl 2018-02-07 15:02 - 2017-10-16 11:14 - 000059680 _____ () C:\Program Files (x86)\IObit\Driver Booster\5.2.0\madDisAsm_.bpl 2017-08-17 20:03 - 2012-04-24 18:42 - 000034152 _____ () C:\Program Files (x86)\TORMOD Gaming Mouse\uiHook.dll 2017-01-18 21:11 - 2016-05-24 08:49 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll 2017-01-18 21:11 - 2016-10-19 03:57 - 000631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\53091934.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\53091934.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-3018201572-215371730-3148437188-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 16:25 - 2013-08-22 16:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3018201572-215371730-3148437188-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Andreash\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: vrswrm-service => 2 MSCONFIG\Services: ZAMSvc => 2 HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run: => "ZAM" HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App" HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter" HKLM\...\StartupApproved\Run32: => "SDTray" HKLM\...\StartupApproved\Run32: => "WindowsDefender" HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\StartupApproved\Run: => "Skype for Desktop" HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\StartupApproved\Run: => "uTorrent" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{824EC7FD-3B2D-4248-9156-273AE28983B9}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{F7ED63FE-752C-416F-9573-694A2736BA11}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe FirewallRules: [{67FCC50F-A9DC-41DB-B082-9A9A92625108}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe FirewallRules: [{4BFB2CB3-BAE5-4CA0-B327-797193763754}] => (Allow) LPort=50248 FirewallRules: [{A6049089-DD1A-46C5-8170-517E84879459}] => (Allow) C:\Users\Andreash\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{809978D1-A4C3-4249-8494-7E39A41AA6EA}] => (Allow) C:\Users\Andreash\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{272FEC1C-A4A6-4F68-99DA-9490D4A66335}] => (Allow) C:\Users\Andreash\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{BB6AEC0E-B1BF-4C2E-B454-E9EFD45BAE8A}] => (Allow) C:\Users\Andreash\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9F7498F2-7396-4E96-B830-01B413049162}] => (Allow) C:\Users\Andreash\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{EBE7D8A0-63FB-403F-A520-762DD18B6294}] => (Allow) C:\Users\Andreash\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A40B9DAA-64FB-4C68-B2E7-238B3F1FAB52}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{031B9AF0-E7C2-4CFD-A609-A47E206AA3FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{5C228210-F1D7-4F02-B1B1-5E92AAD12270}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{3218FCBB-5C45-4585-9BCD-7024D8E9720C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{48183C17-47DE-4270-B482-6E217E0EA5AC}] => (Allow) C:\Users\Andreash\AppData\Local\Microsoft\OneDrive\OneDrive.exe FirewallRules: [TCP Query User{2718BEF6-F529-4EB1-9B1C-B498EA1A6C91}C:\program files (x86)\nba 2k17\nba2k17.exe] => (Block) C:\program files (x86)\nba 2k17\nba2k17.exe FirewallRules: [UDP Query User{7AB7A06B-2685-4811-ACF7-127DAF3C5D02}C:\program files (x86)\nba 2k17\nba2k17.exe] => (Block) C:\program files (x86)\nba 2k17\nba2k17.exe FirewallRules: [TCP Query User{79A2FBCE-EE64-4486-A3AE-B837B56F98F7}C:\program files (x86)\nba 2k17\nba2k17.exe] => (Block) C:\program files (x86)\nba 2k17\nba2k17.exe FirewallRules: [UDP Query User{3DE500DE-705F-43D5-968E-B7F9322531B0}C:\program files (x86)\nba 2k17\nba2k17.exe] => (Block) C:\program files (x86)\nba 2k17\nba2k17.exe FirewallRules: [TCP Query User{04D1E156-416C-4084-8E28-69770261E337}C:\program files (x86)\doom\doomx64.exe] => (Block) C:\program files (x86)\doom\doomx64.exe FirewallRules: [UDP Query User{62635FCC-6655-4817-82EF-62A1671AF774}C:\program files (x86)\doom\doomx64.exe] => (Block) C:\program files (x86)\doom\doomx64.exe FirewallRules: [TCP Query User{B6C39698-79D7-40F4-8BEC-7D68C570E8FB}C:\program files (x86)\doom\doomx64.exe] => (Block) C:\program files (x86)\doom\doomx64.exe FirewallRules: [UDP Query User{D90F267E-1A2F-4849-ACC2-04761D9B5924}C:\program files (x86)\doom\doomx64.exe] => (Block) C:\program files (x86)\doom\doomx64.exe FirewallRules: [{28DBCE82-9BC4-4012-90BA-F3C116E3C84C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{121904F1-46EE-4B61-982C-CD378F83F67A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{91FB957A-3C1F-4A7D-B627-0BA21006BA72}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{807F6AC1-204B-416E-8F7C-A159C6A16616}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5C579889-BEA3-443F-A345-88D2A7829955}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{BF32FF6E-786B-4B99-ACA5-D8249837783A}C:\program files (x86)\dishonored\binaries\win32\dishonored.exe] => (Block) C:\program files (x86)\dishonored\binaries\win32\dishonored.exe FirewallRules: [UDP Query User{7AAB2848-D77B-4A9F-8DAF-CE9073759CE5}C:\program files (x86)\dishonored\binaries\win32\dishonored.exe] => (Block) C:\program files (x86)\dishonored\binaries\win32\dishonored.exe FirewallRules: [{3E98BD45-C509-4ECB-8A01-D3801C288DE1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{9CF1FD68-A3D1-42E6-BF71-F6B9B22B839F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{5D1CE1BD-5718-4CB8-93A4-312D287DE3D4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{92E91B0B-229D-47E4-A52C-BC496C685B91}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{765A27A8-01B7-4415-8C08-5B8CBAFE2F7C}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe FirewallRules: [{39C98CC5-7B32-4CF6-9064-67B47C6B4B9D}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe FirewallRules: [TCP Query User{9F12A01F-BA24-44BE-8300-8BBCE4ACF3BE}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [UDP Query User{EE7AE996-5519-43C1-9EBD-BD4B8377DC24}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [TCP Query User{94B00A11-A46D-4348-92F9-253A2BD1C838}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [UDP Query User{16CB5A55-8C1C-41C3-B6BC-ACCCF341F30A}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [{E55A6713-6FD8-41B9-A4AF-92C49C084845}] => (Allow) LPort=1688 FirewallRules: [TCP Query User{A03B4CE3-A89F-4F30-A892-DE012D2D721D}C:\users\andreash\documents\games\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left4dead2.exe] => (Block) C:\users\andreash\documents\games\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left4dead2.exe FirewallRules: [UDP Query User{D3EDD4D2-14B3-4EA0-9DC7-8B44D1D52954}C:\users\andreash\documents\games\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left4dead2.exe] => (Block) C:\users\andreash\documents\games\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left4dead2.exe FirewallRules: [{021FFD9C-6B94-47AD-A400-EEFBBA33A560}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{83DF9DA5-E8F0-4205-AC91-5EBB4F0D720B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe FirewallRules: [{499C9B2C-C287-40D7-A747-08E727A52E26}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe FirewallRules: [{18A634F3-CE72-47C1-8373-7B9364C737D5}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DBDownloader.exe FirewallRules: [{0EB49EDC-6998-42DE-8EA7-B44770ED924A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DBDownloader.exe FirewallRules: [{D9EC5E2A-CE99-485B-A9AF-27CC4FC321DC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\AutoUpdate.exe FirewallRules: [{BEC6D96E-668E-4867-9A8E-AB238CAA424A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\AutoUpdate.exe FirewallRules: [{D900C0E4-8E22-402D-8DB0-C3F9B68A93EA}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{A94D700E-B812-4AAB-96FB-2F68C8382978}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{3C01308E-A617-43D9-A1DD-41BFCA23E5A7}] => (Allow) C:\Windows\SysWOW64\msiexec.exe FirewallRules: [{39B3F040-2BC4-4046-96D3-ECF4B48A7760}] => (Allow) C:\Users\Andreash\AppData\Local\AJtzOik.exe FirewallRules: [{CF99B1B6-8A4C-435A-81FF-E6E87E2B5FE2}] => (Allow) C:\Windows\SysWOW64\GauxOm.exe FirewallRules: [{C7AC0285-D580-41EA-AA0A-7FF624795A83}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{E403394A-A9C6-431A-B05F-0E233A33EF89}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{75598BCA-A119-456C-952C-160ED7CA66A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{6EB9C95D-4A86-4F99-B5A1-3807E6B61DDC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{20CD0384-6E0B-4DB3-AFFB-7F3C37D1F845}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{41B85657-A168-4572-90FB-2E2B35EE6411}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{69B5D3DB-68E3-4C7D-B8F6-D39320747AE8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{CBCC8318-F45F-4E94-BBEF-D9BFE68A493B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{1551EC31-37E7-4538-AE4B-4DBD193892AA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{50533EF1-D4C5-4140-AE55-78A88158D151}] => (Allow) C:\Windows\SysWOW64\rundll32.exe FirewallRules: [{47903156-687E-4992-AAE9-7C704240E3D4}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{DF43DF35-2FA0-4CF3-8A96-BEA8FD4ADB9F}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{0690F96B-3FA5-496B-9D52-8C68EC4A305F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{34E875A9-B040-4309-93DC-EB00DB022BE4}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{EC824300-759A-4FC2-9A5D-0891EEFB1485}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{AB372BD0-3753-4A81-93C6-D9019A6DED04}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{3B615CE9-EA9E-48E7-B120-C41FAEA38B8D}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{A48EA69C-41DB-4CF5-9B10-73ED1CC74AC4}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{C61F4C56-D260-49A0-9819-7D8C2870BB60}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{837CC7A7-B62B-4DF6-A899-782AD406DD2A}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{3A0799D0-2CFD-4652-AE23-096B4BB9871F}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{FA6E5130-4345-4F04-99B7-51ECF537CA6B}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{821F3828-5274-4202-AFA8-15C97E1C4720}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{1DA53512-6A36-4742-91E4-E625A27D1453}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{4CBF459B-F5FE-4857-B7CC-2431DB99CA4E}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{6FB57C5E-BFE9-4A33-B8F5-A2F52DCEBB06}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{AF68C71F-B866-471F-B1CD-4BFBF5CB0861}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{E3C3B65D-B51A-4B96-9333-3BE956B05195}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{FD4C24F2-107A-4062-9AC9-53FCAC2F1E2F}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{B1101E1C-C551-4DCB-BDE9-ADC7144B369B}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{3345B2E3-088E-468F-BDC4-2B0E77ED4DD3}] => (Allow) C:\Users\Andreash\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{EA913FE9-F77E-4CFF-88B4-3EDD6FB43F5E}] => (Allow) C:\Users\Andreash\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{51F7BD9C-C8F1-4A33-B80A-8B62C435123D}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{1964000E-2879-423F-B668-57DC453CEBD9}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{B3C36A34-0A0F-4EC1-9D74-86493FB154BB}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{D62119D8-CCAD-4B20-A5FF-1FD081E8C9DB}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{BB059230-D5AD-4FF8-BC6A-691617AACC97}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{8D2D8DA8-9EF7-4752-972F-985D1A285AAC}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{34F24447-4E35-4C67-B201-39C648AF51D8}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{7C6A1068-4049-4B1A-BA79-8DCEE7EC4BA7}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{62B5D3EA-3550-440A-B933-880C4D4DC4EE}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{3CE4F9AD-D0AE-4099-95C0-A8962B7C71CF}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{CE9D2ADE-918D-494C-9417-370935D52E0D}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{91EAC1FB-27BD-47E7-A269-418440C61856}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [TCP Query User{E6233587-84F0-43B5-B249-01A9495D3683}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe FirewallRules: [UDP Query User{B0AA6465-79FD-4DB8-8030-BA9E71D74C3D}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe FirewallRules: [TCP Query User{77150B69-EA34-4516-A9BC-B8EC84100BA8}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe FirewallRules: [UDP Query User{42B0FB0E-B734-439B-B0BE-4F3E223F8DA1}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe FirewallRules: [{A308E225-4120-476F-8A79-15679E47A502}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{C83BB500-D0DB-46E5-B242-C14F731F5AB9}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{F15B0105-66D9-448A-8541-744AAC35DC2B}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{C429AC28-599D-430B-ADA9-1306C5AD1337}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{F7772EE5-A1DD-43CD-9B16-D8624D823B52}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{88B8AC8A-1D17-4079-9F70-562A173C6776}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{54545148-D082-4824-8E4A-F5CF53B68175}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{1D62DF20-96A8-4D0B-8F03-AC54D324028B}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{08D51038-A84B-4CBA-B33B-4BB5C42AE866}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{569ECF2A-7471-41D0-A30A-989950857B8D}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{E802EF6F-1853-4E29-BD54-9B45D28A3058}] => (Allow) C:\Windows\SysWOW64\svchost.exe FirewallRules: [{39E67B18-4451-49D3-9A57-E980D853213E}] => (Allow) C:\Windows\SysWOW64\tracert.exe FirewallRules: [{37618C2D-DA49-4145-8818-9A75695B2BAF}] => (Allow) C:\Windows\SysWOW64\tracert.exe FirewallRules: [{36A13E71-86DD-43FE-B5C5-8040F7CA3A6C}] => (Allow) C:\Windows\SysWOW64\tracert.exe FirewallRules: [{4FDB7EC3-9568-49C3-89CB-E4351F5F0141}] => (Allow) C:\Windows\SysWOW64\tracert.exe FirewallRules: [{B9E1C61D-2A7D-4DDE-BC0E-B712682F8C98}] => (Allow) C:\Windows\SysWOW64\tracert.exe FirewallRules: [{D8D97CC2-4A91-4F5F-8A78-24146407524E}] => (Allow) C:\Windows\SysWOW64\tracert.exe FirewallRules: [{2F2B6275-A69E-4DCB-BCA8-49BADBEBDBD4}] => (Allow) C:\Windows\SysWOW64\tracert.exe FirewallRules: [{85E5723E-D1C3-4365-A853-0C251237CAF8}] => (Allow) C:\Windows\SysWOW64\tracert.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= 05-06-2018 17:46:09 Scheduled Checkpoint 08-06-2018 20:24:33 Windows Update 12-06-2018 19:33:46 Driver Booster : NVIDIA Virtual Audio Device (Wave Extensible) (WDM) 20-06-2018 10:36:50 Scheduled Checkpoint 23-06-2018 16:24:19 Removed Realtek High Definition Audio Driver ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/23/2018 07:48:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkQuarantineRetry Error: (06/23/2018 07:48:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (06/23/2018 07:48:26 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (06/23/2018 07:45:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.3.9600.18460, time stamp: 0x57c1b8c1 Faulting module name: DEVRTL.dll, version: 6.3.9600.17415, time stamp: 0x5450429b Exception code: 0xc0000005 Fault offset: 0x0000000000001475 Faulting process id: 0x728 Faulting application start time: 0x01d40b11181c0c15 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\DEVRTL.dll Report Id: d8d0c50c-7704-11e8-83b0-84ef18ad3198 Faulting package full name: Faulting package-relative application ID: Error: (06/23/2018 06:21:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NVDisplay.Container.exe, version: 1.10.2318.3615, time stamp: 0x5a169a1f Faulting module name: nvxdapix.dll, version: 8.17.13.9731, time stamp: 0x5adc2d65 Exception code: 0xc0000005 Fault offset: 0x000000000030fffd Faulting process id: 0x444 Faulting application start time: 0x01d40af781665540 Faulting application path: C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe Faulting module path: C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll Report Id: 15697c57-76f9-11e8-83af-84ef18ad3198 Faulting package full name: Faulting package-relative application ID: Error: (06/23/2018 04:42:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.3.9600.18460, time stamp: 0x57c1b8c1 Faulting module name: DEVRTL.dll, version: 6.3.9600.17415, time stamp: 0x5450429b Exception code: 0xc0000005 Fault offset: 0x0000000000001475 Faulting process id: 0x7a8 Faulting application start time: 0x01d40af7898d9b58 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\DEVRTL.dll Report Id: 4096773c-76eb-11e8-83af-84ef18ad3198 Faulting package full name: Faulting package-relative application ID: Error: (06/23/2018 04:41:03 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (06/23/2018 04:40:54 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 System errors: ============= Error: (06/23/2018 07:43:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (06/23/2018 07:43:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect. Error: (06/23/2018 07:43:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated with the following error: %%2147770990 Error: (06/23/2018 07:43:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (06/23/2018 07:43:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect. Error: (06/23/2018 07:40:59 PM) (Source: Application Popup) (EventID: 56) (User: ) Description: ACPI5 Error: (06/23/2018 04:40:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated with the following error: %%2147770990 Error: (06/23/2018 04:40:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Windows Defender: =================================== Date: 2018-06-21 20:52:21.963 Description: Windows Defender scan has been stopped before completion. Scan ID: {B6A5CF7F-F4D1-40BB-B66F-AC23D408CF32} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-06-21 20:15:13.770 Description: Windows Defender scan has been stopped before completion. Scan ID: {5550E3AA-A51D-47A9-931C-C79ECB7BFE90} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-06-20 10:28:31.328 Description: Windows Defender scan has been stopped before completion. Scan ID: {23254D8D-4D6D-4353-A9BA-BFEB76B6708A} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-06-14 20:52:33.243 Description: Windows Defender scan has been stopped before completion. Scan ID: {CB509AD9-1819-40C1-8E3C-F67BC07F7EB6} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-06-14 20:39:31.012 Description: Windows Defender scan has been stopped before completion. Scan ID: {6F91C994-9CAD-4893-8759-3E713624BD4B} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-06-23 14:46:24.093 Description: Windows Defender Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2018-06-23 14:45:35.466 Description: Windows Defender Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007045b Error description: A system shutdown is in progress. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer. Date: 2018-06-20 19:41:15.567 Description: Windows Defender Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2018-06-20 19:38:23.902 Description: Windows Defender Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2018-06-17 12:36:47.452 Description: Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80508001 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signature version: 1.269.1363.0;1.269.1363.0 Engine version: 1.1.14901.4 CodeIntegrity: =================================== Date: 2018-06-23 19:47:40.066 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvdlistx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-06-23 16:44:32.605 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvdlistx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-06-23 16:35:17.319 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvdlistx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-06-23 16:14:56.449 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msimg32.dll because the set of per-page image hashes could not be found on the system. Date: 2018-06-23 16:14:56.291 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msimg32.dll because the set of per-page image hashes could not be found on the system. Date: 2018-06-23 16:04:58.931 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msimg32.dll because the set of per-page image hashes could not be found on the system. Date: 2018-06-23 16:04:58.653 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msimg32.dll because the set of per-page image hashes could not be found on the system. Date: 2018-06-23 16:04:58.200 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msimg32.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz Percentage of memory in use: 24% Total physical RAM: 8019.88 MB Available physical RAM: 6030.95 MB Total Virtual: 12627.88 MB Available Virtual: 10282.9 MB ==================== Drives ================================ Drive ? () (Fixed) (Total:930.53 GB) (Free:230.14 GB) NTFS \\?\Volume{9237cea1-dd83-11e6-824b-806e6f6e6963}\ () (Fixed) (Total:0.97 GB) (Free:0.95 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D9FA2484) Partition 1: (Active) - (Size=1000 MB) - (Type=0B) Partition 2: (Not Active) - (Size=930.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  6. Alice94
    Windows 8.1 I recently downloaded an infected file in my computer that installed a service called mail.ru. After too many hours of trying I got rid of it, but there is still a virus in my pc. There is an MSASCuiL.exe in startup programms that no matter how many times I delete comes back. I also cant click on its properties or file location. There are also 2 svchost.exe in running programms not under the windows tab that are suspicious. Whenever I try to google malwarebytes and stuff like that my browser closes. I cant ven run malwarebytes in normal mode without closing automatically. The only way to do it is to terminate the two svchost processes and i have a 40 min gap to do anything before they come back. In safe mode i ran malwarebytes several times and deleted what it found but the problem remains. please help
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.