Epicsalsa2000

Everything seems to be working fine and well! Thank you for all of your help! At this time there are no more issues to address.

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018 Ran by Hello (14-07-2018 22:49:04) Run:3 Running from C:\Users\Hello\Downloads Loaded Profiles: Hello & (Available Profiles: Hello & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKLM\...\Run: [Judkins] => "C:\Program Files (x86)\Amylin\Psychometrics.exe" eayu HKLM\...\Run: [Wrong] => "C:\Program Files (x86)\acknowledging\Caswell.exe" eayu HKLM\...\Run: [Nueva] => "C:\Program Files (x86)\Graduating\Psychometrics.exe" eayu HKLM-x32\...\Run: [Scandalized] => "C:\Program Files (x86)\Amylin\Psychometrics.exe" eayu HKLM-x32\...\Run: [Marken] => "C:\Program Files (x86)\acknowledging\Caswell.exe" eayu HKLM-x32\...\Run: [Docu] => "C:\Program Files (x86)\Graduating\Psychometrics.exe" eayu HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\Run: [Coopers] => "C:\Program Files (x86)\Amylin\Psychometrics.exe" eayu HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\Run: [Pertinently] => "C:\Program Files (x86)\acknowledging\Caswell.exe" eayu HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\Run: [Commuter] => "C:\Program Files (x86)\Graduating\Psychometrics.exe" eayu HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\Run: [Lendl] => "C:\Program Files (x86)\Amylin\Psychometrics.exe" eayu HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\Run: [Reversions] => "C:\Program Files (x86)\acknowledging\Caswell.exe" eayu HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\Run: [Shrank] => "C:\Program Files (x86)\Graduating\Psychometrics.exe" eayu HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\Run: [front] => "C:\Program Files (x86)\Amylin\Psychometrics.exe" eayu HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\Run: [Coopers] => "C:\Program Files (x86)\Amylin\Psychometrics.exe" eayu HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\Run: [Pertinently] => "C:\Program Files (x86)\acknowledging\Caswell.exe" eayu HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\Run: [Commuter] => "C:\Program Files (x86)\Graduating\Psychometrics.exe" eayu HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\Run: [Lendl] => "C:\Program Files (x86)\Amylin\Psychometrics.exe" eayu HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\Run: [Reversions] => "C:\Program Files (x86)\acknowledging\Caswell.exe" eayu HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\Run: [Shrank] => "C:\Program Files (x86)\Graduating\Psychometrics.exe" eayu HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\Run: [front] => "C:\Program Files (x86)\Amylin\Psychometrics.exe" eayu HKU\S-1-5-82-271721585-897601226-2024613209-625570482-296978595-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094926517\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094926767\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON HKU\S-1-5-82-3876422241-1344743610-1729199087-774402673-2621913236-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094927392\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION URLSearchHook: [S-1-5-82-271721585-897601226-2024613209-625570482-296978595-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094926517] ATTENTION => Default URLSearchHook is missing URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094926767] ATTENTION => Default URLSearchHook is missing URLSearchHook: [S-1-5-82-3876422241-1344743610-1729199087-774402673-2621913236-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094927392] ATTENTION => Default URLSearchHook is missing S2 NDQ1MTQzO; C:\Program Files\NDQ1MTQzO\MmY2NGN.exe [1888936 2018-06-24] () [File not signed] S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X] S4 ptkoizeh; System32\drivers\dtksbzav.sys [X] Task: {03169A31-2B8A-42B2-9051-DD5BFC48E8CC} - System32\Tasks\cordillera => C:\Program Files (x86)\Amylin\Psychometrics.exe Task: {035A978C-231E-4626-864F-68BAFB8FA5B5} - System32\Tasks\covalent_kaiserslautern => C:\Program Files (x86)\Graduating\Psychometrics.exe Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION Task: {12F27ACF-194A-4B9B-8B3B-54C12F81DA2F} - System32\Tasks\Event Viewer Tasks\Logon sound => WScript.exe "C:\Users\Hello\Desktop\Logon Sound.vbs" Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION Task: {238A99D5-28CB-4210-A708-BC3471BDCBBD} - no filepath Task: {44EA3592-AD2E-4A6B-AE99-1B14D3BA3DA7} - System32\Tasks\problematically-misalignedproblematically-misaligned => C:\Program Files (x86)\acknowledging\Caswell.exe Task: {54C06628-B944-4C66-86BE-D153DA776373} - System32\Tasks\covalent_kaiserslauterncovalent_kaiserslautern => C:\Program Files (x86)\Graduating\Psychometrics.exe Task: {56972EE3-1199-42D4-ABDC-26F51D5274A2} - \Microsoft\Windows\Maintenance\OverLook Updater -> No File <==== ATTENTION Task: {5E2017FD-8B8A-4ED6-A494-9EAB90313D6F} - System32\Tasks\nowlin => C:\Program Files (x86)\conservations\conservations.exe Task: {6644C784-5BE6-42FF-B253-BEFED135D7D9} - \OverLook Worker -> No File <==== ATTENTION Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION Task: {7E025F30-376D-4A17-AFA8-A738666B0CC8} - System32\Tasks\continued abo => C:\Program Files (x86)\Graduating\Caswell.exe Task: {81D1D3EB-F3C2-4F49-B8AC-5F7FD7EB6306} - no filepath Task: {8CD7A15A-6C17-4EA9-8A29-73BBDE4CD541} - System32\Tasks\continued abocontinued abo => C:\Program Files (x86)\Graduating\Caswell.exe Task: {9162AECF-8D61-4CFD-BFFA-5DAC95C76CB0} - System32\Tasks\{3D22ECEA-BF69-4F06-ACAE-BC5C0FE5B693} => C:\Users\Hello\Downloads\mb-clean-3.1.0.1035.exe [2018-06-25] (Malwarebytes) Task: {AFCE5263-34A5-4123-8758-E1F28F40E359} - System32\Tasks\nowlinnowlin => C:\Program Files (x86)\conservations\conservations.exe Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION Task: {BA27BA52-15DF-47DC-B572-6CA66DD837DD} - System32\Tasks\comport => C:\Program Files (x86)\Imputes\rhymed.exe Task: {CB61C3CD-5562-42B8-86CA-740B9A920CB0} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Hello\Desktop\AdwCleaner.exe Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION Task: {D8D950AB-3CFA-442D-9F20-751530B746BB} - System32\Tasks\problematically-misaligned => C:\Program Files (x86)\acknowledging\Caswell.exe Task: {DE49B28A-9728-494F-BF74-0D788501E106} - System32\Tasks\comportcomport => C:\Program Files (x86)\Imputes\rhymed.exe Task: {E66EC6E3-F574-435C-A62C-C25B120B75FA} - System32\Tasks\Chromium => C:\Users\Steven\AppData\Local\Chromium\APPLIC~1\440238~1.0\INSTAL~1\UNINST~1.EXE Task: {E770B8E9-24CB-44CD-9FBC-2B1847627ABC} - System32\Tasks\cordilleracordillera => C:\Program Files (x86)\Amylin\Psychometrics.exe Task: C:\Windows\Tasks\Chromium.job => C:\Users\Steven\AppData\Local\Chromium\APPLIC~1\440238~1.0\INSTAL~1\UNINST~1.EXE AlternateDataStreams: C:\Users\Hello\AppData\Local\Temp:$DATA [16] AlternateDataStreams: C:\Users\Hello\AppData\Local\Temp:$DATA [16] HKLM\...\StartupApproved\Run: => "Wrong" HKLM\...\StartupApproved\Run: => "Judkins" HKLM\...\StartupApproved\Run: => "Nueva" HKLM\...\StartupApproved\Run32: => "Marken" HKLM\...\StartupApproved\Run32: => "Docu" HKLM\...\StartupApproved\Run32: => "Scandalized" HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\StartupApproved\StartupFolder: => "allstarallstar.lnk" HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\StartupApproved\StartupFolder: => "allstar.lnk" HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\StartupApproved\Run: => "Reversions" HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\StartupApproved\Run: => "Pertinently" HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\StartupApproved\Run: => "dtorqu" HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\StartupApproved\Run: => "monument" HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\StartupApproved\Run: => "front" HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\StartupApproved\Run: => "Shrank" HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\StartupApproved\Run: => "Lendl" HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\StartupApproved\Run: => "Commuter" HKU\S-1-5-21-142236997-2569239532-28003117-1011\...\StartupApproved\Run: => "Coopers" HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\StartupFolder: => "allstarallstar.lnk" HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\StartupFolder: => "allstar.lnk" HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\Run: => "Reversions" HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\Run: => "Pertinently" HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\Run: => "dtorqu" HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\Run: => "monument" HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\Run: => "front" HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\Run: => "Shrank" HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\Run: => "Lendl" HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\Run: => "Commuter" HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\Run: => "Coopers" FirewallRules: [{8E5A397F-8220-4DD2-9873-3D692CC0B45F}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{73F0ADFD-6667-46FB-8DCE-F7BAE0BDBD4B}] => (Allow) C:\Program Files (x86)\Amylin\Psychometrics.exe FirewallRules: [{A4294D22-BF9D-4C7A-BD96-0998DEB62F7C}] => (Allow) C:\Program Files (x86)\Graduating\Psychometrics.exe FirewallRules: [{1D851C2F-3D18-4CBB-8778-0966B5883B3F}] => (Allow) C:\Program Files (x86)\acknowledging\Caswell.exe FirewallRules: [{1A4E1D90-B2B3-4CEB-A646-6D95104BABC4}] => (Allow) C:\Program Files (x86)\Graduating\Caswell.exe C:\kuiacyewcl32b80 C:\Program Files\NDQ1MTQzO C:\Program Files (x86)\Amylin C:\Program Files (x86)\acknowledging C:\Program Files (x86)\Graduating C:\Program Files (x86)\Impute C:\Users\Hello\Desktop\Logon Sound.vbs C:\Users\Hello\AppData\Local\wikdaho C:\Users\Hello\AppData\Local\racmswg C:\Users\Hello\AppData\Local\redgomh C:\Users\Steven\AppData\Local\Chromium C:\Users\Hello\AppData\Roaming\et C:\Users\Hello\AppData\Roaming\3909 C:\Users\Hello\AppData\Roaming\A2dUjXPn05zPkC9.db C:\Windows\b62121210 C:\Windows\uninstaller.dat C:\Windows\system32\atmbvnk C:\Windows\system32\lmcwzvtsvc.exe C:\Windows\SysWOW64\atmbvnk EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Judkins" => removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Wrong" => removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Nueva" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Scandalized" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Marken" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Docu" => removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully "HKU\S-1-5-21-142236997-2569239532-28003117-1011\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully "HKU\S-1-5-21-142236997-2569239532-28003117-1011\Software\Microsoft\Windows\CurrentVersion\Run\\Coopers" => removed successfully "HKU\S-1-5-21-142236997-2569239532-28003117-1011\Software\Microsoft\Windows\CurrentVersion\Run\\Pertinently" => removed successfully "HKU\S-1-5-21-142236997-2569239532-28003117-1011\Software\Microsoft\Windows\CurrentVersion\Run\\Commuter" => removed successfully "HKU\S-1-5-21-142236997-2569239532-28003117-1011\Software\Microsoft\Windows\CurrentVersion\Run\\Lendl" => removed successfully "HKU\S-1-5-21-142236997-2569239532-28003117-1011\Software\Microsoft\Windows\CurrentVersion\Run\\Reversions" => removed successfully "HKU\S-1-5-21-142236997-2569239532-28003117-1011\Software\Microsoft\Windows\CurrentVersion\Run\\Shrank" => removed successfully "HKU\S-1-5-21-142236997-2569239532-28003117-1011\Software\Microsoft\Windows\CurrentVersion\Run\\front" => removed successfully HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\Run: [AdobeBridge] => [X] => Error: No automatic fix found for this entry. HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\Run: [Coopers] => "C:\Program Files (x86)\Amylin\Psychometrics.exe" eayu => Error: No automatic fix found for this entry. HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\Run: [Pertinently] => "C:\Program Files (x86)\acknowledging\Caswell.exe" eayu => Error: No automatic fix found for this entry. HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\Run: [Commuter] => "C:\Program Files (x86)\Graduating\Psychometrics.exe" eayu => Error: No automatic fix found for this entry. HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\Run: [Lendl] => "C:\Program Files (x86)\Amylin\Psychometrics.exe" eayu => Error: No automatic fix found for this entry. HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\Run: [Reversions] => "C:\Program Files (x86)\acknowledging\Caswell.exe" eayu => Error: No automatic fix found for this entry. HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\Run: [Shrank] => "C:\Program Files (x86)\Graduating\Psychometrics.exe" eayu => Error: No automatic fix found for this entry. HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\Run: [front] => "C:\Program Files (x86)\Amylin\Psychometrics.exe" eayu => Error: No automatic fix found for this entry. HKU\S-1-5-82-271721585-897601226-2024613209-625570482-296978595-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094926517\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON => Error: No automatic fix found for this entry. HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094926767\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON => Error: No automatic fix found for this entry. HKU\S-1-5-82-3876422241-1344743610-1729199087-774402673-2621913236-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094927392\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON => Error: No automatic fix found for this entry. "HKLM\SOFTWARE\Policies\Google" => removed successfully URLSearchHook: [S-1-5-82-271721585-897601226-2024613209-625570482-296978595-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094926517] ATTENTION => Default URLSearchHook is missing => Error: No automatic fix found for this entry. URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094926767] ATTENTION => Default URLSearchHook is missing => Error: No automatic fix found for this entry. URLSearchHook: [S-1-5-82-3876422241-1344743610-1729199087-774402673-2621913236-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094927392] ATTENTION => Default URLSearchHook is missing => Error: No automatic fix found for this entry. "HKLM\System\CurrentControlSet\Services\NDQ1MTQzO" => removed successfully NDQ1MTQzO => service removed successfully "HKLM\System\CurrentControlSet\Services\cpuz137" => removed successfully cpuz137 => service removed successfully "HKLM\System\CurrentControlSet\Services\ptkoizeh" => removed successfully ptkoizeh => service removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{03169A31-2B8A-42B2-9051-DD5BFC48E8CC}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03169A31-2B8A-42B2-9051-DD5BFC48E8CC}" => removed successfully C:\Windows\System32\Tasks\cordillera => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cordillera" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{035A978C-231E-4626-864F-68BAFB8FA5B5}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{035A978C-231E-4626-864F-68BAFB8FA5B5}" => removed successfully C:\Windows\System32\Tasks\covalent_kaiserslautern => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\covalent_kaiserslautern" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12F27ACF-194A-4B9B-8B3B-54C12F81DA2F}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12F27ACF-194A-4B9B-8B3B-54C12F81DA2F}" => removed successfully C:\Windows\System32\Tasks\Event Viewer Tasks\Logon sound => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Event Viewer Tasks\Logon sound" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{238A99D5-28CB-4210-A708-BC3471BDCBBD}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{238A99D5-28CB-4210-A708-BC3471BDCBBD}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44EA3592-AD2E-4A6B-AE99-1B14D3BA3DA7}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44EA3592-AD2E-4A6B-AE99-1B14D3BA3DA7}" => removed successfully C:\Windows\System32\Tasks\problematically-misalignedproblematically-misaligned => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\problematically-misalignedproblematically-misaligned" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54C06628-B944-4C66-86BE-D153DA776373}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54C06628-B944-4C66-86BE-D153DA776373}" => removed successfully C:\Windows\System32\Tasks\covalent_kaiserslauterncovalent_kaiserslautern => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\covalent_kaiserslauterncovalent_kaiserslautern" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56972EE3-1199-42D4-ABDC-26F51D5274A2}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56972EE3-1199-42D4-ABDC-26F51D5274A2}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\OverLook Updater" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E2017FD-8B8A-4ED6-A494-9EAB90313D6F}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E2017FD-8B8A-4ED6-A494-9EAB90313D6F}" => removed successfully C:\Windows\System32\Tasks\nowlin => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nowlin" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6644C784-5BE6-42FF-B253-BEFED135D7D9}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6644C784-5BE6-42FF-B253-BEFED135D7D9}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OverLook Worker => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E025F30-376D-4A17-AFA8-A738666B0CC8}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E025F30-376D-4A17-AFA8-A738666B0CC8}" => removed successfully C:\Windows\System32\Tasks\continued abo => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\continued abo" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{81D1D3EB-F3C2-4F49-B8AC-5F7FD7EB6306}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81D1D3EB-F3C2-4F49-B8AC-5F7FD7EB6306}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8CD7A15A-6C17-4EA9-8A29-73BBDE4CD541}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CD7A15A-6C17-4EA9-8A29-73BBDE4CD541}" => removed successfully C:\Windows\System32\Tasks\continued abocontinued abo => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\continued abocontinued abo" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9162AECF-8D61-4CFD-BFFA-5DAC95C76CB0}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9162AECF-8D61-4CFD-BFFA-5DAC95C76CB0}" => removed successfully C:\Windows\System32\Tasks\{3D22ECEA-BF69-4F06-ACAE-BC5C0FE5B693} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3D22ECEA-BF69-4F06-ACAE-BC5C0FE5B693}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFCE5263-34A5-4123-8758-E1F28F40E359}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFCE5263-34A5-4123-8758-E1F28F40E359}" => removed successfully C:\Windows\System32\Tasks\nowlinnowlin => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nowlinnowlin" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BA27BA52-15DF-47DC-B572-6CA66DD837DD}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA27BA52-15DF-47DC-B572-6CA66DD837DD}" => removed successfully C:\Windows\System32\Tasks\comport => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\comport" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CB61C3CD-5562-42B8-86CA-740B9A920CB0}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB61C3CD-5562-42B8-86CA-740B9A920CB0}" => removed successfully C:\Windows\System32\Tasks\AdwCleaner_onReboot => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdwCleaner_onReboot" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D8D950AB-3CFA-442D-9F20-751530B746BB}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8D950AB-3CFA-442D-9F20-751530B746BB}" => removed successfully C:\Windows\System32\Tasks\problematically-misaligned => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\problematically-misaligned" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE49B28A-9728-494F-BF74-0D788501E106}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE49B28A-9728-494F-BF74-0D788501E106}" => removed successfully C:\Windows\System32\Tasks\comportcomport => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\comportcomport" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E66EC6E3-F574-435C-A62C-C25B120B75FA}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E66EC6E3-F574-435C-A62C-C25B120B75FA}" => removed successfully C:\Windows\System32\Tasks\Chromium => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E770B8E9-24CB-44CD-9FBC-2B1847627ABC}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E770B8E9-24CB-44CD-9FBC-2B1847627ABC}" => removed successfully C:\Windows\System32\Tasks\cordilleracordillera => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cordilleracordillera" => removed successfully C:\Windows\Tasks\Chromium.job => moved successfully C:\Users\Hello\AppData\Local\Temp => ":$DATA" ADS removed successfully C:\Users\Hello\AppData\Local\Temp => ":$DATA" ADS removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Wrong" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Wrong" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Judkins" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Judkins" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Nueva" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Nueva" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Marken" => removed successfully "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Marken" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Docu" => removed successfully "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Docu" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Scandalized" => removed successfully "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Scandalized" => not found "C:\Users\Hello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\allstarallstar.lnk" => not found "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\allstarallstar.lnk" => removed successfully "C:\Users\Hello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\allstar.lnk" => not found "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\allstar.lnk" => removed successfully "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Reversions" => removed successfully "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Reversions" => not found "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Pertinently" => removed successfully "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Pertinently" => not found "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\dtorqu" => removed successfully "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dtorqu" => not found "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\monument" => removed successfully "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\monument" => not found "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\front" => removed successfully "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\front" => not found "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Shrank" => removed successfully "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Shrank" => not found "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Lendl" => removed successfully "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Lendl" => not found "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Commuter" => removed successfully "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Commuter" => not found "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Coopers" => removed successfully "HKU\S-1-5-21-142236997-2569239532-28003117-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Coopers" => not found HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\StartupFolder: => "allstarallstar.lnk" => Error: No automatic fix found for this entry. HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\StartupFolder: => "allstar.lnk" => Error: No automatic fix found for this entry. HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\Run: => "Reversions" => Error: No automatic fix found for this entry. HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\Run: => "Pertinently" => Error: No automatic fix found for this entry. HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\Run: => "dtorqu" => Error: No automatic fix found for this entry. HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\Run: => "monument" => Error: No automatic fix found for this entry. HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\Run: => "front" => Error: No automatic fix found for this entry. HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\Run: => "Shrank" => Error: No automatic fix found for this entry. HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\Run: => "Lendl" => Error: No automatic fix found for this entry. HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\Run: => "Commuter" => Error: No automatic fix found for this entry. HKU\S-1-5-21-142236997-2569239532-28003117-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07072018094925939\...\StartupApproved\Run: => "Coopers" => Error: No automatic fix found for this entry. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8E5A397F-8220-4DD2-9873-3D692CC0B45F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{73F0ADFD-6667-46FB-8DCE-F7BAE0BDBD4B}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4294D22-BF9D-4C7A-BD96-0998DEB62F7C}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D851C2F-3D18-4CBB-8778-0966B5883B3F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A4E1D90-B2B3-4CEB-A646-6D95104BABC4}" => removed successfully C:\kuiacyewcl32b80 => moved successfully C:\Program Files\NDQ1MTQzO => moved successfully "C:\Program Files (x86)\Amylin" => not found "C:\Program Files (x86)\acknowledging" => not found C:\Program Files (x86)\Graduating => moved successfully "C:\Program Files (x86)\Impute" => not found "C:\Users\Hello\Desktop\Logon Sound.vbs" => not found C:\Users\Hello\AppData\Local\wikdaho => moved successfully C:\Users\Hello\AppData\Local\racmswg => moved successfully C:\Users\Hello\AppData\Local\redgomh => moved successfully "C:\Users\Steven\AppData\Local\Chromium" => not found C:\Users\Hello\AppData\Roaming\et => moved successfully C:\Users\Hello\AppData\Roaming\3909 => moved successfully C:\Users\Hello\AppData\Roaming\A2dUjXPn05zPkC9.db => moved successfully C:\Windows\b62121210 => moved successfully C:\Windows\uninstaller.dat => moved successfully C:\Windows\system32\atmbvnk => moved successfully C:\Windows\system32\lmcwzvtsvc.exe => moved successfully C:\Windows\SysWOW64\atmbvnk => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 20971520 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 126549805 B Java, Flash, Steam htmlcache => 599799416 B Windows/system/drivers => 376770640 B Edge => 0 B Chrome => 196946783 B Firefox => 1350338092 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 76755677 B systemprofile32 => 560 B LocalService => 969968 B NetworkService => 6709192 B Hello => 7918507212 B .NET v4.5 => 0 B DefaultAppPool => 0 B .NET v4.5 Classic => 0 B RecycleBin => 35817210414 B EmptyTemp: => 43.3 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 23:00:42 ==== Fixlog.txt

Sorry, I feel like a bad person for not responding all the time, I ended up going on a vacation for a bit and just arrived back home. I’ve had little to no access to the Internet and only now am I seeing all this. Tomorrow I can provide the files.

FRST.txt Addition.txt

# ------------------------------- # Malwarebytes AdwCleaner 7.2.1.0 # ------------------------------- # Build: 06-26-2018 # Database: 2018-07-04.1 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 07-05-2018 # Duration: 00:01:31 # OS: Windows 8.1 # Cleaned: 41 # Failed: 0 ***** [ Services ] ***** Deleted WCAssistantService Deleted windowsmanagementservice ***** [ Folders ] ***** Deleted C:\ProgramData\FFBF2802000059F8 Deleted C:\Users\Hello\AppData\Roaming\AGData Deleted C:\Users\Public\Pokki Deleted C:\Users\.NET v4.5\AppData\Local\Pokki Deleted C:\Users\.NET v4.5 Classic\AppData\Local\Pokki Deleted C:\Users\DefaultAppPool\AppData\Local\Pokki Deleted C:\Users\Hello\AppData\Local\Pokki Deleted C:\ProgramData\lavasoft\web companion Deleted C:\Users\Hello\AppData\Roaming\lavasoft\web companion Deleted C:\Users\Hello\Documents\vShare Deleted C:\Program Files (x86)\Exploremedia Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion ***** [ Files ] ***** Deleted C:\END Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKLM\Software\Wow6432Node\1c32ffe9-54b2-77fd-7ba1-7a23286a0871 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|AnonymizerGadget Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Pokki Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Pokki Deleted HKCU\Software\Lavasoft\Web Companion Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki Deleted HKCU\Software\Pokki Deleted HKLM\Software\Wow6432Node\InstalledBrowserExtensions Deleted HKLM\Software\InstalledBrowserExtensions Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A Deleted HKLM\Software\Wow6432Node\OverLook Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Deleted AVG Secure Search Deleted Ask Deleted Norton Safe Search Deleted AOL ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [4520 octets] - [05/07/2018 17:36:56] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## RogueKiller V12.12.25.0 (x64) [Jul 2 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9600) 64 bits version Started in : Normal mode User : Hello [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Delete -- Date : 07/05/2018 17:46:33 (Duration : 02:14:20) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 6 ¤¤¤ [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> Deleted [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{45406A07-FB6A-4702-B0CF-EE34D19B179A} | DhcpNameServer : 172.20.10.1 ([]) -> Replaced () [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C9155094-535F-4263-936F-3A391A9B0B29} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Steven\AppData\Local\Temp\nss7C20.tmp\CnetInstaller-203975.exe|Name=proinstaller2037571212| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5D9B10BD-0C5A-4F31-922A-700D0C3A8DE4} : v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Steven\AppData\Local\Temp\nss7C20.tmp\CnetInstaller-203975.exe|Name=proinstaller2037571212| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{9A017F3C-B8E7-42D8-A382-029D9257E732}C:\users\steven\appdata\local\mycomgames\mycomgames.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\steven\appdata\local\mycomgames\mycomgames.exe|Name=mycomgames.exe|Desc=mycomgames.exe|Edge=TRUE|Defer=App| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{7A49FB8E-4133-4591-9A9C-2CD04F6D9552}C:\users\steven\appdata\local\mycomgames\mycomgames.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\steven\appdata\local\mycomgames\mycomgames.exe|Name=mycomgames.exe|Desc=mycomgames.exe|Edge=TRUE|Defer=App| [x] -> Deleted ¤¤¤ Tasks : 4 ¤¤¤ [Suspicious.Path] \pigmented_flyer -- C:\Users\Hello\AppData\Local\Caswell.exe (eayu) -> Deleted [Suspicious.Path] \pigmented_flyerpigmented_flyer -- C:\Users\Hello\AppData\Local\Caswell.exe (eayu) -> Deleted [Suspicious.Path] \sold thrombolytic fathered -- C:\Users\Hello\AppData\Local\Psychometrics.exe (eayu) -> Deleted [Suspicious.Path] \sold thrombolytic fatheredsold thrombolytic fathered -- C:\Users\Hello\AppData\Local\Psychometrics.exe (eayu) -> Deleted ¤¤¤ Files : 11 ¤¤¤ [PUP.uTorrentAds][File] C:\Users\Hello\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe -> Deleted [PUP.uTorrentAds][File] C:\Users\Hello\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Deleted [PUP.uTorrentAds][File] C:\Users\Hello\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Deleted [PUP.uTorrentAds][File] C:\Users\Hello\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Deleted [PUP.uTorrentAds][File] C:\Users\Hello\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Deleted [PUP.uTorrentAds][File] C:\Users\Hello\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Deleted [PUP.uTorrentAds][File] C:\Users\Hello\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Deleted [PUP.uTorrentAds][File] C:\Users\Hello\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Deleted [PUP.uTorrentAds][File] C:\Users\Hello\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Deleted [PUP.uTorrentAds][File] C:\Users\Hello\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Deleted [PUP.Pokki|PUP.Gen0|PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk [LNK@] C:\Users\Hello\AppData\Local\Pokki\Engine\HostAppService.exe /OPEN"menu" -> Deleted ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][Firefox:Config] 4xgtbnqs.default-1529942465486 : user_pref("browser.startup.homepage", "https://www.youtube.com/feed/subscriptions"); -> Replaced (about:home) ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 0086f36f0b7bc8b257f89fc226376c3d [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code Partition table: 0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB 1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 99 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 819200 | Size: 128 MB 3 - Basic data partition | Offset (sectors): 1081344 | Size: 953341 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. )

I apologize, I’ve been a little busy because of the Fourth of July holiday, I should be able to work on the computer Thursday after the holiday. I apologize for the last response.

Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/30/18 Scan Time: 1:07 PM Log File: 0b9938a3-7c88-11e8-a550-e0d55e31a8cb.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.5699 License: Premium -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 449289 Threats Detected: 34 Threats Quarantined: 34 Time Elapsed: 57 min, 3 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 6 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\images, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\lang, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.PQwick, C:\PROGRAM FILES (X86)\PQwick1.1, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.ShopMania, C:\PROGRAM FILES (X86)\UP PRO, Quarantined, [2299], [185188],1.0.5699 PUP.Optional.ShopMania, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\UP PRO, Quarantined, [2299], [185189],1.0.5699 Trojan.Yelloader, C:\PROGRAM FILES (X86)\S5, Quarantined, [2662], [452258],1.0.5699 File: 28 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\images\gadget_bg.png, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\images\gadget_button_0_hover.png, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\images\gadget_button_0_normal.png, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\images\gadget_button_0_pressed.png, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\images\gadget_button_1_hover.png, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\images\gadget_button_1_normal.png, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\images\gadget_button_1_pressed.png, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\images\gadget_button_2_hover.png, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\images\gadget_button_2_normal.png, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\images\gadget_button_2_pressed.png, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\lang\de-De.xml, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\lang\en-US.xml, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\Gadget.Xml, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\PQwick.exe, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\TrayIcon.ico, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\Uninstall.exe, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.PQwick, C:\Program Files (x86)\PQwick1.1\Uninstall.ini, Quarantined, [2827], [451742],1.0.5699 PUP.Optional.ShopMania, C:\PROGRAM FILES (X86)\UP PRO\UNINS000.DAT, Quarantined, [2299], [185188],1.0.5699 PUP.Optional.ShopMania, C:\Program Files (x86)\Up Pro\icommerce-appicon.ico, Quarantined, [2299], [185188],1.0.5699 PUP.Optional.ShopMania, C:\Program Files (x86)\Up Pro\unins000.exe, Quarantined, [2299], [185188],1.0.5699 PUP.Optional.ShopMania, C:\Program Files (x86)\Up Pro\unins000.msg, Quarantined, [2299], [185188],1.0.5699 PUP.Optional.ShopMania, C:\Program Files (x86)\Up Pro\up_pro-1.5.16.1-an+fx-windows.xpi, Quarantined, [2299], [185188],1.0.5699 PUP.Optional.ShopMania, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\UP PRO\UP PRO ON THE WEB.URL, Quarantined, [2299], [185189],1.0.5699 PUP.Optional.ShopMania, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Up Pro\Uninstall Up Pro.lnk, Quarantined, [2299], [185189],1.0.5699 Trojan.Yelloader, C:\$RECYCLE.BIN\S-1-5-21-142236997-2569239532-28003117-1011\$R6OHOJB.lnk, Quarantined, [2662], [452258],1.0.5699 Trojan.Yelloader, C:\PROGRAM FILES (X86)\S5\s.exe, Quarantined, [2662], [452258],1.0.5699 Trojan.Yelloader, C:\Program Files (x86)\s5\u.exe, Quarantined, [2662], [452258],1.0.5699 Adware.DotDo.Generic, C:\$RECYCLE.BIN\S-1-5-21-142236997-2569239532-28003117-1011\$R9BKFQ0\RHYMED.EXE, Quarantined, [6043], [536234],1.0.5699 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)

FRST.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018 Ran by Hello (27-06-2018 10:33:21) Run:2 Running from C:\Users\Hello\Downloads Loaded Profiles: Hello & (Available Profiles: Hello & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic) Boot Mode: Normal ============================================== fixlist content: ***************** CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes ***************** ========= bcdedit.exe /set {bootmgr} displaybootmenu yes ========= The operation completed successfully. ========= End of CMD: ========= ========= bcdedit.exe /set {default} recoveryenabled yes ========= The operation completed successfully. ========= End of CMD: =========

Here are the FRST.txt and the Additions.txt files from the scan. Addition_26-06-2018 11.18.49.txt FRST_26-06-2018 11.18.49.txt

Yesterday I noticed in my task manager a bunch of apps and background processes called "Windows Process Manager (32 bit)" running at the same time. I checked the details section and found they all seem to be called "zanhpig.exe". Trying to end the task or change its priority is impossible, as access is denied. Similarly, opening file location, trying to delete the folder, or even editing permission settings are also not allowed. Malwarebytes didn't seem to remove it, but it did fix a lot of other viruses I had discovered along side this one, this seems to be the most persistent and difficult to remove based on my research. I don't know much about malware removal so I will need a little more help than other people I have seen with the same issue. Here are screenshots of the task manager. Thanks in advance.