Jump to content

tuneguy

Members
  • Content Count

    10
  • Joined

  • Last visited

About tuneguy

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Here is the result of the latest scan: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/29/19 Scan Time: 6:21 PM Log File: 119201a2-5271-11e9-bbb0-4c72b966cf3f.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.9918 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: VISIONDAW-20570\VisionDAW User -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 313663 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 6 min, 0 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  2. Hello, sir. Yes, indeed I am. I just returned from a business trip. As I think I mentioned, I removed the 😄 drive from the infected computer and was able to use a PC laptop to run multiple scans using Bitdefender antivirus and also used the Bitdefender decryptor tool to restore all the files that had been encrypted by GandCrab 5.0.4. Last night I put the 😄 drive back into the PC tower, which did a "check-desk" operation and then booted up normally; I was finally able to run the Bitdefender decryption tool. I left it running overnight to decrypt an 8 TB peripheral drive. So I think the infection may have been dealt with, but I will run an anti-malwarebytes scan this morning and send you the results. A Bitdefender scan I did previously (before I put the drive back in the tower) showed no signs of virus. Thanks again for all your help.
  3. OK, I'm away on business this week but I'll give it a try when I return on Thursday. I'll let you know if it works. Thank you, sir. rf
  4. Yes, you are correct, sir. Once I choose repair your computer, all I see is the screenshot I sent you. I removed all the drives from the infected PC, including the C drive, and decrypted all the GANDCRAB 5.0.4 files on them using an uninfected PC. It worked! I will be putting them back in later today and will attempt to fix the other issues we discovered using the F11 key this time. I'm not expecting that to work; but I do have my original Windows 7 Pro installation disk so I'm guessing I should be able to boot from that and enter the Recovery Environment that way. Alternatively, since I do have the opportunity to run antivirus/malware on the C drive of the infected computer using a drive caddy, would you suggest I try disinfecting the drive that way before putting back into the computer? Thanks in advance. rf
  5. No, the infected computer is a PC running Windows 7 Professional. The PC I used to download the Farbar tool is a laptop running Windows 10 (it is not infected and actually I never got far enough to even insert the flash drive drive containing the Farbar tool, as you can see. The infected PC gives me the result I screenshotted in the previous email when I select "Repair your computer." Puzzling, no? thanks, rf
  6. I got as far the Advanced Boot options, but then I got this. o select "repair your
  7. Also, I am going to get access to a PC laptop this afternoon. Do I need an absolutely fresh thumb drive or can I simply wipe and reformat an existing one exFat on one of my Mac computers? Thanks, rf
  8. Sorry, thought I'd already posted this, but forgot to hit SEND. Thanks again. Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019 Ran by VisionDAW User (17-03-2019 09:09:48) Run:1 Running from C:\Users\VisionDAW User\Desktop\Farber Recovery Tool Loaded Profiles: VisionDAW User & LogMeInRemoteUser (Available Profiles: VisionDAW User & LogMeInRemoteUser) Boot Mode: Normal ============================================== fixlist content: ***************** CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes ***************** ========= bcdedit.exe /set {bootmgr} displaybootmenu yes ========= The operation completed successfully. ========= End of CMD: ========= ========= bcdedit.exe /set {default} recoveryenabled yes ========= The operation completed successfully. ========= End of CMD: ========= ==== End of Fixlog 09:09:49 ====
  9. Thanks for your help! Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.03.2019 01 Ran by VisionDAW User (administrator) on VISIONDAW-20570 (04-03-2019 17:07:43) Running from C:\Users\VisionDAW User\Desktop\Good Time Loaded Profiles: VisionDAW User & LogMeInRemoteUser (Available Profiles: VisionDAW User & LogMeInRemoteUser) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (TOSHIBA CORPORATION) [File not signed] C:\Windows\System32\cwamiousvc.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Drobo, Inc. -> Drobo, Inc.) C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (Express Vpn LLC -> ) C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe (Express Vpn LLC -> ) C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe () [File not signed] C:\Program Files (x86)\Chocks\assertions.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Martin Bjoernsen -> RME) C:\Windows\System32\hdspmix.exe (Martin Bjoernsen -> RME) C:\Windows\System32\hdsp32.exe (Smilebox, Inc. -> Smilebox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Smilebox\SmileboxTray.exe (Kensington) [File not signed] C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe (Drobo, Inc. -> Drobo, Inc.) C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe (DISTRIBUTED CREATION INC. -> Splice) C:\Users\VisionDAW User\AppData\Local\splice\app-3.4.11\Splice.exe (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Belkin Corporation -> Belkin Corporation) C:\Program Files (x86)\Belkin\Nostromo\nost_LM.exe (Native Instruments GmbH) [File not signed] C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (PowerISO Computing, Inc.) [File not signed] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (PACE Anti-Piracy, Inc.) [File not signed] C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe (Intuit) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.) C:\Users\VisionDAW User\AppData\Roaming\VERIZON\UA_ar\UA.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe (DISTRIBUTED CREATION INC. -> Distributed Creation, Inc.) C:\Users\VisionDAW User\AppData\Local\splice\app-3.4.11\Splice.Helper.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mobsync.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\QtWebEngineProcess.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe () [File not signed] C:\Program Files (x86)\Chocks\assertions.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe (Sony Creative Software Inc -> Sony Creative Software Inc.) [File not signed] C:\Program Files (x86)\Sony\ACID Pro 7.0\acid70.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\calc.exe (Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [446400 2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.) HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2010-08-24] (Hewlett-Packard Company -> Hewlett-Packard Company) HKLM\...\Run: [HDSPTray2] => C:\Windows\system32\hdspmix.exe [1158144 2012-05-07] (Martin Bjoernsen -> RME) HKLM\...\Run: [HDSPTray1] => C:\Windows\system32\hdsp32.exe [648192 2012-05-07] (Martin Bjoernsen -> RME) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company -> Hewlett-Packard Company) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-18] (Apple Inc.) [File not signed] HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [217088 2008-01-20] (PowerISO Computing, Inc.) [File not signed] HKLM-x32\...\Run: [Kensington TrackballWorks Helper] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [435200 2016-02-22] (Kensington) [File not signed] HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2015-08-19] (Intuit, Inc. -> Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2012-09-14] (Intel Corporation) [File not signed] HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\EpmNews.exe HKLM-x32\...\Run: [EaseUS Cleanup] => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\CleanUpUI.exe" 10 300 HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Wondershare Helper Compact.exe] => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe" HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [SmileboxTray] => C:\Users\VisionDAW User\AppData\Roaming\Smilebox\SmileboxTray.exe [366552 2017-09-27] (Smilebox, Inc. -> Smilebox, Inc.) HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Kensington TrackballWorks] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [435200 2016-02-22] (Kensington) [File not signed] HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Dropbox Update] => C:\Users\VisionDAW User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.) HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [DDAssist] => C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe [623392 2015-05-21] (Drobo, Inc. -> Drobo, Inc.) HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [com.squirrel.splice.Splice] => C:\Users\VisionDAW User\AppData\Local\splice\app-3.4.11\Splice.exe [52374928 2019-02-21] (DISTRIBUTED CREATION INC. -> Splice) HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: J - J:\SETUP.EXE HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: L - L:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: {1bbec3d1-fbd2-11e3-a994-4c72b966cf40} - L:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: {48dd52c4-66b2-11e5-b072-4c72b966cf40} - L:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: {705ce262-0716-11e6-a0bd-4c72b966cf40} - K:\VZW_Software_upgrade_assistant.exe HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [File not signed] HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-25] (Google LLC -> Google Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\Windows\system32\LMIinit.dll [2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.) HKLM\Software\...\Authentication\Credential Providers: [{97E1814E-5601-41c8-9971-10C319EF61CC}] -> C:\Windows\system32\SRCredentialProvider.dll [2018-10-19] (Splashtop Inc. -> Splashtop Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-09-27] ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nostromo Loadout Manager.lnk [2018-07-23] ShortcutTarget: Nostromo Loadout Manager.lnk -> C:\Windows\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe (Macrovision Corporation) [File not signed] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-09-27] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-09-27] ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit, Inc. -> Intuit Inc.) Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2019-02-21] ShortcutTarget: Dropbox.lnk -> C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-04-07] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-03-04] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2014-06-24] ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\VisionDAW User\AppData\Roaming\VERIZON\UA_ar\UA.exe (Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.) BootExecute: autocheck autochk * bootdelete GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 www.swamengine.com Tcpip\Parameters: [DhcpNameServer] 192.168.86.1 Tcpip\..\Interfaces\{3CBBDB9E-2295-4D2E-B468-D1DA72ECCD84}: [DhcpNameServer] 10.126.0.1 Tcpip\..\Interfaces\{4EDEC94B-B772-4EA2-8059-FEDA321FD5DB}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{BD9A9928-2BFB-4A60-9E5C-C4DA1B164FAE}: [NameServer] 8.8.8.8,4.2.2.3 Tcpip\..\Interfaces\{BD9A9928-2BFB-4A60-9E5C-C4DA1B164FAE}: [DhcpNameServer] 192.168.86.1 Internet Explorer: ================== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-08] (Microsoft Corporation -> Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-12-01] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File Handler: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - No File Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: b0xpguy3.default FF ProfilePath: C:\Users\VisionDAW User\AppData\Roaming\Mozilla\Firefox\Profiles\b0xpguy3.default [2019-03-02] FF NetworkProxy: Mozilla\Firefox\Profiles\b0xpguy3.default -> type", 4 FF Extension: (Video DownloadHelper) - C:\Users\VisionDAW User\AppData\Roaming\Mozilla\Firefox\Profiles\b0xpguy3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-02-01] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2018-04-04] [Legacy] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-11-14] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin HKU\S-1-5-21-3386386071-2981558750-1810538096-1000: @asperasoft.com/AsperaConnect -> C:\Users\VisionDAW User\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.7.4\npasperaweb_3.7.4.147728.dll [2017-09-05] (Aspera, Inc. -> Aspera, Inc. ) FF Plugin HKU\S-1-5-21-3386386071-2981558750-1810538096-1000: signiant.com/SigniantTransfer -> C:\Users\VisionDAW User\AppData\Roaming\SigniantInc\SigniantTransfer\5.4.0.60258\npSigniantTransfer.dll [2014-07-11] (Signiant Corporation -> Signiant Inc.) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default [2019-03-04] CHR Extension: (Slides) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-07] CHR Extension: (Flash Video Downloader) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-09-28] CHR Extension: (Docs) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-07] CHR Extension: (Google Drive) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16] CHR Extension: (MEGA) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2019-02-28] CHR Extension: (YouTube) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-07] CHR Extension: (Honey) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-02-14] CHR Extension: (FVD Suggestions) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\caoielngcdpgeldnckhponffkiajaobo [2018-04-11] CHR Extension: (Google News) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2018-01-08] CHR Extension: (Dropbox for Gmail) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2019-02-07] CHR Extension: (Adobe Acrobat) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-03-29] CHR Extension: (Google Calendar) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2018-01-08] CHR Extension: (Google Finance) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2018-01-08] CHR Extension: (Sheets) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-07] CHR Extension: (Chrome Remote Desktop) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-03-04] CHR Extension: (Convert PDF to Word - PDFfiller) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclipekclncjckbhddbiocikflkdekkm [2018-01-08] CHR Extension: (Google Docs Offline) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16] CHR Extension: (AdBlock) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-28] CHR Extension: (Google Calendar) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2018-04-11] CHR Extension: (Grammarly for Chrome) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-03-01] CHR Extension: (Google Calendar - Week of Aug 9, 2015) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkcpfjbnojkgkmchngbnpbnahpikkgi [2018-01-08] CHR Extension: (Evernote Web) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2018-01-08] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-12-07] CHR Extension: (Video DownloadHelper) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2019-02-03] CHR Extension: (Google Maps) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2018-01-08] CHR Extension: (Contacts Sort App) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfbligcoimpkahekefnppbjgmjojkcp [2018-01-08] CHR Extension: (Google Play Books) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2018-01-08] CHR Extension: (Chrome Web Store Payments) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11] CHR Extension: (Amazon Assistant for Chrome) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2019-03-01] CHR Extension: (Evernote Web Clipper) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2019-01-28] CHR Extension: (Gmail) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-07] CHR Extension: (Chrome Media Router) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-13] CHR Profile: C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-12] CHR HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-03-28] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKLM\SYSTEM\CurrentControlSet\Services\hnkdz <==== ATTENTION (Rootkit!) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013280 2019-02-07] (Microsoft Corporation -> Microsoft Corporation) R2 DDService; C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe [2056992 2015-05-21] (Drobo, Inc. -> Drobo, Inc.) R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40080 2018-05-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [339168 2018-07-03] (Express Vpn LLC -> ) S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company -> Hewlett-Packard Company) R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2012-09-14] (Intel Corporation) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [420296 2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.) R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [588232 2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.) R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-01-10] (LogMeIn, Inc. -> LogMeIn, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5739008 2011-12-05] (Native Instruments GmbH) [File not signed] R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-03-07] (Intuit) [File not signed] R3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-08-19] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-08-19] (Intuit Inc.) [File not signed] S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115976 2016-01-28] (Shenzhen Wondershare Information Technology Co., Ltd. -> Wondershare) S3 GoogleChromeElevationService; "C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\elevation_service.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 bcgame; C:\Windows\System32\drivers\bcgame.sys [35328 2007-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Belkin Corporation) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 e1qexpress; C:\Windows\System32\DRIVERS\e1q60x64.sys [244736 2009-06-10] (Microsoft Windows -> Intel Corporation) R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [54216 2018-05-15] (CHENGDU YIWO Tech Development Co., Ltd. -> ) R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [101376 2013-07-09] (NTONYX Ltd. -> Eugene V. Muzychenko) S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVpn SplitTunnel Driver\driver\expressvpnsplittunnel.sys [18800 2018-07-03] (ExprsVPN LLC -> ) R3 hdsp; C:\Windows\System32\drivers\hdsp_64.sys [102400 2012-05-07] (Martin Bjoernsen -> RME) S3 HPFXFAX; C:\Windows\System32\drivers\hppdfaxio.sys [23576 2010-12-07] (Hewlett-Packard Company -> Hewlett Packard) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26072 2012-09-14] (Intel Corporation -> Intel Corporation) S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25752 2012-05-16] (PACE Anti-Piracy, Inc. -> ) R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc. -> LogMeIn, Inc.) S4 LMIRfsClientNP; no ImagePath R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-03-01] (Malwarebytes Corporation -> Malwarebytes) R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [96768 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation) R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [213504 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [57776 2008-01-20] (Fenghua Lee -> PowerISO Computing, Inc.) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [33488 2015-11-30] (NCH Software -> ) R3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-15] (Steinberg Media Technologies GmbH -> Steinberg Media Technologies GmbH) S3 tapexpressvpn; C:\Windows\System32\DRIVERS\tapexpressvpn.sys [35696 2018-07-03] (ExprsVPN LLC -> The OpenVPN Project) R3 tbwkern; C:\Windows\System32\DRIVERS\tbwkern.sys [34656 2016-02-22] (Kensington Computer Products Group -> ) R3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies) S1 bpeol; \??\C:\Users\VISION~1\AppData\Local\Temp\uphctszv.sys [X] <==== ATTENTION R4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X] R3 knqtxa; system32\drivers\qtxadg.sys [X] S4 lamurk; System32\drivers\dscvplam.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-03-04 17:07 - 2019-03-04 17:07 - 000000000 ____D C:\FRST 2019-03-02 15:17 - 2019-03-02 15:17 - 010372016 _____ C:\Users\VisionDAW User\Desktop\bitdefender_online.exe 2019-03-02 12:24 - 2019-03-02 12:24 - 000000000 ____D C:\Users\VisionDAW User\Desktop\New folder (2) 2019-03-01 14:51 - 2019-03-04 17:05 - 000000001 _____ C:\8061vvch9obpgv6 2019-03-01 14:31 - 2019-03-01 14:31 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-03-01 14:28 - 2019-03-01 14:28 - 000145744 ____N C:\Windows\system32\Drivers\sesgknqt.sys 2019-03-01 14:26 - 2019-03-01 14:26 - 000047684 _____ C:\Windows\system32\.crusader 2019-03-01 14:20 - 2019-03-01 14:27 - 000000000 ____D C:\ProgramData\HitmanPro 2019-03-01 14:18 - 2019-03-01 14:20 - 011514112 _____ (SurfRight B.V.) C:\Users\VisionDAW User\Desktop\HitmanPro_x64.exe 2019-02-28 16:15 - 2019-02-28 16:15 - 000000355 _____ C:\Users\VisionDAW User\Desktop\Computer - Shortcut (2).lnk 2019-02-21 17:21 - 2019-02-21 17:21 - 000003012 _____ C:\Windows\System32\Tasks\{F4141091-2D04-4C45-B8E9-FEFA3A93C11F} 2019-02-21 17:21 - 2019-02-21 17:21 - 000003012 _____ C:\Windows\System32\Tasks\{15825107-9085-4D14-BCFE-C0D1BE5BD07B} 2019-02-21 15:49 - 2019-02-21 15:49 - 018914256 _____ (Bitdefender LLC) C:\Users\VisionDAW User\Desktop\BDGandCrabDecryptTool.exe 2019-02-21 14:23 - 2019-02-21 14:23 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2019-02-13 18:23 - 2019-02-13 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2019-02-13 11:01 - 2019-02-13 11:01 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-02-13 11:01 - 2019-02-13 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-02-13 11:01 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-02-13 09:43 - 2019-02-13 09:43 - 000081938 _____ C:\Users\VisionDAW User\Desktop\RT. Fiocca Release.pdf 2019-02-13 09:41 - 2019-02-13 09:41 - 000016853 _____ C:\Users\VisionDAW User\Desktop\R. Fiocca Release.pdf 2019-02-08 09:49 - 2019-02-13 18:23 - 000002383 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2019-02-08 09:49 - 2019-02-13 18:23 - 000002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-02-08 09:49 - 2019-02-13 18:23 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-02-08 09:49 - 2019-02-13 18:23 - 000002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-02-08 09:49 - 2019-02-13 18:23 - 000002340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-02-08 09:49 - 2019-02-13 18:23 - 000002334 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-02-08 09:49 - 2019-02-13 18:23 - 000002328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-02-08 09:49 - 2019-02-13 18:23 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-02-04 21:27 - 2019-02-04 21:27 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\Splashtop 2019-02-03 14:59 - 2019-02-03 14:59 - 000000355 _____ C:\Users\VisionDAW User\Desktop\Computer - Shortcut.lnk ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-03-04 17:08 - 2009-07-13 21:34 - 025952256 _____ C:\Windows\system32\config\HARDWARE 2019-03-04 17:07 - 2018-07-17 14:59 - 000000000 ____D C:\Users\VisionDAW User\Desktop\Good Time 2019-03-04 17:01 - 2015-01-15 12:51 - 000000000 ____D C:\ProgramData\LogMeIn 2019-03-04 16:24 - 2015-07-07 12:17 - 000000954 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000UA.job 2019-03-04 05:01 - 2009-07-13 23:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-03-04 05:01 - 2009-07-13 23:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-03-03 23:24 - 2015-07-07 12:17 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000Core.job 2019-03-02 18:36 - 2013-01-29 10:44 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\HpUpdate 2019-03-02 18:36 - 2013-01-25 14:18 - 000000000 ____D C:\Users\VisionDAW User\Documents\ACID Pro 7.0 Projects 2019-03-02 12:02 - 2018-01-12 16:30 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\CrashDumps 2019-03-01 16:44 - 2013-01-23 12:47 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\ElevatedDiagnostics 2019-03-01 14:49 - 2009-07-14 00:13 - 000788354 _____ C:\Windows\system32\PerfStringBackup.INI 2019-03-01 14:49 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf 2019-03-01 14:33 - 2015-01-15 12:51 - 000000950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk 2019-03-01 14:31 - 2017-06-21 14:33 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Splice 2019-03-01 14:31 - 2016-10-25 18:27 - 000000218 _____ C:\Windows\Tasks\AutoKMS.job 2019-03-01 14:31 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-03-01 14:30 - 2018-11-12 17:14 - 002921984 _____ (TOSHIBA CORPORATION) C:\Windows\system32\cwamiousvc.exe 2019-03-01 14:26 - 2018-11-12 17:06 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\1337 2019-03-01 14:07 - 2013-01-24 09:50 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\Adobe 2019-03-01 13:11 - 2015-11-06 10:35 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Audacity 2019-02-28 14:39 - 2013-01-31 14:00 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\vlc 2019-02-28 14:11 - 2015-01-15 12:51 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\LogMeInIgnition 2019-02-25 15:33 - 2018-11-13 15:28 - 000002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-02-25 15:33 - 2018-11-13 15:28 - 000002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-02-23 23:33 - 2018-03-29 12:03 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-02-21 18:50 - 2017-06-26 16:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2019-02-21 18:50 - 2015-07-27 12:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-02-21 17:32 - 2017-07-07 11:06 - 000000000 ____D C:\Users\VisionDAW User\AppData\LocalLow\Mozilla 2019-02-21 15:50 - 2017-06-26 14:07 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\splice 2019-02-21 15:50 - 2017-06-14 16:32 - 000002149 _____ C:\Users\VisionDAW User\Desktop\Splice.lnk 2019-02-21 15:50 - 2017-06-14 16:32 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Splice 2019-02-21 15:50 - 2017-05-18 12:12 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\SpliceSettings 2019-02-21 14:24 - 2013-01-29 17:58 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Dropbox 2019-02-15 10:14 - 2019-01-21 11:19 - 000000250 _____ C:\Windows\wininit.ini 2019-02-15 10:14 - 2015-07-27 12:30 - 000000000 ____D C:\ProgramData\Mozilla 2019-02-14 12:17 - 2013-01-23 12:59 - 000000000 ____D C:\Users\VisionDAW User\Documents\Cubase Projects 2019-02-13 23:19 - 2015-07-07 12:17 - 000003946 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000UA 2019-02-13 23:19 - 2015-07-07 12:17 - 000003550 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000Core 2019-02-13 18:25 - 2018-11-12 18:09 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-02-13 18:23 - 2013-01-30 11:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-02-13 11:02 - 2015-02-06 10:49 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-02-12 22:30 - 2018-03-29 12:03 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2019-02-12 16:20 - 2014-03-24 10:57 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2019-02-12 16:20 - 2014-03-24 10:57 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2019-02-12 16:20 - 2014-03-24 10:57 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2019-02-12 16:20 - 2014-03-24 10:57 - 000000000 ____D C:\Windows\system32\Macromed 2019-02-12 16:20 - 2013-01-23 14:50 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2019-02-04 16:12 - 2015-01-15 12:51 - 000000000 ____D C:\Program Files (x86)\LogMeIn 2019-02-04 16:11 - 2015-01-15 12:51 - 000115168 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll.000.bak 2019-02-04 16:11 - 2015-01-15 12:51 - 000115168 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll 2019-02-04 16:11 - 2015-01-15 12:51 - 000109504 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll ==================== Files in the root of some directories ======= 2018-11-12 17:07 - 2018-11-12 21:08 - 000000221 _____ () C:\ProgramData\report.vbs 2018-11-12 17:11 - 2018-11-12 17:11 - 000009794 _____ () C:\Program Files\SQCFMDTOUY-DECRYPT.txt 2018-11-12 17:11 - 2018-11-12 17:11 - 000009794 _____ () C:\Program Files (x86)\SQCFMDTOUY-DECRYPT.txt 2018-05-12 11:53 - 2018-11-12 17:12 - 000000542 _____ () C:\Users\VisionDAW User\AppData\Roaming\ExplorerFavorites.txt.sqcfmdtouy 2019-01-08 18:17 - 2019-01-09 12:01 - 000030406 _____ () C:\Users\VisionDAW User\AppData\Roaming\QBFileDrTool.log 2016-09-07 14:20 - 2018-11-12 17:12 - 000021645 _____ () C:\Users\VisionDAW User\AppData\Roaming\QBFileDrTool.log.sqcfmdtouy 2018-11-12 17:11 - 2018-11-12 17:11 - 000009794 _____ () C:\Users\VisionDAW User\AppData\Roaming\SQCFMDTOUY-DECRYPT.txt 2013-07-09 08:57 - 2018-11-12 17:12 - 000001459 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.1.txt.sqcfmdtouy 2013-07-09 08:57 - 2018-11-12 17:12 - 000001721 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.2.txt.sqcfmdtouy 2013-07-09 08:57 - 2015-11-30 15:43 - 000000000 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2013-07-09 08:57 - 2018-11-12 17:12 - 000001721 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.txt.sqcfmdtouy 2018-11-12 17:12 - 2018-11-12 17:12 - 000009794 _____ () C:\Users\VisionDAW User\AppData\Roaming\Microsoft\SQCFMDTOUY-DECRYPT.txt 2018-11-12 17:12 - 2018-11-12 17:12 - 000140800 _____ () C:\Users\VisionDAW User\AppData\Local\installer.dat 2018-10-02 19:01 - 2018-10-02 19:01 - 000000000 _____ () C:\Users\VisionDAW User\AppData\Local\oobelibMkey.log 2018-01-12 14:56 - 2018-08-29 17:07 - 000000600 _____ () C:\Users\VisionDAW User\AppData\Local\PUTTY.RND 2017-10-17 12:28 - 2017-10-17 12:28 - 000004949 _____ () C:\Users\VisionDAW User\AppData\Local\recently-used.xbel 2017-02-21 15:57 - 2017-02-21 15:57 - 000007605 _____ () C:\Users\VisionDAW User\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2017-02-26 17:16 - 2017-02-26 17:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\0tac-68y.dll 2017-02-26 12:16 - 2017-02-26 12:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\59h90s9i.dll 2017-02-26 08:16 - 2017-02-26 08:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\6_2_flif.dll 2017-02-25 20:16 - 2017-02-25 20:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\9pacfkfj.dll 2017-02-25 17:16 - 2017-02-25 17:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\b1wlrafs.dll 2017-02-27 08:16 - 2017-02-27 08:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\bs5sdjzu.dll 2017-02-25 18:16 - 2017-02-25 18:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\c1mtsicc.dll 2017-02-26 02:16 - 2017-02-26 02:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\ga1_gsvf.dll 2017-02-23 16:16 - 2017-02-23 16:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\mhb9hati.dll 2010-03-11 15:13 - 2010-03-11 15:13 - 000174440 ____R (Microsoft Corporation) C:\Users\VisionDAW User\AppData\Local\Temp\ose00000.exe 2007-09-10 20:37 - 2007-09-10 20:37 - 000145184 ____R (Microsoft Corporation) C:\Users\VisionDAW User\AppData\Local\Temp\ose00001.exe 2007-09-10 20:37 - 2007-09-10 20:37 - 000145184 ____R (Microsoft Corporation) C:\Users\VisionDAW User\AppData\Local\Temp\ose00002.exe 2017-02-27 02:16 - 2017-02-27 02:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\oxclyjxc.dll 2017-02-26 01:16 - 2017-02-26 01:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\ozj4pnk_.dll 2018-11-10 02:12 - 2018-11-10 02:12 - 017679620 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\setup.dll 2018-11-14 12:40 - 2018-11-12 17:06 - 000099900 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\dllhost.exe => File is digitally signed C:\Windows\SysWOW64\dllhost.exe => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed C:\Windows\system32\drivers\sesgknqt.sys -> Access Denied <======= ATTENTION LastRegBack: 2019-03-04 00:35 ==================== End of FRST.txt ============================ OK, thanks for your help, NAS! Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.03.2019 01 Ran by VisionDAW User (administrator) on VISIONDAW-20570 (04-03-2019 17:07:43) Running from C:\Users\VisionDAW User\Desktop\Good Time Loaded Profiles: VisionDAW User & LogMeInRemoteUser (Available Profiles: VisionDAW User & LogMeInRemoteUser) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (TOSHIBA CORPORATION) [File not signed] C:\Windows\System32\cwamiousvc.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Drobo, Inc. -> Drobo, Inc.) C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (Express Vpn LLC -> ) C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe (Express Vpn LLC -> ) C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe () [File not signed] C:\Program Files (x86)\Chocks\assertions.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Martin Bjoernsen -> RME) C:\Windows\System32\hdspmix.exe (Martin Bjoernsen -> RME) C:\Windows\System32\hdsp32.exe (Smilebox, Inc. -> Smilebox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Smilebox\SmileboxTray.exe (Kensington) [File not signed] C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe (Drobo, Inc. -> Drobo, Inc.) C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe (DISTRIBUTED CREATION INC. -> Splice) C:\Users\VisionDAW User\AppData\Local\splice\app-3.4.11\Splice.exe (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Belkin Corporation -> Belkin Corporation) C:\Program Files (x86)\Belkin\Nostromo\nost_LM.exe (Native Instruments GmbH) [File not signed] C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (PowerISO Computing, Inc.) [File not signed] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (PACE Anti-Piracy, Inc.) [File not signed] C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe (Intuit) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.) C:\Users\VisionDAW User\AppData\Roaming\VERIZON\UA_ar\UA.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe (DISTRIBUTED CREATION INC. -> Distributed Creation, Inc.) C:\Users\VisionDAW User\AppData\Local\splice\app-3.4.11\Splice.Helper.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mobsync.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\QtWebEngineProcess.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe () [File not signed] C:\Program Files (x86)\Chocks\assertions.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe (Sony Creative Software Inc -> Sony Creative Software Inc.) [File not signed] C:\Program Files (x86)\Sony\ACID Pro 7.0\acid70.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\calc.exe (Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [446400 2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.) HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2010-08-24] (Hewlett-Packard Company -> Hewlett-Packard Company) HKLM\...\Run: [HDSPTray2] => C:\Windows\system32\hdspmix.exe [1158144 2012-05-07] (Martin Bjoernsen -> RME) HKLM\...\Run: [HDSPTray1] => C:\Windows\system32\hdsp32.exe [648192 2012-05-07] (Martin Bjoernsen -> RME) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company -> Hewlett-Packard Company) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-18] (Apple Inc.) [File not signed] HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [217088 2008-01-20] (PowerISO Computing, Inc.) [File not signed] HKLM-x32\...\Run: [Kensington TrackballWorks Helper] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [435200 2016-02-22] (Kensington) [File not signed] HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2015-08-19] (Intuit, Inc. -> Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2012-09-14] (Intel Corporation) [File not signed] HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\EpmNews.exe HKLM-x32\...\Run: [EaseUS Cleanup] => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\CleanUpUI.exe" 10 300 HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Wondershare Helper Compact.exe] => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe" HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [SmileboxTray] => C:\Users\VisionDAW User\AppData\Roaming\Smilebox\SmileboxTray.exe [366552 2017-09-27] (Smilebox, Inc. -> Smilebox, Inc.) HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Kensington TrackballWorks] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [435200 2016-02-22] (Kensington) [File not signed] HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Dropbox Update] => C:\Users\VisionDAW User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.) HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [DDAssist] => C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe [623392 2015-05-21] (Drobo, Inc. -> Drobo, Inc.) HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [com.squirrel.splice.Splice] => C:\Users\VisionDAW User\AppData\Local\splice\app-3.4.11\Splice.exe [52374928 2019-02-21] (DISTRIBUTED CREATION INC. -> Splice) HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: J - J:\SETUP.EXE HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: L - L:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: {1bbec3d1-fbd2-11e3-a994-4c72b966cf40} - L:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: {48dd52c4-66b2-11e5-b072-4c72b966cf40} - L:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: {705ce262-0716-11e6-a0bd-4c72b966cf40} - K:\VZW_Software_upgrade_assistant.exe HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [File not signed] HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-25] (Google LLC -> Google Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\Windows\system32\LMIinit.dll [2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.) HKLM\Software\...\Authentication\Credential Providers: [{97E1814E-5601-41c8-9971-10C319EF61CC}] -> C:\Windows\system32\SRCredentialProvider.dll [2018-10-19] (Splashtop Inc. -> Splashtop Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-09-27] ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nostromo Loadout Manager.lnk [2018-07-23] ShortcutTarget: Nostromo Loadout Manager.lnk -> C:\Windows\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe (Macrovision Corporation) [File not signed] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-09-27] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-09-27] ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit, Inc. -> Intuit Inc.) Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2019-02-21] ShortcutTarget: Dropbox.lnk -> C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-04-07] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-03-04] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2014-06-24] ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\VisionDAW User\AppData\Roaming\VERIZON\UA_ar\UA.exe (Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.) BootExecute: autocheck autochk * bootdelete GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 www.swamengine.com Tcpip\Parameters: [DhcpNameServer] 192.168.86.1 Tcpip\..\Interfaces\{3CBBDB9E-2295-4D2E-B468-D1DA72ECCD84}: [DhcpNameServer] 10.126.0.1 Tcpip\..\Interfaces\{4EDEC94B-B772-4EA2-8059-FEDA321FD5DB}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{BD9A9928-2BFB-4A60-9E5C-C4DA1B164FAE}: [NameServer] 8.8.8.8,4.2.2.3 Tcpip\..\Interfaces\{BD9A9928-2BFB-4A60-9E5C-C4DA1B164FAE}: [DhcpNameServer] 192.168.86.1 Internet Explorer: ================== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-08] (Microsoft Corporation -> Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-12-01] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File Handler: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - No File Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: b0xpguy3.default FF ProfilePath: C:\Users\VisionDAW User\AppData\Roaming\Mozilla\Firefox\Profiles\b0xpguy3.default [2019-03-02] FF NetworkProxy: Mozilla\Firefox\Profiles\b0xpguy3.default -> type", 4 FF Extension: (Video DownloadHelper) - C:\Users\VisionDAW User\AppData\Roaming\Mozilla\Firefox\Profiles\b0xpguy3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-02-01] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2018-04-04] [Legacy] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-11-14] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin HKU\S-1-5-21-3386386071-2981558750-1810538096-1000: @asperasoft.com/AsperaConnect -> C:\Users\VisionDAW User\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.7.4\npasperaweb_3.7.4.147728.dll [2017-09-05] (Aspera, Inc. -> Aspera, Inc. ) FF Plugin HKU\S-1-5-21-3386386071-2981558750-1810538096-1000: signiant.com/SigniantTransfer -> C:\Users\VisionDAW User\AppData\Roaming\SigniantInc\SigniantTransfer\5.4.0.60258\npSigniantTransfer.dll [2014-07-11] (Signiant Corporation -> Signiant Inc.) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default [2019-03-04] CHR Extension: (Slides) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-07] CHR Extension: (Flash Video Downloader) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-09-28] CHR Extension: (Docs) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-07] CHR Extension: (Google Drive) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16] CHR Extension: (MEGA) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2019-02-28] CHR Extension: (YouTube) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-07] CHR Extension: (Honey) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-02-14] CHR Extension: (FVD Suggestions) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\caoielngcdpgeldnckhponffkiajaobo [2018-04-11] CHR Extension: (Google News) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2018-01-08] CHR Extension: (Dropbox for Gmail) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2019-02-07] CHR Extension: (Adobe Acrobat) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-03-29] CHR Extension: (Google Calendar) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2018-01-08] CHR Extension: (Google Finance) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2018-01-08] CHR Extension: (Sheets) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-07] CHR Extension: (Chrome Remote Desktop) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-03-04] CHR Extension: (Convert PDF to Word - PDFfiller) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclipekclncjckbhddbiocikflkdekkm [2018-01-08] CHR Extension: (Google Docs Offline) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16] CHR Extension: (AdBlock) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-28] CHR Extension: (Google Calendar) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2018-04-11] CHR Extension: (Grammarly for Chrome) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-03-01] CHR Extension: (Google Calendar - Week of Aug 9, 2015) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkcpfjbnojkgkmchngbnpbnahpikkgi [2018-01-08] CHR Extension: (Evernote Web) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2018-01-08] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-12-07] CHR Extension: (Video DownloadHelper) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2019-02-03] CHR Extension: (Google Maps) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2018-01-08] CHR Extension: (Contacts Sort App) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfbligcoimpkahekefnppbjgmjojkcp [2018-01-08] CHR Extension: (Google Play Books) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2018-01-08] CHR Extension: (Chrome Web Store Payments) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11] CHR Extension: (Amazon Assistant for Chrome) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2019-03-01] CHR Extension: (Evernote Web Clipper) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2019-01-28] CHR Extension: (Gmail) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-07] CHR Extension: (Chrome Media Router) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-13] CHR Profile: C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-12] CHR HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-03-28] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKLM\SYSTEM\CurrentControlSet\Services\hnkdz <==== ATTENTION (Rootkit!) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013280 2019-02-07] (Microsoft Corporation -> Microsoft Corporation) R2 DDService; C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe [2056992 2015-05-21] (Drobo, Inc. -> Drobo, Inc.) R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40080 2018-05-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [339168 2018-07-03] (Express Vpn LLC -> ) S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company -> Hewlett-Packard Company) R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2012-09-14] (Intel Corporation) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [420296 2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.) R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [588232 2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.) R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-01-10] (LogMeIn, Inc. -> LogMeIn, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5739008 2011-12-05] (Native Instruments GmbH) [File not signed] R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-03-07] (Intuit) [File not signed] R3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-08-19] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-08-19] (Intuit Inc.) [File not signed] S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115976 2016-01-28] (Shenzhen Wondershare Information Technology Co., Ltd. -> Wondershare) S3 GoogleChromeElevationService; "C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\elevation_service.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 bcgame; C:\Windows\System32\drivers\bcgame.sys [35328 2007-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Belkin Corporation) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 e1qexpress; C:\Windows\System32\DRIVERS\e1q60x64.sys [244736 2009-06-10] (Microsoft Windows -> Intel Corporation) R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [54216 2018-05-15] (CHENGDU YIWO Tech Development Co., Ltd. -> ) R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [101376 2013-07-09] (NTONYX Ltd. -> Eugene V. Muzychenko) S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVpn SplitTunnel Driver\driver\expressvpnsplittunnel.sys [18800 2018-07-03] (ExprsVPN LLC -> ) R3 hdsp; C:\Windows\System32\drivers\hdsp_64.sys [102400 2012-05-07] (Martin Bjoernsen -> RME) S3 HPFXFAX; C:\Windows\System32\drivers\hppdfaxio.sys [23576 2010-12-07] (Hewlett-Packard Company -> Hewlett Packard) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26072 2012-09-14] (Intel Corporation -> Intel Corporation) S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25752 2012-05-16] (PACE Anti-Piracy, Inc. -> ) R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc. -> LogMeIn, Inc.) S4 LMIRfsClientNP; no ImagePath R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-03-01] (Malwarebytes Corporation -> Malwarebytes) R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [96768 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation) R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [213504 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [57776 2008-01-20] (Fenghua Lee -> PowerISO Computing, Inc.) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [33488 2015-11-30] (NCH Software -> ) R3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-15] (Steinberg Media Technologies GmbH -> Steinberg Media Technologies GmbH) S3 tapexpressvpn; C:\Windows\System32\DRIVERS\tapexpressvpn.sys [35696 2018-07-03] (ExprsVPN LLC -> The OpenVPN Project) R3 tbwkern; C:\Windows\System32\DRIVERS\tbwkern.sys [34656 2016-02-22] (Kensington Computer Products Group -> ) R3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies) S1 bpeol; \??\C:\Users\VISION~1\AppData\Local\Temp\uphctszv.sys [X] <==== ATTENTION R4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X] R3 knqtxa; system32\drivers\qtxadg.sys [X] S4 lamurk; System32\drivers\dscvplam.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-03-04 17:07 - 2019-03-04 17:07 - 000000000 ____D C:\FRST 2019-03-02 15:17 - 2019-03-02 15:17 - 010372016 _____ C:\Users\VisionDAW User\Desktop\bitdefender_online.exe 2019-03-02 12:24 - 2019-03-02 12:24 - 000000000 ____D C:\Users\VisionDAW User\Desktop\New folder (2) 2019-03-01 14:51 - 2019-03-04 17:05 - 000000001 _____ C:\8061vvch9obpgv6 2019-03-01 14:31 - 2019-03-01 14:31 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-03-01 14:28 - 2019-03-01 14:28 - 000145744 ____N C:\Windows\system32\Drivers\sesgknqt.sys 2019-03-01 14:26 - 2019-03-01 14:26 - 000047684 _____ C:\Windows\system32\.crusader 2019-03-01 14:20 - 2019-03-01 14:27 - 000000000 ____D C:\ProgramData\HitmanPro 2019-03-01 14:18 - 2019-03-01 14:20 - 011514112 _____ (SurfRight B.V.) C:\Users\VisionDAW User\Desktop\HitmanPro_x64.exe 2019-02-28 16:15 - 2019-02-28 16:15 - 000000355 _____ C:\Users\VisionDAW User\Desktop\Computer - Shortcut (2).lnk 2019-02-21 17:21 - 2019-02-21 17:21 - 000003012 _____ C:\Windows\System32\Tasks\{F4141091-2D04-4C45-B8E9-FEFA3A93C11F} 2019-02-21 17:21 - 2019-02-21 17:21 - 000003012 _____ C:\Windows\System32\Tasks\{15825107-9085-4D14-BCFE-C0D1BE5BD07B} 2019-02-21 15:49 - 2019-02-21 15:49 - 018914256 _____ (Bitdefender LLC) C:\Users\VisionDAW User\Desktop\BDGandCrabDecryptTool.exe 2019-02-21 14:23 - 2019-02-21 14:23 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2019-02-13 18:23 - 2019-02-13 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2019-02-13 11:01 - 2019-02-13 11:01 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-02-13 11:01 - 2019-02-13 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-02-13 11:01 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-02-13 09:43 - 2019-02-13 09:43 - 000081938 _____ C:\Users\VisionDAW User\Desktop\RT. Fiocca Release.pdf 2019-02-13 09:41 - 2019-02-13 09:41 - 000016853 _____ C:\Users\VisionDAW User\Desktop\R. Fiocca Release.pdf 2019-02-08 09:49 - 2019-02-13 18:23 - 000002383 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2019-02-08 09:49 - 2019-02-13 18:23 - 000002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-02-08 09:49 - 2019-02-13 18:23 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-02-08 09:49 - 2019-02-13 18:23 - 000002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-02-08 09:49 - 2019-02-13 18:23 - 000002340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-02-08 09:49 - 2019-02-13 18:23 - 000002334 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-02-08 09:49 - 2019-02-13 18:23 - 000002328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-02-08 09:49 - 2019-02-13 18:23 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-02-04 21:27 - 2019-02-04 21:27 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\Splashtop 2019-02-03 14:59 - 2019-02-03 14:59 - 000000355 _____ C:\Users\VisionDAW User\Desktop\Computer - Shortcut.lnk ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-03-04 17:08 - 2009-07-13 21:34 - 025952256 _____ C:\Windows\system32\config\HARDWARE 2019-03-04 17:07 - 2018-07-17 14:59 - 000000000 ____D C:\Users\VisionDAW User\Desktop\Good Time 2019-03-04 17:01 - 2015-01-15 12:51 - 000000000 ____D C:\ProgramData\LogMeIn 2019-03-04 16:24 - 2015-07-07 12:17 - 000000954 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000UA.job 2019-03-04 05:01 - 2009-07-13 23:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-03-04 05:01 - 2009-07-13 23:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-03-03 23:24 - 2015-07-07 12:17 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000Core.job 2019-03-02 18:36 - 2013-01-29 10:44 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\HpUpdate 2019-03-02 18:36 - 2013-01-25 14:18 - 000000000 ____D C:\Users\VisionDAW User\Documents\ACID Pro 7.0 Projects 2019-03-02 12:02 - 2018-01-12 16:30 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\CrashDumps 2019-03-01 16:44 - 2013-01-23 12:47 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\ElevatedDiagnostics 2019-03-01 14:49 - 2009-07-14 00:13 - 000788354 _____ C:\Windows\system32\PerfStringBackup.INI 2019-03-01 14:49 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf 2019-03-01 14:33 - 2015-01-15 12:51 - 000000950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk 2019-03-01 14:31 - 2017-06-21 14:33 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Splice 2019-03-01 14:31 - 2016-10-25 18:27 - 000000218 _____ C:\Windows\Tasks\AutoKMS.job 2019-03-01 14:31 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-03-01 14:30 - 2018-11-12 17:14 - 002921984 _____ (TOSHIBA CORPORATION) C:\Windows\system32\cwamiousvc.exe 2019-03-01 14:26 - 2018-11-12 17:06 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\1337 2019-03-01 14:07 - 2013-01-24 09:50 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\Adobe 2019-03-01 13:11 - 2015-11-06 10:35 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Audacity 2019-02-28 14:39 - 2013-01-31 14:00 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\vlc 2019-02-28 14:11 - 2015-01-15 12:51 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\LogMeInIgnition 2019-02-25 15:33 - 2018-11-13 15:28 - 000002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-02-25 15:33 - 2018-11-13 15:28 - 000002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-02-23 23:33 - 2018-03-29 12:03 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-02-21 18:50 - 2017-06-26 16:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2019-02-21 18:50 - 2015-07-27 12:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-02-21 17:32 - 2017-07-07 11:06 - 000000000 ____D C:\Users\VisionDAW User\AppData\LocalLow\Mozilla 2019-02-21 15:50 - 2017-06-26 14:07 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\splice 2019-02-21 15:50 - 2017-06-14 16:32 - 000002149 _____ C:\Users\VisionDAW User\Desktop\Splice.lnk 2019-02-21 15:50 - 2017-06-14 16:32 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Splice 2019-02-21 15:50 - 2017-05-18 12:12 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\SpliceSettings 2019-02-21 14:24 - 2013-01-29 17:58 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Dropbox 2019-02-15 10:14 - 2019-01-21 11:19 - 000000250 _____ C:\Windows\wininit.ini 2019-02-15 10:14 - 2015-07-27 12:30 - 000000000 ____D C:\ProgramData\Mozilla 2019-02-14 12:17 - 2013-01-23 12:59 - 000000000 ____D C:\Users\VisionDAW User\Documents\Cubase Projects 2019-02-13 23:19 - 2015-07-07 12:17 - 000003946 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000UA 2019-02-13 23:19 - 2015-07-07 12:17 - 000003550 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000Core 2019-02-13 18:25 - 2018-11-12 18:09 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-02-13 18:23 - 2013-01-30 11:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-02-13 11:02 - 2015-02-06 10:49 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-02-12 22:30 - 2018-03-29 12:03 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2019-02-12 16:20 - 2014-03-24 10:57 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2019-02-12 16:20 - 2014-03-24 10:57 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2019-02-12 16:20 - 2014-03-24 10:57 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2019-02-12 16:20 - 2014-03-24 10:57 - 000000000 ____D C:\Windows\system32\Macromed 2019-02-12 16:20 - 2013-01-23 14:50 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2019-02-04 16:12 - 2015-01-15 12:51 - 000000000 ____D C:\Program Files (x86)\LogMeIn 2019-02-04 16:11 - 2015-01-15 12:51 - 000115168 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll.000.bak 2019-02-04 16:11 - 2015-01-15 12:51 - 000115168 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll 2019-02-04 16:11 - 2015-01-15 12:51 - 000109504 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll ==================== Files in the root of some directories ======= 2018-11-12 17:07 - 2018-11-12 21:08 - 000000221 _____ () C:\ProgramData\report.vbs 2018-11-12 17:11 - 2018-11-12 17:11 - 000009794 _____ () C:\Program Files\SQCFMDTOUY-DECRYPT.txt 2018-11-12 17:11 - 2018-11-12 17:11 - 000009794 _____ () C:\Program Files (x86)\SQCFMDTOUY-DECRYPT.txt 2018-05-12 11:53 - 2018-11-12 17:12 - 000000542 _____ () C:\Users\VisionDAW User\AppData\Roaming\ExplorerFavorites.txt.sqcfmdtouy 2019-01-08 18:17 - 2019-01-09 12:01 - 000030406 _____ () C:\Users\VisionDAW User\AppData\Roaming\QBFileDrTool.log 2016-09-07 14:20 - 2018-11-12 17:12 - 000021645 _____ () C:\Users\VisionDAW User\AppData\Roaming\QBFileDrTool.log.sqcfmdtouy 2018-11-12 17:11 - 2018-11-12 17:11 - 000009794 _____ () C:\Users\VisionDAW User\AppData\Roaming\SQCFMDTOUY-DECRYPT.txt 2013-07-09 08:57 - 2018-11-12 17:12 - 000001459 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.1.txt.sqcfmdtouy 2013-07-09 08:57 - 2018-11-12 17:12 - 000001721 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.2.txt.sqcfmdtouy 2013-07-09 08:57 - 2015-11-30 15:43 - 000000000 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2013-07-09 08:57 - 2018-11-12 17:12 - 000001721 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.txt.sqcfmdtouy 2018-11-12 17:12 - 2018-11-12 17:12 - 000009794 _____ () C:\Users\VisionDAW User\AppData\Roaming\Microsoft\SQCFMDTOUY-DECRYPT.txt 2018-11-12 17:12 - 2018-11-12 17:12 - 000140800 _____ () C:\Users\VisionDAW User\AppData\Local\installer.dat 2018-10-02 19:01 - 2018-10-02 19:01 - 000000000 _____ () C:\Users\VisionDAW User\AppData\Local\oobelibMkey.log 2018-01-12 14:56 - 2018-08-29 17:07 - 000000600 _____ () C:\Users\VisionDAW User\AppData\Local\PUTTY.RND 2017-10-17 12:28 - 2017-10-17 12:28 - 000004949 _____ () C:\Users\VisionDAW User\AppData\Local\recently-used.xbel 2017-02-21 15:57 - 2017-02-21 15:57 - 000007605 _____ () C:\Users\VisionDAW User\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2017-02-26 17:16 - 2017-02-26 17:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\0tac-68y.dll 2017-02-26 12:16 - 2017-02-26 12:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\59h90s9i.dll 2017-02-26 08:16 - 2017-02-26 08:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\6_2_flif.dll 2017-02-25 20:16 - 2017-02-25 20:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\9pacfkfj.dll 2017-02-25 17:16 - 2017-02-25 17:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\b1wlrafs.dll 2017-02-27 08:16 - 2017-02-27 08:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\bs5sdjzu.dll 2017-02-25 18:16 - 2017-02-25 18:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\c1mtsicc.dll 2017-02-26 02:16 - 2017-02-26 02:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\ga1_gsvf.dll 2017-02-23 16:16 - 2017-02-23 16:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\mhb9hati.dll 2010-03-11 15:13 - 2010-03-11 15:13 - 000174440 ____R (Microsoft Corporation) C:\Users\VisionDAW User\AppData\Local\Temp\ose00000.exe 2007-09-10 20:37 - 2007-09-10 20:37 - 000145184 ____R (Microsoft Corporation) C:\Users\VisionDAW User\AppData\Local\Temp\ose00001.exe 2007-09-10 20:37 - 2007-09-10 20:37 - 000145184 ____R (Microsoft Corporation) C:\Users\VisionDAW User\AppData\Local\Temp\ose00002.exe 2017-02-27 02:16 - 2017-02-27 02:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\oxclyjxc.dll 2017-02-26 01:16 - 2017-02-26 01:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\ozj4pnk_.dll 2018-11-10 02:12 - 2018-11-10 02:12 - 017679620 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\setup.dll 2018-11-14 12:40 - 2018-11-12 17:06 - 000099900 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\dllhost.exe => File is digitally signed C:\Windows\SysWOW64\dllhost.exe => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed C:\Windows\system32\drivers\sesgknqt.sys -> Access Denied <======= ATTENTION LastRegBack: 2019-03-04 00:35 ==================== End of FRST.txt ============================ Addition.txt
  10. I recently ran a scan and a number of threats were detected. However, only one of them could be quarantined/removed. Do I need some other virus removal program? (full log attached as .txt) Anybody else have this issue? Full log.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.