Jump to content

Andrei95

Members
  • Content Count

    11
  • Joined

  • Last visited

About Andrei95

  • Rank
    New Member
  1. It worked! All files are in place. Thank you so much, I do not have enough words. Hope you have a wonderful year! Gratitudes and cheers!
  2. Thank you, I will do this today! Also I have to mention that my infected external drive letter is 😧
  3. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2020 Ran by GR (09-01-2020 22:52:30) Running from C:\Users\GR\Desktop Windows 10 Pro Version 1903 18362.535 (X64) (2019-08-29 04:46:26) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4263489620-2654309337-961826061-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4263489620-2654309337-961826061-503 - Limited - Disabled) GR (S-1-5-21-4263489620-2654309337-961826061-1001 - Administrator - Enabled) => C:\Users\GR Guest (S-1-5-21-4263489620-2654309337-961826061-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-4263489620-2654309337-961826061-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\uTorrent) (Version: 3.5.5.45503 - BitTorrent Inc.) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.0.0.354 - Adobe Systems Incorporated) Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.7 - Adobe Systems Incorporated) Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0) (Version: 19.0 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2019 (HKLM-x32\...\PPRO_13_0_1) (Version: 13.0.1 - Adobe Systems Incorporated) Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software) Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 77.2.2154.121 - AVAST Software) Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.5.245.0 - AVAST Software) Hidden Backup and Sync from Google (HKLM\...\{7B473CF8-CE4F-4AE1-A86D-CFBDDCC85FAF}) (Version: 3.47.8667.1399 - Google, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.21.50 - Conexant) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Discord (HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\Discord) (Version: 0.0.305 - Discord Inc.) Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.117 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation) Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes) Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.12228.20364 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{49e969a1-2990-464d-92b5-25f6f34573c6}) (Version: 12.0.40664.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{d2c8df0e-f15d-4426-9e51-f13f329f9cb4}) (Version: 12.0.40664.0 - Корпорация Майкрософт) Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Need for Speed Most Wanted (black edition) (HKLM-x32\...\Need for Speed Most Wanted (black edition)) (Version: 1.3 - Electronic Arts) NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PUBG Lite (HKLM-x32\...\PUBG Lite_is1) (Version: 1.0.0.7 - ) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Rocket League (HKLM-x32\...\Rocket League_is1) (Version: - Psyonix) Skype version 8.33 (HKLM-x32\...\Skype_is1) (Version: 8.33 - Skype Technologies S.A.) SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.7.24.155 - EnigmaSoft Limited) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated) TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.6.4835 - TeamViewer) The Jackbox Party Pack (HKLM-x32\...\The Jackbox Party Pack_is1) (Version: - ) Trojan Remover (HKLM-x32\...\Trojan Remover_is1) (Version: - Simply Super Software) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden VCDS Release 12.12.0 (HKLM-x32\...\VCDS Release 12.12) (Version: 12.12.0 - Ross-Tech) Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation) Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - ) WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH) Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare) Packages: ========= Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-09-11] (Adobe Systems Incorporated) iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa [2020-01-05] (Apple Inc.) [Startup Task] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2020-01-05] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4263489620-2654309337-961826061-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092020224923990_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-602996F2CD43} -> [Creative Cloud Files] => C:\Users\GR\Creative Cloud Files [2019-09-11 14:51] CustomCLSID: HKU\S-1-5-21-4263489620-2654309337-961826061-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092020224923990_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) CustomCLSID: HKU\S-1-5-21-4263489620-2654309337-961826061-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092020224923990_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) CustomCLSID: HKU\S-1-5-21-4263489620-2654309337-961826061-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-602996F2CD43} -> [Creative Cloud Files] => C:\Users\GR\Creative Cloud Files [2019-09-11 14:51] CustomCLSID: HKU\S-1-5-21-4263489620-2654309337-961826061-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) CustomCLSID: HKU\S-1-5-21-4263489620-2654309337-961826061-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-12-22] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-12-22] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-12-22] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ !!!smico] -> {C6E713CA-A7FD-4C73-9E34-AD7676CB957F} => -> No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-12-22] (Google LLC -> Google) ContextMenuHandlers1: [SmartMountShlExt] -> {3871F95B-BF7A-4C17-950B-3ECBCA765A45} => -> No File ContextMenuHandlers1: [SMShellExts] -> {3871F95B-BF7A-4c17-950B-3ECBCA765A45} => -> No File ContextMenuHandlers1: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [SmartMountShlExt] -> {3871F95B-BF7A-4C17-950B-3ECBCA765A45} => -> No File ContextMenuHandlers2: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-12-22] (Google LLC -> Google) ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers4: [SmartMountShlExt] -> {3871F95B-BF7A-4C17-950B-3ECBCA765A45} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-02-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-09] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\GR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --app=hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=3&click_id=dca008733b5232d8d0840ef7856e73fa9e069738 --app-window-size=1366,768 ShortcutWithArgument: C:\Users\GR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> %SNP% ShortcutWithArgument: C:\Users\GR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --app=hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=3&click_id=dca008733b5232d8d0840ef7856e73fa9e069738 --app-window-size=1366,768 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> %SNP% ==================== Loaded Modules (Whitelisted) ============= 2020-01-09 22:43 - 2020-01-09 22:43 - 000114176 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\_ctypes.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000173056 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\_elementtree.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 001808896 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\_hashlib.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000032256 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\_multiprocessing.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000046080 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\_psutil_windows.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000047616 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\_socket.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 002241024 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\_ssl.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000026112 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\_yappi.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000080896 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\bz2.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000016384 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\common.time34.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000007680 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\hashobjs_ext.pyd 2020-01-09 22:42 - 2020-01-09 22:43 - 000301568 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\PIL._imaging.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000169472 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\pyexpat.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 001084416 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\pysqlite2._sqlite.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000548864 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\pythoncom27.dll 2020-01-09 22:43 - 2020-01-09 22:43 - 000137728 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\pywintypes27.dll 2020-01-09 22:43 - 2020-01-09 22:43 - 000010752 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\select.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000020992 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\thumbnails_ext.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000689664 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\unicodedata.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000119808 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\usb_ext.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000128512 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32api.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000438784 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32com.shell.shell.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000011776 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32crypt.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000023040 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32event.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000149504 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32file.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000223232 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32gui.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000048128 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32inet.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000029696 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32pdh.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000027648 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32pipe.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000044032 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32process.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000020480 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32profile.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000136192 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32security.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000026624 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32ts.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000034816 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\windows.conditional.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000038400 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\windows.connectivity.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000071680 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\windows.device_monitor.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000109056 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\windows.volumes.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000020480 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\windows.winwrap.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 001325056 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wx._controls_.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 001489408 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wx._core_.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 001007104 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wx._gdi_.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000103424 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wx._html2.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 000916992 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wx._misc_.pyd 2020-01-09 22:43 - 2020-01-09 22:43 - 001039872 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wx._windows_.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000114176 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\_ctypes.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000173056 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\_elementtree.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 001808896 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\_hashlib.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000032256 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\_multiprocessing.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000046080 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\_psutil_windows.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000047616 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\_socket.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 002241024 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\_ssl.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000026112 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\_yappi.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000080896 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\bz2.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000016384 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\common.time34.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000007680 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\hashobjs_ext.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000301568 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\PIL._imaging.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000169472 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\pyexpat.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 001084416 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\pysqlite2._sqlite.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000548864 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\pythoncom27.dll 2020-01-09 22:42 - 2020-01-09 22:42 - 000137728 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\pywintypes27.dll 2020-01-09 22:42 - 2020-01-09 22:42 - 000010752 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\select.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000020992 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\thumbnails_ext.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000689664 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\unicodedata.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000119808 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\usb_ext.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000128512 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32api.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000438784 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32com.shell.shell.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000011776 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32crypt.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000023040 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32event.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000149504 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32file.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000223232 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32gui.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000048128 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32inet.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000029696 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32pdh.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000027648 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32pipe.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000044032 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32process.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000020480 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32profile.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000136192 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32security.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000026624 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32ts.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000034816 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\windows.conditional.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000038400 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\windows.connectivity.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000071680 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\windows.device_monitor.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000109056 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\windows.volumes.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000020480 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\windows.winwrap.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 001325056 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wx._controls_.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 001489408 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wx._core_.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 001007104 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wx._gdi_.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000103424 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wx._html2.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 000916992 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wx._misc_.pyd 2020-01-09 22:42 - 2020-01-09 22:42 - 001039872 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wx._windows_.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000114176 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\_ctypes.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000173056 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\_elementtree.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 001808896 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\_hashlib.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000032256 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\_multiprocessing.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000046080 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\_psutil_windows.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000047616 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\_socket.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 002241024 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\_ssl.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000026112 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\_yappi.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000080896 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\bz2.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000016384 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\common.time34.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000007680 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\hashobjs_ext.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000301568 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\PIL._imaging.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000169472 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\pyexpat.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 001084416 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\pysqlite2._sqlite.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000548864 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\pythoncom27.dll 2020-01-09 22:38 - 2020-01-09 22:38 - 000137728 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\pywintypes27.dll 2020-01-09 22:38 - 2020-01-09 22:38 - 000010752 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\select.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000020992 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\thumbnails_ext.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000689664 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\unicodedata.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000119808 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\usb_ext.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000128512 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32api.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000438784 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32com.shell.shell.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000011776 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32crypt.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000023040 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32event.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000149504 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32file.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000223232 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32gui.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000048128 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32inet.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000029696 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32pdh.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000027648 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32pipe.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000044032 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32process.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000020480 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32profile.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000136192 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32security.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000026624 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32ts.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000034816 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\windows.conditional.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000038400 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\windows.connectivity.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000071680 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\windows.device_monitor.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000109056 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\windows.volumes.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000020480 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\windows.winwrap.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 001325056 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wx._controls_.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 001489408 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wx._core_.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 001007104 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wx._gdi_.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000103424 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wx._html2.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 000916992 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wx._misc_.pyd 2020-01-09 22:38 - 2020-01-09 22:38 - 001039872 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wx._windows_.pyd 2019-01-22 23:34 - 2019-01-22 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll 2019-01-22 23:34 - 2019-01-22 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll 2020-01-09 22:43 - 2020-01-09 22:43 - 003042816 _____ (Python Software Foundation) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\python27.dll 2020-01-09 22:42 - 2020-01-09 22:42 - 003042816 _____ (Python Software Foundation) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\python27.dll 2020-01-09 22:38 - 2020-01-09 22:38 - 003042816 _____ (Python Software Foundation) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\python27.dll 2020-01-09 22:43 - 2020-01-09 22:43 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wxbase30u_net_vc90_x64.dll 2020-01-09 22:43 - 2020-01-09 22:43 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wxbase30u_vc90_x64.dll 2020-01-09 22:43 - 2020-01-09 22:43 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wxmsw30u_adv_vc90_x64.dll 2020-01-09 22:43 - 2020-01-09 22:43 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wxmsw30u_core_vc90_x64.dll 2020-01-09 22:43 - 2020-01-09 22:43 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wxmsw30u_html_vc90_x64.dll 2020-01-09 22:43 - 2020-01-09 22:43 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wxmsw30u_webview_vc90_x64.dll 2020-01-09 22:42 - 2020-01-09 22:42 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wxbase30u_net_vc90_x64.dll 2020-01-09 22:42 - 2020-01-09 22:42 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wxbase30u_vc90_x64.dll 2020-01-09 22:42 - 2020-01-09 22:42 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wxmsw30u_adv_vc90_x64.dll 2020-01-09 22:42 - 2020-01-09 22:42 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wxmsw30u_core_vc90_x64.dll 2020-01-09 22:42 - 2020-01-09 22:42 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wxmsw30u_html_vc90_x64.dll 2020-01-09 22:42 - 2020-01-09 22:42 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wxmsw30u_webview_vc90_x64.dll 2020-01-09 22:38 - 2020-01-09 22:38 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wxbase30u_net_vc90_x64.dll 2020-01-09 22:38 - 2020-01-09 22:38 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wxbase30u_vc90_x64.dll 2020-01-09 22:38 - 2020-01-09 22:38 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wxmsw30u_adv_vc90_x64.dll 2020-01-09 22:38 - 2020-01-09 22:38 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wxmsw30u_core_vc90_x64.dll 2020-01-09 22:38 - 2020-01-09 22:38 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wxmsw30u_html_vc90_x64.dll 2020-01-09 22:38 - 2020-01-09 22:38 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wxmsw30u_webview_vc90_x64.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [286] AlternateDataStreams: C:\Users\GR\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394] AlternateDataStreams: C:\Users\GR\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\537BFC49.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\537BFC49.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 13:04 - 2019-01-05 20:26 - 002097703 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 cpm.paneladmin.pro 127.0.0.1 publisher.hmdiadmingate.xyz 127.0.0.1 hmdicrewtracksystem.xyz 127.0.0.1 mydownloaddomain.com 127.0.0.1 linkmate.space 127.0.0.1 space1.adminpressure.space 127.0.0.1 trackpressure.website 127.0.0.1 doctorlink.space 127.0.0.1 plugpackdownload.net 127.0.0.1 texttotalk.org 127.0.0.1 gambling577.xyz 127.0.0.1 htagdownload.space 127.0.0.1 mybcnmonetize.com 127.0.0.1 360devtraking.website 127.0.0.1 dscdn.pw 127.0.0.1 bcnmonetize.go2affise.com 127.0.0.1 beautifllink.xyz 2018-02-22 23:07 - 2018-02-22 23:07 - 000000444 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Windows Live\Shared HKU\S-1-5-21-4263489620-2654309337-961826061-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\StartupApproved\StartupFolder: => "BznMMQqmAG.url" HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\StartupApproved\StartupFolder: => "winmsvc.lnk" HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\StartupApproved\Run: => "Chromium" HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\StartupApproved\Run: => "23BA.tmp" HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\StartupApproved\Run: => "UGF2W0PW0UEXL3E" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{7EEF006C-B698-4CFD-9356-1EFDC8BCC8FE}] => (Allow) F:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{A7B2B1C0-CBBD-4498-A4D1-2DB456D7B515}] => (Allow) F:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{D46E9A64-7530-444B-A542-A3A4695276C9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{DB34D5A3-3058-4A21-9619-B88BC98413C0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{95BC16C7-35FF-4B76-90AA-301E7BC9B911}] => (Allow) F:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed] FirewallRules: [{FCA4F4C8-5844-4CBC-851F-031B41AC1235}] => (Allow) F:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed] FirewallRules: [{11D41B83-CF7B-430D-8F25-9D648BC16508}] => (Allow) F:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed] FirewallRules: [{20F5EFED-3FF0-41D8-B917-C9A2F092BB87}] => (Allow) F:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed] FirewallRules: [{D6B13319-51F0-4A55-B486-F7147B65ED93}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{FE20CE61-98CD-43C1-9E69-0DA011C0B2F6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5BFD52F1-B1BA-4BB8-BF4B-FC22DB52BDEE}] => (Block) %ProgramFiles% (x86)\rocketleague\Binaries\Win32\RocketLeague.exe No File FirewallRules: [{DEE3A580-B1A0-4E92-9F46-66D3908A3A3D}] => (Allow) F:\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve) FirewallRules: [{E4544E5E-7E20-444E-8E3F-ACBD3C67CD73}] => (Allow) F:\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve) FirewallRules: [{2F27E96C-58A9-4875-974D-AF920E820D67}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{7C4C9115-6204-4B5C-B76B-DDCD6DB4D374}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F0EF7983-7D7D-45DA-945B-F3D84096C0C5}] => (Allow) F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{BFC9F784-E238-4957-AD9B-BAA4F2739DFF}] => (Allow) F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{E973090C-E9B8-4208-9AEC-E37353BC46CB}] => (Allow) F:\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe (Codemasters Software Company Limited) [File not signed] FirewallRules: [{9642FCDC-D440-4574-AB1E-7D9B09B941F8}] => (Allow) F:\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe (Codemasters Software Company Limited) [File not signed] FirewallRules: [{762C9965-A60F-4C1B-830E-FE1033A5D37E}] => (Allow) LPort=1900 FirewallRules: [{D83E7237-932A-439B-B07E-92EA423A3938}] => (Allow) LPort=2869 FirewallRules: [{E7A5A658-973F-407F-84C1-9AB38EEF29F5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{EE74444F-BB69-492D-A851-1DBB63BB0991}] => (Allow) F:\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{4D9014EB-06F4-4FFF-A534-9EBE4B1C8192}] => (Allow) F:\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{D0E147FC-E23E-4F8C-AEDE-14B8E07ACEFE}] => (Allow) LPort=1688 FirewallRules: [{0FC7C794-6642-4996-898B-38822FAD1D4F}] => (Allow) F:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed] FirewallRules: [{3B8EA9EC-F230-49E7-BAD4-DCE1C62F1272}] => (Allow) F:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed] FirewallRules: [{D6DE18A2-5A7F-481D-93C4-9B6AF5C077B6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{7AA65796-51A4-4EC0-BC04-D2D5ED99594D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{FF8DCC37-4677-4D2E-88FD-8EFEF5C675B0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{B3A2C1A8-D536-40D8-89C3-D11D06F601E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{7D3637D5-6BFC-4C66-8382-8C9021CE7124}] => (Allow) F:\steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed] FirewallRules: [{B8878C5D-61D3-418B-9B81-115AAA529329}] => (Allow) F:\steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed] FirewallRules: [{B5A7B94B-20CF-41AB-A46A-8C0980347290}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{45A25EF8-34D6-4AED-98AA-7DC4D9B8899B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{E1CEEA1E-CEA5-402F-82A4-229E2973EB21}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D2E5C642-B1AE-4320-A943-2FF287197A49}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6456741A-4B63-43E5-9F83-328814C2AC9B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{7974920D-BD25-40EF-ACE5-B5B484BCB4D3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{97FC61E1-51FC-4B1D-8DC8-CED451E6B584}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{2ABA1646-89F1-49E2-88B6-29C15FEE6532}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{DD072EC7-BB51-497C-A36C-AC58540EB9BC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6A635C51-2CE6-4153-A332-20FC102558A3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{3F341512-12A6-4237-AD5B-A619FA420D57}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software) ==================== Restore Points ========================= 12-12-2019 10:04:24 Windows Modules Installer 08-01-2020 20:05:07 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (01/09/2020 11:05:24 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (10376,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/09/2020 10:59:13 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (5824,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/09/2020 10:56:41 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Trjscan.exe version 6.9.5.1364 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 18e0 Start Time: 01d5c72caf0998af Termination Time: 23 Application Path: C:\Program Files (x86)\Trojan Remover\Trjscan.exe Report Id: c42d7422-0b8f-41bc-9fed-d878c33a055d Faulting package full name: Faulting package-relative application ID: Hang type: Unknown Error: (01/09/2020 10:53:25 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (9832,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/09/2020 10:49:57 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY) Description: Failed to begin a Windows Installer transaction C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserUpdateHelper.msi. Error 1618 occurred while beginning the transaction. Error: (01/09/2020 10:47:26 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (2580,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/09/2020 10:37:42 PM) (Source: ATIeRecord) (EventID: 16396) (User: ) Description: ATI EEU PnP start/stop failed Error: (01/09/2020 10:21:27 PM) (Source: ATIeRecord) (EventID: 16396) (User: ) Description: ATI EEU PnP start/stop failed System errors: ============= Error: (01/09/2020 11:05:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (01/09/2020 11:05:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (01/09/2020 10:45:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Update Orchestrator Service service hung on starting. Error: (01/09/2020 10:42:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Downloaded Maps Manager service hung on starting. Error: (01/09/2020 10:35:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-C63605U) Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout. Error: (01/09/2020 10:35:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-C63605U) Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout. Error: (01/09/2020 10:35:44 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-C63605U) Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout. Error: (01/09/2020 10:35:44 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-C63605U) Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2020-01-09 19:34:16.791 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {D6EBF840-6BB7-4594-8012-D5C94FA12BED} Scan Type: Antimalware Scan Parameters: Custom Scan Date: 2020-01-09 16:04:27.165 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {CE637E63-3DFF-4DC2-A8F7-025A61C5A406} Scan Type: Antimalware Scan Parameters: Custom Scan Date: 2020-01-09 15:46:02.398 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {E41CFCA3-1612-44DE-9216-E0341D59AF4A} Scan Type: Antimalware Scan Parameters: Custom Scan Date: 2019-12-12 11:13:11.672 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {CAD7D9BE-7D7F-4877-A62F-028054F34558} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-12-10 13:37:44.214 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {DF94EE50-BBD7-4D41-ABD7-D56EC63EB635} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-12-12 08:54:31.816 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.307.309.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16600.7 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-12-07 19:23:11.095 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.307.37.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16600.7 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-11-23 14:41:34.916 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.305.2572.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16500.1 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-09-13 02:47:24.513 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.301.1134.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16300.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-09-10 19:12:31.319 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.301.783.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16300.1 Error code: 0x80072ee7 Error description: The server name or address could not be resolved CodeIntegrity: =================================== Date: 2020-01-09 22:54:33.786 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-09 22:54:33.781 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-09 22:54:32.199 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-09 22:54:32.028 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-09 22:41:40.859 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2020-01-09 22:41:38.834 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2020-01-09 22:41:36.811 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2020-01-09 22:41:33.259 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: LENOVO 78CN19WW(V1.07) 07/04/2013 Motherboard: LENOVO INVALID Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz Percentage of memory in use: 80% Total physical RAM: 6012.85 MB Available physical RAM: 1163.96 MB Total Virtual: 7804.85 MB Available Virtual: 1603.57 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:199.23 GB) (Free:80.75 GB) NTFS Drive d: (Elements) (Fixed) (Total:1862.98 GB) (Free:12.79 GB) NTFS Drive f: (Local Disk) (Fixed) (Total:731.02 GB) (Free:454.61 GB) NTFS \\?\Volume{d9fa2484-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS \\?\Volume{d9fa2484-0000-0000-0000-20ee31000000}\ () (Fixed) (Total:0.77 GB) (Free:0.3 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D9FA2484) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=199.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=786 MB) - (Type=27) Partition 4: (Not Active) - (Size=731 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (Size: 1863 GB) (Disk ID: 16F2A91F) Partition: GPT. ==================== End of Addition.txt =======================
  4. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2020 Ran by GR (administrator) on DESKTOP-C63605U (LENOVO 20236) (09-01-2020 22:44:01) Running from C:\Users\GR\Desktop Loaded Profiles: GR (Available Profiles: GR) Platform: Windows 10 Pro Version 1903 18362.535 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler64.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dxgiadaptercache.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe (Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe (Simply Super Software -> Simply Super Software) C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [909016 2013-10-21] (Conexant Systems, Inc. -> Conexant Systems, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) [File not signed] HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2018-02-10] (Synaptics Incorporated -> Synaptics Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2084920 2019-09-27] (Adobe Inc. -> Adobe Inc.) HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\Run: [Chromium] => "c:\users\gr\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [47773264 2019-12-22] (Google LLC -> ) HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\Run: [AvastBrowserAutoLaunch_29444FEB6F6E437784662D7919BD4509] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2015080 2019-11-05] (AVAST Software s.r.o. -> AVAST Software) HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [2487352 2019-09-27] (Adobe Inc. -> Adobe Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.117\Installer\chrmstp.exe [2020-01-09] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2154.121\Installer\chrmstp.exe [2020-01-09] (AVAST Software s.r.o. -> AVAST Software) FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0291DAC7-A868-4063-88CA-6ED922CF4693} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-16] (Microsoft Corporation -> Microsoft Corporation) Task: {0EB87C0A-F1D3-41E2-ADBA-4465DCF32B5A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {198A3F5E-2196-4C33-8306-33E08464C775} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-16] (Microsoft Corporation -> Microsoft Corporation) Task: {2C47ECD6-8DA1-4462-8902-978EC043FCA8} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {2E0D790F-0678-49CE-B6B4-14FD56ACD420} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-16] (Piriform Software Ltd -> Piriform Software Ltd) Task: {317720D1-BB50-48D9-BD4C-CD0A5F15AEDF} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) Task: {38520929-5537-4850-867F-67D89E8F1B22} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-16] (Piriform Software Ltd -> Piriform Ltd) Task: {406ED5CE-D10D-4E46-8048-3BB810B482AA} - System32\Tasks\TR_FastScan_AtLogon => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3314400 2019-08-14] (Simply Super Software -> Simply Super Software) Task: {4FFE0F86-8FFE-4A8F-B1F8-BB93B4B20FCF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-12-07] (Microsoft Corporation -> Microsoft Corporation) Task: {788EF8D6-1C14-43E1-9FC4-91999AA9B550} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) Task: {85D823F6-3DE3-462C-A8CF-A02350E12423} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2015080 2019-11-05] (AVAST Software s.r.o. -> AVAST Software) Task: {86AD45F2-9871-4436-AC5C-48FA23A0D111} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-11] (Google Inc -> Google Inc.) Task: {86F7917C-361B-4380-9ED9-C4A528A603C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-11] (Google Inc -> Google Inc.) Task: {9CED35AD-C7B7-4177-BE83-10F7DF42E02E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation) Task: {A3860E91-21B7-4E5D-80D1-801F4BBF814F} - System32\Tasks\TR_AntiHijack => C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe Task: {A6264E87-3EA8-4B26-B1C4-BE94EDDE4804} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-16] (Microsoft Corporation -> Microsoft Corporation) Task: {AC963A36-8162-4851-AE21-51D0F25213E6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) Task: {BEBE9157-8720-4829-A30F-B0121DA629C2} - System32\Tasks\TR_FastScan_Daily_GR => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3314400 2019-08-14] (Simply Super Software -> Simply Super Software) Task: {C7F971D5-F46B-4E95-9933-40D928E1773C} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2015080 2019-11-05] (AVAST Software s.r.o. -> AVAST Software) Task: {CAC1FAF6-A154-48B0-97FD-6992FB906897} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-12-07] (Microsoft Corporation -> Microsoft Corporation) Task: {D302C192-8E05-4655-9408-D118289BD524} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-16] (Microsoft Corporation -> Microsoft Corporation) Task: {E4E0B34E-621B-4080-AF03-33762CD127BC} - System32\Tasks\TR_Updater => C:\Program Files (x86)\Trojan Remover\Trupd.exe [2520792 2019-10-03] (Simply Super Software -> Simply Super Software) Task: {E9CF28F3-4507-42C1-A523-35187BC410D0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-19] (AVAST Software s.r.o. -> AVAST Software) Task: {FBA236E0-265A-4C91-AE90-95D83AA57C00} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{6434670e-a9e0-4ece-ac9c-963b81fdba93}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7167ed4a-5d1e-4fad-9429-fa4cc5027c4e}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-16] (Google LLC -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-16] (Google LLC -> Google LLC) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.com/ CHR Notifications: Default -> hxxps://topfilmeonline.net; hxxps://www.youtube.com CHR Profile: C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default [2020-01-09] CHR Extension: (Up Pro (Verified)) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdndbhimamboekdkboekhmjfhcfmjpke [2018-08-01] CHR Extension: (AdBlock — best ad blocker) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-01-05] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-09-08] CHR Extension: (Chrome Web Store Payments) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-07] CHR Extension: (Chrome Media Router) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-05] CHR Profile: C:\Users\GR\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-09-11] CHR Profile: C:\Users\GR\AppData\Local\Google\Chrome\User Data\System Profile [2019-09-11] CHR HKU\S-1-5-21-4263489620-2654309337-961826061-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\GR\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2019-09-08] CHR HKU\S-1-5-21-4263489620-2654309337-961826061-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [254488 2018-02-10] (Microsoft Windows Hardware Compatibility Publisher -> AMD) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2154.121\elevation_service.exe [1117336 2019-11-05] (AVAST Software s.r.o. -> AVAST Software) R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7013384 2018-03-10] (BattlEye Innovations e.K. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-11-28] (Microsoft Corporation -> Microsoft Corporation) R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [11780320 2020-01-09] (EnigmaSoft Limited -> EnigmaSoft Limited) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2018-02-11] (Intel(R) pGFX -> Intel Corporation) R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2020-01-09] (Malwarebytes Inc -> Malwarebytes) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [519904 2020-01-09] (EnigmaSoft Limited -> EnigmaSoft Limited) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2018-02-10] (Synaptics Incorporated -> Synaptics Incorporated) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12135768 2019-09-24] (TeamViewer GmbH -> TeamViewer GmbH) S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-10-13] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 537BFC49; C:\WINDOWS\System32\drivers\537BFC49.sys [478392 2020-01-09] (Kaspersky Lab -> Kaspersky Lab ZAO) R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21625880 2018-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [673304 2018-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [98184 2018-02-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-04-14] (ASUSTeK Computer Inc. -> ) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-01-09] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [276952 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 EnigmaFileMonDriver; C:\WINDOWS\System32\drivers\EnigmaFileMonDriver.sys [68424 2020-01-09] (EnigmaSoft Limited -> EnigmaSoft Limited) R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [121344 2019-03-19] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [218288 2020-01-09] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-01-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-01-09] (Malwarebytes Inc -> Malwarebytes) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-10-01] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-10-01] (MiniTool Solution Ltd -> ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [422656 2018-02-10] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2018-02-10] (Synaptics Incorporated -> Synaptics Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-08] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-08] (Microsoft Windows -> Microsoft Corporation) R2 WinDivert1.2; C:\WINDOWS\system32\drivers\WinDivert64.sys [37552 2018-08-01] (Nemea Mjukvaruutveckling AB -> Basil) S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2019-12-07] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-09 22:49 - 2020-01-09 22:49 - 000000000 ____D C:\Users\GR\AppData\LocalLow\IGDump 2020-01-09 22:45 - 2020-01-09 22:45 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2020-01-09 22:45 - 2020-01-09 22:45 - 000218288 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2020-01-09 22:44 - 2020-01-09 22:48 - 000030739 _____ C:\Users\GR\Desktop\FRST.txt 2020-01-09 22:41 - 2020-01-09 22:41 - 002573312 _____ (Farbar) C:\Users\GR\Downloads\FRST64 (1).exe 2020-01-09 22:35 - 2020-01-09 22:35 - 000003856 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) 2020-01-09 22:35 - 2020-01-09 22:35 - 000003272 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon) 2020-01-09 22:35 - 2020-01-09 22:35 - 000002570 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk 2020-01-09 22:35 - 2020-01-09 22:35 - 000002535 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk 2020-01-09 22:35 - 2020-01-09 22:35 - 000002535 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk 2020-01-09 22:33 - 2020-01-09 22:46 - 000000000 ____D C:\FRST 2020-01-09 22:33 - 2020-01-09 22:33 - 002573312 _____ (Farbar) C:\Users\GR\Desktop\FRST64.exe 2020-01-09 22:33 - 2020-01-09 22:33 - 000003454 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineUA 2020-01-09 22:33 - 2020-01-09 22:33 - 000003330 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineCore 2020-01-09 22:33 - 2020-01-09 22:33 - 000000000 ____D C:\Program Files (x86)\AVAST Software 2020-01-09 22:32 - 2020-01-09 22:32 - 008237744 _____ (Malwarebytes) C:\Users\GR\Downloads\adwcleaner_8.0.1 (1).exe 2020-01-09 22:24 - 2020-01-09 22:27 - 000000000 ____D C:\Users\GR\AppData\Local\BitTorrentHelper 2020-01-09 22:15 - 2020-01-09 22:27 - 000000000 ____D C:\Users\GR\Downloads\SpyHunter v4.22.8.4668 Portable by MaSTeR 2020-01-09 22:15 - 2020-01-09 22:15 - 000010824 _____ C:\Users\GR\Downloads\SpyHunter_v4.22.8.4668_Portable_by_MaSTeR.torrent 2020-01-09 22:05 - 2020-01-09 22:06 - 000000000 ____D C:\Users\GR\Downloads\SpyHunter 4.1.11.0 + Crack 2020-01-09 22:01 - 2020-01-09 22:01 - 000000000 ____D C:\Users\GR\Downloads\Reimage Pc Repair Serial Number 2020-01-09 22:00 - 2020-01-09 22:24 - 000000000 ____D C:\Users\GR\AppData\LocalLow\uTorrent 2020-01-09 19:47 - 2020-01-09 19:55 - 000257512 _____ C:\WINDOWS\ntbtlog.txt 2020-01-09 19:42 - 2020-01-09 19:42 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC 2020-01-09 19:42 - 2020-01-09 19:42 - 000000000 ___HD C:\ProgramData\Documents\AdobeGC 2020-01-09 19:37 - 2020-01-09 19:37 - 000002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2020-01-09 19:37 - 2020-01-09 19:37 - 000002148 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2020-01-09 19:37 - 2020-01-09 19:37 - 000002148 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk 2020-01-09 19:37 - 2020-01-09 19:37 - 000000000 ____D C:\Users\GR\AppData\Roaming\AVAST Software 2020-01-09 19:32 - 2020-01-09 22:21 - 000000000 ____D C:\ProgramData\TEMP 2020-01-09 19:30 - 2020-01-09 22:44 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2020-01-09 19:28 - 2020-01-09 22:38 - 000068424 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys 2020-01-09 19:28 - 2020-01-09 19:30 - 000848432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2020-01-09 19:28 - 2020-01-09 19:30 - 000460448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2020-01-09 19:28 - 2020-01-09 19:30 - 000161544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2020-01-09 19:28 - 2020-01-09 19:28 - 000316528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2020-01-09 19:28 - 2020-01-09 19:28 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk 2020-01-09 19:28 - 2020-01-09 19:28 - 000001055 _____ C:\ProgramData\Desktop\SpyHunter5.lnk 2020-01-09 19:28 - 2020-01-09 19:28 - 000000000 ____D C:\sh5ldr 2020-01-09 19:28 - 2020-01-09 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft 2020-01-09 19:28 - 2020-01-09 19:28 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited 2020-01-09 19:28 - 2020-01-09 19:27 - 000355720 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2020-01-09 19:28 - 2020-01-09 19:27 - 000276952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000274456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000236024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000209552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000204824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000110320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000083792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000065120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000042736 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000037616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000016304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys 2020-01-09 19:27 - 2020-01-09 19:27 - 000000000 ____D C:\Program Files\EnigmaSoft 2020-01-09 19:25 - 2020-01-09 19:25 - 000000000 ____D C:\Program Files\AVAST Software 2020-01-09 19:24 - 2020-01-09 19:24 - 000230080 _____ (AVAST Software) C:\Users\GR\Downloads\avast_free_antivirus_setup_online.exe 2020-01-09 19:24 - 2020-01-09 19:24 - 000004130 _____ C:\WINDOWS\system32\Tasks\TR_FastScan_Daily_GR 2020-01-09 19:24 - 2020-01-09 19:24 - 000004004 _____ C:\WINDOWS\system32\Tasks\TR_FastScan_AtLogon 2020-01-09 19:24 - 2020-01-09 19:24 - 000003930 _____ C:\WINDOWS\system32\Tasks\TR_Updater 2020-01-09 19:24 - 2020-01-09 19:24 - 000003786 _____ C:\WINDOWS\system32\Tasks\TR_AntiHijack 2020-01-09 19:24 - 2020-01-09 19:24 - 000001367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover FastScan.lnk 2020-01-09 19:24 - 2020-01-09 19:24 - 000001267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover Updater.lnk 2020-01-09 19:24 - 2020-01-09 19:24 - 000001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover.lnk 2020-01-09 19:24 - 2020-01-09 19:24 - 000000000 ____D C:\Users\GR\Documents\Simply Super Software 2020-01-09 19:24 - 2020-01-09 19:24 - 000000000 ____D C:\ProgramData\Simply Super Software 2020-01-09 19:24 - 2020-01-09 19:24 - 000000000 ____D C:\Program Files (x86)\Trojan Remover 2020-01-09 19:23 - 2020-01-09 19:24 - 011779800 _____ (Simply Super Software ) C:\Users\GR\Downloads\trjsetup.exe 2020-01-09 19:15 - 2020-01-09 19:15 - 000478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\537BFC49.sys 2020-01-09 19:14 - 2020-01-09 19:38 - 000000000 ____D C:\KVRT_Data 2020-01-09 19:07 - 2020-01-09 19:26 - 000153224 _____ C:\TDSSKiller.3.1.0.28_09.01.2020_19.07.22_log.txt 2020-01-09 19:07 - 2020-01-09 19:11 - 180774328 _____ (AO Kaspersky Lab) C:\Users\GR\Downloads\KVRT.exe 2020-01-09 19:07 - 2020-01-09 19:07 - 005054744 _____ (AO Kaspersky Lab) C:\Users\GR\Downloads\tdsskiller.exe 2020-01-09 18:59 - 2020-01-09 18:59 - 000000129 _____ C:\Users\GR\Desktop\cleaner.bat 2020-01-09 18:58 - 2020-01-09 18:59 - 000000129 _____ C:\Users\GR\Desktop\New Text Document.txt 2020-01-09 18:47 - 2020-01-09 18:47 - 001917528 _____ (Mister Group ) C:\Users\GR\Downloads\SystemExplorerSetup.exe 2020-01-09 18:40 - 2020-01-09 18:40 - 000001706 _____ C:\Users\GR\Desktop\Shortcut_Virus_Remover_V2.1.3.rar 2020-01-09 18:40 - 2018-07-24 13:24 - 000004005 _____ C:\Users\GR\Desktop\Shortcut_Virus_Remover_V2.1.3.bat 2020-01-09 18:29 - 2020-01-09 18:29 - 000925696 _____ (Farbar) C:\Users\GR\Downloads\FSS (1).exe 2020-01-09 18:25 - 2020-01-09 18:25 - 000000000 ____D C:\Users\GR\AppData\Local\cache 2020-01-09 18:21 - 2020-01-09 18:22 - 000000000 ____D C:\AdwCleaner 2020-01-09 18:21 - 2020-01-09 18:21 - 000925696 _____ (Farbar) C:\Users\GR\Downloads\FSS.exe 2020-01-09 18:20 - 2020-01-09 18:20 - 008237744 _____ (Malwarebytes) C:\Users\GR\Downloads\adwcleaner_8.0.1.exe 2020-01-09 17:46 - 2020-01-09 17:46 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-01-09 17:46 - 2020-01-09 17:46 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-01-09 13:58 - 2020-01-09 14:01 - 000000000 ____D C:\Users\GR\Desktop\apartament eduard 2020-01-09 13:22 - 2020-01-09 13:28 - 1218883624 _____ C:\Users\GR\Desktop\wetransfer-dee114.zip 2020-01-08 19:24 - 2020-01-08 19:24 - 000000000 ____D C:\Users\GR\Apple 2020-01-05 15:37 - 2020-01-05 16:36 - 000000000 ____D C:\Users\GR\Desktop\neagu ulei 2019-12-12 10:34 - 2019-12-12 10:34 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-12-12 10:34 - 2019-12-12 10:34 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 002188816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001496080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-12-12 10:34 - 2019-12-12 10:34 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-12-12 10:34 - 2019-12-12 10:34 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2019-12-12 10:34 - 2019-12-12 10:34 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2019-12-12 10:34 - 2019-12-12 10:34 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2019-12-12 10:34 - 2019-12-12 10:34 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2019-12-12 10:34 - 2019-12-12 10:34 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys 2019-12-12 10:34 - 2019-12-12 10:34 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys 2019-12-12 10:34 - 2019-12-12 10:34 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2019-12-12 10:33 - 2019-12-12 10:34 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-12-12 10:33 - 2019-12-12 10:33 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-12-12 10:33 - 2019-12-12 10:33 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-12-12 10:33 - 2019-12-12 10:33 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-12-12 10:33 - 2019-12-12 10:33 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-12-12 10:33 - 2019-12-12 10:33 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys 2019-12-12 10:33 - 2019-12-12 10:33 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe 2019-12-12 10:33 - 2019-12-12 10:33 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2019-12-12 10:33 - 2019-12-12 10:33 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2019-12-12 10:33 - 2019-12-12 10:33 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2019-12-12 10:33 - 2019-12-12 10:33 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys 2019-12-12 10:33 - 2019-12-12 10:33 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2019-12-12 08:48 - 2019-12-16 12:34 - 000000000 ____D C:\Users\GR\Desktop\catb 2019-12-10 10:39 - 2020-01-05 15:00 - 000000000 ___HD C:\adobeTemp ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-09 22:48 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-01-09 22:41 - 2019-09-08 21:23 - 000000000 ___RD C:\Users\GR\Google Drive 2020-01-09 22:39 - 2019-09-11 14:51 - 000000000 ___RD C:\Users\GR\Creative Cloud Files 2020-01-09 22:39 - 2018-02-18 17:56 - 000000000 ____D C:\Users\GR\AppData\Local\Adobe 2020-01-09 22:38 - 2018-02-10 18:53 - 000000000 __SHD C:\Users\GR\IntelGraphicsProfiles 2020-01-09 22:37 - 2019-08-29 06:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-01-09 22:37 - 2019-01-22 23:36 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2020-01-09 22:36 - 2019-03-19 06:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2020-01-09 22:34 - 2018-02-11 18:11 - 000002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-01-09 22:33 - 2018-07-25 12:07 - 000000000 ____D C:\Users\GR\AppData\Local\AVAST Software 2020-01-09 22:33 - 2018-02-18 03:31 - 000000000 ____D C:\Users\GR\AppData\Roaming\uTorrent 2020-01-09 22:32 - 2019-10-24 21:39 - 000000000 ___RD C:\Users\GR\Google Drive (georgerosca1497@gmail.com) 2020-01-09 22:31 - 2019-08-29 06:44 - 000004160 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D9446457-9E4E-4C11-991A-FFD57F12B112} 2020-01-09 22:18 - 2018-02-18 14:33 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2020-01-09 21:54 - 2019-08-29 06:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-01-09 19:47 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF 2020-01-09 19:36 - 2018-07-25 12:27 - 000000000 ____D C:\Users\GR\AppData\Local\CrashDumps 2020-01-09 19:28 - 2019-03-19 06:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2020-01-09 19:25 - 2018-02-17 18:19 - 000000000 ____D C:\ProgramData\AVAST Software 2020-01-09 19:13 - 2018-02-10 17:44 - 000000000 ____D C:\Users\GR\AppData\Local\Packages 2020-01-09 17:45 - 2019-09-11 01:41 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2020-01-09 17:45 - 2019-09-11 01:41 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2020-01-09 17:27 - 2019-09-11 01:42 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2020-01-09 13:16 - 2019-09-08 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google 2020-01-08 19:34 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-01-08 19:34 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-01-08 19:24 - 2019-08-29 06:27 - 000000000 ____D C:\Users\GR 2020-01-05 14:58 - 2019-10-06 22:38 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2020-01-05 14:58 - 2019-10-06 22:38 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData 2020-01-05 14:55 - 2019-08-29 06:34 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-12-16 12:46 - 2019-01-22 23:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-12-16 12:41 - 2019-08-29 06:44 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2019-12-16 12:41 - 2019-08-29 06:44 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2019-12-16 12:28 - 2018-02-13 02:37 - 000000000 ___RD C:\Users\GR\3D Objects 2019-12-16 12:28 - 2018-02-10 17:44 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-12-16 12:27 - 2019-08-29 06:18 - 000460264 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-12-12 12:05 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SystemResources 2019-12-12 12:05 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-12-12 12:05 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-12-12 10:46 - 2018-02-11 18:19 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-12-12 10:42 - 2018-02-11 18:19 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-12-12 10:41 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp ==================== Files in the root of some directories ======== 2018-10-01 21:30 - 2018-10-01 21:30 - 000000000 _____ () C:\Users\GR\AppData\Local\oobelibMkey.log 2018-08-01 17:32 - 2018-08-02 17:07 - 000007605 _____ () C:\Users\GR\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================
  5. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/9/20 Scan Time: 10:49 PM Log File: 7a897672-3321-11ea-a601-208984fe2f8e.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.793 Update Package Version: 1.0.17495 License: Free -System Information- OS: Windows 10 (Build 18362.535) CPU: x64 File System: NTFS User: DESKTOP-C63605U\GR -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 339402 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 20 min, 8 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  6. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2020 Ran by GR (administrator) on DESKTOP-C63605U (LENOVO 20236) (09-01-2020 22:44:01) Running from C:\Users\GR\Desktop Loaded Profiles: GR (Available Profiles: GR) Platform: Windows 10 Pro Version 1903 18362.535 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler64.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dxgiadaptercache.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe (Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe (Simply Super Software -> Simply Super Software) C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [909016 2013-10-21] (Conexant Systems, Inc. -> Conexant Systems, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) [File not signed] HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2018-02-10] (Synaptics Incorporated -> Synaptics Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2084920 2019-09-27] (Adobe Inc. -> Adobe Inc.) HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\Run: [Chromium] => "c:\users\gr\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [47773264 2019-12-22] (Google LLC -> ) HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\Run: [AvastBrowserAutoLaunch_29444FEB6F6E437784662D7919BD4509] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2015080 2019-11-05] (AVAST Software s.r.o. -> AVAST Software) HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [2487352 2019-09-27] (Adobe Inc. -> Adobe Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.117\Installer\chrmstp.exe [2020-01-09] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2154.121\Installer\chrmstp.exe [2020-01-09] (AVAST Software s.r.o. -> AVAST Software) FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0291DAC7-A868-4063-88CA-6ED922CF4693} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-16] (Microsoft Corporation -> Microsoft Corporation) Task: {0EB87C0A-F1D3-41E2-ADBA-4465DCF32B5A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {198A3F5E-2196-4C33-8306-33E08464C775} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-16] (Microsoft Corporation -> Microsoft Corporation) Task: {2C47ECD6-8DA1-4462-8902-978EC043FCA8} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {2E0D790F-0678-49CE-B6B4-14FD56ACD420} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-16] (Piriform Software Ltd -> Piriform Software Ltd) Task: {317720D1-BB50-48D9-BD4C-CD0A5F15AEDF} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) Task: {38520929-5537-4850-867F-67D89E8F1B22} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-16] (Piriform Software Ltd -> Piriform Ltd) Task: {406ED5CE-D10D-4E46-8048-3BB810B482AA} - System32\Tasks\TR_FastScan_AtLogon => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3314400 2019-08-14] (Simply Super Software -> Simply Super Software) Task: {4FFE0F86-8FFE-4A8F-B1F8-BB93B4B20FCF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-12-07] (Microsoft Corporation -> Microsoft Corporation) Task: {788EF8D6-1C14-43E1-9FC4-91999AA9B550} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) Task: {85D823F6-3DE3-462C-A8CF-A02350E12423} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2015080 2019-11-05] (AVAST Software s.r.o. -> AVAST Software) Task: {86AD45F2-9871-4436-AC5C-48FA23A0D111} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-11] (Google Inc -> Google Inc.) Task: {86F7917C-361B-4380-9ED9-C4A528A603C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-11] (Google Inc -> Google Inc.) Task: {9CED35AD-C7B7-4177-BE83-10F7DF42E02E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation) Task: {A3860E91-21B7-4E5D-80D1-801F4BBF814F} - System32\Tasks\TR_AntiHijack => C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe Task: {A6264E87-3EA8-4B26-B1C4-BE94EDDE4804} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-16] (Microsoft Corporation -> Microsoft Corporation) Task: {AC963A36-8162-4851-AE21-51D0F25213E6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) Task: {BEBE9157-8720-4829-A30F-B0121DA629C2} - System32\Tasks\TR_FastScan_Daily_GR => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3314400 2019-08-14] (Simply Super Software -> Simply Super Software) Task: {C7F971D5-F46B-4E95-9933-40D928E1773C} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2015080 2019-11-05] (AVAST Software s.r.o. -> AVAST Software) Task: {CAC1FAF6-A154-48B0-97FD-6992FB906897} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-12-07] (Microsoft Corporation -> Microsoft Corporation) Task: {D302C192-8E05-4655-9408-D118289BD524} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-16] (Microsoft Corporation -> Microsoft Corporation) Task: {E4E0B34E-621B-4080-AF03-33762CD127BC} - System32\Tasks\TR_Updater => C:\Program Files (x86)\Trojan Remover\Trupd.exe [2520792 2019-10-03] (Simply Super Software -> Simply Super Software) Task: {E9CF28F3-4507-42C1-A523-35187BC410D0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-19] (AVAST Software s.r.o. -> AVAST Software) Task: {FBA236E0-265A-4C91-AE90-95D83AA57C00} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{6434670e-a9e0-4ece-ac9c-963b81fdba93}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7167ed4a-5d1e-4fad-9429-fa4cc5027c4e}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-16] (Google LLC -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-16] (Google LLC -> Google LLC) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.com/ CHR Notifications: Default -> hxxps://topfilmeonline.net; hxxps://www.youtube.com CHR Profile: C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default [2020-01-09] CHR Extension: (Up Pro (Verified)) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdndbhimamboekdkboekhmjfhcfmjpke [2018-08-01] CHR Extension: (AdBlock — best ad blocker) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-01-05] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-09-08] CHR Extension: (Chrome Web Store Payments) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-07] CHR Extension: (Chrome Media Router) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-05] CHR Profile: C:\Users\GR\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-09-11] CHR Profile: C:\Users\GR\AppData\Local\Google\Chrome\User Data\System Profile [2019-09-11] CHR HKU\S-1-5-21-4263489620-2654309337-961826061-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\GR\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2019-09-08] CHR HKU\S-1-5-21-4263489620-2654309337-961826061-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [254488 2018-02-10] (Microsoft Windows Hardware Compatibility Publisher -> AMD) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2154.121\elevation_service.exe [1117336 2019-11-05] (AVAST Software s.r.o. -> AVAST Software) R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7013384 2018-03-10] (BattlEye Innovations e.K. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-11-28] (Microsoft Corporation -> Microsoft Corporation) R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [11780320 2020-01-09] (EnigmaSoft Limited -> EnigmaSoft Limited) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2018-02-11] (Intel(R) pGFX -> Intel Corporation) R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2020-01-09] (Malwarebytes Inc -> Malwarebytes) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [519904 2020-01-09] (EnigmaSoft Limited -> EnigmaSoft Limited) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2018-02-10] (Synaptics Incorporated -> Synaptics Incorporated) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12135768 2019-09-24] (TeamViewer GmbH -> TeamViewer GmbH) S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-10-13] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 537BFC49; C:\WINDOWS\System32\drivers\537BFC49.sys [478392 2020-01-09] (Kaspersky Lab -> Kaspersky Lab ZAO) R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21625880 2018-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [673304 2018-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [98184 2018-02-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-04-14] (ASUSTeK Computer Inc. -> ) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-01-09] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [276952 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2020-01-09] (AVAST Software s.r.o. -> AVAST Software) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 EnigmaFileMonDriver; C:\WINDOWS\System32\drivers\EnigmaFileMonDriver.sys [68424 2020-01-09] (EnigmaSoft Limited -> EnigmaSoft Limited) R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [121344 2019-03-19] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [218288 2020-01-09] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-01-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-01-09] (Malwarebytes Inc -> Malwarebytes) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-10-01] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-10-01] (MiniTool Solution Ltd -> ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [422656 2018-02-10] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2018-02-10] (Synaptics Incorporated -> Synaptics Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-08] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-08] (Microsoft Windows -> Microsoft Corporation) R2 WinDivert1.2; C:\WINDOWS\system32\drivers\WinDivert64.sys [37552 2018-08-01] (Nemea Mjukvaruutveckling AB -> Basil) S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2019-12-07] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-09 22:49 - 2020-01-09 22:49 - 000000000 ____D C:\Users\GR\AppData\LocalLow\IGDump 2020-01-09 22:45 - 2020-01-09 22:45 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2020-01-09 22:45 - 2020-01-09 22:45 - 000218288 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2020-01-09 22:44 - 2020-01-09 22:48 - 000030739 _____ C:\Users\GR\Desktop\FRST.txt 2020-01-09 22:41 - 2020-01-09 22:41 - 002573312 _____ (Farbar) C:\Users\GR\Downloads\FRST64 (1).exe 2020-01-09 22:35 - 2020-01-09 22:35 - 000003856 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) 2020-01-09 22:35 - 2020-01-09 22:35 - 000003272 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon) 2020-01-09 22:35 - 2020-01-09 22:35 - 000002570 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk 2020-01-09 22:35 - 2020-01-09 22:35 - 000002535 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk 2020-01-09 22:35 - 2020-01-09 22:35 - 000002535 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk 2020-01-09 22:33 - 2020-01-09 22:46 - 000000000 ____D C:\FRST 2020-01-09 22:33 - 2020-01-09 22:33 - 002573312 _____ (Farbar) C:\Users\GR\Desktop\FRST64.exe 2020-01-09 22:33 - 2020-01-09 22:33 - 000003454 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineUA 2020-01-09 22:33 - 2020-01-09 22:33 - 000003330 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineCore 2020-01-09 22:33 - 2020-01-09 22:33 - 000000000 ____D C:\Program Files (x86)\AVAST Software 2020-01-09 22:32 - 2020-01-09 22:32 - 008237744 _____ (Malwarebytes) C:\Users\GR\Downloads\adwcleaner_8.0.1 (1).exe 2020-01-09 22:24 - 2020-01-09 22:27 - 000000000 ____D C:\Users\GR\AppData\Local\BitTorrentHelper 2020-01-09 22:15 - 2020-01-09 22:27 - 000000000 ____D C:\Users\GR\Downloads\SpyHunter v4.22.8.4668 Portable by MaSTeR 2020-01-09 22:15 - 2020-01-09 22:15 - 000010824 _____ C:\Users\GR\Downloads\SpyHunter_v4.22.8.4668_Portable_by_MaSTeR.torrent 2020-01-09 22:05 - 2020-01-09 22:06 - 000000000 ____D C:\Users\GR\Downloads\SpyHunter 4.1.11.0 + Crack 2020-01-09 22:01 - 2020-01-09 22:01 - 000000000 ____D C:\Users\GR\Downloads\Reimage Pc Repair Serial Number 2020-01-09 22:00 - 2020-01-09 22:24 - 000000000 ____D C:\Users\GR\AppData\LocalLow\uTorrent 2020-01-09 19:47 - 2020-01-09 19:55 - 000257512 _____ C:\WINDOWS\ntbtlog.txt 2020-01-09 19:42 - 2020-01-09 19:42 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC 2020-01-09 19:42 - 2020-01-09 19:42 - 000000000 ___HD C:\ProgramData\Documents\AdobeGC 2020-01-09 19:37 - 2020-01-09 19:37 - 000002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2020-01-09 19:37 - 2020-01-09 19:37 - 000002148 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2020-01-09 19:37 - 2020-01-09 19:37 - 000002148 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk 2020-01-09 19:37 - 2020-01-09 19:37 - 000000000 ____D C:\Users\GR\AppData\Roaming\AVAST Software 2020-01-09 19:32 - 2020-01-09 22:21 - 000000000 ____D C:\ProgramData\TEMP 2020-01-09 19:30 - 2020-01-09 22:44 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2020-01-09 19:28 - 2020-01-09 22:38 - 000068424 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys 2020-01-09 19:28 - 2020-01-09 19:30 - 000848432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2020-01-09 19:28 - 2020-01-09 19:30 - 000460448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2020-01-09 19:28 - 2020-01-09 19:30 - 000161544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2020-01-09 19:28 - 2020-01-09 19:28 - 000316528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2020-01-09 19:28 - 2020-01-09 19:28 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk 2020-01-09 19:28 - 2020-01-09 19:28 - 000001055 _____ C:\ProgramData\Desktop\SpyHunter5.lnk 2020-01-09 19:28 - 2020-01-09 19:28 - 000000000 ____D C:\sh5ldr 2020-01-09 19:28 - 2020-01-09 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft 2020-01-09 19:28 - 2020-01-09 19:28 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited 2020-01-09 19:28 - 2020-01-09 19:27 - 000355720 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2020-01-09 19:28 - 2020-01-09 19:27 - 000276952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000274456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000236024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000209552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000204824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000110320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000083792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000065120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000042736 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000037616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys 2020-01-09 19:28 - 2020-01-09 19:27 - 000016304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys 2020-01-09 19:27 - 2020-01-09 19:27 - 000000000 ____D C:\Program Files\EnigmaSoft 2020-01-09 19:25 - 2020-01-09 19:25 - 000000000 ____D C:\Program Files\AVAST Software 2020-01-09 19:24 - 2020-01-09 19:24 - 000230080 _____ (AVAST Software) C:\Users\GR\Downloads\avast_free_antivirus_setup_online.exe 2020-01-09 19:24 - 2020-01-09 19:24 - 000004130 _____ C:\WINDOWS\system32\Tasks\TR_FastScan_Daily_GR 2020-01-09 19:24 - 2020-01-09 19:24 - 000004004 _____ C:\WINDOWS\system32\Tasks\TR_FastScan_AtLogon 2020-01-09 19:24 - 2020-01-09 19:24 - 000003930 _____ C:\WINDOWS\system32\Tasks\TR_Updater 2020-01-09 19:24 - 2020-01-09 19:24 - 000003786 _____ C:\WINDOWS\system32\Tasks\TR_AntiHijack 2020-01-09 19:24 - 2020-01-09 19:24 - 000001367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover FastScan.lnk 2020-01-09 19:24 - 2020-01-09 19:24 - 000001267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover Updater.lnk 2020-01-09 19:24 - 2020-01-09 19:24 - 000001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover.lnk 2020-01-09 19:24 - 2020-01-09 19:24 - 000000000 ____D C:\Users\GR\Documents\Simply Super Software 2020-01-09 19:24 - 2020-01-09 19:24 - 000000000 ____D C:\ProgramData\Simply Super Software 2020-01-09 19:24 - 2020-01-09 19:24 - 000000000 ____D C:\Program Files (x86)\Trojan Remover 2020-01-09 19:23 - 2020-01-09 19:24 - 011779800 _____ (Simply Super Software ) C:\Users\GR\Downloads\trjsetup.exe 2020-01-09 19:15 - 2020-01-09 19:15 - 000478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\537BFC49.sys 2020-01-09 19:14 - 2020-01-09 19:38 - 000000000 ____D C:\KVRT_Data 2020-01-09 19:07 - 2020-01-09 19:26 - 000153224 _____ C:\TDSSKiller.3.1.0.28_09.01.2020_19.07.22_log.txt 2020-01-09 19:07 - 2020-01-09 19:11 - 180774328 _____ (AO Kaspersky Lab) C:\Users\GR\Downloads\KVRT.exe 2020-01-09 19:07 - 2020-01-09 19:07 - 005054744 _____ (AO Kaspersky Lab) C:\Users\GR\Downloads\tdsskiller.exe 2020-01-09 18:59 - 2020-01-09 18:59 - 000000129 _____ C:\Users\GR\Desktop\cleaner.bat 2020-01-09 18:58 - 2020-01-09 18:59 - 000000129 _____ C:\Users\GR\Desktop\New Text Document.txt 2020-01-09 18:47 - 2020-01-09 18:47 - 001917528 _____ (Mister Group ) C:\Users\GR\Downloads\SystemExplorerSetup.exe 2020-01-09 18:40 - 2020-01-09 18:40 - 000001706 _____ C:\Users\GR\Desktop\Shortcut_Virus_Remover_V2.1.3.rar 2020-01-09 18:40 - 2018-07-24 13:24 - 000004005 _____ C:\Users\GR\Desktop\Shortcut_Virus_Remover_V2.1.3.bat 2020-01-09 18:29 - 2020-01-09 18:29 - 000925696 _____ (Farbar) C:\Users\GR\Downloads\FSS (1).exe 2020-01-09 18:25 - 2020-01-09 18:25 - 000000000 ____D C:\Users\GR\AppData\Local\cache 2020-01-09 18:21 - 2020-01-09 18:22 - 000000000 ____D C:\AdwCleaner 2020-01-09 18:21 - 2020-01-09 18:21 - 000925696 _____ (Farbar) C:\Users\GR\Downloads\FSS.exe 2020-01-09 18:20 - 2020-01-09 18:20 - 008237744 _____ (Malwarebytes) C:\Users\GR\Downloads\adwcleaner_8.0.1.exe 2020-01-09 17:46 - 2020-01-09 17:46 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-01-09 17:46 - 2020-01-09 17:46 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-01-09 13:58 - 2020-01-09 14:01 - 000000000 ____D C:\Users\GR\Desktop\apartament eduard 2020-01-09 13:22 - 2020-01-09 13:28 - 1218883624 _____ C:\Users\GR\Desktop\wetransfer-dee114.zip 2020-01-08 19:24 - 2020-01-08 19:24 - 000000000 ____D C:\Users\GR\Apple 2020-01-05 15:37 - 2020-01-05 16:36 - 000000000 ____D C:\Users\GR\Desktop\neagu ulei 2019-12-12 10:34 - 2019-12-12 10:34 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-12-12 10:34 - 2019-12-12 10:34 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 002188816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001496080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-12-12 10:34 - 2019-12-12 10:34 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-12-12 10:34 - 2019-12-12 10:34 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2019-12-12 10:34 - 2019-12-12 10:34 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2019-12-12 10:34 - 2019-12-12 10:34 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2019-12-12 10:34 - 2019-12-12 10:34 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2019-12-12 10:34 - 2019-12-12 10:34 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys 2019-12-12 10:34 - 2019-12-12 10:34 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys 2019-12-12 10:34 - 2019-12-12 10:34 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll 2019-12-12 10:34 - 2019-12-12 10:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2019-12-12 10:33 - 2019-12-12 10:34 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-12-12 10:33 - 2019-12-12 10:33 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-12-12 10:33 - 2019-12-12 10:33 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-12-12 10:33 - 2019-12-12 10:33 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-12-12 10:33 - 2019-12-12 10:33 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-12-12 10:33 - 2019-12-12 10:33 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys 2019-12-12 10:33 - 2019-12-12 10:33 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe 2019-12-12 10:33 - 2019-12-12 10:33 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2019-12-12 10:33 - 2019-12-12 10:33 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2019-12-12 10:33 - 2019-12-12 10:33 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2019-12-12 10:33 - 2019-12-12 10:33 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys 2019-12-12 10:33 - 2019-12-12 10:33 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe 2019-12-12 10:33 - 2019-12-12 10:33 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll 2019-12-12 10:33 - 2019-12-12 10:33 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2019-12-12 08:48 - 2019-12-16 12:34 - 000000000 ____D C:\Users\GR\Desktop\catb 2019-12-10 10:39 - 2020-01-05 15:00 - 000000000 ___HD C:\adobeTemp ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-09 22:48 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-01-09 22:41 - 2019-09-08 21:23 - 000000000 ___RD C:\Users\GR\Google Drive 2020-01-09 22:39 - 2019-09-11 14:51 - 000000000 ___RD C:\Users\GR\Creative Cloud Files 2020-01-09 22:39 - 2018-02-18 17:56 - 000000000 ____D C:\Users\GR\AppData\Local\Adobe 2020-01-09 22:38 - 2018-02-10 18:53 - 000000000 __SHD C:\Users\GR\IntelGraphicsProfiles 2020-01-09 22:37 - 2019-08-29 06:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-01-09 22:37 - 2019-01-22 23:36 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2020-01-09 22:36 - 2019-03-19 06:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2020-01-09 22:34 - 2018-02-11 18:11 - 000002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-01-09 22:33 - 2018-07-25 12:07 - 000000000 ____D C:\Users\GR\AppData\Local\AVAST Software 2020-01-09 22:33 - 2018-02-18 03:31 - 000000000 ____D C:\Users\GR\AppData\Roaming\uTorrent 2020-01-09 22:32 - 2019-10-24 21:39 - 000000000 ___RD C:\Users\GR\Google Drive (georgerosca1497@gmail.com) 2020-01-09 22:31 - 2019-08-29 06:44 - 000004160 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D9446457-9E4E-4C11-991A-FFD57F12B112} 2020-01-09 22:18 - 2018-02-18 14:33 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2020-01-09 21:54 - 2019-08-29 06:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-01-09 19:47 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF 2020-01-09 19:36 - 2018-07-25 12:27 - 000000000 ____D C:\Users\GR\AppData\Local\CrashDumps 2020-01-09 19:28 - 2019-03-19 06:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2020-01-09 19:25 - 2018-02-17 18:19 - 000000000 ____D C:\ProgramData\AVAST Software 2020-01-09 19:13 - 2018-02-10 17:44 - 000000000 ____D C:\Users\GR\AppData\Local\Packages 2020-01-09 17:45 - 2019-09-11 01:41 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2020-01-09 17:45 - 2019-09-11 01:41 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2020-01-09 17:27 - 2019-09-11 01:42 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2020-01-09 13:16 - 2019-09-08 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google 2020-01-08 19:34 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-01-08 19:34 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-01-08 19:24 - 2019-08-29 06:27 - 000000000 ____D C:\Users\GR 2020-01-05 14:58 - 2019-10-06 22:38 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2020-01-05 14:58 - 2019-10-06 22:38 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData 2020-01-05 14:55 - 2019-08-29 06:34 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-12-16 12:46 - 2019-01-22 23:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-12-16 12:41 - 2019-08-29 06:44 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2019-12-16 12:41 - 2019-08-29 06:44 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2019-12-16 12:28 - 2018-02-13 02:37 - 000000000 ___RD C:\Users\GR\3D Objects 2019-12-16 12:28 - 2018-02-10 17:44 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-12-16 12:27 - 2019-08-29 06:18 - 000460264 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-12-12 12:05 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SystemResources 2019-12-12 12:05 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-12-12 12:05 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-12-12 10:46 - 2018-02-11 18:19 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-12-12 10:42 - 2018-02-11 18:19 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-12-12 10:41 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp ==================== Files in the root of some directories ======== 2018-10-01 21:30 - 2018-10-01 21:30 - 000000000 _____ () C:\Users\GR\AppData\Local\oobelibMkey.log 2018-08-01 17:32 - 2018-08-02 17:07 - 000007605 _____ () C:\Users\GR\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.)
  7. # ------------------------------- # Malwarebytes AdwCleaner 8.0.1.0 # ------------------------------- # Build: 12-17-2019 # Database: 2020-01-06.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 01-09-2020 # Duration: 00:00:10 # OS: Windows 10 Pro # Cleaned: 7 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files\Reimage Deleted C:\rei ***** [ Files ] ***** Deleted C:\Users\GR\Downloads\SpyHunter-Installer.exe ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk Deleted C:\Users\GR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKLM\Software\Reimage Deleted HKLM\Software\Wow6432Node\EnigmaSoftwareGroup ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [2943 octets] - [09/01/2020 18:21:50] AdwCleaner[C00].txt - [2817 octets] - [09/01/2020 18:22:07] AdwCleaner[S01].txt - [1857 octets] - [09/01/2020 22:34:17] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
  8. Hello! I used a virused USB STICKin my PC while my EXTERNAL HDD was connected. Now my 2TB external HDD is virused and "windows cannot find drive.bat" error appears when I try to acces files, and the icons are modified. And now, the files are hidden (the HDD is full but there is no file in the drive). Can you help me recover my files and get rid of the virus, please? Anti-malware, Karpesky, Winows antiviruses say the drive is clean... Thank you!
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.