Jump to content

Irremovable Malware


AG38
 Share

Recommended Posts

There is malware on my computer. From the time I turn on my computer to 10 minutes the malware pops up in the background. It's name is botip and plays a video in the background. Also, every time I turn on my computer it turns off Windows Defender. When I'm on a program like Google Chrome full-screen every thing in the background turns into a shade of black and even the taskbar isn't there exept for the program I was on. I tried Trojan remover, didn't work. Malwarebytes the program said I had 240 pieces of malware and all that stuff, Restarted my computer and the virus pops up again.  PLEASE, HELP!!!!!!!! 

Link to post
Share on other sites

Hi AG38 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below, and provide me both FRST logs (FRST.txt and Addition.txt) and the Malwarebytes log. You can attach them in your next post, or copy/paste their content.

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Albion (administrator) on DESKTOP-V5IHT07 (29-03-2018 16:27:42)
Running from C:\Users\Albion\Downloads
Loaded Profiles: Albion (Available Profiles: Albion & gashi)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\x64\x64ProcessAssistSvc.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\Cloudscan\MHCloudSvc.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\PCBooster.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\QuickSearch.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\MemfilesService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.251_none_16dd4c82321e5ccc\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-06-21] (CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3639616 2018-03-28] (Dropbox, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-03-11] (CANON INC.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [701984 2017-07-13] (HP Inc.)
HKLM-x32\...\Run: [MalTray] => C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe [980944 2018-03-18] (Glarysoft Ltd)
HKU\S-1-5-21-255955452-3416418320-429472043-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2018-02-22] (Glarysoft Ltd)
BootExecute: autocheck autochk * Partizan
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{00fb8bf9-ad30-4809-a89c-53f15c7fb57f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{10d4b7ca-840e-4a5c-8d8f-917143ba44eb}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5d493b86-f7d4-4b22-98e2-d9549d7c138a}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5f725a95-09f1-4cf3-93bc-1f48ac41e9e0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5f725a95-09f1-4cf3-93bc-1f48ac41e9e0}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{6916e41d-16c5-4673-9149-5c02225376c0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6916e41d-16c5-4673-9149-5c02225376c0}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{79bef2a2-be9a-11e7-9aee-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8382bb01-6106-4309-b7c6-7a80676c8917}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{846f4431-b69c-46c0-850a-cf9665adfc1f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{846f4431-b69c-46c0-850a-cf9665adfc1f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a402e58b-734c-4891-9c7c-1e957a00a984}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{D032807A-1C8C-48EF-9712-04BE7177B715}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{faca38a9-7e06-4eea-9973-07f0d4bc5e08}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{faca38a9-7e06-4eea-9973-07f0d4bc5e08}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131664961233988797&GUID=4EC6A43F-1A2D-4F02-A66E-882A2867EA1A
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-255955452-3416418320-429472043-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-255955452-3416418320-429472043-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-255955452-3416418320-429472043-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-255955452-3416418320-429472043-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

Edge: 
======
Edge Extension: (Honey) -> EdgeExtension_HoneyScienceCorporationHoney_cbe4c63gm1mzr => C:\Program Files\WindowsApps\HoneyScienceCorporation.Honey_10.6.0.0_neutral__cbe4c63gm1mzr [2018-02-21]

Chrome: 
=======
CHR DefaultProfile: Profile 20
CHR Profile: C:\Users\Albion\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-03-13]
CHR Profile: C:\Users\Albion\AppData\Local\Google\Chrome\User Data\Profile 20 [2018-03-29]
CHR Extension: (Soundtrap - Make Music Online) - C:\Users\Albion\AppData\Local\Google\Chrome\User Data\Profile 20\Extensions\epaknpicfmoglpinnnjckaobafganajf [2018-03-23]
CHR Extension: (AdBlock) - C:\Users\Albion\AppData\Local\Google\Chrome\User Data\Profile 20\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-29]
CHR Extension: (HP Network Check Launcher) - C:\Users\Albion\AppData\Local\Google\Chrome\User Data\Profile 20\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2018-03-22]
CHR Extension: (Chrome Media Router) - C:\Users\Albion\AppData\Local\Google\Chrome\User Data\Profile 20\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-22]
CHR Profile: C:\Users\Albion\AppData\Local\Google\Chrome\User Data\System Profile [2018-03-22]
CHR HKLM-x32\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-03-28] (Dropbox, Inc.)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350576 2017-03-13] (WildTangent)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S4 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-24] (HP Inc.)
S4 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc.)
S4 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-10-10] (Intel Corporation)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-07-13] (Realtek Semiconductor)
S4 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-07-25] ()
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-01] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-01] (Microsoft Corporation)
S3 wpscloudsvr; "C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe" LocalService [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2018-02-28] (Glarysoft Ltd)
R3 GUMHFilters; C:\Program Files (x86)\Glarysoft\Malware Hunter\Native\winxp_x64\GUMHFilter.sys [41224 2018-03-02] (Glarysoft Ltd)
R1 GUSBootStartup; C:\WINDOWS\System32\drivers\GUSBootStartup.sys [28424 2018-03-22] (Glarysoft Ltd)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-28] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-29] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-29] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-28] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-29] (Malwarebytes)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R1 MpKsl17a8e0e6; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D7CC82DF-188D-4B03-AA25-6EFE5A221A2A}\MpKsl17a8e0e6.sys [58120 2018-03-29] (Microsoft Corporation)
R1 MpKsl1b6e8833; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{564EF7F0-AAB7-445A-B4B7-912DAC388B7C}\MpKsl1b6e8833.sys [58120 2018-03-28] (Microsoft Corporation)
R1 MpKsl3107177e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{564EF7F0-AAB7-445A-B4B7-912DAC388B7C}\MpKsl3107177e.sys [58120 2018-03-28] (Microsoft Corporation)
R1 MpKslf60ed8ab; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E65E7BE3-CF7B-4977-850A-6482761A4D95}\MpKslf60ed8ab.sys [58120 2018-03-28] (Microsoft Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2018-03-08] (Greatis Software)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2017-09-15] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-09-15] (Realtek )
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-07] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-11-26] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-01] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-01] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-01] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
S1 f2066f264ccd18e7794c48d8961d5d76; \??\C:\WINDOWS\system32\drivers\f2066f264ccd18e7794c48d8961d5d76.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-29 15:15 - 2018-03-29 15:23 - 000063916 _____ C:\Users\Albion\Downloads\Addition.txt
2018-03-29 15:08 - 2018-03-29 16:29 - 000016177 _____ C:\Users\Albion\Downloads\FRST.txt
2018-03-29 15:08 - 2018-03-29 16:27 - 000000000 ____D C:\FRST
2018-03-29 15:06 - 2018-03-29 15:06 - 002403328 _____ (Farbar) C:\Users\Albion\Downloads\FRST64.exe
2018-03-28 16:40 - 2018-03-29 15:01 - 000045960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-28 16:22 - 2018-03-29 15:03 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-28 16:22 - 2018-03-29 15:01 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-28 16:22 - 2018-03-28 16:22 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-28 16:22 - 2018-03-28 16:22 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-28 16:22 - 2018-03-28 16:22 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-28 16:22 - 2018-03-28 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-28 16:22 - 2018-03-28 16:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-28 16:22 - 2018-03-28 16:22 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-28 16:22 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-28 16:19 - 2018-03-28 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-28 16:18 - 2018-03-28 16:21 - 071605784 _____ (Malwarebytes ) C:\Users\Albion\Downloads\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4506.exe
2018-03-28 16:11 - 2018-03-29 15:03 - 001388448 _____ C:\Users\Public\ASR.dat
2018-03-28 08:31 - 2018-03-28 08:31 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-03-28 08:31 - 2018-03-28 08:31 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-03-28 08:31 - 2018-03-28 08:31 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-03-28 08:31 - 2018-03-28 08:31 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-03-27 16:22 - 2018-03-27 16:22 - 000000000 ___HD C:\OneDriveTemp
2018-03-27 16:10 - 2018-03-27 16:10 - 000004274 _____ C:\WINDOWS\System32\Tasks\TR_Updater
2018-03-27 16:10 - 2018-03-27 16:10 - 000004066 _____ C:\WINDOWS\System32\Tasks\TR_FastScan_Daily_Albion
2018-03-27 16:10 - 2018-03-27 16:10 - 000003880 _____ C:\WINDOWS\System32\Tasks\TR_FastScan_AtLogon
2018-03-27 16:10 - 2018-03-27 16:10 - 000003790 _____ C:\WINDOWS\System32\Tasks\TR_AntiHijack
2018-03-27 16:10 - 2018-03-27 16:10 - 000000000 ____D C:\Users\Albion\Documents\Simply Super Software
2018-03-27 16:10 - 2018-03-27 16:10 - 000000000 ____D C:\ProgramData\Simply Super Software
2018-03-27 16:10 - 2018-03-27 16:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2018-03-27 16:10 - 2018-03-27 16:10 - 000000000 ____D C:\Program Files (x86)\Trojan Remover
2018-03-27 16:09 - 2018-03-27 16:09 - 010970704 _____ (Simply Super Software ) C:\Users\Albion\Downloads\trjsetup.exe
2018-03-26 18:36 - 2018-03-28 16:38 - 084934656 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-03-26 15:20 - 2018-03-26 15:21 - 040510072 _____ (Microsoft Corporation) C:\Users\Albion\Downloads\Windows-KB890830-x64-V5.58.exe
2018-03-25 18:41 - 2018-03-25 18:41 - 000000000 ____D C:\@RestoreQuarantine
2018-03-25 18:40 - 2018-03-25 18:40 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-03-25 18:36 - 2018-03-25 18:36 - 000000000 ____D C:\Users\gashi\Documents\RegRun2
2018-03-25 18:10 - 2018-03-25 18:11 - 000000012 _____ C:\WINDOWS\b49312778
2018-03-25 18:09 - 2018-03-28 16:37 - 000000000 ____D C:\Program Files (x86)\quetzalcoatl
2018-03-25 18:09 - 2018-03-25 18:09 - 000000000 ___HD C:\Program Files (x86)\soler
2018-03-25 18:09 - 2018-03-25 18:09 - 000000000 ___HD C:\Program Files (x86)\Lowered
2018-03-25 18:09 - 2018-03-25 18:09 - 000000000 ____D C:\Program Files (x86)\angrily
2018-03-25 18:08 - 2018-03-25 18:44 - 000000000 ____D C:\Program Files (x86)\MICROLEAVES.del
2018-03-25 18:05 - 2018-03-25 18:05 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2018-03-25 18:02 - 2018-03-25 18:04 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\whkogfxo.sys
2018-03-25 17:54 - 2018-03-25 18:13 - 000000417 _____ C:\WINDOWS\wininit.ini
2018-03-25 17:24 - 2018-03-25 17:24 - 000003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2018-03-25 17:24 - 2018-03-25 17:24 - 000002416 _____ C:\Users\gashi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-25 17:24 - 2018-03-25 17:24 - 000000000 ___RD C:\Users\gashi\OneDrive
2018-03-25 17:19 - 2018-03-25 17:19 - 000000000 ____D C:\Users\gashi\AppData\Local\DropboxOEM
2018-03-25 16:56 - 2018-03-25 16:56 - 000000000 ____D C:\Users\gashi\AppData\Local\DBG
2018-03-25 16:54 - 2018-03-25 16:54 - 000000000 ____D C:\Users\gashi\AppData\Local\__SHARED
2018-03-25 16:39 - 2018-03-25 16:39 - 000000000 ____D C:\Users\gashi\AppData\Roaming\AVAST Software
2018-03-25 15:45 - 2018-03-25 15:45 - 000137216 _____ C:\WINDOWS\patin.exe
2018-03-25 15:45 - 2018-03-25 15:45 - 000137216 _____ C:\Users\Albion\AppData\Local\Hedgerows.exe
2018-03-25 15:45 - 2018-03-25 15:45 - 000137216 _____ C:\Users\Albion\AppData\Local\cholla.exe
2018-03-24 17:40 - 2018-03-24 17:40 - 000000000 ____D C:\Users\gashi\AppData\Roaming\WinRAR
2018-03-24 17:39 - 2018-03-24 17:40 - 000000000 ____D C:\Users\gashi\AppData\Local\Dropbox
2018-03-24 17:39 - 2018-03-24 17:39 - 000000000 ___HD C:\Users\gashi\MicrosoftEdgeBackups
2018-03-24 17:39 - 2018-03-24 17:39 - 000000000 ____D C:\Users\gashi\AppData\Local\MicrosoftEdge
2018-03-24 17:38 - 2018-03-25 16:54 - 000000000 ____D C:\Users\gashi\AppData\Local\Packages
2018-03-24 17:38 - 2018-03-24 17:38 - 000000000 ___RD C:\Users\gashi\3D Objects
2018-03-24 17:38 - 2018-03-24 17:38 - 000000000 ____D C:\Users\gashi\AppData\Roaming\Adobe
2018-03-24 17:38 - 2018-03-24 17:38 - 000000000 ____D C:\Users\gashi\AppData\Local\VirtualStore
2018-03-24 17:38 - 2018-03-24 17:38 - 000000000 ____D C:\Users\gashi\AppData\Local\Publishers
2018-03-24 17:38 - 2018-03-24 17:38 - 000000000 ____D C:\Users\gashi\AppData\Local\Google
2018-03-24 04:02 - 2018-03-24 04:02 - 000079776 _____ C:\WINDOWS\system32\Drivers\F2066F264CCD18E7794C48D8961D5D76.del
2018-03-24 04:02 - 2018-03-24 04:02 - 000039581 _____ C:\WINDOWS\uninstaller.dat
2018-03-23 15:56 - 2018-03-25 17:24 - 000000000 ____D C:\Users\gashi
2018-03-23 15:56 - 2018-03-23 15:56 - 000000020 ___SH C:\Users\gashi\ntuser.ini
2018-03-23 15:56 - 2016-10-11 04:37 - 000000000 ____D C:\Users\gashi\Documents\hp.system.package.metadata
2018-03-23 15:56 - 2016-10-11 04:37 - 000000000 ____D C:\Users\gashi\Documents\hp.applications.package.appdata
2018-03-22 16:22 - 2018-03-22 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torrent Opener
2018-03-22 16:22 - 2018-03-22 16:22 - 000000000 ____D C:\Program Files (x86)\Torrent Opener
2018-03-19 15:54 - 2018-03-25 18:50 - 000000000 __SHD C:\Program Files\Best Free Keylogger
2018-03-19 15:54 - 2018-03-19 15:54 - 000000000 ____D C:\ProgramData\BFK
2018-03-19 15:50 - 2018-03-19 15:50 - 000000000 ____D C:\Users\Albion\AppData\Local\B-F-K_5.2.7
2018-03-19 15:46 - 2018-03-19 15:46 - 003692031 _____ (bestXsoftware ) C:\Users\Albion\Downloads\installer_trial_5_2_7.exe
2018-03-19 15:20 - 2018-03-19 15:20 - 000001704 _____ C:\Users\Albion\Dropbox.pem
2018-03-15 08:05 - 2018-03-01 21:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-15 08:05 - 2018-03-01 01:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-15 08:05 - 2018-03-01 01:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-15 08:05 - 2018-03-01 01:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-15 08:05 - 2018-03-01 01:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-15 08:05 - 2018-03-01 01:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-15 08:05 - 2018-03-01 01:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-15 08:05 - 2018-03-01 01:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-15 08:05 - 2018-03-01 01:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-15 08:05 - 2018-03-01 01:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-15 08:05 - 2018-03-01 01:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-15 08:05 - 2018-03-01 01:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-15 08:05 - 2018-03-01 01:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-15 08:05 - 2018-03-01 01:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-15 08:05 - 2018-03-01 01:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-15 08:05 - 2018-03-01 01:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-15 08:05 - 2018-03-01 01:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-15 08:05 - 2018-03-01 01:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-15 08:05 - 2018-03-01 01:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-15 08:05 - 2018-03-01 01:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-15 08:05 - 2018-03-01 01:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-15 08:05 - 2018-03-01 00:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-15 08:05 - 2018-03-01 00:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-15 08:05 - 2018-03-01 00:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-15 08:05 - 2018-03-01 00:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-15 08:05 - 2018-03-01 00:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-15 08:05 - 2018-03-01 00:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-15 08:05 - 2018-03-01 00:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-15 08:05 - 2018-03-01 00:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-15 08:05 - 2018-03-01 00:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-15 08:05 - 2018-03-01 00:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-15 08:05 - 2018-03-01 00:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-15 08:05 - 2018-03-01 00:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-15 08:05 - 2018-03-01 00:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-15 08:05 - 2018-03-01 00:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-15 08:05 - 2018-03-01 00:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-15 08:05 - 2018-03-01 00:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-15 08:05 - 2018-03-01 00:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-15 08:05 - 2018-03-01 00:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-15 08:05 - 2018-03-01 00:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-15 08:05 - 2018-02-28 23:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-15 08:05 - 2018-02-28 23:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-15 08:05 - 2018-02-28 23:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-15 08:05 - 2018-02-28 23:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-15 08:05 - 2018-02-28 23:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-15 08:05 - 2018-02-28 23:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-15 08:05 - 2018-02-28 23:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-15 08:05 - 2018-02-28 23:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-15 08:05 - 2018-02-28 23:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-15 08:05 - 2018-02-28 23:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-15 08:05 - 2018-02-28 23:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-15 08:05 - 2018-02-28 23:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-15 08:05 - 2018-02-28 23:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-15 08:05 - 2018-02-28 23:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-15 08:05 - 2018-02-28 23:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-15 08:05 - 2018-02-28 23:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-15 08:05 - 2018-02-28 23:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-15 08:05 - 2018-02-28 23:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-15 08:05 - 2018-02-28 23:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-15 08:05 - 2018-02-28 23:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-15 08:05 - 2018-02-28 23:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-15 08:05 - 2018-02-28 23:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-15 08:05 - 2018-02-28 23:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-15 08:05 - 2018-02-28 23:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-15 08:05 - 2018-02-28 23:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-15 08:05 - 2018-02-28 23:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-15 08:05 - 2018-02-28 23:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-15 08:05 - 2018-02-28 23:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-15 08:05 - 2018-02-28 23:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-15 08:05 - 2018-02-28 23:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-15 08:05 - 2018-02-28 23:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-15 08:05 - 2018-02-28 23:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-15 08:05 - 2018-02-28 23:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-15 08:05 - 2018-02-28 23:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-15 08:05 - 2018-02-28 23:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-15 08:05 - 2018-02-28 23:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-15 08:05 - 2018-02-28 23:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-15 08:05 - 2018-02-28 23:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-15 08:04 - 2018-03-01 21:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-15 08:04 - 2018-03-01 21:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-15 08:04 - 2018-03-01 21:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-15 08:04 - 2018-03-01 21:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-15 08:04 - 2018-03-01 21:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-15 08:04 - 2018-03-01 20:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-15 08:04 - 2018-03-01 20:56 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationREST.dll
2018-03-15 08:04 - 2018-03-01 14:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-15 08:04 - 2018-03-01 01:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-15 08:04 - 2018-03-01 01:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-15 08:04 - 2018-03-01 01:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-15 08:04 - 2018-03-01 01:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-15 08:04 - 2018-03-01 01:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-15 08:04 - 2018-03-01 01:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-15 08:04 - 2018-03-01 01:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-15 08:04 - 2018-03-01 01:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-15 08:04 - 2018-03-01 01:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-15 08:04 - 2018-03-01 01:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-15 08:04 - 2018-03-01 01:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-15 08:04 - 2018-03-01 01:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-15 08:04 - 2018-03-01 01:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-15 08:04 - 2018-03-01 01:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-15 08:04 - 2018-03-01 01:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-15 08:04 - 2018-03-01 01:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-15 08:04 - 2018-03-01 01:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-15 08:04 - 2018-03-01 01:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-15 08:04 - 2018-03-01 01:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-15 08:04 - 2018-03-01 01:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-15 08:04 - 2018-03-01 01:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-15 08:04 - 2018-03-01 01:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-15 08:04 - 2018-03-01 00:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-15 08:04 - 2018-03-01 00:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-15 08:04 - 2018-03-01 00:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-15 08:04 - 2018-03-01 00:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-15 08:04 - 2018-03-01 00:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-15 08:04 - 2018-03-01 00:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-15 08:04 - 2018-03-01 00:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-15 08:04 - 2018-02-28 23:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-15 08:04 - 2018-02-28 23:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-15 08:04 - 2018-02-28 23:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-15 08:04 - 2018-02-28 23:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-15 08:04 - 2018-02-28 23:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-15 08:04 - 2018-02-28 23:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-15 08:04 - 2018-02-28 23:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-15 08:04 - 2018-02-28 23:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-15 08:04 - 2018-02-28 23:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-15 08:04 - 2018-02-28 23:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-15 08:04 - 2018-02-28 23:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-15 08:04 - 2018-02-28 23:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-15 08:04 - 2018-02-28 23:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-15 08:04 - 2018-02-28 23:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-15 08:04 - 2018-02-28 23:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-15 08:04 - 2018-02-28 23:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-15 08:04 - 2018-02-28 23:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-15 08:04 - 2018-02-28 23:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-15 08:04 - 2018-02-28 23:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-15 08:04 - 2018-02-28 23:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-15 08:04 - 2018-02-28 23:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-15 08:04 - 2018-02-28 23:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-15 08:04 - 2018-02-28 23:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-15 08:04 - 2018-02-28 23:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-15 08:04 - 2018-02-28 23:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-15 08:04 - 2018-02-28 23:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-15 08:04 - 2018-02-28 23:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-15 08:04 - 2018-02-28 23:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-15 08:04 - 2018-02-28 23:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-15 08:04 - 2018-02-28 23:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-15 08:04 - 2018-02-28 23:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-15 08:04 - 2018-02-28 23:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-15 08:04 - 2018-02-28 23:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-15 08:04 - 2018-02-28 23:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-15 08:04 - 2018-02-28 23:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-12 13:08 - 2018-03-12 13:08 - 000403344 _____ C:\Users\Albion\Downloads\GoogleUpdate.adm
2018-03-08 15:37 - 2018-03-08 15:37 - 000000000 ____D C:\Users\Albion\Downloads\policy_templates
2018-03-08 14:34 - 2018-03-08 14:34 - 000021168 _____ C:\Users\Albion\Downloads\googleupdateadmx.zip
2018-03-08 14:15 - 2018-03-08 14:16 - 014028323 _____ C:\Users\Albion\Downloads\policy_templates.zip
2018-03-08 14:05 - 2001-08-23 14:00 - 000034871 _____ C:\WINDOWS\system32\gpedit.msc
2018-03-08 14:03 - 2018-03-09 17:27 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-03-08 14:03 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2018-03-08 14:01 - 2018-03-08 14:01 - 000001539 _____ C:\WINDOWS\unins000.dat
2018-03-08 14:01 - 2018-03-08 14:01 - 000000000 ____D C:\WINDOWS\SysWOW64\GPBAK
2018-03-08 14:01 - 2018-03-08 14:00 - 000707354 _____ C:\WINDOWS\unins000.exe
2018-03-08 14:01 - 2008-04-14 03:11 - 000295936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2018-03-08 14:01 - 2001-08-23 14:00 - 000034871 _____ C:\WINDOWS\SysWOW64\gpedit.msc
2018-03-08 13:59 - 2018-03-08 13:59 - 000875012 _____ C:\Users\Albion\Downloads\add_gpedit_msc_by_jwils876-d3kh6vm.zip
2018-03-08 13:52 - 2018-03-08 13:52 - 000040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2018-03-08 13:46 - 2018-03-29 15:01 - 000000250 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2018-03-08 13:26 - 2018-03-25 18:48 - 000000000 ____D C:\ProgramData\RegRun
2018-03-08 13:24 - 2018-02-09 20:46 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2018-03-08 13:23 - 2018-03-29 16:17 - 000000000 ____D C:\Users\Albion\Documents\RegRun2
2018-03-08 13:23 - 2018-03-29 16:16 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
2018-03-08 13:23 - 2018-03-26 15:16 - 000003422 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2018-03-08 13:23 - 2018-03-26 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2018-03-08 13:23 - 2018-01-31 14:32 - 000014984 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2018-03-08 13:23 - 2015-12-28 12:32 - 000049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2018-03-08 13:22 - 2018-03-26 15:12 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2018-03-08 13:06 - 2018-03-12 13:19 - 000000000 ____D C:\Users\Albion\AppData\Local\Google
2018-03-08 13:05 - 2018-03-20 21:15 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-08 11:23 - 2018-02-21 20:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-08 11:23 - 2018-02-21 20:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-08 11:23 - 2018-02-21 20:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-08 11:23 - 2018-02-21 20:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-08 11:23 - 2018-02-21 20:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-08 11:23 - 2018-02-21 20:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-08 11:23 - 2018-02-21 20:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-08 11:23 - 2018-02-21 20:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-08 11:23 - 2018-02-21 20:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-08 11:23 - 2018-02-21 20:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-08 11:23 - 2018-02-21 20:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-08 11:23 - 2018-02-21 20:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-08 11:23 - 2018-02-21 20:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-08 11:23 - 2018-02-21 20:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-08 11:23 - 2018-02-21 20:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-08 11:23 - 2018-02-21 19:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-08 11:23 - 2018-02-21 19:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-08 11:23 - 2018-02-21 19:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-08 11:23 - 2018-02-21 19:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-08 11:23 - 2018-02-21 19:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-08 11:23 - 2018-02-21 19:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-08 11:23 - 2018-02-21 19:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-08 11:23 - 2018-02-21 18:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-08 11:23 - 2018-02-21 18:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-08 11:23 - 2018-02-21 18:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-08 11:23 - 2018-02-21 18:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-08 11:23 - 2018-02-21 18:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-08 11:23 - 2018-02-21 18:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-08 11:23 - 2018-02-21 18:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-08 11:23 - 2018-02-21 18:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-08 11:23 - 2018-02-21 18:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-08 11:22 - 2018-02-21 20:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-08 11:22 - 2018-02-21 19:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-08 11:13 - 2018-03-08 11:13 - 000000000 ____D C:\Users\Albion\AppData\Roaming\hpqLog
2018-03-06 19:05 - 2018-03-27 16:21 - 000002419 _____ C:\Users\Albion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-06 18:27 - 2018-03-20 21:15 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-06 18:26 - 2018-03-06 19:11 - 056514560 _____ C:\Program Files (x86)\GUT273D.tmp
2018-03-06 18:26 - 2018-03-06 18:26 - 000000000 ____D C:\Program Files (x86)\GUM272C.tmp
2018-03-06 18:11 - 2018-03-06 18:11 - 000000000 ____D C:\WINDOWS\system32\${users}
2018-03-05 13:20 - 2018-03-05 13:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Unlocker
2018-03-05 13:19 - 2018-03-27 19:04 - 000000000 ____D C:\Program Files (x86)\RAR Password Unlocker
2018-03-05 11:52 - 2018-03-25 17:57 - 000000000 ___HD C:\$GlaryQuarantine
2018-02-28 17:26 - 2018-02-28 17:26 - 000003880 _____ C:\WINDOWS\System32\Tasks\GlaryOneClickOptimizer 5
2018-02-28 17:04 - 2018-03-22 18:40 - 000028424 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUSBootStartup.sys
2018-02-28 17:04 - 2018-03-22 18:40 - 000003064 _____ C:\WINDOWS\System32\Tasks\GMHSkipUAC
2018-02-28 17:04 - 2018-03-22 18:40 - 000001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malware Hunter.lnk
2018-02-28 17:04 - 2018-02-28 17:10 - 000000000 ____D C:\ProgramData\GlarySoft
2018-02-28 17:04 - 2018-02-28 17:04 - 000020160 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUSBootStartup.sys.tmp
2018-02-28 17:04 - 2018-02-28 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2018-02-28 17:03 - 2018-02-28 17:03 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2018-02-28 17:00 - 2018-03-10 15:39 - 000000000 ____D C:\Users\Albion\AppData\Roaming\GlarySoft
2018-02-28 17:00 - 2018-02-28 17:01 - 000002243 _____ C:\GUDownLoaddebug.txt
2018-02-28 17:00 - 2018-02-28 17:00 - 000020160 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys
2018-02-28 17:00 - 2018-02-28 17:00 - 000003398 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2018-02-28 17:00 - 2018-02-28 17:00 - 000001168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2018-02-28 17:00 - 2018-02-28 17:00 - 000000000 ____D C:\Users\Albion\AppData\Roaming\DiskDefrag
2018-02-28 17:00 - 2018-02-28 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2018-02-28 16:59 - 2018-03-29 15:20 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2018-02-28 16:14 - 2018-03-01 17:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-29 16:27 - 2017-12-15 19:03 - 000271360 ___SH C:\Users\Albion\Downloads\Thumbs.db
2018-03-29 15:31 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-29 15:30 - 2017-09-29 07:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-29 15:30 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-29 15:19 - 2015-11-26 18:45 - 000000000 ____D C:\Users\Albion\Documents\YouCam
2018-03-29 15:12 - 2017-10-31 17:47 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{60BE3E2C-10F4-454D-A2A8-200EE3FE6BBC}
2018-03-29 15:04 - 2015-11-26 18:55 - 000000000 ___RD C:\Users\Albion\OneDrive
2018-03-29 15:01 - 2017-10-31 17:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-29 15:01 - 2017-10-31 17:26 - 000000000 ____D C:\Users\Albion
2018-03-29 15:01 - 2017-10-31 17:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-28 16:43 - 2016-09-14 15:59 - 000000000 ___RD C:\Users\Albion\Dropbox
2018-03-28 16:43 - 2015-11-26 18:51 - 000000000 ____D C:\Users\Albion\AppData\Local\Dropbox
2018-03-28 16:38 - 2017-09-29 02:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-03-28 16:24 - 2018-02-09 17:24 - 000000000 ____D C:\Users\Albion\AppData\Roaming\Dugimofu
2018-03-28 16:21 - 2015-08-08 10:23 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-03-28 06:56 - 2017-10-31 17:25 - 002070410 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-28 06:52 - 2015-08-08 10:06 - 000000000 ____D C:\ProgramData\Temp
2018-03-28 01:24 - 2018-02-10 12:24 - 000000265 _____ C:\Users\Albion\AppData\Roaming\WB.CFG
2018-03-27 19:10 - 2018-02-09 17:22 - 000000000 ____D C:\Program Files (x86)\WinRAR
2018-03-27 16:30 - 2015-12-14 18:16 - 000000000 ___RD C:\Users\Albion\3D Objects
2018-03-27 16:21 - 2017-10-31 17:47 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-255955452-3416418320-429472043-1001
2018-03-26 18:36 - 2017-11-02 18:04 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-03-26 15:25 - 2017-10-15 11:58 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-26 15:22 - 2015-11-27 20:08 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-25 18:52 - 2017-11-24 18:07 - 000000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAlbion.job
2018-03-25 18:49 - 2017-11-24 18:07 - 000003264 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAlbion
2018-03-25 18:05 - 2015-08-08 09:45 - 000000000 ____D C:\ProgramData\Intel
2018-03-25 17:52 - 2017-09-29 07:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-25 16:45 - 2017-09-29 07:46 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-03-24 17:38 - 2015-07-16 00:05 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-23 16:07 - 2015-11-26 19:18 - 000000000 ____D C:\Users\Albion\AppData\Local\Comms
2018-03-22 17:15 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-22 16:42 - 2017-10-31 17:21 - 000409912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-22 16:39 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-21 01:01 - 2017-09-29 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-17 12:49 - 2016-05-23 19:06 - 000000000 ____D C:\Users\Albion\AppData\Local\ElevatedDiagnostics
2018-03-15 08:30 - 2015-11-27 20:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-13 15:36 - 2018-01-26 16:30 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-09 20:43 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-08 15:53 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-03-08 15:09 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-03-08 13:44 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-08 13:44 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-08 13:41 - 2018-02-09 17:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\Mibelarab
2018-03-08 11:31 - 2017-09-29 07:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-08 11:31 - 2017-09-29 07:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-08 11:26 - 2017-09-15 21:13 - 000000000 ____D C:\Program Files (x86)\HP
2018-03-08 11:26 - 2015-08-08 09:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2018-03-08 11:24 - 2015-07-13 10:28 - 000000000 ____D C:\SWSetup
2018-03-08 11:14 - 2015-11-26 18:47 - 000000000 ____D C:\Users\Albion\AppData\Roaming\Hewlett-Packard
2018-03-08 11:14 - 2015-07-23 09:35 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2018-03-08 11:12 - 2017-11-24 18:04 - 000000000 ____D C:\ProgramData\HP
2018-03-06 19:24 - 2018-02-05 16:59 - 000000000 ____D C:\Users\Albion\AppData\Roaming\chrome-profile
2018-03-06 19:18 - 2017-10-31 17:27 - 000000000 ____D C:\Users\Albion\AppData\Local\Packages
2018-03-05 08:24 - 2016-10-09 21:31 - 000000000 ____D C:\ProgramData\CanonIJPLM
2018-03-02 15:09 - 2018-01-13 16:26 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-02 15:09 - 2018-01-13 16:26 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-01 21:55 - 2017-09-18 16:15 - 000000000 ____D C:\ProgramData\Google
2018-03-01 17:40 - 2017-09-29 07:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-02-28 16:15 - 2015-11-26 18:44 - 000000000 __SHD C:\Users\Albion\IntelGraphicsProfiles

==================== Files in the root of some directories =======

2018-03-28 16:11 - 2018-03-29 15:03 - 001388448 _____ () C:\Users\Public\ASR.dat
2018-03-06 18:26 - 2018-03-06 19:11 - 056514560 _____ () C:\Program Files (x86)\GUT273D.tmp
2017-02-20 14:33 - 2017-02-20 14:33 - 000000000 _____ () C:\Users\Albion\AppData\Roaming\MCVi2UserDetail.ini
2018-02-10 12:24 - 2018-03-28 01:24 - 000000265 _____ () C:\Users\Albion\AppData\Roaming\WB.CFG
2018-03-25 15:45 - 2018-03-25 15:45 - 000137216 _____ () C:\Users\Albion\AppData\Local\cholla.exe
2018-03-25 15:45 - 2018-03-25 15:45 - 000137216 _____ () C:\Users\Albion\AppData\Local\Hedgerows.exe
2016-12-08 17:14 - 2018-01-31 19:10 - 000007605 _____ () C:\Users\Albion\AppData\Local\resmon.resmoncfg
2016-09-12 16:49 - 2016-09-12 16:49 - 000000000 _____ () C:\Users\Albion\AppData\Local\{2ACAA3E4-4711-4E35-8C01-0250FA3B1AEC}
2016-09-12 16:48 - 2016-09-12 16:48 - 000000000 _____ () C:\Users\Albion\AppData\Local\{6274549D-1EA1-4EA6-B0B1-CEB437358694}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-22 16:55

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Albion (29-03-2018 16:30:28)
Running from C:\Users\Albion\Downloads
Windows 10 Home Version 1709 16299.309 (X64) (2017-10-31 23:53:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-255955452-3416418320-429472043-500 - Administrator - Disabled)
Albion (S-1-5-21-255955452-3416418320-429472043-1001 - Administrator - Enabled) => C:\Users\Albion
DefaultAccount (S-1-5-21-255955452-3416418320-429472043-503 - Limited - Disabled)
gashi (S-1-5-21-255955452-3416418320-429472043-1009 - Limited - Enabled) => C:\Users\gashi
Guest (S-1-5-21-255955452-3416418320-429472043-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-255955452-3416418320-429472043-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-255955452-3416418320-429472043-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.2 - AVAST Software)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-ecb9af84-4880-4976-b18f-1120c0ee21e5) (Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-b7471c1a-afa7-4f69-a95a-89e9ab41abf1) (Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.02 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.0 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Coyote The Outlander (HKLM-x32\...\WTA-ceaaeb70-6f1b-4fda-9648-a627350dd72d) (Version: 3.0.2.59 - WildTangent) Hidden
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.5418 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-4272dd14-9171-4fc3-8868-79e08ed2e5f1) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 46.4.65 - Dropbox, Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entwined: The Perfect Murder (HKLM-x32\...\WTA-857d935e-7582-4797-b127-48fb44a31537) (Version: 3.0.2.59 - WildTangent) Hidden
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Family Vacation 2: Road Trip (HKLM-x32\...\WTA-f89aeab3-252a-4459-9e2c-4db2ad3d6383) (Version: 3.0.2.59 - WildTangent) Hidden
Glary Utilities 5.92 (HKLM-x32\...\Glary Utilities 5) (Version: 5.92.0.114 - Glarysoft Ltd)
Google Chrome (HKLM\...\{65F9F4D7-D311-3FE7-8DA7-9D8F3A7B1D73}) (Version: 65.0.3325.181 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
Home Makeover (HKLM-x32\...\WTA-a0599942-311b-4c93-af3d-986182d771a5) (Version: 3.0.2.59 - WildTangent) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{BD2CDEAF-8D83-4553-A3B3-8B614CC6C96E}) (Version: 1.1.0.0 - HP Inc)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.8.47.1 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{ABE95EB9-5EA1-42A3-8009-BA7602127ED6}) (Version: 1.4.25 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
IGT Slots: Paradise Garden (HKLM-x32\...\WTA-979661d9-830b-454a-8388-3acee1da718c) (Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-7869263b-17c3-4a3b-a297-df484b952125) (Version: 3.0.2.59 - WildTangent) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Jewel Match Snowscapes (HKLM-x32\...\WTA-32ebbdd7-a0bd-4ada-afac-30bc5a71e63d) (Version: 3.0.2.118 - WildTangent) Hidden
KB4023057 (HKLM\...\{ED06689A-33B7-4D35-8F76-36A82CD03406}) (Version: 2.3.0.0 - Microsoft Corporation)
Living Legends: Frozen Beauty Collector's Edition (HKLM-x32\...\WTA-2553096c-4bcc-4ef1-93c6-63d233a23713) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Lands: Dark Overlord Collector's Edition (HKLM-x32\...\WTA-59de1f02-f791-47cc-a4f1-015ed50eb666) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-93962514-3665-4d07-a90a-f9eb859b26c1) (Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (HKLM-x32\...\WTA-05ec234c-c4be-4c3a-baad-fd45644f3e60) (Version: 3.0.2.59 - WildTangent) Hidden
Malware Hunter 1.54.0.627 (HKLM-x32\...\Malware Hunter) (Version: 1.54.0.627 - Glarysoft Ltd)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-88bd971c-b205-4c8e-83ba-7b5503173bbe) (Version: 3.0.2.59 - WildTangent) Hidden
Microsoft OneDrive (HKU\S-1-5-21-255955452-3416418320-429472043-1001\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mystery Expedition: Prisoners of Ice (HKLM-x32\...\WTA-aedb45da-10e5-4198-927d-bd4f34986c77) (Version: 3.0.2.59 - WildTangent) Hidden
Plagiarii (HKLM-x32\...\WTA-fc23bfab-75d8-4deb-88ad-fa2c59ca5f44) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-3ab4fa5c-a55e-483c-9ff8-5ae1387bc485) (Version: 3.0.2.59 - WildTangent) Hidden
RAR Password Unlocker (HKLM-x32\...\{69B77D45-F5AD-4AB9-933D-352703324469}_is1) (Version:  - RAR Password Unlocker, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.151 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.62 - REALTEK Semiconductor Corp.)
Runefall (HKLM-x32\...\WTA-da8b607d-0b49-46c4-b528-22c3e98e24f2) (Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (HKLM-x32\...\WTA-1cc02800-8d51-4755-9446-edbf6324c64e) (Version: 3.0.2.59 - WildTangent) Hidden
Sky High Farm (HKLM-x32\...\WTA-bb79eaaf-d04e-4d34-a3b8-fcafc1f2247d) (Version: 3.0.2.59 - WildTangent) Hidden
SpeedyFixer 7.3 (HKU\S-1-5-21-255955452-3416418320-429472043-1001\...\{ACFE6C69-8528-41A3-B06B-CE5C7FE4398B}_is1) (Version: 7.3 - Blue Century Software)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Torrent Opener (HKLM-x32\...\{16FE8D21-B7AF-458E-BC0A-9837C93DD850}_is1) (Version:  - TorrentOpener.com)
Trojan Remover (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.5.0 - Simply Super Software)
UnHackMe 9.70 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UpdateAssistant (HKLM-x32\...\{F9D14939-1792-44AB-8C53-F208534C2548}) (Version: 1.2.0.0 - Microsoft Corporation) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.30 - WildTangent) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17362 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-255955452-3416418320-429472043-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2017-11-17] (Glarysoft Ltd)
ContextMenuHandlers1: [Glarysoft MalwareHunter] -> {EA847F47-97F1-4D78-AB99-C63CA1C327F0} => C:\Program Files (x86)\Glarysoft\Malware Hunter\x64\MHContextHandlerx64.dll [2018-03-02] (Glarysoft Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-12-03] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-12-03] (Alexander Roshal)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2017-11-17] (Glarysoft Ltd)
ContextMenuHandlers2: [Glarysoft MalwareHunter] -> {EA847F47-97F1-4D78-AB99-C63CA1C327F0} => C:\Program Files (x86)\Glarysoft\Malware Hunter\x64\MHContextHandlerx64.dll [2018-03-02] (Glarysoft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-10-10] (Intel Corporation)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2017-11-17] (Glarysoft Ltd)
ContextMenuHandlers6: [Glarysoft MalwareHunter] -> {EA847F47-97F1-4D78-AB99-C63CA1C327F0} => C:\Program Files (x86)\Glarysoft\Malware Hunter\x64\MHContextHandlerx64.dll [2018-03-02] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-12-03] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-12-03] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-255955452-3416418320-429472043-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0631BAD7-3664-43E0-B542-1680678641D5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {076483C9-D963-4D07-8B1E-3229EC22313D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {0E2DF581-24AE-4B46-9297-4AF3FCE14417} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-04-20] (AVAST Software)
Task: {134C5942-FD7D-4B25-B5F4-BCC526C2ABB5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {15CD1FBC-59C9-49D8-8B50-FEF6C7C2D724} - System32\Tasks\TR_FastScan_AtLogon => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [2018-03-04] (Simply Super Software)
Task: {1C60E172-17B0-42CA-8128-70F87CA98DA4} - System32\Tasks\TR_FastScan_Daily_Albion => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [2018-03-04] (Simply Super Software)
Task: {26384BA2-F3C3-4E4F-B10B-D5126132358E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {3A5091B5-85AB-4EA0-A394-5B1381DBD340} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-07-25] (AVAST Software)
Task: {3B2C39DB-3ECB-445E-8711-3090322D0C47} - System32\Tasks\GlaryOneClickOptimizer 5 => C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe [2018-02-22] (Glarysoft Ltd)
Task: {41150C8A-6432-497A-BF72-7DE1F9E8748E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {41576F00-342B-456C-B39D-18B1BC04916E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {555959AD-56DF-4E56-9727-F71E8F08A07D} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-07-01] (CyberLink Corp.)
Task: {59C66D30-6DBD-4C2E-96D2-A78B9DB4466D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {67B8B930-37A9-42A3-AD78-DBFDB5ADF208} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-26] (Google Inc.)
Task: {7165832A-3FE0-47AE-9C61-C6B3EC6DE348} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
Task: {7D03C10C-EFFC-4435-8703-11E1B5EAC247} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-26] (Google Inc.)
Task: {86B305F0-31DF-4DB8-80E6-D36B0D9C3C57} - System32\Tasks\TR_AntiHijack => C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe
Task: {8E04211E-B18D-4F1E-B9B8-A60CC85D5DCE} - System32\Tasks\S-1-5-21-255955452-3416418320-429472043-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {8FAD4CD5-D6C9-4BE1-891D-616927BEFD2A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {93F92EDB-7E8E-486D-8B90-B14A3AE75C6C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-24] ()
Task: {9BFE25C1-9DD4-4910-AEFD-8A4B55B3C8F4} - System32\Tasks\HPCeeScheduleForAlbion => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {A18DB912-DE5F-4D6B-B437-6936C7ED2605} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {BC3C47A9-6CB9-4392-9BAA-D63A38ED42AD} - System32\Tasks\TR_Updater => C:\Program Files (x86)\Trojan Remover\Trupd.exe [2018-02-18] (Simply Super Software)
Task: {D0EAD4D5-CC0B-444D-8B7B-AAC4223C7178} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {D1798CC8-5D0D-4D53-BDB5-CB9C8C3724C8} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D6DA4DC5-F79A-4B0A-A34F-68F09F8ECA4C} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {DE38406F-9D67-43DA-BA8F-CFAC2E9D1B94} - System32\Tasks\GMHSkipUAC => C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe [2018-03-18] (Glarysoft Ltd)
Task: {DFEF6C28-7975-437E-8441-87E0DC7005D7} - \Mibelarab\{41D828B1-2F91-31D1-EC9A-316D1018F062} -> No File <==== ATTENTION
Task: {E3966F90-AF00-47EA-B3BE-73452B3E264E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {E3B328C4-187E-45F4-8913-86A03F3D7A20} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {ED1C714B-6EA8-4498-919C-E05392B3EB42} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {F0565E69-759F-4FFD-9F63-2CDEA938F27B} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2018-03-21] (Greatis Software)
Task: {FD5958E9-922E-46C5-B41D-6714CF727984} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2018-02-22] (Glarysoft Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAlbion.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Albion\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b42be1c9c51179ef\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --profile-directory="Profile 7"
ShortcutWithArgument: C:\Users\Albion\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Albion\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Albion\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69514ab4fcfe459c\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --profile-directory="Profile 19"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-28 16:22 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-28 16:22 - 2018-03-01 11:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 001909248 _____ () C:\Windows\ShellExperiences\PeopleCommonControls.dll
2018-03-08 11:23 - 2018-02-21 18:30 - 000401408 _____ () C:\Windows\ShellExperiences\PeopleBarContainer.dll
2018-03-20 21:15 - 2018-03-20 00:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-20 21:15 - 2018-03-20 00:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-03-08 11:23 - 2018-02-21 18:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-08 11:23 - 2018-02-21 18:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-23 15:28 - 2018-03-23 15:28 - 004330496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-03-13 09:17 - 2018-03-13 09:18 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-03-09 17:26 - 2018-03-09 17:31 - 001227440 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2018-01-31 16:09 - 2018-01-31 16:12 - 004601048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-29 15:23 - 2018-03-29 15:30 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-03-29 15:23 - 2018-03-29 15:30 - 067038720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-03 15:45 - 2017-10-03 15:48 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-02-17 11:36 - 2018-02-17 15:38 - 000010240 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-03-29 15:23 - 2018-03-29 15:30 - 004123648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-03-29 15:23 - 2018-03-29 15:30 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-03-29 15:23 - 2018-03-29 15:30 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-03-29 15:23 - 2018-03-29 15:30 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-03-29 15:23 - 2018-03-29 15:30 - 015329792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-03-29 15:23 - 2018-03-29 15:30 - 003962368 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-03-29 15:23 - 2018-03-29 15:29 - 003250176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-02-28 16:22 - 2018-02-28 16:30 - 001369088 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-01-31 16:09 - 2018-01-31 16:12 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-29 15:23 - 2018-03-29 15:30 - 000094208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-03-29 15:23 - 2018-03-29 15:30 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-03-29 15:23 - 2018-03-29 15:30 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-03-29 15:23 - 2018-03-29 15:30 - 000152064 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\SKU.dll
2018-03-16 05:44 - 2018-03-16 05:44 - 000173568 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-09 17:23 - 2018-03-09 17:24 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-28 16:18 - 2018-03-28 08:31 - 000746312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-03-28 16:18 - 2018-03-28 08:31 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-03-28 16:19 - 2018-03-28 08:30 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2018-03-28 16:19 - 2018-03-28 08:33 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-03-28 16:18 - 2018-03-28 08:32 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-03-28 16:18 - 2018-03-28 08:32 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-03-28 16:18 - 2018-03-28 08:32 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-03-28 16:19 - 2018-03-28 08:31 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2018-03-28 16:19 - 2018-03-28 08:30 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2018-03-28 16:19 - 2018-03-28 08:33 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-03-28 16:19 - 2018-03-28 08:32 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-03-28 16:18 - 2018-03-28 08:32 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-03-28 16:19 - 2018-03-28 08:31 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2018-03-28 16:18 - 2018-03-28 08:30 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-03-28 16:19 - 2018-03-28 08:33 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2018-03-28 16:19 - 2018-03-28 08:33 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-03-28 16:18 - 2018-03-28 08:32 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-03-28 16:19 - 2018-03-28 08:33 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-03-28 16:18 - 2018-03-28 08:32 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2018-03-28 16:19 - 2018-03-28 08:33 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-03-28 16:19 - 2018-03-28 08:32 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-03-28 16:19 - 2018-03-28 08:32 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-03-28 16:19 - 2018-03-28 08:32 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-03-28 16:19 - 2018-03-28 08:32 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-03-28 16:19 - 2018-03-28 08:32 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-03-28 16:19 - 2018-03-28 08:32 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-03-28 16:19 - 2018-03-28 08:32 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-03-28 16:19 - 2018-03-28 08:32 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-03-28 16:19 - 2018-03-28 08:32 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-03-28 16:19 - 2018-03-28 08:32 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2018-03-28 16:19 - 2018-03-28 08:33 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2018-03-28 16:19 - 2018-03-28 08:33 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2018-03-28 16:19 - 2018-03-28 08:33 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2018-03-28 16:19 - 2018-03-28 08:33 - 000087904 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-03-28 16:19 - 2018-03-28 08:33 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-03-28 16:19 - 2018-03-28 08:33 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2018-03-28 16:19 - 2018-03-28 08:33 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-03-28 16:18 - 2018-03-28 08:32 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-03-28 16:19 - 2018-03-28 08:30 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-03-28 16:19 - 2018-03-28 08:32 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2018-03-28 16:19 - 2018-03-28 08:33 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-03-28 16:18 - 2018-03-28 08:32 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-03-28 16:18 - 2018-03-28 08:31 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-03-28 16:18 - 2018-03-28 08:32 - 000032608 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2018-03-28 16:18 - 2018-03-28 08:31 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-03-28 16:19 - 2018-03-28 08:33 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-03-28 16:18 - 2018-03-28 08:32 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-03-28 16:19 - 2018-03-28 08:33 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-03-28 16:18 - 2018-03-28 08:32 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-03-28 16:18 - 2018-03-28 08:32 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-03-28 16:19 - 2018-03-28 08:33 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-03-28 16:19 - 2018-03-28 08:32 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-03-28 16:19 - 2018-03-28 08:32 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-03-28 16:19 - 2018-03-28 08:32 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2016-07-25 19:43 - 2016-07-25 19:43 - 038907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll
2018-03-18 20:45 - 2018-03-18 20:45 - 000086992 _____ () C:\Program Files (x86)\Glarysoft\Malware Hunter\zlib1.dll
2018-03-19 02:22 - 2018-03-19 02:22 - 000985040 _____ () C:\Program Files (x86)\Glarysoft\Malware Hunter\Libcodecs.dll
2018-03-18 20:45 - 2018-03-18 20:45 - 000336336 _____ () C:\Program Files (x86)\Glarysoft\Malware Hunter\Cloudscan\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\whkogfxo.sys:changelist [452]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [138]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-255955452-3416418320-429472043-1001\...\webcamtoy.com -> hxxps://webcamtoy.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 05:04 - 2018-03-28 17:13 - 000013194 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0x1f4b0.com
0.0.0.0 1q2w3.fun
0.0.0.0 1q2w3.website
0.0.0.0 2giga.link
0.0.0.0 8jd2lfsq.me
0.0.0.0 aalbbh84.info
0.0.0.0 adless.io
0.0.0.0 ad-miner.com
0.0.0.0 adrenali.gq
0.0.0.0 afflow.18-plus.net
0.0.0.0 afminer.com
0.0.0.0 ajcryptominer.com
0.0.0.0 ajplugins.com
0.0.0.0 akvideo.stream
0.0.0.0 altavista.ovh
0.0.0.0 analytics.blue
0.0.0.0 andlache.com
0.0.0.0 anime.reactor.cc
0.0.0.0 a-o.ninja
0.0.0.0 api.inwemo.com
0.0.0.0 appelamule.com
0.0.0.0 aservices.party
0.0.0.0 audioknigi.club
0.0.0.0 auroramine.com
0.0.0.0 authedmine.com
0.0.0.0 averoconnector.com
0.0.0.0 azvjudwr.info
0.0.0.0 bablace.com
0.0.0.0 baiduccdn1.com
0.0.0.0 bauersagtnein.myeffect.net

There are 477 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-255955452-3416418320-429472043-1001\Control Panel\Desktop\\Wallpaper -> c:\users\albion\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{a7fb9b05-535f-4329-84de-f3b4fd091f93}.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Block)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: HPTouchpointAnalyticsService => 2
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: RichVideo64 => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SecureLine => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7DAB13B1-B528-4D63-80AF-EB31769F879F}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{993D5736-82A1-459F-8BC1-848338820CAD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{27331D7D-1CBF-4DA7-A5EB-969918344C51}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{1207075D-EBFD-4D3F-9ECF-5BED527D1CA1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{2A387A0F-27E8-4752-9575-A752677E1590}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{B2E1E228-90B5-4584-9DF9-B99DA84CBC70}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{2D522E8F-C18C-48C0-AA6D-6C3CC15C5CA2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{12BCFF35-C578-44B6-8A5D-6D52D91E1274}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D427A8D0-2A2D-40B5-A68B-D067B7614FAB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9081CD88-1502-4635-8DC2-6D31592171FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8EBB454C-C642-461C-8EE7-2A86C984DDFD}] => (Allow) C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5934\office6\wpscloudsvr.exe
FirewallRules: [{C052D18A-F312-4FF8-86B8-205D581E5BCD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{EBE5BFA5-BA57-4797-BFD7-3838A12D39F4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777935}}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA9}}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777934}}] => (Allow) C:\Program Files (x86)\UnHackMe\regruninfo.exe
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA8}}] => (Allow) C:\Program Files (x86)\UnHackMe\regruninfo.exe
FirewallRules: [{360E6FA8-7EC6-464E-A964-B2391705034D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{956BD1DD-FA33-4518-878D-0524604CC621}] => (Allow) C:\Program Files (x86)\Weirdo\Hedgerows.exe
FirewallRules: [{0477DB0D-857C-4C72-B2D3-0B91249A4411}] => (Allow) C:\Program Files (x86)\Lowered\Hedgerows.exe
FirewallRules: [{100CA4A3-9B78-4E68-B468-273E4DDCEFCD}] => (Allow) C:\Program Files (x86)\angrily\cholla.exe
FirewallRules: [{8A20464A-66F1-4F1B-B00D-9813D0EFAE42}] => (Allow) C:\Program Files (x86)\Lowered\cholla.exe
FirewallRules: [{1C05B085-CAF0-4493-8FB9-094B2B4E9EAC}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{61A2406C-CDE5-4BFF-95F9-927B4C6B6C48}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{3AB2FC35-A23E-4A1F-A486-5C1A09905A81}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{23102BF1-4B01-402A-9607-705450099BCC}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{504CCC57-8488-4D70-B07A-A9992274F0A8}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{BD3ED65A-461C-4222-8359-A1749287336F}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{8C430E8B-7715-4E70-AA45-BD84446435F7}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{51558C97-1829-4301-A227-019BA2CB35C3}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [TCP Query User{9C0742BC-293E-456D-A9EF-ABF1D8C59365}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [UDP Query User{F7A332F2-4656-4BD9-AAE1-DA57DD215A19}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [{CE332EBD-5B90-4C00-8494-CE6ECD4274A7}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe
FirewallRules: [{6412A1AC-4236-4AAE-9CDD-073DDFCFB930}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

12-03-2018 19:44:17 Windows Modules Installer
21-03-2018 01:00:07 Windows Modules Installer
25-03-2018 18:49:30 UnHackMe Malware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2018 03:21:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/29/2018 03:20:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000417
Fault offset: 0x7201ccd5
Faulting process id: 0x248
Faulting application start time: 0x01d3c7a24d133c62
Faulting application path: bad_module_info
Faulting module path: unknown
Report Id: 4ff4c61c-da90-4512-af2d-45b3382a81a7
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/28/2018 04:55:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-V5IHT07)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (03/28/2018 04:53:06 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (03/28/2018 04:52:54 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected

Error: (03/28/2018 04:52:03 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected

Error: (03/28/2018 04:47:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-V5IHT07)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (03/28/2018 04:45:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PlacesServer.exe, version: 10.0.16299.251, time stamp: 0xc7ebbf26
Faulting module name: PlacesServer.exe, version: 10.0.16299.251, time stamp: 0xc7ebbf26
Exception code: 0xc0000005
Fault offset: 0x000000000003fa54
Faulting process id: 0x1e80
Faulting application start time: 0x01d3c6e5dffe790a
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe
Report Id: ce4745fc-ffc4-43e9-b97a-5bfb3d30a7fe
Faulting package full name: Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI


System errors:
=============
Error: (03/29/2018 04:06:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/29/2018 03:16:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/29/2018 03:12:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/29/2018 03:09:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/29/2018 03:06:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/29/2018 03:06:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (03/29/2018 03:03:47 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-V5IHT07)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-V5IHT07\Albion SID (S-1-5-21-255955452-3416418320-429472043-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/29/2018 03:03:12 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-V5IHT07)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppX4bsqm82t4x1h6fxzn912f92v3hcmq9bb.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca


Windows Defender:
===================================
Date: 2018-03-29 16:20:35.268
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9396C136-4DF8-4009-9EC8-CAF543A51359}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-28 07:32:39.862
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {21A12DD8-B63F-48EF-B614-FADA785C34EE}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-27 20:53:12.140
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bitrep.A&threatid=2147723097&enterprise=0
Name: Trojan:Win32/Bitrep.A
ID: 2147723097
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Albion\AppData\Local\Temp\1049359\ic-0.f649d00b070228.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
Signature Version: AV: 1.263.1596.0, AS: 1.263.1596.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4

Date: 2018-03-27 17:23:16.945
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9A5B5CFE-5FEA-46E8-B69C-24711F4B6266}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2018-03-26 15:31:06.264
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {639F9C73-76E2-4D1A-BAE0-57E84F126CA1}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2018-03-26 16:19:51.431
Description: 
Windows Defender Antivirus has encountered an error trying to download and configure Windows Defender Offline.
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available. 

Date: 2018-03-26 16:19:24.821
Description: 
Windows Defender Antivirus has encountered an error trying to download and configure Windows Defender Offline.
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available. 

Date: 2018-03-25 20:28:59.731
Description: 
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Backup
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

Date: 2018-03-25 20:28:59.274
Description: 
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

Date: 2018-03-25 17:57:40.952
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.1128.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80070005
Error description: Access is denied. 

CodeIntegrity:
===================================

Date: 2018-03-29 15:01:41.130
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-29 15:01:41.126
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-29 15:01:40.340
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-29 15:01:40.239
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-28 18:14:50.984
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-28 18:14:50.963
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-28 18:14:49.379
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-28 18:14:49.130
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
Percentage of memory in use: 66%
Total physical RAM: 3985.95 MB
Available physical RAM: 1322.24 MB
Total Virtual: 5457.95 MB
Available Virtual: 1674.39 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:444.32 GB) (Free:379.69 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.28 GB) (Free:2.2 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{59b28542-98ac-4f5a-b3d9-3d8487536ad7}\ (FILE Z) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
\\?\Volume{4d2b10ce-f212-481f-a81f-044fc751016e}\ () (Fixed) (Total:1.77 GB) (Free:1.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 48F83F41)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

Sorry for the delay.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Albion (31-03-2018 12:43:25) Run:1
Running from C:\Users\Albion\Downloads
Loaded Profiles: Albion &  (Available Profiles: Albion & gashi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

Task: {DFEF6C28-7975-437E-8441-87E0DC7005D7} - \Mibelarab\{41D828B1-2F91-31D1-EC9A-316D1018F062} -> No File <==== ATTENTION

AlternateDataStreams: C:\WINDOWS\system32\Drivers\whkogfxo.sys:changelist [452]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [138]

C:\Program Files (x86)\quetzalcoatl
C:\Program Files (x86)\soler
C:\Program Files (x86)\Lowered
C:\Program Files (x86)\angrily
C:\Program Files (x86)\MICROLEAVES.del
C:\Program Files (x86)\GUT273D.tmp
C:\Program Files (x86)\GUM272C.tmp
C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
C:\Users\Albion\AppData\Local\{2ACAA3E4-4711-4E35-8C01-0250FA3B1AEC}
C:\Users\Albion\AppData\Local\{6274549D-1EA1-4EA6-B0B1-CEB437358694}
C:\Users\Albion\AppData\Local\Hedgerows.exe
C:\Users\Albion\AppData\Local\cholla.exe
C:\WINDOWS\b49312778
C:\WINDOWS\patin.exe
C:\WINDOWS\uninstaller.dat
C:\WINDOWS\system32\Drivers\F2066F264CCD18E7794C48D8961D5D76.del

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFEF6C28-7975-437E-8441-87E0DC7005D7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFEF6C28-7975-437E-8441-87E0DC7005D7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mibelarab\{41D828B1-2F91-31D1-EC9A-316D1018F062}" => removed successfully
C:\WINDOWS\system32\Drivers\whkogfxo.sys => ":changelist" ADS removed successfully
C:\ProgramData\Temp => ":CB0AACC9" ADS removed successfully
C:\Program Files (x86)\quetzalcoatl => moved successfully
C:\Program Files (x86)\soler => moved successfully
C:\Program Files (x86)\Lowered => moved successfully
C:\Program Files (x86)\angrily => moved successfully
C:\Program Files (x86)\MICROLEAVES.del => moved successfully
C:\Program Files (x86)\GUT273D.tmp => moved successfully
C:\Program Files (x86)\GUM272C.tmp => moved successfully
C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} => moved successfully
C:\Users\Albion\AppData\Local\{2ACAA3E4-4711-4E35-8C01-0250FA3B1AEC} => moved successfully
C:\Users\Albion\AppData\Local\{6274549D-1EA1-4EA6-B0B1-CEB437358694} => moved successfully
C:\Users\Albion\AppData\Local\Hedgerows.exe => moved successfully
C:\Users\Albion\AppData\Local\cholla.exe => moved successfully
C:\WINDOWS\b49312778 => moved successfully
C:\WINDOWS\patin.exe => moved successfully
C:\WINDOWS\uninstaller.dat => moved successfully
C:\WINDOWS\system32\Drivers\F2066F264CCD18E7794C48D8961D5D76.del => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 80685780 B
Java, Flash, Steam htmlcache => 3344 B
Windows/system/drivers => 1806343579 B
Edge => 8914619 B
Chrome => 86560291 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1395321 B
NetworkService => 39483056 B
Albion => 125072034 B
gashi => 68946898 B

RecycleBin => 0 B
EmptyTemp: => 2.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:48:29 ====

Link to post
Share on other sites

Alright now let's do a sweep with AdwCleaner and RogueKiller.

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

Your next reply(ies) should therefore contain:

  • Copy/pasted AdwCleaner clean log
  • Copy/pasted RogueKiller clean log

Link to post
Share on other sites

# AdwCleaner 7.0.8.0 - Logfile created on Sat Mar 31 19:10:34 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-03-30.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Adware.Heuristic, f2066f264ccd18e7794c48d8961d5d76


***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\Albion\AppData\Roaming\TotalAV
PUP.Optional.Legacy, C:\Users\Albion\Documents\TotalAV
PUP.Optional.SpeedyFixer, C:\Program Files (x86)\SpeedyFixer
PUP.Optional.SpeedyFixer, C:\Users\Albion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyFixer


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.ByteFence, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bytefence.com
PUP.Optional.ByteFence, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.bytefence.com
PUP.Optional.ByteFence, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bytefence.com
PUP.Optional.ByteFence, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.bytefence.com
PUP.Optional.ByteFence, [Key] - HKU\.DEFAULT\Software\ByteFence
PUP.Optional.ByteFence, [Key] - HKU\S-1-5-18\Software\ByteFence
PUP.Optional.ByteFence, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
PUP.Optional.MyWebShield, [Key] - HKCU\Software\Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}
Adware.OnlineIO, [Key] - HKLM\SOFTWARE\Microleaves
PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\Online Application\
PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\
PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\
PUP.Optional.UTILILAB.SystemOPTIMIZER, [Key] - HKU\S-1-5-21-255955452-3416418320-429472043-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ACFE6C69-8528-41A3-B06B-CE5C7FE4398B}_is1
PUP.Optional.UTILILAB.SystemOPTIMIZER, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ACFE6C69-8528-41A3-B06B-CE5C7FE4398B}_is1
PUP.Optional.SpeedyFixer, [Key] - HKLM\SOFTWARE\SpeedyFixer
PUP.Optional.SpeedyFixer, [Key] - HKU\S-1-5-21-255955452-3416418320-429472043-1001\Software\SpeedyFixer
PUP.Optional.SpeedyFixer, [Key] - HKCU\Software\SpeedyFixer


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

Link to post
Share on other sites

# AdwCleaner 7.0.8.0 - Logfile created on Sat Mar 31 19:13:59 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: f2066f264ccd18e7794c48d8961d5d76


***** [ Folders ] *****

Deleted: C:\Users\Albion\AppData\Roaming\TotalAV
Deleted: C:\Users\Albion\Documents\TotalAV
Deleted: C:\Program Files (x86)\SpeedyFixer
Deleted: C:\Users\Albion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyFixer


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bytefence.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.bytefence.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bytefence.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.bytefence.com
Deleted: [Key] - HKU\.DEFAULT\Software\ByteFence
Deleted: [Key] - HKU\S-1-5-18\Software\ByteFence
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted: [Key] - HKCU\Software\Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}
Deleted: [Key] - HKLM\SOFTWARE\Microleaves
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\
Deleted: [Key] - HKU\S-1-5-21-255955452-3416418320-429472043-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ACFE6C69-8528-41A3-B06B-CE5C7FE4398B}_is1
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ACFE6C69-8528-41A3-B06B-CE5C7FE4398B}_is1
Deleted: [Key] - HKLM\SOFTWARE\SpeedyFixer
Deleted: [Key] - HKU\S-1-5-21-255955452-3416418320-429472043-1001\Software\SpeedyFixer
Deleted: [Key] - HKCU\Software\SpeedyFixer


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [3916 B] - [2018/3/31 19:10:34]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Link to post
Share on other sites

# AdwCleaner 7.0.8.0 - Logfile created on Sat Mar 31 19:13:59 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: f2066f264ccd18e7794c48d8961d5d76


***** [ Folders ] *****

Deleted: C:\Users\Albion\AppData\Roaming\TotalAV
Deleted: C:\Users\Albion\Documents\TotalAV
Deleted: C:\Program Files (x86)\SpeedyFixer
Deleted: C:\Users\Albion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyFixer


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bytefence.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.bytefence.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bytefence.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.bytefence.com
Deleted: [Key] - HKU\.DEFAULT\Software\ByteFence
Deleted: [Key] - HKU\S-1-5-18\Software\ByteFence
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted: [Key] - HKCU\Software\Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}
Deleted: [Key] - HKLM\SOFTWARE\Microleaves
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\
Deleted: [Key] - HKU\S-1-5-21-255955452-3416418320-429472043-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ACFE6C69-8528-41A3-B06B-CE5C7FE4398B}_is1
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ACFE6C69-8528-41A3-B06B-CE5C7FE4398B}_is1
Deleted: [Key] - HKLM\SOFTWARE\SpeedyFixer
Deleted: [Key] - HKU\S-1-5-21-255955452-3416418320-429472043-1001\Software\SpeedyFixer
Deleted: [Key] - HKCU\Software\SpeedyFixer


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [3916 B] - [2018/3/31 19:10:34]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.