Jump to content

MSASCuiL and svchost.exe viruses wont go away, help!


Recommended Posts

Windows 8.1

I recently downloaded an infected file in my computer that installed a service called mail.ru.

After too many hours of trying I got rid of it, but there is still a virus in my pc.

There is an MSASCuiL.exe in startup programms that no matter how many times I delete comes back. I also cant click on its properties or file location.

There are also 2 svchost.exe in running programms not  under the windows tab that are suspicious.

Whenever I try to google malwarebytes and stuff like that my browser closes. I cant ven run malwarebytes in normal mode without closing automatically. The only way to do it is to terminate the two svchost processes and i have a 40 min gap to do anything before they come back.

In safe mode i ran malwarebytes several times and deleted what it found but the problem remains.

please help

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malware Removal for Windows Help forum. Being infected is not fun and can be very frustrating to resolve, but don't worry because we have a team of experts here help you!!

Note: Please be patient. When the site is busy it can take up to 48 hours before a malware removal helper can assist you. If no one has replied to your new topic after 48 hours please contact an Administrator to let them know.

First, if you haven't done so, please run a Threat Scan with the latest version of Malwarebytes. This may resolve your malware infection issue without the need for additional support. Click "Reveal Hidden Contents" below for details:

Spoiler

Malwarebytes can detect and remove most malware with no further actions required for free.

If you do not have Malwarebytes, please download it here and install. Be sure to post back the log as shown below.

  1. Open Malwarebytes for Windows
  2. To the left, click Scan > Scan Types.

    auto-reply-scan-types2.jpg.86e24e955a95d
     
  3. Select Threat Scan. Threat Scan is the most thorough and recommended scan method available.

    auto-reply-scan-types1.jpg.f4eee0e0c9375
     
  4. Click Start Scan
     

Next, if you're still experiencing issues after running Malwarebytes, then technical logs will be required to assist you. Click "Reveal Hidden Contents" below and follow the instructions to run the Farbar Recovery Scan Tool:

Spoiler

Don't use any temporary file cleaners unless requested - this can cause data loss and make a recovery difficult.

Please download the Farbar Recovery Scan Tool here and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  1. Double-click to run it. When the tool opens click Yes to the disclaimer.
  2. Press the Scan button.

    _frst_scan.jpg.d79beccbb6e66628e557f6c28
     
  3. It will make a log (FRST.txt) in the same directory the tool is run. Please attach or copy and paste it to your reply.
  4. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually.
     

Finally, attach the Malwarebytes Threat Scan, FRST.txt and Additional.txt logs to your reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:   notify me.jpeg
 

Click "Reveal Hidden Contents" below for details on how to add attachments to your post.
Note: If you are unable to attach files, please copy and past the contents of the requested files in your Reply instead. 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

Please Note the Following:

  • One of our expert helpers will give you one-on-one assistance when one becomes available.
  • Refrain from making any further changes to your computer (such as Install/Uninstall programs, using special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
  • Do not 'bump' or add a reply to your topic once it is started. Topics which appear to have replies are considered to have a helper assisting them and may be overlooked, resulting in a longer waiting period for help
  • If you're using Peer 2 Peer software such as uTorrent or similar, please completely disable it from running while being assisted here.

Troubleshooting Tips

 

 

Link to post
Share on other sites

Hello Alice94 and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

3 hours ago, kevinf80 said:
Hello Alice94 and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

Thanks a lot.

I did the scan with mb3 these are what it found.

The problem is the virus wont let me open the FRST64.exe. It closes automatically right after the admin window.

what should i do?

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/23/18
Scan Time: 7:12 PM
Log File: 3834ad02-7700-11e8-8dd5-84ef18ad3198.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5599
License: Expired

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Andreas\Andreash

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 294299
Threats Detected: 56
Threats Quarantined: 56
Time Elapsed: 23 min, 7 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 3
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [4496], [398206],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [4496], [380353],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [4496], [380352],1.0.5599

Module: 6
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [4496], [398206],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [4496], [380353],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [4496], [380352],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599

Registry Key: 22
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC11_PerformanceMonitor, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{22BF8969-A290-4A32-9F18-CC9790031C82}, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{22BF8969-A290-4A32-9F18-CC9790031C82}, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC11_SkipUac_Andreash, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{930E0AB9-07B0-4E51-9A2B-DCAC4DECCC1C}, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{930E0AB9-07B0-4E51-9A2B-DCAC4DECCC1C}, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService11, Delete-on-Reboot, [4496], [380352],1.0.5599
Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{282B4048-62ED-E695-3B05-C755DD931DD9}, Delete-on-Reboot, [6063], [514917],1.0.5599
Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FE76BA8E-3119-4548-88F0-6A00EA4BBF28}, Delete-on-Reboot, [6063], [514917],1.0.5599
Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{FE76BA8E-3119-4548-88F0-6A00EA4BBF28}, Delete-on-Reboot, [6063], [514917],1.0.5599
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [6063], [-1],0.0.0
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [14221], [531742],1.0.5599

Registry Value: 1
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-3018201572-215371730-3148437188-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 11, Delete-on-Reboot, [4496], [380353],1.0.5599

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 24
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_PerformanceMonitor, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_SkipUac_Andreash, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\USERS\ANDREASH\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\TASKBAR\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [380340],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [380338],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Delete-on-Reboot, [4496], [398206],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Delete-on-Reboot, [4496], [380353],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Delete-on-Reboot, [4496], [380352],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Delete-on-Reboot, [4496], [396386],1.0.5599
Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{282B4048-62ED-E695-3B05-C755DD931DD9}, Delete-on-Reboot, [6063], [514917],1.0.5599
Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [6063], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [14221], [531742],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [396386],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, Delete-on-Reboot, [4496], [396386],1.0.5599
Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [14221], [531742],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\USERS\ANDREASH\DOWNLOADS\ADVANCED-SYSTEMCARE-SETUP.EXE, Delete-on-Reboot, [4496], [396386],1.0.5599

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Andreash (23-06-2018 19:49:42)
Running from C:\Users\Andreash\Desktop
Windows 8.1 Pro (Update) (X64) (2017-01-18 13:48:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3018201572-215371730-3148437188-500 - Administrator - Disabled)
Andreash (S-1-5-21-3018201572-215371730-3148437188-1001 - Administrator - Enabled) => C:\Users\Andreash
Guest (S-1-5-21-3018201572-215371730-3148437188-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Advanced SystemCare 11 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 11.4.0 - IObit)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Assassin's Creed Origins (HKLM-x32\...\{DAC281DD-7006-49D4-905B-E8BDA474A230}_is1) (Version:  - Ubisoft)
AutoCAD 2015 - English (HKLM\...\{5783F2D7-E001-0000-0102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 - English (HKLM\...\{5783F2D7-E001-0409-2102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack - English (HKLM\...\{5783F2D7-E001-0409-1102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
Autodesk Content Service (HKLM-x32\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.5.154 - Autodesk)
Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk ReCap (HKLM\...\{31ABA3F2-0000-1033-0102-111D43815377}) (Version: 1.3.1.39 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk)
BioShock Remastered (HKLM-x32\...\BioShock Remastered_is1) (Version:  - )
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Chicken Invaders 4 (HKLM-x32\...\Chicken Invaders 4 v.4.13) (Version: 4.13 - InterAction Studios)
Dark Souls III (HKLM-x32\...\Dark Souls III_is1) (Version:  - )
Discord (HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
Dishonored  Game of the Year Edition (HKLM-x32\...\RGlzaG9ub3JlZA==_is1) (Version: 1 - )
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.31 - NVIDIA Corporation) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{68B3293E-612B-48B4-BC0F-4CCFBF83AB96}) (Version: 0.8.2.76 - Dolby Laboratories, Inc.)
Doom (HKLM-x32\...\{B6A2B3BA-C93E-4AEE-BBCF-BE91DDC84962}_is1) (Version:  - id Software)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.2.0 - IObit)
Exterminate It! (HKLM-x32\...\Exterminate It!) (Version: 2.12.06.06 - CURIOLAB S.M.B.A.)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GRID Autosport (HKLM-x32\...\R1JJREF1dG9zcG9ydA==_is1) (Version: 1 - )
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.294 - SurfRight B.V.)
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4542 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{aa2c2346-d0c0-4d3e-9ab1-11a48b4cb9f3}) (Version: 19.20.3 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.2.0.933 - IObit)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.5.0 - iolo technologies, LLC)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Metro 2033 Redux (HKLM-x32\...\1436434037_is1) (Version: 2.0.0.2 - GOG.com)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.9330.2124 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
NBA 2K17 (HKLM-x32\...\NBA 2K17_is1) (Version:  - )
NVIDIA 3D Vision Driver 397.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 397.31 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 397.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.31 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.6.1.0 - Popcorn Time) <==== ATTENTION
Pro Evolution Soccer 2017 - Version 1.0.1.0.0 (HKLM-x32\...\Pro Evolution Soccer 2017_is1) (Version: 1.0.1.0.0 - RePack by VickNet)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Realtek Wireless LAN Adapter Software (HKLM-x32\...\{E462B252-195B-47EA-98E2-BAC3C2DF7D37}) (Version: 1.00.0048.0 - REALTEK Semiconductor Corp.)
RISA-3D 11.0 Standalone (64-bit) (HKLM-x32\...\RISA-3D 11.0 Standalone (64-bit)) (Version: 11.0.2.0 - RISA Technologies, LLC)
RocLab 1.0 (HKLM-x32\...\{D40FC2D6-81B9-4674-96FE-125C5F198846}) (Version:  - )
RogueKiller version 12.12.16.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.16.0 - Adlice Software)
Sentinel System Driver Installer 7.5.8 (HKLM-x32\...\{75BC36E7-AC24-4F35-8AE0-B5885F887744}) (Version: 7.5.8 - SafeNet, Inc.)
Sid Meiers Civilization VI Proper (HKLM\...\c2lkbWVpZXJzY2l2aWxpemF0aW9udmk_is1) (Version: 1 - )
Skype version 8.22 (HKLM-x32\...\Skype_is1) (Version: 8.22 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Elder Scrolls V Skyrim Legendary Edition version 1.9.32.8 (HKLM-x32\...\The Elder Scrolls V Skyrim Legendary Edition_is1) (Version: 1.9.32.8 - Mr DJ)
TORMOD GAMING MOUSE (HKLM-x32\...\{FB05F0C7-56F3-4021-8516-8F7786A33B68}_is1) (Version: 2.0 - TORMOD)
Unity Web Player (HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3018201572-215371730-3148437188-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3018201572-215371730-3148437188-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3018201572-215371730-3148437188-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2014-02-07] (Autodesk)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Windows\system32\Incinerator64.dll [2013-12-03] (iolo technologies, LLC)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-24] (IObit)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-01-17] (Apple Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Windows\system32\Incinerator64.dll [2013-12-03] (iolo technologies, LLC)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-24] (IObit)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-01-19] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-04-22] (NVIDIA Corporation)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-24] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07E06068-4803-4802-B41B-58781D130A42} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {17B6A394-4DBB-4D80-B590-87A9D0F79FCE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {1D90D9DF-EEF4-4AD4-9C50-56590F76B9B7} - System32\Tasks\Uninstaller_SkipUac_Andreash => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-01-11] (IObit)
Task: {24926DDC-813B-424E-9576-5BE7139BC8F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {27E3779F-45B7-4C42-B50C-E5FDCACBCDF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {29D2536D-596F-4EB9-9CF4-AE943E9DE356} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-04-22] (NVIDIA Corporation)
Task: {3165ECF7-E2E6-4B46-9F3D-68B93B614CF9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-12] (Microsoft Corporation)
Task: {430F1BC2-E9D4-4C01-9F63-7C4E56F28918} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {449ABA8D-2597-4C47-B27C-311E94BE5AFE} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-07] (Piriform Ltd)
Task: {4AA2EA00-61B6-4863-98D9-F92977B0463E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-04-22] (NVIDIA Corporation)
Task: {4FED957C-0274-43BF-AB2B-21B0FB49B6CD} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-04-22] (NVIDIA Corporation)
Task: {5282C199-3802-4EEA-9F1B-26B8C0279B71} - \ASC10_SkipUac_Andreash -> No File <==== ATTENTION
Task: {55E55BAD-A8A1-4909-8DCF-1763A34506E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-26] (Google Inc.)
Task: {5AE9FBFB-EF24-4477-BB1D-E7B75BA1B3D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-06-19] (Microsoft Corporation)
Task: {5FD3ADCC-7978-4136-A8C9-93213709AAD1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-19] (Microsoft Corporation)
Task: {74D3AB23-0E09-4847-8FE8-B2A353FB33C2} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-04-22] (NVIDIA Corporation)
Task: {89F29BCD-FA38-42B5-B5F1-4B2E09D06A7A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-06-19] (Microsoft Corporation)
Task: {92649B93-7688-4D9D-84F5-0A7F60255229} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-12] (Microsoft Corporation)
Task: {92DFE22D-1F13-44C6-9AEA-CD837F41C045} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2013-12-03] (iolo technologies, LLC)
Task: {98DE5660-5E9A-4A60-8B5E-354B1FE3E4AE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-04-22] (NVIDIA Corporation)
Task: {9E5B8911-777A-4C02-A067-43FC55479FD7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-19] (Microsoft Corporation)
Task: {A691C94A-E0BF-48E3-BD52-66D8DE8171FA} - System32\Tasks\{65F193EF-C19B-4A5A-B748-34E852479319} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Serious Sam 3 BFE Deluxe Edition\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe" -d "C:\Program Files (x86)\Serious Sam 3 BFE Deluxe Edition\Steam\steamapps\common\Serious Sam 3\Bin"
Task: {AFD4016F-2A82-44F0-9F18-8B8F633F913A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-26] (Google Inc.)
Task: {B54A41E3-63EB-48A2-BCD0-03D8A7A2BBD8} - System32\Tasks\Driver Booster SkipUAC (Andreash) => C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe [2018-01-11] (IObit)
Task: {B756E704-C749-400D-B84E-30300990001F} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {C14C0788-AAB8-4EB0-908D-231F58AB9262} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-04-22] (NVIDIA Corporation)
Task: {C24C272D-94AA-49DE-9606-876FB3F727CA} - System32\Tasks\update-S-1-5-21-3018201572-215371730-3148437188-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {C472B2A4-F96E-46CB-A44A-7DFF6E357F8D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {C9E2C408-CD83-4044-B372-91DDF09CBEAB} - \ASC10_PerformanceMonitor -> No File <==== ATTENTION
Task: {D2B8E2EB-BABE-416A-88EE-A957520C1D20} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-04-22] (NVIDIA Corporation)
Task: {DAE32ECF-DCB6-4824-8DDA-510D61BD0857} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-04-22] (NVIDIA Corporation)
Task: {E2B0BC2E-15CA-448B-883D-2AD8A606B90E} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\5.2.0\Scheduler.exe [2017-12-11] (IObit)
Task: {EB46B1B2-C92C-473F-804E-D3FDCB1744E5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {F2B3B89B-C255-4F11-94DA-6F361D5D62CE} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-06-19] (Microsoft Corporation)
Task: {F746BF1C-ED32-43EE-8D98-48E5E7C5BC48} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {FFCABCC9-0A12-45C9-B68D-234A45229729} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-07] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Uninstaller_SkipUac_Andreash.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\Windows\Tasks\update-S-1-5-21-3018201572-215371730-3148437188-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-01-13 14:56 - 2017-01-13 14:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-08-17 20:03 - 2012-04-24 18:42 - 001181544 _____ () C:\Program Files (x86)\TORMOD Gaming Mouse\ETGMSrv.exe
2018-05-07 03:17 - 2018-04-22 14:05 - 001267648 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-06-23 19:10 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-08-17 20:03 - 2015-11-14 00:21 - 003343360 _____ () C:\Program Files (x86)\TORMOD Gaming Mouse\lwmon.exe
2017-04-14 15:23 - 2017-03-10 13:48 - 000061944 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2017-04-14 15:23 - 2017-03-10 13:48 - 000110584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2017-01-18 21:11 - 2016-06-22 06:30 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-01-18 21:11 - 2016-06-22 06:29 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-01-18 21:11 - 2016-06-22 06:29 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2018-05-07 03:17 - 2018-04-22 14:05 - 001041344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-02-07 15:02 - 2017-10-16 11:14 - 000442144 _____ () C:\Program Files (x86)\IObit\Driver Booster\5.2.0\madExcept_.bpl
2018-02-07 15:02 - 2017-10-16 11:14 - 000210720 _____ () C:\Program Files (x86)\IObit\Driver Booster\5.2.0\madBasic_.bpl
2018-02-07 15:02 - 2017-10-16 11:14 - 000059680 _____ () C:\Program Files (x86)\IObit\Driver Booster\5.2.0\madDisAsm_.bpl
2017-08-17 20:03 - 2012-04-24 18:42 - 000034152 _____ () C:\Program Files (x86)\TORMOD Gaming Mouse\uiHook.dll
2017-01-18 21:11 - 2016-05-24 08:49 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-01-18 21:11 - 2016-10-19 03:57 - 000631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\53091934.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\53091934.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3018201572-215371730-3148437188-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 16:25 - 2013-08-22 16:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3018201572-215371730-3148437188-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Andreash\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: vrswrm-service => 2
MSCONFIG\Services: ZAMSvc => 2
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "WindowsDefender"
HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-3018201572-215371730-3148437188-1001\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{824EC7FD-3B2D-4248-9156-273AE28983B9}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{F7ED63FE-752C-416F-9573-694A2736BA11}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{67FCC50F-A9DC-41DB-B082-9A9A92625108}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{4BFB2CB3-BAE5-4CA0-B327-797193763754}] => (Allow) LPort=50248
FirewallRules: [{A6049089-DD1A-46C5-8170-517E84879459}] => (Allow) C:\Users\Andreash\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{809978D1-A4C3-4249-8494-7E39A41AA6EA}] => (Allow) C:\Users\Andreash\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{272FEC1C-A4A6-4F68-99DA-9490D4A66335}] => (Allow) C:\Users\Andreash\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BB6AEC0E-B1BF-4C2E-B454-E9EFD45BAE8A}] => (Allow) C:\Users\Andreash\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9F7498F2-7396-4E96-B830-01B413049162}] => (Allow) C:\Users\Andreash\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EBE7D8A0-63FB-403F-A520-762DD18B6294}] => (Allow) C:\Users\Andreash\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A40B9DAA-64FB-4C68-B2E7-238B3F1FAB52}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{031B9AF0-E7C2-4CFD-A609-A47E206AA3FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5C228210-F1D7-4F02-B1B1-5E92AAD12270}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{3218FCBB-5C45-4585-9BCD-7024D8E9720C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{48183C17-47DE-4270-B482-6E217E0EA5AC}] => (Allow) C:\Users\Andreash\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{2718BEF6-F529-4EB1-9B1C-B498EA1A6C91}C:\program files (x86)\nba 2k17\nba2k17.exe] => (Block) C:\program files (x86)\nba 2k17\nba2k17.exe
FirewallRules: [UDP Query User{7AB7A06B-2685-4811-ACF7-127DAF3C5D02}C:\program files (x86)\nba 2k17\nba2k17.exe] => (Block) C:\program files (x86)\nba 2k17\nba2k17.exe
FirewallRules: [TCP Query User{79A2FBCE-EE64-4486-A3AE-B837B56F98F7}C:\program files (x86)\nba 2k17\nba2k17.exe] => (Block) C:\program files (x86)\nba 2k17\nba2k17.exe
FirewallRules: [UDP Query User{3DE500DE-705F-43D5-968E-B7F9322531B0}C:\program files (x86)\nba 2k17\nba2k17.exe] => (Block) C:\program files (x86)\nba 2k17\nba2k17.exe
FirewallRules: [TCP Query User{04D1E156-416C-4084-8E28-69770261E337}C:\program files (x86)\doom\doomx64.exe] => (Block) C:\program files (x86)\doom\doomx64.exe
FirewallRules: [UDP Query User{62635FCC-6655-4817-82EF-62A1671AF774}C:\program files (x86)\doom\doomx64.exe] => (Block) C:\program files (x86)\doom\doomx64.exe
FirewallRules: [TCP Query User{B6C39698-79D7-40F4-8BEC-7D68C570E8FB}C:\program files (x86)\doom\doomx64.exe] => (Block) C:\program files (x86)\doom\doomx64.exe
FirewallRules: [UDP Query User{D90F267E-1A2F-4849-ACC2-04761D9B5924}C:\program files (x86)\doom\doomx64.exe] => (Block) C:\program files (x86)\doom\doomx64.exe
FirewallRules: [{28DBCE82-9BC4-4012-90BA-F3C116E3C84C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{121904F1-46EE-4B61-982C-CD378F83F67A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{91FB957A-3C1F-4A7D-B627-0BA21006BA72}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{807F6AC1-204B-416E-8F7C-A159C6A16616}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5C579889-BEA3-443F-A345-88D2A7829955}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{BF32FF6E-786B-4B99-ACA5-D8249837783A}C:\program files (x86)\dishonored\binaries\win32\dishonored.exe] => (Block) C:\program files (x86)\dishonored\binaries\win32\dishonored.exe
FirewallRules: [UDP Query User{7AAB2848-D77B-4A9F-8DAF-CE9073759CE5}C:\program files (x86)\dishonored\binaries\win32\dishonored.exe] => (Block) C:\program files (x86)\dishonored\binaries\win32\dishonored.exe
FirewallRules: [{3E98BD45-C509-4ECB-8A01-D3801C288DE1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9CF1FD68-A3D1-42E6-BF71-F6B9B22B839F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D1CE1BD-5718-4CB8-93A4-312D287DE3D4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{92E91B0B-229D-47E4-A52C-BC496C685B91}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{765A27A8-01B7-4415-8C08-5B8CBAFE2F7C}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe
FirewallRules: [{39C98CC5-7B32-4CF6-9064-67B47C6B4B9D}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe
FirewallRules: [TCP Query User{9F12A01F-BA24-44BE-8300-8BBCE4ACF3BE}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{EE7AE996-5519-43C1-9EBD-BD4B8377DC24}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{94B00A11-A46D-4348-92F9-253A2BD1C838}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{16CB5A55-8C1C-41C3-B6BC-ACCCF341F30A}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{E55A6713-6FD8-41B9-A4AF-92C49C084845}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{A03B4CE3-A89F-4F30-A892-DE012D2D721D}C:\users\andreash\documents\games\left 4 dead 2  v2.0.2.7  full-rip  {blaze69}\left 4 dead 2\left4dead2.exe] => (Block) C:\users\andreash\documents\games\left 4 dead 2  v2.0.2.7  full-rip  {blaze69}\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{D3EDD4D2-14B3-4EA0-9DC7-8B44D1D52954}C:\users\andreash\documents\games\left 4 dead 2  v2.0.2.7  full-rip  {blaze69}\left 4 dead 2\left4dead2.exe] => (Block) C:\users\andreash\documents\games\left 4 dead 2  v2.0.2.7  full-rip  {blaze69}\left 4 dead 2\left4dead2.exe
FirewallRules: [{021FFD9C-6B94-47AD-A400-EEFBBA33A560}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{83DF9DA5-E8F0-4205-AC91-5EBB4F0D720B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe
FirewallRules: [{499C9B2C-C287-40D7-A747-08E727A52E26}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe
FirewallRules: [{18A634F3-CE72-47C1-8373-7B9364C737D5}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DBDownloader.exe
FirewallRules: [{0EB49EDC-6998-42DE-8EA7-B44770ED924A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DBDownloader.exe
FirewallRules: [{D9EC5E2A-CE99-485B-A9AF-27CC4FC321DC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\AutoUpdate.exe
FirewallRules: [{BEC6D96E-668E-4867-9A8E-AB238CAA424A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\AutoUpdate.exe
FirewallRules: [{D900C0E4-8E22-402D-8DB0-C3F9B68A93EA}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{A94D700E-B812-4AAB-96FB-2F68C8382978}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{3C01308E-A617-43D9-A1DD-41BFCA23E5A7}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{39B3F040-2BC4-4046-96D3-ECF4B48A7760}] => (Allow) C:\Users\Andreash\AppData\Local\AJtzOik.exe
FirewallRules: [{CF99B1B6-8A4C-435A-81FF-E6E87E2B5FE2}] => (Allow) C:\Windows\SysWOW64\GauxOm.exe
FirewallRules: [{C7AC0285-D580-41EA-AA0A-7FF624795A83}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E403394A-A9C6-431A-B05F-0E233A33EF89}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{75598BCA-A119-456C-952C-160ED7CA66A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6EB9C95D-4A86-4F99-B5A1-3807E6B61DDC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{20CD0384-6E0B-4DB3-AFFB-7F3C37D1F845}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{41B85657-A168-4572-90FB-2E2B35EE6411}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{69B5D3DB-68E3-4C7D-B8F6-D39320747AE8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{CBCC8318-F45F-4E94-BBEF-D9BFE68A493B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1551EC31-37E7-4538-AE4B-4DBD193892AA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{50533EF1-D4C5-4140-AE55-78A88158D151}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{47903156-687E-4992-AAE9-7C704240E3D4}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{DF43DF35-2FA0-4CF3-8A96-BEA8FD4ADB9F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0690F96B-3FA5-496B-9D52-8C68EC4A305F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{34E875A9-B040-4309-93DC-EB00DB022BE4}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{EC824300-759A-4FC2-9A5D-0891EEFB1485}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AB372BD0-3753-4A81-93C6-D9019A6DED04}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3B615CE9-EA9E-48E7-B120-C41FAEA38B8D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A48EA69C-41DB-4CF5-9B10-73ED1CC74AC4}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C61F4C56-D260-49A0-9819-7D8C2870BB60}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{837CC7A7-B62B-4DF6-A899-782AD406DD2A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3A0799D0-2CFD-4652-AE23-096B4BB9871F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FA6E5130-4345-4F04-99B7-51ECF537CA6B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{821F3828-5274-4202-AFA8-15C97E1C4720}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1DA53512-6A36-4742-91E4-E625A27D1453}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4CBF459B-F5FE-4857-B7CC-2431DB99CA4E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6FB57C5E-BFE9-4A33-B8F5-A2F52DCEBB06}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AF68C71F-B866-471F-B1CD-4BFBF5CB0861}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E3C3B65D-B51A-4B96-9333-3BE956B05195}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FD4C24F2-107A-4062-9AC9-53FCAC2F1E2F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B1101E1C-C551-4DCB-BDE9-ADC7144B369B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3345B2E3-088E-468F-BDC4-2B0E77ED4DD3}] => (Allow) C:\Users\Andreash\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EA913FE9-F77E-4CFF-88B4-3EDD6FB43F5E}] => (Allow) C:\Users\Andreash\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{51F7BD9C-C8F1-4A33-B80A-8B62C435123D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1964000E-2879-423F-B668-57DC453CEBD9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B3C36A34-0A0F-4EC1-9D74-86493FB154BB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D62119D8-CCAD-4B20-A5FF-1FD081E8C9DB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{BB059230-D5AD-4FF8-BC6A-691617AACC97}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8D2D8DA8-9EF7-4752-972F-985D1A285AAC}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{34F24447-4E35-4C67-B201-39C648AF51D8}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7C6A1068-4049-4B1A-BA79-8DCEE7EC4BA7}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{62B5D3EA-3550-440A-B933-880C4D4DC4EE}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3CE4F9AD-D0AE-4099-95C0-A8962B7C71CF}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CE9D2ADE-918D-494C-9417-370935D52E0D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{91EAC1FB-27BD-47E7-A269-418440C61856}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [TCP Query User{E6233587-84F0-43B5-B249-01A9495D3683}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{B0AA6465-79FD-4DB8-8030-BA9E71D74C3D}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{77150B69-EA34-4516-A9BC-B8EC84100BA8}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{42B0FB0E-B734-439B-B0BE-4F3E223F8DA1}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [{A308E225-4120-476F-8A79-15679E47A502}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C83BB500-D0DB-46E5-B242-C14F731F5AB9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F15B0105-66D9-448A-8541-744AAC35DC2B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C429AC28-599D-430B-ADA9-1306C5AD1337}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F7772EE5-A1DD-43CD-9B16-D8624D823B52}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{88B8AC8A-1D17-4079-9F70-562A173C6776}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{54545148-D082-4824-8E4A-F5CF53B68175}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1D62DF20-96A8-4D0B-8F03-AC54D324028B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{08D51038-A84B-4CBA-B33B-4BB5C42AE866}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{569ECF2A-7471-41D0-A30A-989950857B8D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E802EF6F-1853-4E29-BD54-9B45D28A3058}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{39E67B18-4451-49D3-9A57-E980D853213E}] => (Allow) C:\Windows\SysWOW64\tracert.exe
FirewallRules: [{37618C2D-DA49-4145-8818-9A75695B2BAF}] => (Allow) C:\Windows\SysWOW64\tracert.exe
FirewallRules: [{36A13E71-86DD-43FE-B5C5-8040F7CA3A6C}] => (Allow) C:\Windows\SysWOW64\tracert.exe
FirewallRules: [{4FDB7EC3-9568-49C3-89CB-E4351F5F0141}] => (Allow) C:\Windows\SysWOW64\tracert.exe
FirewallRules: [{B9E1C61D-2A7D-4DDE-BC0E-B712682F8C98}] => (Allow) C:\Windows\SysWOW64\tracert.exe
FirewallRules: [{D8D97CC2-4A91-4F5F-8A78-24146407524E}] => (Allow) C:\Windows\SysWOW64\tracert.exe
FirewallRules: [{2F2B6275-A69E-4DCB-BCA8-49BADBEBDBD4}] => (Allow) C:\Windows\SysWOW64\tracert.exe
FirewallRules: [{85E5723E-D1C3-4365-A853-0C251237CAF8}] => (Allow) C:\Windows\SysWOW64\tracert.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

05-06-2018 17:46:09 Scheduled Checkpoint
08-06-2018 20:24:33 Windows Update
12-06-2018 19:33:46 Driver Booster : NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
20-06-2018 10:36:50 Scheduled Checkpoint
23-06-2018 16:24:19 Removed Realtek High Definition Audio Driver

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2018 07:48:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkQuarantineRetry

Error: (06/23/2018 07:48:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/23/2018 07:48:26 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (06/23/2018 07:45:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: DEVRTL.dll, version: 6.3.9600.17415, time stamp: 0x5450429b
Exception code: 0xc0000005
Fault offset: 0x0000000000001475
Faulting process id: 0x728
Faulting application start time: 0x01d40b11181c0c15
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\DEVRTL.dll
Report Id: d8d0c50c-7704-11e8-83b0-84ef18ad3198
Faulting package full name: 
Faulting package-relative application ID:

Error: (06/23/2018 06:21:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NVDisplay.Container.exe, version: 1.10.2318.3615, time stamp: 0x5a169a1f
Faulting module name: nvxdapix.dll, version: 8.17.13.9731, time stamp: 0x5adc2d65
Exception code: 0xc0000005
Fault offset: 0x000000000030fffd
Faulting process id: 0x444
Faulting application start time: 0x01d40af781665540
Faulting application path: C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
Faulting module path: C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll
Report Id: 15697c57-76f9-11e8-83af-84ef18ad3198
Faulting package full name: 
Faulting package-relative application ID:

Error: (06/23/2018 04:42:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: DEVRTL.dll, version: 6.3.9600.17415, time stamp: 0x5450429b
Exception code: 0xc0000005
Fault offset: 0x0000000000001475
Faulting process id: 0x7a8
Faulting application start time: 0x01d40af7898d9b58
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\DEVRTL.dll
Report Id: 4096773c-76eb-11e8-83af-84ef18ad3198
Faulting package full name: 
Faulting package-relative application ID:

Error: (06/23/2018 04:41:03 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/23/2018 04:40:54 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (06/23/2018 07:43:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (06/23/2018 07:43:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (06/23/2018 07:43:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated with the following error: 
%%2147770990

Error: (06/23/2018 07:43:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (06/23/2018 07:43:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (06/23/2018 07:40:59 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (06/23/2018 04:40:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated with the following error: 
%%2147770990

Error: (06/23/2018 04:40:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
===================================
Date: 2018-06-21 20:52:21.963
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {B6A5CF7F-F4D1-40BB-B66F-AC23D408CF32}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-21 20:15:13.770
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {5550E3AA-A51D-47A9-931C-C79ECB7BFE90}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-20 10:28:31.328
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {23254D8D-4D6D-4353-A9BA-BFEB76B6708A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-14 20:52:33.243
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {CB509AD9-1819-40C1-8E3C-F67BC07F7EB6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-14 20:39:31.012
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {6F91C994-9CAD-4893-8759-3E713624BD4B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-23 14:46:24.093
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-06-23 14:45:35.466
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.

Date: 2018-06-20 19:41:15.567
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-06-20 19:38:23.902
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-06-17 12:36:47.452
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80508001
Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
Signature version: 1.269.1363.0;1.269.1363.0
Engine version: 1.1.14901.4

CodeIntegrity:
===================================

Date: 2018-06-23 19:47:40.066
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvdlistx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-06-23 16:44:32.605
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvdlistx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-06-23 16:35:17.319
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvdlistx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-06-23 16:14:56.449
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msimg32.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-23 16:14:56.291
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msimg32.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-23 16:04:58.931
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msimg32.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-23 16:04:58.653
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msimg32.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-23 16:04:58.200
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msimg32.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 24%
Total physical RAM: 8019.88 MB
Available physical RAM: 6030.95 MB
Total Virtual: 12627.88 MB
Available Virtual: 10282.9 MB

==================== Drives ================================

Drive ? () (Fixed) (Total:930.53 GB) (Free:230.14 GB) NTFS

\\?\Volume{9237cea1-dd83-11e6-824b-806e6f6e6963}\ () (Fixed) (Total:0.97 GB) (Free:0.95 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=1000 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=930.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Edited by Alice94
Link to post
Share on other sites

2 hours ago, kevinf80 said:
Hello Alice94 and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

Thanks a lot.

I did the scan with mb3 these are what it found.

The problem is the virus wont let me open the FRST64.exe. It closes automatically right after the admin window.

what should i do?

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/23/18
Scan Time: 7:12 PM
Log File: 3834ad02-7700-11e8-8dd5-84ef18ad3198.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5599
License: Expired

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Andreas\Andreash

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 294299
Threats Detected: 56
Threats Quarantined: 56
Time Elapsed: 23 min, 7 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 3
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [4496], [398206],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [4496], [380353],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [4496], [380352],1.0.5599

Module: 6
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [4496], [398206],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [4496], [380353],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [4496], [380352],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599

Registry Key: 22
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC11_PerformanceMonitor, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{22BF8969-A290-4A32-9F18-CC9790031C82}, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{22BF8969-A290-4A32-9F18-CC9790031C82}, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC11_SkipUac_Andreash, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{930E0AB9-07B0-4E51-9A2B-DCAC4DECCC1C}, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{930E0AB9-07B0-4E51-9A2B-DCAC4DECCC1C}, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService11, Delete-on-Reboot, [4496], [380352],1.0.5599
Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{282B4048-62ED-E695-3B05-C755DD931DD9}, Delete-on-Reboot, [6063], [514917],1.0.5599
Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FE76BA8E-3119-4548-88F0-6A00EA4BBF28}, Delete-on-Reboot, [6063], [514917],1.0.5599
Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{FE76BA8E-3119-4548-88F0-6A00EA4BBF28}, Delete-on-Reboot, [6063], [514917],1.0.5599
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [6063], [-1],0.0.0
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [14221], [531742],1.0.5599

Registry Value: 1
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-3018201572-215371730-3148437188-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 11, Delete-on-Reboot, [4496], [380353],1.0.5599

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 24
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_PerformanceMonitor, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_SkipUac_Andreash, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\USERS\ANDREASH\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\TASKBAR\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [380340],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [380338],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Delete-on-Reboot, [4496], [398206],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Delete-on-Reboot, [4496], [380353],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Delete-on-Reboot, [4496], [380352],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Delete-on-Reboot, [4496], [396386],1.0.5599
Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{282B4048-62ED-E695-3B05-C755DD931DD9}, Delete-on-Reboot, [6063], [514917],1.0.5599
Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [6063], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [14221], [531742],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [396386],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, Delete-on-Reboot, [4496], [396386],1.0.5599
Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [14221], [531742],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\USERS\ANDREASH\DOWNLOADS\ADVANCED-SYSTEMCARE-SETUP.EXE, Delete-on-Reboot, [4496], [396386],1.0.5599

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Link to post
Share on other sites

2 hours ago, kevinf80 said:
Hello Alice94 and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

Thanks a lot.

I did the scan with mb3 these are what it found.

The problem is the virus wont let me open the FRST64.exe. It closes automatically right after the admin window.

what should i do?

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/23/18
Scan Time: 7:12 PM
Log File: 3834ad02-7700-11e8-8dd5-84ef18ad3198.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5599
License: Expired

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Andreas\Andreash

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 294299
Threats Detected: 56
Threats Quarantined: 56
Time Elapsed: 23 min, 7 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 3
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [4496], [398206],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [4496], [380353],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [4496], [380352],1.0.5599

Module: 6
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [4496], [398206],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [4496], [380353],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [4496], [380352],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599

Registry Key: 22
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC11_PerformanceMonitor, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{22BF8969-A290-4A32-9F18-CC9790031C82}, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{22BF8969-A290-4A32-9F18-CC9790031C82}, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC11_SkipUac_Andreash, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{930E0AB9-07B0-4E51-9A2B-DCAC4DECCC1C}, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{930E0AB9-07B0-4E51-9A2B-DCAC4DECCC1C}, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService11, Delete-on-Reboot, [4496], [380352],1.0.5599
Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{282B4048-62ED-E695-3B05-C755DD931DD9}, Delete-on-Reboot, [6063], [514917],1.0.5599
Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FE76BA8E-3119-4548-88F0-6A00EA4BBF28}, Delete-on-Reboot, [6063], [514917],1.0.5599
Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{FE76BA8E-3119-4548-88F0-6A00EA4BBF28}, Delete-on-Reboot, [6063], [514917],1.0.5599
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [6063], [-1],0.0.0
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [14221], [531742],1.0.5599

Registry Value: 1
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-3018201572-215371730-3148437188-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 11, Delete-on-Reboot, [4496], [380353],1.0.5599

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 24
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_PerformanceMonitor, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_SkipUac_Andreash, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\USERS\ANDREASH\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\TASKBAR\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [380340],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [380338],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Delete-on-Reboot, [4496], [398206],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Delete-on-Reboot, [4496], [380353],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Delete-on-Reboot, [4496], [380352],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Delete-on-Reboot, [4496], [396386],1.0.5599
Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{282B4048-62ED-E695-3B05-C755DD931DD9}, Delete-on-Reboot, [6063], [514917],1.0.5599
Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [6063], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [14221], [531742],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [396386],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, Delete-on-Reboot, [4496], [396386],1.0.5599
Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [14221], [531742],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\USERS\ANDREASH\DOWNLOADS\ADVANCED-SYSTEMCARE-SETUP.EXE, Delete-on-Reboot, [4496], [396386],1.0.5599

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Link to post
Share on other sites

2 hours ago, kevinf80 said:
Hello Alice94 and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

Thanks a lot.

I did the scan with mb3 these are what it found.

The problem is the virus wont let me open the FRST64.exe. It closes automatically right after the admin window.

what should i do?

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/23/18
Scan Time: 7:12 PM
Log File: 3834ad02-7700-11e8-8dd5-84ef18ad3198.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5599
License: Expired

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Andreas\Andreash

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 294299
Threats Detected: 56
Threats Quarantined: 56
Time Elapsed: 23 min, 7 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 3
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [4496], [398206],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [4496], [380353],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [4496], [380352],1.0.5599

Module: 6
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarantined, [4496], [398206],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarantined, [4496], [380353],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [4496], [380352],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarantined, [4496], [396386],1.0.5599

Registry Key: 22
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC11_PerformanceMonitor, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{22BF8969-A290-4A32-9F18-CC9790031C82}, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{22BF8969-A290-4A32-9F18-CC9790031C82}, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC11_SkipUac_Andreash, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{930E0AB9-07B0-4E51-9A2B-DCAC4DECCC1C}, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{930E0AB9-07B0-4E51-9A2B-DCAC4DECCC1C}, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService11, Delete-on-Reboot, [4496], [380352],1.0.5599
Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{282B4048-62ED-E695-3B05-C755DD931DD9}, Delete-on-Reboot, [6063], [514917],1.0.5599
Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FE76BA8E-3119-4548-88F0-6A00EA4BBF28}, Delete-on-Reboot, [6063], [514917],1.0.5599
Adware.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{FE76BA8E-3119-4548-88F0-6A00EA4BBF28}, Delete-on-Reboot, [6063], [514917],1.0.5599
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [6063], [-1],0.0.0
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{B5D33A22-7E1E-4204-AE01-3311F055519D}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [14221], [531742],1.0.5599
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{79A0053A-D20E-401F-97D5-35BB7A528F7E}, Delete-on-Reboot, [14221], [531742],1.0.5599

Registry Value: 1
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-3018201572-215371730-3148437188-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 11, Delete-on-Reboot, [4496], [380353],1.0.5599

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 24
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_PerformanceMonitor, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_SkipUac_Andreash, Delete-on-Reboot, [4496], [380341],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\USERS\ANDREASH\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\TASKBAR\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [380340],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [380338],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Delete-on-Reboot, [4496], [398206],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Delete-on-Reboot, [4496], [380353],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Delete-on-Reboot, [4496], [380352],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Delete-on-Reboot, [4496], [396386],1.0.5599
Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{282B4048-62ED-E695-3B05-C755DD931DD9}, Delete-on-Reboot, [6063], [514917],1.0.5599
Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [6063], [-1],0.0.0
Adware.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [6063], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{7DCFAF1F-D294-5C84-3BA3-0ACFC4DAEF2E}, Delete-on-Reboot, [14221], [531742],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Advanced SystemCare 11.lnk, Delete-on-Reboot, [4496], [396386],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, Delete-on-Reboot, [4496], [396386],1.0.5599
Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{FB08E9EB-3E16-A6E4-E11A-CF27F40A860D}, Delete-on-Reboot, [14221], [531742],1.0.5599
PUP.Optional.AdvancedSystemCare, C:\USERS\ANDREASH\DOWNLOADS\ADVANCED-SYSTEMCARE-SETUP.EXE, Delete-on-Reboot, [4496], [396386],1.0.5599

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Link to post
Share on other sites

Hello Alice94,

MSASCuiL.exe is a legitimate file, is part of Windows Defender...

Next,

Uninstall the following:

Driver Booster 5
IObit Uninstaller
Popcorn Time
Spybot - Search & Destroy

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Run FRST one more time:

Type the following in the edit box after "Search:".

svchost.exe

Click Search Files button and post the log (Search.txt) it makes to your reply.
 
Let me see those logs in your reply....
 
Thanks,
 
Kevin

 

 

fixlist.txt

Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.