Jump to content
unrisinq

Malwarebytes Won't Open

Recommended Posts

Hi.

I cannot open the shortcut even do I did @Olowkow 's method of renaming the shortcut to explorer.exe  , and says that "The instruction at 0x736991fe" referenced memory at 0x00000000. The memory could not be read. Click on OK to terminate the program." I clicked on OK and tried again but nothing happened. Retried a few times.

Share this post


Link to post
Share on other sites
5 hours ago, unrisinq said:

Hi.

I cannot open the shortcut even do I did @Olowkow 's method of renaming the shortcut to explorer.exe  , and says that "The instruction at 0x736991fe" referenced memory at 0x00000000. The memory could not be read. Click on OK to terminate the program." I clicked on OK and tried again but nothing happened. Retried a few times.

Hello and Welcome!

Gather Logs (no images)

Please do the following to gather some logs so the team can take a look at your installation and attempt to find the cause of the problem:

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply


Thanks

Share this post


Link to post
Share on other sites

Thanks for the logs, it seems your computer is infected.  I will have someone from the team move your topic to the malware removal area so you can get help cleaning it up

Share this post


Link to post
Share on other sites

Hello @unrisinq and :welcome:

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Share this post


Link to post
Share on other sites

Hello again.

# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build:    11-26-2018
# Database: 2018-12-03.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    12-04-2018
# Duration: 00:00:29
# OS:       Windows 8.1
# Scanned:  32298
# Detected: 341


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

 Spyware.Socelars               C:\Users\Shavon\AppData\Local\XService
Adware.Agent                    C:\Windows\System32\config\systemprofile\AppData\Roaming\CRMSvc
Adware.Agent                    C:\Users\Shavon\AppData\Roaming\CRMSvc
PUP.Adware.Heuristic            C:\ProgramData\2285191264066938144
PUP.Adware.Heuristic            C:\ProgramData\1FB6A158E2892520
PUP.Multiplug.Heuristic         C:\ProgramData\ENJOYCOUPON
PUP.Multiplug.Heuristic         C:\ProgramData\ALLSAVERU
PUP.Multiplug.Heuristic         C:\ProgramData\FINDBESTDEAEL
PUP.Multiplug.Heuristic         C:\ProgramData\NETOCOUUPION
PUP.Multiplug.Heuristic         C:\ProgramData\NETOCOUPON
PUP.Multiplug.Heuristic         C:\ProgramData\MINIMUMPRICE
PUP.Multiplug.Heuristic         C:\ProgramData\HAPPY2SAVEO
PUP.Multiplug.Heuristic         C:\ProgramData\CHEAPME
PUP.Multiplug.Heuristic         C:\Program Files (x86)\ENJOYUCOUPPON
PUP.Multiplug.Heuristic         C:\Program Files (x86)\ENJOYCOUPON
PUP.Multiplug.Heuristic         C:\Program Files (x86)\ENJOYCOUOPON
PUP.Multiplug.Heuristic         C:\Program Files (x86)\EXSTRACOUPONN
PUP.Multiplug.Heuristic         C:\Program Files (x86)\EXSTRACIOUPON
PUP.Multiplug.Heuristic         C:\Program Files (x86)\EXSTRAACOUUPON
PUP.Multiplug.Heuristic         C:\Program Files (x86)\EOXSTRACEOUAPAON
PUP.Multiplug.Heuristic         C:\Program Files (x86)\JONNIICOUOPON
PUP.Multiplug.Heuristic         C:\Program Files (x86)\SOAVEREXTENSIONE
PUP.Multiplug.Heuristic         C:\Program Files (x86)\REEGGUALEARDEALS
PUP.Multiplug.Heuristic         C:\Program Files (x86)\DISSCOUNTEXTENSI
PUP.Multiplug.Heuristic         C:\Program Files (x86)\DIGISSAVER
PUP.Multiplug.Heuristic         C:\Program Files (x86)\DIGIICOUPONN
PUP.Multiplug.Heuristic         C:\Program Files (x86)\GREATSAVEU4U
PUP.Multiplug.Heuristic         C:\Program Files (x86)\CUOUIPEEXTENSIOIN
PUP.Multiplug.Heuristic         C:\Program Files (x86)\COUPEXTENSIION
PUP.Multiplug.Heuristic         C:\Program Files (x86)\CHHEAPMMEE
PUP.Multiplug.Heuristic         C:\Program Files (x86)\CHEAAPME
PUP.MyWebSearch.Heuristic       C:\Program Files (x86)\FILMFANATIC
PUP.Optional.BitCoinMiner       C:\ProgramData\WindowsAppCertification
PUP.Optional.BlockTheAds        C:\ProgramData\Block The Ads
PUP.Optional.CPUMiner           C:\ProgramData\MicrosoftCorporation
PUP.Optional.CastVPN            C:\Program Files (x86)\CastVPN
PUP.Optional.FastDataX          C:\Program Files (x86)\FastDataX
PUP.Optional.FastDataX          C:\Users\Shavon\AppData\Roaming\FastDataX
PUP.Optional.Funshion           C:\Program Files (x86)\Funshion Online
PUP.Optional.Funshion           C:\ProgramData\Funshion
PUP.Optional.Funshion           C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion
PUP.Optional.Funshion           C:\Windows\System32\Tasks\Funshion
PUP.Optional.Funshion           C:\Users\Shavon\Funshion
PUP.Optional.Funshion           C:\Windows\System32\config\systemprofile\AppData\Roaming\FunUninst
PUP.Optional.Funshion           C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\FunUninst
PUP.Optional.GoSave             C:\ProgramData\GoSave
PUP.Optional.GreatSave4U        C:\Program Files (x86)\GreatSave4U
PUP.Optional.Happy2Save         C:\ProgramData\Happy2Save
PUP.Optional.InstaTime          C:\Users\Shavon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MessengerTime
PUP.Optional.Legacy             C:\Users\Shavon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????
PUP.Optional.Legacy             C:\Users\Shavon\Documents\??????
PUP.Optional.Legacy             C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
PUP.Optional.Legacy             C:\ProgramData\yahoochrome_D
PUP.Optional.Legacy             C:\Program Files (x86)\DongFangInput
PUP.Optional.Legacy             C:\Program Files (x86)\Common Files\DongFangInput
PUP.Optional.Legacy             C:\ProgramData\Isaver
PUP.Optional.Legacy             C:\ProgramData\BlockIt Ad remover
PUP.Optional.Legacy             C:\ProgramData\AdPunisher
PUP.Optional.Legacy             C:\Program Files (x86)\Web Timer
PUP.Optional.Legacy             C:\ProgramData\trusted publisher
PUP.Optional.Legacy             C:\Program Files (x86)\DeltaFix
PUP.Optional.Legacy             C:\Windows\Syswow64\SSL
PUP.Optional.OneSystemCare      C:\Users\Shavon\AppData\Roaming\One System Care
PUP.Optional.SystemHealer       C:\ProgramData\47765288-ac79-4c5b-b2c6-5c276ae6fc9c
PUP.Optional.SystemHealer       C:\ProgramData\55e0cb0e-c21b-4f2d-ac71-2f3455b1b89f
PUP.Optional.SystemHealer       C:\Users\Shavon\AppData\Roaming\SystemHealer
PUP.Optional.SystemHealer       C:\Users\Shavon\AppData\Roaming\System Healer
PUP.Optional.WebCompanion       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
PUP.Optional.WhiteClick         C:\Users\leont_000\AppData\Local\WhiteClick
PUP.Optional.WhiteClick         C:\Users\Shavon\AppData\Local\WhiteClick
PUP.Optional.WhiteClick         C:\Users\Shavon\AppData\Roaming\Microsoft\Installer\{D66F6F24-652D-4405-A0D3-C568F825FE66}
Trojan.Agent                    C:\Users\Shavon\AppData\Roaming\WidModule

***** [ Files ] *****

PUP.Optional.Funshion           C:\Windows\SysWOW64\funshion.ini
PUP.Optional.Funshion           C:\Users\Shavon\funshion.ini
PUP.Optional.Funshion           C:\ProgramData\Microsoft\Windows\Start Menu\Funshion.lnk
PUP.Optional.Funshion           C:\Users\Shavon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk
PUP.Optional.Funshion           C:\Users\Shavon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Funshion.lnk
PUP.Optional.Legacy             C:\Users\Shavon\Desktop\??????.lnk
PUP.Optional.Legacy             C:\Users\Shavon\appdata\local\installationconfiguration.xml
PUP.Optional.OneSystemCare      C:\Users\Shavon\Desktop\Launch One System Care.lnk
PUP.Optional.SystemHealer       C:\Users\Shavon\Desktop\Launch System Healer.lnk
PUP.Optional.WinYahoo           C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Adware.Heuristic            C:\Windows\System32\Tasks\GOOGLEUPDATESECURITYTASKMACHINE_WQ
PUP.Adware.Heuristic            C:\Windows\System32\Tasks\GOOGLEUPDATESECURITYTASKMACHINE_TB
PUP.Adware.Heuristic            C:\Windows\System32\Tasks\GOOGLEUPDATESECURITYTASKMACHINE_MN
PUP.Adware.Heuristic            C:\Windows\System32\Tasks\GOOGLEUPDATESECURITYTASKMACHINE_IS
PUP.Adware.Heuristic            C:\Windows\System32\Tasks\GOOGLEUPDATESECURITYTASKMACHINE_GI
PUP.Adware.Heuristic            C:\Windows\Tasks\BKUZMQJKDFWMBNIJBIY.JOB
PUP.Adware.Heuristic            C:\Windows\Tasks\BKUOKBPJDRNENGRUKCP.JOB
PUP.Adware.Heuristic            C:\Windows\Tasks\BKUFPERHIQVPLEKSPPE.JOB
PUP.Adware.Heuristic            C:\Windows\Tasks\BKUCNHXFFHFCMHTOBWG.JOB
PUP.Adware.Heuristic            C:\Windows\System32\Tasks\BKUZMQJKDFWMBNIJBIY
PUP.Adware.Heuristic            C:\Windows\System32\Tasks\BKUOKBPJDRNENGRUKCP
PUP.Adware.Heuristic            C:\Windows\System32\Tasks\BKUFPERHIQVPLEKSPPE
PUP.Adware.Heuristic            C:\Windows\System32\Tasks\BKUCNHXFFHFCMHTOBWG
PUP.Optional.BitCoinMiner       C:\Windows\System32\Tasks\Windows_Antimalware_Host
PUP.Optional.FastDataX          C:\Windows\System32\Tasks\FastDataX Task
PUP.Optional.Legacy             C:\Windows\Tasks\One System CarePeriod.job
PUP.Optional.Legacy             C:\Windows\System32\Tasks\One System CarePeriod
PUP.Optional.Legacy             C:\Windows\System32\Tasks\One System Care Monitor
PUP.Optional.OneSystemCare      C:\Windows\System32\Tasks\One System Care Delayed
PUP.Optional.Reviser            C:\Windows\System32\Tasks\AppLoaderPM
PUP.Optional.Reviser            C:\Windows\System32\Tasks\RestoreRevTask
PUP.Optional.SystemHealer       C:\Windows\System32\Tasks\System Healer Delayed
PUP.Optional.SystemHealer       C:\Windows\System32\Tasks\System Healer Monitor

***** [ Registry ] *****

Adware.Agent                    HKLM\Software\CRMSvc
Adware.Agent                    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D105DFE2-8DF6-4BA0-ABF1-392716658963}
Adware.Agent                    HKLM\System\CurrentControlSet\Services\EventLog\Application\CRMSvc
Adware.DNSUnlocker              HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Adware.ICLoader                 HKLM\Software\MICROSOFT\TechnologyDesktopnew
Adware.ICLoader                 HKLM\SOFTWARE\MICROSOFT\Speedycar
Adware.NeoBar                   HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1655C0CA-7AE7-4012-8502-970C8675E5F8
PUP.Adware.Heuristic            HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\S-576482620
PUP.Adware.Heuristic            HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\S-2690333021
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1041E851-05B5-4FFE-BE7E-08F35C2D98FA}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1041E851-05B5-4FFE-BE7E-08F35C2D98FA}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_WQ
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{838D481A-6CF0-4F6A-AA61-6C0D68279F8D}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{838D481A-6CF0-4F6A-AA61-6C0D68279F8D}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_TB
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36FCF6AB-A16D-4072-8F62-7701C5C30043}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36FCF6AB-A16D-4072-8F62-7701C5C30043}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_MN
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B4A082C-3907-4FB8-84B0-8C2555CA9F1B}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B4A082C-3907-4FB8-84B0-8C2555CA9F1B}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_IS
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F196F320-7E4F-4D0F-91B2-6B2785DAB923}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F196F320-7E4F-4D0F-91B2-6B2785DAB923}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_GI
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38356CD9-03AC-403B-B4FB-D8924F115EBA}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38356CD9-03AC-403B-B4FB-D8924F115EBA}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bkuZMqJKDfwMBNIJBIy
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D724614-C7EF-47D7-85DF-3518F95839E6}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D724614-C7EF-47D7-85DF-3518F95839E6}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bkuoKbpJdrnEnGRuKCp
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B5B1AEC-9109-4FB4-A700-72487F44B035}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B5B1AEC-9109-4FB4-A700-72487F44B035}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bkufPErHiqVPLeKsPpe
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C2D7B34-3D17-404A-8EC4-6A20449C2142}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C2D7B34-3D17-404A-8EC4-6A20449C2142}
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bkuCNhXffHFcmhTOBWg
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bku2297700798154853
PUP.Optional.Amazon1Button      HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
PUP.Optional.Amazon1Button      HKCU\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
PUP.Optional.Amazon1Button      HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
PUP.Optional.Amazon1Button      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
PUP.Optional.AmazonAssistant    HKLM\Software\Wow6432Node\Classes\AppID\AmazonAppIE.dll
PUP.Optional.AmazonAssistant    HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll
PUP.Optional.AmazonAssistant    HKLM\Software\Wow6432Node\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}
PUP.Optional.AmazonAssistant    HKLM\Software\Wow6432Node\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}
PUP.Optional.Ask                HKU\S-1-5-18\Software\AskPartnerNetwork
PUP.Optional.Ask                HKCU\Software\AskPartnerNetwork
PUP.Optional.Ask                HKU\.DEFAULT\Software\AskPartnerNetwork
PUP.Optional.Ask                HKLM\Software\Wow6432Node\AskPartnerNetwork
PUP.Optional.BitCoinMiner       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7E010BE-F9D0-436C-82A0-DD3E6CBF19D1}
PUP.Optional.BitCoinMiner       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7E010BE-F9D0-436C-82A0-DD3E6CBF19D1}
PUP.Optional.BitCoinMiner       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows_Antimalware_Host
PUP.Optional.ByteFence          HKU\S-1-5-18\Software\ByteFence
PUP.Optional.ByteFence          HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\Software\ByteFence
PUP.Optional.ByteFence          HKU\.DEFAULT\Software\ByteFence
PUP.Optional.ByteFence          HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
PUP.Optional.ByteFence          HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
PUP.Optional.CastVPN            HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CastVPN_is1
PUP.Optional.CastVPN            HKLM\Software\Wow6432Node\CastVPN
PUP.Optional.FastDataX          HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastDataX_is1
PUP.Optional.FastDataX          HKU\S-1-5-18\Software\FastDataX
PUP.Optional.FastDataX          HKCU\Software\FastDataX
PUP.Optional.FastDataX          HKU\.DEFAULT\Software\FastDataX
PUP.Optional.FastDataX          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{283670B3-072B-4253-A33D-3FAFD310777F}
PUP.Optional.FastDataX          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{283670B3-072B-4253-A33D-3FAFD310777F}
PUP.Optional.FastDataX          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FastDataX Task
PUP.Optional.Funshion           HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funshion
PUP.Optional.Funshion           HKLM\Software\Wow6432Node\Funshion
PUP.Optional.Funshion           HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{1B4416EE-A136-43E9-BA59-FD2CBA685593}C:\program files (x86)\funshion online\3.0.1.23\funshionservice.exe
PUP.Optional.Funshion           HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{452A4DA7-BD2B-4FDF-809C-40C970908991}C:\program files (x86)\funshion online\3.0.1.23\funshionservice.exe
PUP.Optional.Funshion           HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{955FE76C-24D5-4064-B509-ABA5A926CA65}C:\program files (x86)\funshion online\3.0.1.23\funshionservice.exe
PUP.Optional.Funshion           HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{23A7AF25-9A75-4C8B-A175-F502F734571C}C:\program files (x86)\funshion online\3.0.1.23\funshionservice.exe
PUP.Optional.Funshion           HKLM\Software\Classes\Funshion Task
PUP.Optional.InstaTime          HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|MessengerTime
PUP.Optional.InstaTime          HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MessengerTime
PUP.Optional.InstaTime          HKCU\Software\AppDataLow\Software\MessengerTime
PUP.Optional.InstallCore        HKCU\Software\csastats
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Funshion
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Funshion_Copy
PUP.Optional.Legacy             HKLM\Software\DongFangService
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\DongFangInput
PUP.Optional.Legacy             HKLM\Software\DongFangInput
PUP.Optional.Legacy             HKLM\Software\DongFang
PUP.Optional.Legacy             HKCU\Software\360Chrome
PUP.Optional.Legacy             HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
PUP.Optional.Legacy             HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
PUP.Optional.Legacy             HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F1422DAA-0829-09A1-7536-73936CAB8FFA}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-6646E1358965}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\GS_Booster
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
PUP.Optional.Legacy             HKLM\Software\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
PUP.Optional.Legacy             HKLM\Software\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
PUP.Optional.Legacy             HKLM\Software\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98FD652EB4839214E97B69DD8EEA1D29
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaaiabcopkplhgaedhbloeejhhankf
PUP.Optional.Legacy             HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaaiabcopkplhgaedhbloeejhhankf
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8D0F6366-8F2E-4F7F-872E-5AB98554D78C}
PUP.Optional.Legacy             HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8D0F6366-8F2E-4F7F-872E-5AB98554D78C}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8D0F6366-8F2E-4F7F-872E-5AB98554D78C}
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D0F6366-8F2E-4F7F-872E-5AB98554D78C}
PUP.Optional.Legacy             HKLM\Software\Classes\CLSID\{8D0F6366-8F2E-4F7F-872E-5AB98554D78C}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A1261F69-0965-4FB9-BA08-E25D9E3D5491}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D0BDFAA2-AC98-4A67-BFC4-AB3B1B0CA908}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{378BCBDD-56EA-4CBD-BBA2-840D659626A9}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{797987C8-BF65-4E25-B705-3DD786158354}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9109DB7F-9FCA-44F3-9718-6F3BF13EC8C1}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9D045D87-23AF-47FD-86EF-9603740BA9EE}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{35D458C7-08D9-4E5D-85B4-130F1E2B4D53}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{320FDF54-F7F6-41CE-A30D-BFDC44EA6EE9}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B7F980F6-991A-47E8-9422-3190D0CAB6AF}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E9C85B63-AC4F-4BC6-8265-AA62C13B3E63}
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{493B34BD-9949-4C02-A4DD-8A764DD78DE3}
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{493B34BD-9949-4C02-A4DD-8A764DD78DE3}
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CarePeriod
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2D1F11C-B677-4707-941B-99B04E461082}
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A26AF35-94B8-4B97-82F5-98BBEE644974}
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A26AF35-94B8-4B97-82F5-98BBEE644974}
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funshion\FsLibraryDailyUpdate
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35F28818-4875-4135-88AF-01AA7D458219}
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funshion\FsLibraryLogonUpdate
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\DOMStorage\vas.funshion.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\DOMStorage\funshion.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\DOMStorage\adm.funshion.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\DOMStorage\adk.funshion.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.2345.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\DOMStorage\2345.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main|Search Page
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main|Default_Page_URL
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main|Default_Search_URL
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{f7bb050c-e116-44da-89c2-6f2b68c54836}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{f7bb050c-e116-44da-89c2-6f2b68c54836}
PUP.Optional.MyStartSearch.ShrtCln HKLM\Software\Wow6432Node\mystartsearchSoftware
PUP.Optional.OneSystemCare      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare_is1
PUP.Optional.OneSystemCare      HKCU\Software\One System Care
PUP.Optional.OneSystemCare      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B448D2B-B88D-4D9C-B94E-CBC5E0035453}
PUP.Optional.OneSystemCare      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B448D2B-B88D-4D9C-B94E-CBC5E0035453}
PUP.Optional.OneSystemCare      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Delayed
PUP.Optional.ProductSetup.A     HKCU\Software\PRODUCTSETUP
PUP.Optional.Reviser            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{58F8D798-FE5E-4B2F-A8EF-55E9F6379B0C}
PUP.Optional.Reviser            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58F8D798-FE5E-4B2F-A8EF-55E9F6379B0C}
PUP.Optional.Reviser            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AppLoaderPM
PUP.Optional.Reviser            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B182776A-1545-4E38-963B-EC298C4007EB}
PUP.Optional.Reviser            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RestoreRevTask
PUP.Optional.SystemHealer       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SystemHealer_is1
PUP.Optional.SystemHealer       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F000603-59C1-43E6-B365-629912030B07}
PUP.Optional.SystemHealer       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F000603-59C1-43E6-B365-629912030B07}
PUP.Optional.SystemHealer       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Delayed
PUP.Optional.SystemHealer       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D5B2053-21AA-4178-A188-C084BC4B576A}
PUP.Optional.SystemHealer       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Monitor
PUP.Optional.SystemTable        HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\System Table_is1
PUP.Optional.Wajam              HKLM\Software\Wow6432Node\SrcAAAesom Browser Enhancer
PUP.Optional.Wajam              HKLM\Software\SrcAAAesom Browser Enhancer
PUP.Optional.Wajam              HKLM\Software\Wow6432Node\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
PUP.Optional.Wajam              HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
PUP.Optional.WebCompanion       HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WhiteClick         HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D66F6F24-652D-4405-A0D3-C568F825FE66}
PUP.Optional.WhiteClick         HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1589306073-4194362613-1028311373-1001\Products\42F6F66DD25650440A3D5C868F52EF66
PUP.Optional.WhiteClick         HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F68A383838FDA624C93EEC49F5C822A9
PUP.Optional.WhiteClick         HKLM\SOFTWARE\Classes\Record\{8ADD5A2B-AA13-383A-97F7-051C1C51A921}
PUP.Optional.WhiteClick         HKLM\SOFTWARE\Classes\Record\{7083B570-8C01-3ACC-B79E-2E48303C37F6}
PUP.Optional.WhiteClick         HKLM\SOFTWARE\Classes\Record\{41E0A929-4F83-38B0-9AFC-45A1734A86C8}
PUP.Optional.WhiteClick         HKLM\SOFTWARE\Classes\Record\{18468F26-AC7F-3145-B67B-0CAD5EA40070}
PUP.Optional.WhiteClick         HKLM\SOFTWARE\Classes\Record\{8DE86826-8BCE-32F9-868B-41A03C9ED45F}
PUP.Optional.WhiteClick         HKLM\SOFTWARE\Classes\Record\{80A78203-3F18-3480-8639-C8969135C5BD}
PUP.Optional.WhiteClick         HKLM\SOFTWARE\Classes\Record\{CA6F8130-AAB8-3561-88E3-B60193C22B14}
PUP.Optional.WhiteClick         HKLM\Software\Classes\CLSID\{198A2D6D-5D0E-4C79-9416-AA889D7CA7A6}
PUP.Optional.WhiteClick         HKLM\Software\Classes\CLSID\{44CB13F1-7D39-3519-958E-C7F88D27E4F5}
PUP.Optional.WhiteClick         HKLM\Software\Classes\CLSID\{27C942C5-C8BC-3CA5-AE2E-991157272004}
PUP.Optional.WhiteClick         HKLM\Software\Classes\CLSID\{616B5130-44B2-3A0B-A4D3-483417633159}
PUP.Optional.WhiteClick         HKLM\Software\Classes\CLSID\{9EBCA256-0416-39AD-889D-824BD3171B53}
PUP.Optional.WhiteClick         HKLM\Software\Classes\MailSearch.Helpers.AutoComplete
PUP.Optional.WhiteClick         HKLM\Software\Classes\MailSearch.MailSearchBandObject
PUP.Optional.WhiteClick         HKLM\Software\Classes\MailSearch.Installer
PUP.Optional.WhiteClick         HKLM\Software\Classes\MailSearch.Attributes.BandObjectAttribute
PUP.Optional.Xunlei.BHO         HKCU\Software\AppDataLow\Thunder Network
PUP.Optional.Xunlei.BHO         HKCU\Software\Thunder Network
PUP.Optional.Xunlei.BHO         HKLM\Software\Wow6432Node\Thunder Network
PUP.Optional.Xunlei.BHO         HKLM\Software\Classes\CLSID\{0119CCC1-8EAC-43E9-AA7D-87F64B44AA4D}
PUP.Optional.YoutubeAdBlock     HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\Software\Microsoft\Internet Explorer\URLSearchHooks|{2C6A44CB-AD42-4731-A544-3FBD3D83AB5B}
Trojan.Agent                    HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\Software\Microsoft\Windows\CurrentVersion\Run|JServicesManager
Trojan.Agent                    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|JServicesManager
Trojan.Agent                    HKLM\Software\Microsoft\Windows\CurrentVersion\Run|JServicesManager
Trojan.Agent                    HKCU\Software\WidModule

***** [ Chromium (and derivatives) ] *****

PUP.Optional.CastVPN            CastVPN_AE
PUP.Optional.CastVPN            CastVPN_AE
PUP.Optional.Legacy             MSN Homepage & Bing Search Engine
PUP.Optional.SearchManager      Search Manager
PUP.Optional.SearchManager      Search Manager
PUP.Optional.SearchManager      Search Manager
PUP.Optional.SecuredSearches    Secured Search Extension
PUP.Optional.SecuredSearches    Secured Search Extension

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [38048 octets] - [04/12/2018 00:18:26]
AdwCleaner[C00].txt - [31956 octets] - [04/12/2018 00:18:58]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
 

 

Addition.txt

FRST.txt

Share this post


Link to post
Share on other sites

Wow, that's a lot of stuff. Please reboot the computer one more time and run all the scans again. This time hopefully Adwcleaner and MBAM will come back clean.

Thanks

 

 

Share this post


Link to post
Share on other sites

@AdvancedSetup Ran all the scans again. Only 2 or 3 threats found. However, there has been this "rundll32" thing trying to run. Source was somewhere along the lines of "SysWOW32". What should I do?

Share this post


Link to post
Share on other sites

So FRST "failed to access process rundll32" which was the thing trying to run. 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
Ran by leont_000 (ATTENTION: The user is not administrator) on SHAVONTEO (08-12-2018 02:55:54)
Running from C:\Users\leont_000\Downloads
Loaded Profiles: Shavon & leont_000 (Available Profiles: Shavon & leont_000)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> winlogon.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> svchost.exe
Failed to access process -> wlanext.exe
Failed to access process -> conhost.exe
Failed to access process -> taskeng.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> rundll32.exe
Failed to access process -> svchost.exe
Failed to access process -> abcEBService.exe
Failed to access process -> armsvc.exe
Failed to access process -> AdobeUpdateService.exe
Failed to access process -> AGMService.exe
Failed to access process -> AGSService.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> officeclicktorun.exe
Failed to access process -> svchost.exe
Failed to access process -> EvtEng.exe
Failed to access process -> svchost.exe
Failed to access process -> HiPatchService.exe
Failed to access process -> IcbcDaemon_64.exe
Failed to access process -> HeciServer.exe
Failed to access process -> ibtrksrv.exe
Failed to access process -> iSCTAgent.exe
Failed to access process -> dasHost.exe
Failed to access process -> LMSvc.exe
Failed to access process -> mcsacore.exe
Failed to access process -> mfevtps.exe
Failed to access process -> D4Ser_ICBC.exe
Failed to access process -> D4Ser_ICBC.exe
Failed to access process -> RegSrvc.exe
Failed to access process -> ss_conn_service.exe
Failed to access process -> svchost.exe
Failed to access process -> wtfast.Service.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> ZAM.exe
Failed to access process -> ZeroConfigService.exe
Failed to access process -> rundll32.exe
Failed to access process -> rundll32.exe
Failed to access process -> MBAMService.exe
Failed to access process -> McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
Failed to access process -> mfefire.exe
Failed to access process -> McSvHost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> wscript.exe
Failed to access process -> wscript.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\livecomm.exe
Failed to access process -> unsecapp.exe
Failed to access process -> LMEvent.exe
Failed to access process -> GoogleCrashHandler.exe
Failed to access process -> unsecapp.exe
Failed to access process -> GoogleCrashHandler64.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> svchost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
Failed to access process -> SearchProtocolHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
Failed to access process -> devmonsrv.exe
Failed to access process -> obexsrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(FTLDEV Marcin Waś) C:\Program Files (x86)\nSpira\Hasten\Hasten.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Copyright 2017.) C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe
Failed to access process -> iPodService.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe
(Discord Inc.) C:\Users\leont_000\AppData\Local\Discord\app-0.0.301\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\leont_000\AppData\Local\Discord\app-0.0.301\Discord.exe
(ABC) C:\Program Files (x86)\ÖйúÅ©ÒµÒøÐÐ\ÖйúÅ©ÒµÒøÐÐÍøÒøÖúÊÖ\ABCSafePop.exe
(Feitian Technologies Co., Ltd.) C:\Program Files (x86)\95599 Certificate Tools\FEITIAN extend key\ISCertD_abchina.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Failed to access process -> BrYNSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> conhost.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Tendyron Corporation) C:\Windows\SysWOW64\D4Svr_ICBC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Discord Inc.) C:\Users\leont_000\AppData\Local\Discord\app-0.0.301\Discord.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Discord Inc.) C:\Users\leont_000\AppData\Local\Discord\app-0.0.301\Discord.exe
Failed to access process -> ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
Failed to access process -> ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
Failed to access process -> GamesAppIntegrationService.exe
Failed to access process -> IAStorDataMgrSvc.exe
Failed to access process -> jhi_service.exe
Failed to access process -> NASvc.exe
Failed to access process -> NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> SearchFilterHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM\...\Run: [Hasten] => C:\Program Files (x86)\nSpira\Hasten\Hasten.exe [189440 2015-09-20] (FTLDEV Marcin Waś)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15767792 2018-12-02] (Copyright 2017.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [53504 2014-06-26] (Acer Incorporated)
HKLM-x32\...\Run: [ABCBank] => C:\Program Files (x86)\ÖйúÅ©ÒµÒøÐÐ\ÖйúÅ©ÒµÒøÐÐÍøÒøÖúÊÖ\ABCSafePop.exe [1862704 2015-01-19] (ABC)
HKLM-x32\...\Run: [InterPass_ABChina] => C:\Program Files (x86)\95599 Certificate Tools\FEITIAN extend key\ISCertD_abchina.exe [781600 2017-09-18] (Feitian Technologies Co., Ltd.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [D4Svr_ICBC.exe] => C:\Windows\SysWOW64\D4Svr_ICBC.exe [126944 2016-12-23] (Tendyron Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKLM\...\RunOnce: [z5ejjfhob0o] => C:\Program Files (x86)\eCCFSA\461535.exe [670720 2018-06-14] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\...\Run: [Discord] => C:\Users\leont_000\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35140496 2018-12-03] (Epic Games, Inc.)
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-29] (Piriform Software Ltd)
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\...\MountPoints2: {93bd5f92-e15b-11e7-869d-7c7a91264db8} - "D:\autorun.exe" 
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\...\MountPoints2: {a48a70ee-560a-11e8-8737-7c7a91264db8} - "D:\FT_Auto.exe" 
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\...\MountPoints2: {c988d69c-8b45-11e8-874f-7c7a91264db8} - "D:\autorun.exe" 
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\...\MountPoints2: {c988d7ea-8b45-11e8-874f-7c7a91264db8} - "D:\autorun.exe" 
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\...\MountPoints2: {e18c08cf-e82e-11e8-8784-7c7a91264db8} - "D:\autorun.exe" 
HKU\S-1-5-18\...\Run: [3854136] => C:\Users\leont_000\AppData\Roaming\wypyel0du03\hkvjc0tg1ys.exe [565128 2018-11-23] ( )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-02-27]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-04-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{96DB091B-ECCA-4159-9589-8C366D79F28D}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://newtab.club
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://acer13.msn.com/?pc=ACJB
URLSearchHook: [S-1-5-21-1589306073-4194362613-1028311373-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = 
SearchScopes: HKLM -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
SearchScopes: HKU\.DEFAULT -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\.DEFAULT -> {540BAA00-C2B8-41C0-82A8-AF1914440E9A} URL = 
SearchScopes: HKU\S-1-5-21-1589306073-4194362613-1028311373-1004 -> DefaultScope {2C6A44CB-AD42-4731-A544-3FBD3D83AB5B} URL = 
SearchScopes: HKU\S-1-5-21-1589306073-4194362613-1028311373-1004 -> {2C6A44CB-AD42-4731-A544-3FBD3D83AB5B} URL = 
SearchScopes: HKU\S-1-5-21-1589306073-4194362613-1028311373-1004 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\S-1-5-21-1589306073-4194362613-1028311373-1004 -> {540BAA00-C2B8-41C0-82A8-AF1914440E9A} URL = 
SearchScopes: HKU\S-1-5-21-1589306073-4194362613-1028311373-1004 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
SearchScopes: HKU\S-1-5-21-1589306073-4194362613-1028311373-1004 -> {8A47755F-B3B9-4D4E-B32E-DCD8227E4F32} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-09-04] (Microsoft Corporation)
BHO: YoutubeAdBlock -> {5AE7D6C2-2865-4327-B9B4-EDFC46500FB0} -> C:\Program Files (x86)\eDXUULfIWIE\tgP8bOeGA.dll [2018-12-06] ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-12] (Oracle Corporation)
BHO: ICBC Anti-Phishing class -> {8BCB0605-D909-4c3b-B490-DEFE88BA95FA} -> C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN64\Icbc_AntiPhishing_64.dll [2017-03-31] (中国工商银行)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-09-04] (Microsoft Corporation)
BHO: YoutubeAdBlock -> {D1660F2C-BBC4-4D94-A6BA-EB25BC207DA5} -> C:\Program Files (x86)\fIMmcdwsEIE\t4vw0SqB.dll [2018-12-07] ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-12] (Oracle Corporation)
BHO-x32: YoutubeAdBlock -> {5AE7D6C2-2865-4327-B9B4-EDFC46500FB0} -> C:\Program Files (x86)\eDXUULfIWIE\kdI33OA.dll [2018-12-06] ()
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO-x32: ICBC Anti-Phishing class -> {BB4491A2-D11A-4c6b-91C0-B53246A3122B} -> C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll [2017-03-31] (中国工商银行)
BHO-x32: YoutubeAdBlock -> {D1660F2C-BBC4-4D94-A6BA-EB25BC207DA5} -> C:\Program Files (x86)\fIMmcdwsEIE\kmCnzBQh.dll [2018-12-07] ()
DPF: HKLM-x32 {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} hxxps://epass.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2018-03-13] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: sfqwzawm.default
FF ProfilePath: C:\Users\leont_000\AppData\Roaming\Mozilla\Firefox\Profiles\sfqwzawm.default [2018-12-02]
FF Homepage: Mozilla\Firefox\Profiles\sfqwzawm.default -> about:home
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-08-12] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (No Name) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2018-11-23]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2014-08-17] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-06] ()
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-12] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-06] ()
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\Shavon\funshion\funshiontools\npFunshion.dll [No File]
FF Plugin-x32: @icbc.com.cn/npicbc_infosec_certenroll -> C:\Program Files (x86)\ICBCEbankTools\ICBCEbankPlugin\npicbc_infosec_certenroll.dll [2014-02-26] ()
FF Plugin-x32: @icbc.com.cn/npicbc_infosec_netsign -> C:\Program Files (x86)\ICBCEbankTools\ICBCEbankPlugin\npicbc_infosec_netsign.dll [2013-04-11] ( )
FF Plugin-x32: @icbc.com.cn/npicbc_tdr_usbkey -> C:\Program Files (x86)\ICBCEbankTools\ICBCEbankPlugin\npicbc_tdr_usbkey.dll [2013-12-27] (Tendyron Corporation)
FF Plugin-x32: @icbc.com/npChromeClientBinding,ver=1.0.0.0 -> C:\Program Files (x86)\ICBCEbankTools\ICBCChromeExtension\npChromeClientBinding.dll [2016-08-08] (ICBC)
FF Plugin-x32: @icbc.com/npChromeFullScreen,ver=1.0.0.1 -> C:\Program Files (x86)\ICBCEbankTools\ICBCChromeExtension\npChromeFullScreen.dll [2016-08-08] (ICBC)
FF Plugin-x32: @icbc.com/npChromeSubmit,ver=1.0.0.3 -> C:\Program Files (x86)\ICBCEbankTools\ICBCChromeExtension\npChromeSubmit.dll [2016-08-08] (ICBC)
FF Plugin-x32: @icbc.com/npChromeXXin,ver=1.0.0.5 -> C:\Program Files (x86)\ICBCEbankTools\ICBCChromeExtension\npChromeXXin.dll [2017-06-27] (Industrial and Commercial Bank of China)
FF Plugin-x32: @icbc/icbc_ms_npClCache,Version=1.0.0.2 -> C:\Program Files (x86)\ICBCEbankTools\FirefoxPlugins\npClCache.dll [2014-07-29] ()
FF Plugin-x32: @icbc/icbc_ms_npClientBinding,Version=1.0.0.2 -> C:\Program Files (x86)\ICBCEbankTools\FirefoxPlugins\npClientBinding.dll [2014-07-29] ( )
FF Plugin-x32: @icbc/icbc_ms_npFullScreen,Version=1.0.0.2 -> C:\Program Files (x86)\ICBCEbankTools\FirefoxPlugins\npFullScreen.dll [2014-07-29] ()
FF Plugin-x32: @icbc/icbc_ms_npsubmit,Version=1.0.0.9 -> C:\Program Files (x86)\ICBCEbankTools\FirefoxPlugins\npsubmit.dll [2016-02-24] ( )
FF Plugin-x32: @icbc/icbc_ms_npxxin,Version=1.0.0.12 -> C:\Program Files (x86)\ICBCEbankTools\FirefoxPlugins\npxxin.dll [2016-03-02] ( )
FF Plugin-x32: @icbc/npAssistComm,Version=1.0.0.1 -> C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\npAssistComm.dll [2013-12-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-20] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-02] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-12-02] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://securedsearch.xyz/{searchTerms}
CHR DefaultSearchKeyword: Default -> sse
CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
CHR Profile: C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default [2018-12-08]
CHR Extension: (Slides) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-09]
CHR Extension: (Material Incognito Dark Theme) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahifcnpnjgbadkjdhagpfjfkmlapfoel [2018-12-02]
CHR Extension: (ICBCNewChromeExtension) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajmecfihhnibjmmihpecefjjckgbmedh [2018-09-09]
CHR Extension: (Docs) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-09]
CHR Extension: (Google Drive) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-09]
CHR Extension: (Google Sheets Offline) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcbhgpcjaemjonpbfdedpnpplfcfmjmk [2018-06-25] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-09]
CHR Extension: (Google Notes Offline) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjeefngifhocofohcienokjdgeejaga [2018-12-08] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== ATTENTION
CHR Extension: (Stylus) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\clngdbkpkpeebahjckkjfobafhncgmne [2018-12-01]
CHR Extension: (ICBC Chrome Extension from Tendyron) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlombpffcodogboaljnamhpphpdkjdam [2018-09-09]
CHR Extension: (Adblocker for Youtube™) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dncemeillcpbjocckembodmbpaclamkp [2018-12-07] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== ATTENTION
CHR Extension: (ICBCAssistChromeExtension) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebfkjhegjojpombijlnbkmjoabfgohkb [2018-09-09]
CHR Extension: (Sheets) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-09]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2018-11-10]
CHR Extension: (Google Docs Offline) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-09]
CHR Extension: (Secured Search) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic [2018-12-08]
CHR Extension: (Roblox+) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2018-11-23]
CHR Extension: (ICBCChromeExtension) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lehjanbmddecbhgnnncapflmglinppcj [2018-09-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-02]
CHR Extension: (Gmail) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-09]
CHR Extension: (Chrome Media Router) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-02]
CHR HKLM\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ajmecfihhnibjmmihpecefjjckgbmedh] - C:\Program Files (x86)\ICBCEbankTools\ICBCNewChromeExtension\ICBCNewChromeExtension.crx [2015-12-01]
CHR HKLM-x32\...\Chrome\Extension: [chgogimjcakhbijnfmaengdlnlajhdko] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dlombpffcodogboaljnamhpphpdkjdam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ebfkjhegjojpombijlnbkmjoabfgohkb] - C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\ICBCAssistChromeExtension.crx [2015-12-01]
CHR HKLM-x32\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gcnfpjoimnmmdiokmpaebcacnnpdifbn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lehjanbmddecbhgnnncapflmglinppcj] - C:\Program Files (x86)\ICBCEbankTools\ICBCChromeExtension\ICBCChromeExtension.crx [2013-07-02]
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Instagram Sidebar) - C:\Users\leont_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\eohmfcckophobpbeoncnmkeiellfclka [2018-06-17]
OPR Extension: (Adblocker for Youtube™) - C:\Users\leont_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\fefhaeemdgaophhobcpcopjgfjnmjpop [2018-12-06]
OPR Extension: (Sidebar for YouTube™) - C:\Users\leont_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljkgfkfopogmclcinephnaeekjiikibd [2018-06-17]
OPR Extension: (Adblocker for Youtube™) - C:\Users\leont_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\nmpbgihpdmmclgognfcendlnemeppbna [2018-12-07]
OPR Extension: (Newtab.club) - C:\Users\leont_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\pookachmhghnpgjhebhilcidgdphdlhi [2018-09-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"gijmvmyz" => service could not be unlocked. <==== ATTENTION

R2 abcEBService; C:\Program Files (x86)\ÖйúÅ©ÒµÒøÐÐ\ÖйúÅ©ÒµÒøÐÐÍøÒøÖúÊÖ\abcEBService.exe [2171432 2015-01-19] ()
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-11-01] (EasyAntiCheat Ltd)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-06] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-25] (WildTangent)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-06-11] (Hi-Rez Studios) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)
R2 ICBC Daemon Service; C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN64\IcbcDaemon_64.exe [642048 2017-04-06] () [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156616 2013-06-17] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-09-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-20] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-27] (McAfee, Inc.) [File not signed]
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-24] ()
S3 NanoServicePackUpdate64; C:\Program Files\SystemNanoPacks\Nano Service Pack\BaseNanoServicePackUpdater.exe [874496 2018-10-20] (SystemNanoPacks) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4369680 2016-01-22] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R2 OnKey Service _ICBC; C:\Windows\SysWOW64\D4Ser_ICBC.exe [122848 2016-12-20] (Tendyron Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [347176 2013-08-14] (Acer Incorporated)
S4 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-13] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-13] (Microsoft Corporation)
R2 wtfast.Service; C:\Program Files (x86)\wtfast\service\wtfast.Service.exe [102912 2018-05-22] () [File not signed]
S2 YmUwODNlYTUzZWRh; C:\Program Files\YmUwODNlYTUzZWRh\OGJhYWY4NDVlY.exe [527792 2018-12-04] ()
R2 ZAMSvc; C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15767792 2018-12-02] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-24] (Intel® Corporation)
S2 dahkService; C:\ProgramData\dahkService\dahkService.exe -s 25 [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
R2 ZWQ2YTM2NjE0ZmJjNzM; rundll32.exe C:\Windows\pvdul.pvdkl BUYfcOUuZDbJExPjj [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-24] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-20] (Motorola Solutions, Inc.)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-03] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-24] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-09] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-09] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-08] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-08] ()
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-19] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 NTY2YmFkNj; C:\Windows\System32\drivers\NTY2YmFkNj.sys [205952 2018-06-14] ()
R2 PECKbdProtector; C:\Windows\system32\drivers\PECKP_x64.SYS [53088 2015-06-25] (CSII)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-13] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-13] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Users\leont_000\Downloads\ThrottleStop_860\WinRing0x64.sys [14544 2015-10-13] (OpenLibSys.org)
R2 WtfEngineDrv; C:\Windows\system32\Drivers\WtfEngineDrv.sys [40352 2016-12-16] (AAA Internet Publishing, Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-12-02] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-12-02] (Zemana Ltd.)
S5 gijmvmyz;  <==== ATTENTION: Locked Service
S2 IRNPF; \??\C:\iResearch\Common\npf.sys [X]
R1 MWVmMW; \??\C:\Windows\system32\drivers\MWVmMW [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-08 02:52 - 2018-12-08 02:52 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2018-12-08 02:52 - 2018-12-08 02:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2018-12-07 22:53 - 2018-12-07 22:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-12-07 13:20 - 2018-12-07 13:20 - 000000000 ____D C:\ProgramData\yQydSbNsZfWcTUVB
2018-12-07 13:20 - 2018-12-07 13:20 - 000000000 ____D C:\Program Files (x86)\sIKWXKIwDInJTYRHMzR
2018-12-07 13:20 - 2018-12-07 13:20 - 000000000 ____D C:\Program Files (x86)\KxwMVIqkwqOU2
2018-12-07 13:20 - 2018-12-07 13:20 - 000000000 ____D C:\Program Files (x86)\hZRbVoKbccxYC
2018-12-07 13:20 - 2018-12-07 13:20 - 000000000 ____D C:\Program Files (x86)\hXRTETkozHUn
2018-12-07 13:20 - 2018-12-07 13:20 - 000000000 ____D C:\Program Files (x86)\fIMmcdwsEIE
2018-12-07 13:20 - 2018-12-07 13:20 - 000000000 ____D C:\Program Files (x86)\DVeyIPItU
2018-12-06 23:51 - 2018-12-06 23:51 - 000000000 ____D C:\ProgramData\CEThSMulaGfrgkVB
2018-12-06 23:51 - 2018-12-06 23:51 - 000000000 ____D C:\Program Files (x86)\YRwLvMqsZnlfC
2018-12-06 23:51 - 2018-12-06 23:51 - 000000000 ____D C:\Program Files (x86)\wuudXKCNIAsU2
2018-12-06 23:51 - 2018-12-06 23:51 - 000000000 ____D C:\Program Files (x86)\lmoNmZAVrzxZTVrAjER
2018-12-06 23:44 - 2018-12-06 23:51 - 000000000 ____D C:\Program Files (x86)\uuPUhBmSU
2018-12-06 23:44 - 2018-12-06 23:44 - 000000000 ____D C:\Program Files (x86)\qpHhDuVjrlUn
2018-12-06 23:44 - 2018-12-06 23:44 - 000000000 ____D C:\Program Files (x86)\eDXUULfIWIE
2018-12-05 17:29 - 2018-12-05 17:29 - 000000000 ____D C:\Windows\SysWOW64\gijmvmyz
2018-12-05 00:21 - 2018-12-05 00:21 - 000769536 _____ C:\Windows\pvdul.pvdkl
2018-12-04 04:38 - 2018-12-04 04:38 - 000937472 _____ C:\Windows\MjRmN2Y.exe
2018-12-04 04:38 - 2018-12-04 04:38 - 000175568 _____ C:\Windows\system32\Drivers\MWVmMW
2018-12-04 04:38 - 2018-12-04 04:38 - 000098235 _____ C:\Windows\uninstaller.dat
2018-12-04 00:40 - 2018-12-08 02:56 - 000048228 _____ C:\Users\leont_000\Downloads\FRST.txt
2018-12-04 00:40 - 2018-12-08 02:54 - 000061831 _____ C:\Users\leont_000\Downloads\Addition.txt
2018-12-04 00:38 - 2018-12-04 00:38 - 002417152 _____ (Farbar) C:\Users\leont_000\Downloads\FRST64.exe
2018-12-04 00:17 - 2018-12-04 00:17 - 000000000 ____D C:\AdwCleaner
2018-12-04 00:15 - 2018-12-04 00:16 - 007321808 _____ (Malwarebytes) C:\Users\leont_000\Downloads\adwcleaner_7.2.5.0.exe
2018-12-02 21:46 - 2018-08-21 14:44 - 000001638 _____ C:\Program Files\Common Files\RestoreRevTask.xml.2.back
2018-12-02 21:28 - 2018-12-02 21:28 - 000000000 ____D C:\ProgramData\dbg
2018-12-02 21:18 - 2018-08-21 14:44 - 000001638 _____ C:\Program Files\Common Files\RestoreRevTask.xml.1.back
2018-12-02 18:08 - 2018-12-02 18:08 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\WinRAR
2018-12-02 18:05 - 2018-12-02 18:17 - 000000000 ____D C:\Program Files\RM7Q12EZ24
2018-12-02 18:05 - 2018-12-02 18:05 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\3uhtxcy2foz
2018-12-02 18:01 - 2018-12-02 18:01 - 000000000 ____D C:\Users\leont_000\AppData\Local\Wolf of Webstreet OPC Private Limited
2018-12-02 17:59 - 2018-12-02 17:59 - 867414523 _____ C:\Windows\MEMORY.DMP
2018-12-02 17:52 - 2018-12-02 18:18 - 000320562 _____ C:\Users\Shavon\Desktop\mbst-grab-results.zip
2018-12-02 17:50 - 2018-12-08 02:55 - 000000000 ____D C:\FRST
2018-12-02 17:49 - 2018-12-02 17:49 - 003571440 _____ C:\Users\leont_000\Desktop\mb-support-1.3.1.553.exe
2018-12-02 01:57 - 2018-12-02 01:57 - 000000000 ____D C:\Users\leont_000\AppData\Local\Zemana
2018-12-02 01:55 - 2018-12-08 02:56 - 000123363 _____ C:\Windows\ZAM.krnl.trace
2018-12-02 01:55 - 2018-12-08 02:56 - 000041416 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-12-02 01:55 - 2018-12-02 01:55 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2018-12-02 01:55 - 2018-12-02 01:55 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2018-12-02 01:55 - 2018-12-02 01:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwareFox AntiMalware
2018-12-02 01:55 - 2018-12-02 01:55 - 000000000 ____D C:\Program Files (x86)\MalwareFox AntiMalware
2018-12-02 01:54 - 2018-12-02 01:54 - 006617512 _____ (Zemana Ltd. ) C:\Users\leont_000\Downloads\MalwareFox.exe
2018-12-02 01:47 - 2018-12-02 01:47 - 000003594 _____ C:\Users\leont_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rkill.lnk
2018-12-02 01:43 - 2018-12-02 01:43 - 000000000 ____D C:\Users\leont_000\AppData\Local\mbamtray
2018-12-02 01:39 - 2018-12-02 02:00 - 000004116 _____ C:\Users\Shavon\Desktop\Rkill.txt
2018-12-02 01:39 - 2018-12-02 01:39 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\leont_000\Downloads\rkill.exe
2018-12-02 01:14 - 2018-12-02 01:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-12-02 01:14 - 2018-12-02 01:14 - 000000000 ____D C:\Program Files\CCleaner
2018-12-02 01:09 - 2018-12-02 18:14 - 000000000 ____D C:\Program Files\9QRGPBN15O
2018-12-02 01:09 - 2018-12-02 01:09 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\lnj5qc3qq5k
2018-12-02 00:43 - 2018-12-04 00:20 - 001097804 _____ C:\Windows\ntbtlog.txt
2018-12-02 00:33 - 2018-12-02 00:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-02 00:33 - 2018-12-02 00:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-02 00:33 - 2018-12-02 00:33 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-02 00:33 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-12-02 00:31 - 2018-12-02 00:31 - 080557120 _____ (Malwarebytes ) C:\Users\leont_000\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.8025 (1).exe
2018-12-02 00:27 - 2018-12-02 00:27 - 080557120 _____ (Malwarebytes ) C:\Users\leont_000\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.8025.exe
2018-12-02 00:21 - 2018-12-06 23:54 - 000002368 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-02 00:21 - 2018-12-05 17:47 - 000002360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-02 00:17 - 2018-12-02 18:06 - 000000000 ____D C:\Program Files\BZ4TPT6CCG
2018-12-02 00:17 - 2018-12-02 00:17 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\5js1mkfiquy
2018-12-01 23:39 - 2018-12-01 23:39 - 000580608 ____H C:\Users\Shavon\BITC17E.tmp
2018-12-01 20:43 - 2018-12-02 02:01 - 000000000 ____D C:\Users\leont_000\AppData\LocalLow\AuRiYkFvddjJH
2018-12-01 20:40 - 2018-12-02 18:16 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\uimmrmhxcrf
2018-12-01 20:40 - 2018-12-02 18:06 - 000000000 ____D C:\Program Files\DV0D5TWK7Y
2018-12-01 20:40 - 2018-12-01 20:40 - 000184320 ____H C:\Users\Shavon\BITC18F.tmp
2018-12-01 20:32 - 2018-12-02 18:16 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\dy525v1yp32
2018-12-01 20:32 - 2018-12-02 18:06 - 000000000 ____D C:\Program Files\G2OUPDJJCN
2018-12-01 20:32 - 2018-12-01 20:32 - 000000116 _____ C:\Users\Shavon\AppData\Roaming\iplog.url
2018-11-28 23:39 - 2018-11-28 23:40 - 008992828 _____ C:\Users\leont_000\Downloads\798842 LiLA'c Records - Jue.osz
2018-11-28 14:54 - 2018-11-28 14:54 - 067823280 _____ C:\Users\leont_000\Downloads\GrowtopiaInstaller (1).exe
2018-11-28 14:53 - 2018-11-28 14:53 - 067823280 _____ C:\Users\leont_000\Downloads\GrowtopiaInstaller.exe
2018-11-26 22:45 - 2018-11-26 22:45 - 002795165 _____ C:\Users\leont_000\Downloads\53810 Junichi Masuda - Lavender Town Theme.osz
2018-11-23 23:34 - 2018-11-23 23:34 - 000000040 _____ C:\Windows\wininit.ini
2018-11-23 23:33 - 2018-11-23 23:33 - 000722944 _____ C:\Users\leont_000\AppData\Local\sham.db
2018-11-23 23:32 - 2018-11-23 23:32 - 000000000 ____D C:\Users\leont_000\AppData\Roaming\wypyel0du03
2018-11-23 23:22 - 2018-11-23 23:22 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2018-11-23 23:20 - 2018-11-23 23:21 - 033542144 _____ C:\Users\leont_000\Downloads\EpicInstaller-7.16.0-fortnite-1874dc68351146b0ba1dad4a1eba3c9e.msi
2018-11-23 16:03 - 2018-11-23 16:03 - 004116160 _____ (ppy) C:\Users\leont_000\Downloads\osu!install (3).exe
2018-11-18 01:14 - 2018-11-18 01:14 - 000000000 ____D C:\Users\leont_000\Downloads\ThrottleStop_860
2018-11-18 00:52 - 2018-11-18 00:52 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\e0lxaxcfdb5
2018-11-17 16:05 - 2018-11-17 16:05 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\q0ig4qls4iv
2018-11-17 15:30 - 2018-11-17 15:30 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\5endgy4tp3c
2018-11-17 14:55 - 2018-11-17 14:55 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\vtdeqgj1k52
2018-11-17 14:20 - 2018-11-17 14:20 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\kew05khu2nx
2018-11-17 13:45 - 2018-11-17 13:45 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\pxgysluwope
2018-11-16 23:37 - 2018-11-16 23:37 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\qqp4doriz0r
2018-11-16 23:01 - 2018-11-16 23:01 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\rwbra0fqtjd
2018-11-16 10:17 - 2018-11-16 10:17 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\m4usvpiossq
2018-11-16 02:34 - 2018-10-25 08:54 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-11-16 02:34 - 2018-10-25 08:51 - 000121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2018-11-16 02:34 - 2018-10-25 08:46 - 000205824 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-11-16 02:34 - 2018-10-25 08:45 - 000168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2018-11-16 02:34 - 2018-10-18 10:48 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-16 02:34 - 2018-10-18 10:17 - 020281344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-16 02:34 - 2018-10-16 11:46 - 007371720 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-16 02:34 - 2018-10-16 11:39 - 002171800 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2018-11-16 02:34 - 2018-10-16 11:39 - 001662504 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-11-16 02:34 - 2018-10-16 11:39 - 001063368 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2018-11-16 02:34 - 2018-10-16 11:18 - 001137472 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-11-16 02:34 - 2018-10-16 11:02 - 001563584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2018-11-16 02:34 - 2018-10-16 11:02 - 001214920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-11-16 02:34 - 2018-10-13 04:35 - 000862208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-11-16 02:34 - 2018-10-13 04:26 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-16 02:34 - 2018-10-13 04:25 - 000189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2018-11-16 02:34 - 2018-10-13 04:22 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-11-16 02:34 - 2018-10-13 04:17 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-11-16 02:34 - 2018-10-13 04:16 - 000148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2018-11-16 02:34 - 2018-10-13 04:16 - 000131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2018-11-16 02:34 - 2018-10-13 04:03 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-16 02:34 - 2018-10-13 04:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-11-16 02:34 - 2018-10-13 03:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-11-16 02:34 - 2018-10-13 03:57 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-11-16 02:34 - 2018-10-13 03:56 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-11-16 02:34 - 2018-10-13 03:51 - 000267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2018-11-16 02:34 - 2018-10-13 03:47 - 001049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-11-16 02:34 - 2018-10-13 03:42 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-11-16 02:34 - 2018-10-13 03:38 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-11-16 02:34 - 2018-10-13 03:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-11-16 02:34 - 2018-10-12 10:16 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-11-16 02:34 - 2018-10-12 10:12 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-11-16 02:34 - 2018-10-12 10:10 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-16 02:34 - 2018-10-12 10:10 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-11-16 02:34 - 2018-10-12 10:01 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-11-16 02:34 - 2018-10-12 09:59 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-16 02:34 - 2018-10-12 09:59 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-16 02:34 - 2018-10-12 09:58 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-11-16 02:34 - 2018-10-12 09:58 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-11-16 02:34 - 2018-10-12 09:35 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-11-16 02:34 - 2018-10-12 09:30 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-11-16 02:34 - 2018-10-12 09:27 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-16 02:34 - 2018-10-12 09:27 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-11-16 02:34 - 2018-10-12 09:25 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-16 02:34 - 2018-10-12 09:19 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-16 02:34 - 2018-10-12 09:17 - 000809984 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-11-16 02:34 - 2018-10-12 09:12 - 002882048 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-11-16 02:34 - 2018-10-12 09:06 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-16 02:34 - 2018-10-12 08:55 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-16 02:34 - 2018-10-07 02:14 - 001547192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-11-16 02:34 - 2018-10-07 02:14 - 000388536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-11-16 02:34 - 2018-10-07 02:04 - 001308976 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-11-16 02:34 - 2018-10-07 02:03 - 000356288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-11-16 02:34 - 2018-10-07 00:48 - 004168192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-11-16 02:34 - 2018-10-06 23:41 - 002465792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-11-16 02:34 - 2018-10-06 23:34 - 002175488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-11-16 02:34 - 2018-10-06 23:32 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-11-16 02:34 - 2018-09-28 21:38 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2018-11-16 02:34 - 2018-09-28 21:34 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2018-11-16 02:34 - 2018-09-24 00:47 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-11-16 02:34 - 2018-09-24 00:45 - 000468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-11-16 02:34 - 2018-09-24 00:45 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-11-16 02:34 - 2018-09-24 00:37 - 000774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-11-16 02:34 - 2018-09-24 00:24 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-11-16 02:34 - 2018-09-24 00:23 - 000391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-11-16 02:34 - 2018-09-24 00:23 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-11-16 02:34 - 2018-09-24 00:20 - 002750464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-11-16 02:34 - 2018-09-24 00:17 - 000699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-11-16 02:34 - 2018-09-24 00:00 - 000200192 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-11-16 02:34 - 2018-09-24 00:00 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-11-16 02:34 - 2018-09-23 23:58 - 000904192 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-11-16 02:34 - 2018-09-23 23:56 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-11-16 02:34 - 2018-09-23 23:53 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2018-11-16 02:34 - 2018-09-23 23:51 - 001920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-11-16 02:34 - 2018-09-23 23:50 - 000709632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-11-16 02:34 - 2018-09-13 02:30 - 000137008 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-11-16 02:34 - 2018-09-11 23:30 - 003718144 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-11-16 02:34 - 2018-08-26 11:38 - 001200640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2018-11-16 02:34 - 2018-08-26 11:38 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2018-11-16 02:34 - 2018-08-26 11:21 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2018-11-16 02:34 - 2018-08-26 11:21 - 000200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2018-11-16 02:34 - 2018-08-26 09:45 - 000513448 _____ C:\Windows\SysWOW64\locale.nls
2018-11-16 02:34 - 2018-08-26 09:45 - 000513448 _____ C:\Windows\system32\locale.nls
2018-11-16 02:34 - 2018-08-21 21:39 - 000435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-11-16 02:34 - 2018-08-21 21:35 - 000358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-11-16 02:34 - 2018-08-20 00:22 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-11-16 02:34 - 2018-08-19 23:52 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-11-16 02:34 - 2018-08-19 23:43 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-11-16 00:28 - 2018-12-01 20:33 - 000000000 ____D C:\Program Files (x86)\Chameleon Explorer
2018-11-16 00:28 - 2018-11-16 00:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chameleon Explorer
2018-11-16 00:27 - 2018-11-16 00:27 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\qbqghb1qn0a
2018-11-15 22:09 - 2018-11-15 22:09 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\jdxbb0se5qh
2018-11-15 21:34 - 2018-11-15 21:34 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\gbrkcw5qqaf
2018-11-15 20:27 - 2018-11-15 20:27 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\xildleywubn
2018-11-15 19:52 - 2018-11-15 19:52 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\tgukl5kr22q
2018-11-10 13:52 - 2018-11-10 13:52 - 001437517 _____ C:\Users\leont_000\Downloads\robloxapp-20181028-1758326.wmv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-08 02:54 - 2014-02-27 13:46 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-12-08 02:53 - 2017-12-11 17:23 - 000000000 ____D C:\Users\leont_000\AppData\Local\CrashDumps
2018-12-08 02:53 - 2017-12-08 16:16 - 000000000 ___DO C:\Users\leont_000\OneDrive
2018-12-08 02:52 - 2018-11-01 23:28 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-12-08 02:52 - 2014-12-02 20:13 - 000000514 ____H C:\Windows\Tasks\SystemCreate-S-2690333021.job
2018-12-08 02:52 - 2014-11-02 13:00 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-12-08 02:52 - 2013-08-22 22:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-08 02:33 - 2018-03-12 17:33 - 000000588 _____ C:\Windows\Tasks\Yahoo! Powered sodis.job
2018-12-08 02:14 - 2018-03-26 17:14 - 000001024 _____ C:\Windows\Tasks\Secured Yahoo Powered sodis.job
2018-12-08 02:14 - 2018-03-26 17:14 - 000000000 ____D C:\ProgramData\{BE597B3A-341B-F1FC-B2DD-6FBE289FE470}
2018-12-08 00:00 - 2018-10-14 19:52 - 000001230 _____ C:\Users\leont_000\Desktop\Roblox Studio.lnk
2018-12-08 00:00 - 2017-12-09 02:32 - 000000000 ____D C:\Users\leont_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2018-12-06 23:54 - 2018-06-17 10:13 - 000000004 _____ C:\ProgramData\lock.dat
2018-12-06 23:54 - 2018-06-17 10:11 - 000000258 __RSH C:\Users\leont_000\ntuser.pol
2018-12-06 23:54 - 2018-06-17 10:07 - 000000000 ____D C:\ProgramData\dahkService
2018-12-06 23:54 - 2017-12-08 16:11 - 000000000 ____D C:\Users\leont_000
2018-12-06 01:26 - 2013-08-22 23:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-12-06 01:26 - 2013-08-22 23:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-12-05 17:47 - 2018-03-12 17:35 - 000002392 _____ C:\Users\Shavon\Desktop\Chromium.lnk
2018-12-05 17:44 - 2014-02-27 14:09 - 000048364 _____ C:\Windows\system32\prfh0804.dat
2018-12-05 17:44 - 2014-02-27 14:09 - 000020780 _____ C:\Windows\system32\prfc0804.dat
2018-12-05 17:44 - 2013-10-03 23:30 - 000128534 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-05 17:44 - 2013-08-22 21:36 - 000000000 ____D C:\Windows\Inf
2018-12-05 17:38 - 2018-06-17 10:13 - 000000304 _____ C:\ProgramData\rwi.khad
2018-12-05 00:33 - 2018-03-12 17:33 - 000000000 ____D C:\ProgramData\{BDB678D5-37F4-F213-B132-6C512B70E79F}
2018-12-05 00:32 - 2013-08-22 23:36 - 000000000 ____D C:\Windows\AppReadiness
2018-12-04 23:33 - 2018-03-12 17:33 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\558bb2581cf08746e0fc693de796dcad
2018-12-04 23:23 - 2018-04-02 22:09 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\Skype
2018-12-04 23:21 - 2017-12-09 10:44 - 000000000 ____D C:\Program Files (x86)\Steam
2018-12-04 23:20 - 2014-05-21 21:46 - 000000000 ___RD C:\Users\Shavon\OneDrive
2018-12-04 00:34 - 2017-12-25 02:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-12-04 00:34 - 2014-05-18 14:19 - 000000000 ____D C:\Users\Shavon
2018-12-02 21:39 - 2013-08-22 21:36 - 000000000 ____D C:\Program Files\FlashWin Light
2018-12-02 21:15 - 2013-08-22 22:44 - 000373304 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-02 18:06 - 2018-07-21 22:23 - 000000000 ____D C:\Program Files\EJ5WXH4AHE
2018-12-02 18:06 - 2018-07-21 21:53 - 000000000 ____D C:\Program Files\ABE7WQFMFT
2018-12-02 18:06 - 2018-07-21 21:23 - 000000000 ____D C:\Program Files\CZS9MIW4EW
2018-12-02 18:06 - 2018-07-21 20:53 - 000000000 ____D C:\Program Files\BJ6ET7M8O2
2018-12-02 18:06 - 2018-07-21 20:23 - 000000000 ____D C:\Program Files\KQPRPRD52K
2018-12-02 18:06 - 2018-07-21 19:53 - 000000000 ____D C:\Program Files\W3JT2WFJSV
2018-12-02 18:06 - 2018-07-21 17:35 - 000000000 ____D C:\Program Files\8PJSOJPZAZ
2018-12-02 18:06 - 2018-07-21 17:05 - 000000000 ____D C:\Program Files\BEQK62BTSV
2018-12-02 18:06 - 2018-07-21 16:35 - 000000000 ____D C:\Program Files\8CZXZY45MF
2018-12-02 18:06 - 2018-07-21 16:05 - 000000000 ____D C:\Program Files\4X2DJQ1RGW
2018-12-02 18:06 - 2018-07-21 15:35 - 000000000 ____D C:\Program Files\M36DMLXPKM
2018-12-02 18:06 - 2018-07-21 15:05 - 000000000 ____D C:\Program Files\NK70S6NR4Q
2018-12-02 18:06 - 2018-07-21 13:09 - 000000000 ____D C:\Program Files\CD8CX13O8L
2018-12-02 18:05 - 2018-07-08 20:20 - 000000000 ____D C:\Program Files\OQTDFDO2ZP
2018-12-02 18:05 - 2018-07-08 19:50 - 000000000 ____D C:\Program Files\9G7Q0QUJW4
2018-12-02 18:05 - 2018-07-08 18:07 - 000000000 ____D C:\Program Files\29RIAMVEWK
2018-12-02 18:05 - 2018-07-08 17:07 - 000000000 ____D C:\Program Files\8UYKZL9AFG
2018-12-02 17:59 - 2014-06-01 19:10 - 000000000 ____D C:\Windows\Minidump
2018-12-02 01:55 - 2018-10-04 22:49 - 000000000 ____D C:\Users\leont_000\Desktop\Defence
2018-12-02 01:49 - 2018-08-29 16:06 - 000000000 ____D C:\Users\leont_000\Desktop\osu!
2018-12-02 01:45 - 2017-12-25 21:13 - 000000000 ____D C:\Users\leont_000\AppData\Roaming\Azureus
2018-12-02 00:35 - 2018-04-02 22:09 - 000000345 _____ C:\Users\Shavon\AppData\Roaming\WB.CFG
2018-12-02 00:21 - 2018-09-09 02:05 - 000000000 ____D C:\Users\leont_000\AppData\Local\Deployment
2018-12-02 00:21 - 2014-05-17 22:29 - 000000000 ____D C:\Program Files (x86)\Google
2018-12-01 20:43 - 2013-08-22 23:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-29 16:38 - 2018-09-13 17:21 - 000000000 ____D C:\Users\leont_000\AppData\Local\osu!
2018-11-28 14:54 - 2018-01-17 20:53 - 000000000 ____D C:\Users\leont_000\AppData\Local\Growtopia
2018-11-24 20:04 - 2013-08-22 23:20 - 000000000 ____D C:\Windows\CbsTemp
2018-11-23 23:33 - 2017-03-20 03:50 - 000000000 ____D C:\ProgramData\Adobe
2018-11-23 23:22 - 2018-04-14 15:58 - 000000000 ____D C:\Users\leont_000\AppData\Local\UnrealEngine
2018-11-23 23:22 - 2018-04-14 15:57 - 000000000 ____D C:\Program Files (x86)\Epic Games
2018-11-23 16:06 - 2018-03-01 19:10 - 000000966 _____ C:\Users\leont_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2018-11-20 00:42 - 2017-01-05 12:59 - 000001077 _____ C:\Windows\BRRBCOM.INI
2018-11-19 20:29 - 2013-08-22 23:36 - 000000000 ____D C:\Windows\rescache
2018-11-19 02:06 - 2017-12-09 11:05 - 000000000 ____D C:\Users\leont_000\AppData\Roaming\discord
2018-11-17 14:20 - 2018-04-06 21:33 - 000000000 ____D C:\Users\leont_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-11-17 05:29 - 2018-08-19 20:55 - 000834960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-11-17 05:29 - 2018-08-19 20:55 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-16 22:44 - 2014-05-20 22:51 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-11-16 22:44 - 2014-05-20 22:51 - 000000000 ____D C:\Windows\system32\MRT
2018-11-15 20:21 - 2018-06-17 09:47 - 000000000 ____D C:\Program Files\Opera
2018-11-10 13:30 - 2018-06-17 09:47 - 000001025 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2018-11-08 22:11 - 2018-06-17 10:08 - 000000000 ____D C:\Program Files\YmUwODNlYTUzZWRh

==================== Files in the root of some directories =======

2018-06-17 10:13 - 2018-12-06 23:54 - 000000004 _____ () C:\ProgramData\lock.dat
1601-01-03 21:33 - 1601-01-03 21:33 - 000197120 ____N (Microsoft Corporation) C:\Program Files (x86)\PWtCKuFcYT.exe
2018-06-19 22:31 - 2018-08-21 14:44 - 000003930 _____ () C:\Program Files\Common Files\AppLoaderHelpers.xml
2018-08-19 15:58 - 2018-06-19 22:31 - 000003922 _____ () C:\Program Files\Common Files\AppLoaderHelpers.xml.back
2018-08-20 14:35 - 2018-06-19 22:31 - 000003922 _____ () C:\Program Files\Common Files\AppLoaderHelpers_1.xml.back
2018-08-21 14:44 - 2018-06-19 22:31 - 000003922 _____ () C:\Program Files\Common Files\AppLoaderHelpers_2.xml.back
2018-08-22 19:04 - 2018-10-21 03:00 - 000004820 _____ () C:\Program Files\Common Files\AppLoaderPM.xml
2018-06-17 08:28 - 2018-08-21 14:44 - 000001638 _____ () C:\Program Files\Common Files\RestoreRevTask.xml
2018-12-02 21:18 - 2018-08-21 14:44 - 000001638 _____ () C:\Program Files\Common Files\RestoreRevTask.xml.1.back
2018-12-02 21:46 - 2018-08-21 14:44 - 000001638 _____ () C:\Program Files\Common Files\RestoreRevTask.xml.2.back
2018-08-19 15:58 - 2018-06-17 08:28 - 000001609 _____ () C:\Program Files\Common Files\RestoreRevTask.xml.back
2018-08-20 14:35 - 2018-06-17 08:28 - 000001609 _____ () C:\Program Files\Common Files\RestoreRevTask_1.xml.back
2018-08-21 14:44 - 2018-06-17 08:28 - 000001609 _____ () C:\Program Files\Common Files\RestoreRevTask_2.xml.back
2018-09-21 21:47 - 2018-09-21 21:47 - 000000170 ____H () C:\Program Files\Common Files\service_pack.bat
2018-09-28 15:26 - 2018-09-28 15:26 - 000000000 _____ () C:\Users\leont_000\AppData\Local\oobelibMkey.log
2018-05-29 18:06 - 2018-05-29 18:06 - 000000017 _____ () C:\Users\leont_000\AppData\Local\resmon.resmoncfg
2018-11-23 23:33 - 2018-11-23 23:33 - 000722944 _____ () C:\Users\leont_000\AppData\Local\sham.db

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
Ran by leont_000 (ATTENTION: The user is not administrator) on SHAVONTEO (08-12-2018 02:55:54)
Running from C:\Users\leont_000\Downloads
Loaded Profiles: Shavon & leont_000 (Available Profiles: Shavon & leont_000)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> winlogon.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> svchost.exe
Failed to access process -> wlanext.exe
Failed to access process -> conhost.exe
Failed to access process -> taskeng.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> rundll32.exe
Failed to access process -> svchost.exe
Failed to access process -> abcEBService.exe
Failed to access process -> armsvc.exe
Failed to access process -> AdobeUpdateService.exe
Failed to access process -> AGMService.exe
Failed to access process -> AGSService.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> officeclicktorun.exe
Failed to access process -> svchost.exe
Failed to access process -> EvtEng.exe
Failed to access process -> svchost.exe
Failed to access process -> HiPatchService.exe
Failed to access process -> IcbcDaemon_64.exe
Failed to access process -> HeciServer.exe
Failed to access process -> ibtrksrv.exe
Failed to access process -> iSCTAgent.exe
Failed to access process -> dasHost.exe
Failed to access process -> LMSvc.exe
Failed to access process -> mcsacore.exe
Failed to access process -> mfevtps.exe
Failed to access process -> D4Ser_ICBC.exe
Failed to access process -> D4Ser_ICBC.exe
Failed to access process -> RegSrvc.exe
Failed to access process -> ss_conn_service.exe
Failed to access process -> svchost.exe
Failed to access process -> wtfast.Service.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> ZAM.exe
Failed to access process -> ZeroConfigService.exe
Failed to access process -> rundll32.exe
Failed to access process -> rundll32.exe
Failed to access process -> MBAMService.exe
Failed to access process -> McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
Failed to access process -> mfefire.exe
Failed to access process -> McSvHost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> wscript.exe
Failed to access process -> wscript.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\livecomm.exe
Failed to access process -> unsecapp.exe
Failed to access process -> LMEvent.exe
Failed to access process -> GoogleCrashHandler.exe
Failed to access process -> unsecapp.exe
Failed to access process -> GoogleCrashHandler64.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> svchost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
Failed to access process -> SearchProtocolHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
Failed to access process -> devmonsrv.exe
Failed to access process -> obexsrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(FTLDEV Marcin Waś) C:\Program Files (x86)\nSpira\Hasten\Hasten.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Copyright 2017.) C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe
Failed to access process -> iPodService.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe
(Discord Inc.) C:\Users\leont_000\AppData\Local\Discord\app-0.0.301\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\leont_000\AppData\Local\Discord\app-0.0.301\Discord.exe
(ABC) C:\Program Files (x86)\ÖйúÅ©ÒµÒøÐÐ\ÖйúÅ©ÒµÒøÐÐÍøÒøÖúÊÖ\ABCSafePop.exe
(Feitian Technologies Co., Ltd.) C:\Program Files (x86)\95599 Certificate Tools\FEITIAN extend key\ISCertD_abchina.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Failed to access process -> BrYNSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> conhost.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Tendyron Corporation) C:\Windows\SysWOW64\D4Svr_ICBC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Discord Inc.) C:\Users\leont_000\AppData\Local\Discord\app-0.0.301\Discord.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Discord Inc.) C:\Users\leont_000\AppData\Local\Discord\app-0.0.301\Discord.exe
Failed to access process -> ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
Failed to access process -> ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
Failed to access process -> GamesAppIntegrationService.exe
Failed to access process -> IAStorDataMgrSvc.exe
Failed to access process -> jhi_service.exe
Failed to access process -> NASvc.exe
Failed to access process -> NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> SearchFilterHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM\...\Run: [Hasten] => C:\Program Files (x86)\nSpira\Hasten\Hasten.exe [189440 2015-09-20] (FTLDEV Marcin Waś)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15767792 2018-12-02] (Copyright 2017.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [53504 2014-06-26] (Acer Incorporated)
HKLM-x32\...\Run: [ABCBank] => C:\Program Files (x86)\ÖйúÅ©ÒµÒøÐÐ\ÖйúÅ©ÒµÒøÐÐÍøÒøÖúÊÖ\ABCSafePop.exe [1862704 2015-01-19] (ABC)
HKLM-x32\...\Run: [InterPass_ABChina] => C:\Program Files (x86)\95599 Certificate Tools\FEITIAN extend key\ISCertD_abchina.exe [781600 2017-09-18] (Feitian Technologies Co., Ltd.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [D4Svr_ICBC.exe] => C:\Windows\SysWOW64\D4Svr_ICBC.exe [126944 2016-12-23] (Tendyron Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKLM\...\RunOnce: [z5ejjfhob0o] => C:\Program Files (x86)\eCCFSA\461535.exe [670720 2018-06-14] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\...\Run: [Discord] => C:\Users\leont_000\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35140496 2018-12-03] (Epic Games, Inc.)
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-29] (Piriform Software Ltd)
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\...\MountPoints2: {93bd5f92-e15b-11e7-869d-7c7a91264db8} - "D:\autorun.exe" 
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\...\MountPoints2: {a48a70ee-560a-11e8-8737-7c7a91264db8} - "D:\FT_Auto.exe" 
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\...\MountPoints2: {c988d69c-8b45-11e8-874f-7c7a91264db8} - "D:\autorun.exe" 
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\...\MountPoints2: {c988d7ea-8b45-11e8-874f-7c7a91264db8} - "D:\autorun.exe" 
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\...\MountPoints2: {e18c08cf-e82e-11e8-8784-7c7a91264db8} - "D:\autorun.exe" 
HKU\S-1-5-18\...\Run: [3854136] => C:\Users\leont_000\AppData\Roaming\wypyel0du03\hkvjc0tg1ys.exe [565128 2018-11-23] ( )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-02-27]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-04-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{96DB091B-ECCA-4159-9589-8C366D79F28D}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://newtab.club
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://acer13.msn.com/?pc=ACJB
URLSearchHook: [S-1-5-21-1589306073-4194362613-1028311373-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = 
SearchScopes: HKLM -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
SearchScopes: HKU\.DEFAULT -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\.DEFAULT -> {540BAA00-C2B8-41C0-82A8-AF1914440E9A} URL = 
SearchScopes: HKU\S-1-5-21-1589306073-4194362613-1028311373-1004 -> DefaultScope {2C6A44CB-AD42-4731-A544-3FBD3D83AB5B} URL = 
SearchScopes: HKU\S-1-5-21-1589306073-4194362613-1028311373-1004 -> {2C6A44CB-AD42-4731-A544-3FBD3D83AB5B} URL = 
SearchScopes: HKU\S-1-5-21-1589306073-4194362613-1028311373-1004 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\S-1-5-21-1589306073-4194362613-1028311373-1004 -> {540BAA00-C2B8-41C0-82A8-AF1914440E9A} URL = 
SearchScopes: HKU\S-1-5-21-1589306073-4194362613-1028311373-1004 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
SearchScopes: HKU\S-1-5-21-1589306073-4194362613-1028311373-1004 -> {8A47755F-B3B9-4D4E-B32E-DCD8227E4F32} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-09-04] (Microsoft Corporation)
BHO: YoutubeAdBlock -> {5AE7D6C2-2865-4327-B9B4-EDFC46500FB0} -> C:\Program Files (x86)\eDXUULfIWIE\tgP8bOeGA.dll [2018-12-06] ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-12] (Oracle Corporation)
BHO: ICBC Anti-Phishing class -> {8BCB0605-D909-4c3b-B490-DEFE88BA95FA} -> C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN64\Icbc_AntiPhishing_64.dll [2017-03-31] (中国工商银行)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-09-04] (Microsoft Corporation)
BHO: YoutubeAdBlock -> {D1660F2C-BBC4-4D94-A6BA-EB25BC207DA5} -> C:\Program Files (x86)\fIMmcdwsEIE\t4vw0SqB.dll [2018-12-07] ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-12] (Oracle Corporation)
BHO-x32: YoutubeAdBlock -> {5AE7D6C2-2865-4327-B9B4-EDFC46500FB0} -> C:\Program Files (x86)\eDXUULfIWIE\kdI33OA.dll [2018-12-06] ()
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO-x32: ICBC Anti-Phishing class -> {BB4491A2-D11A-4c6b-91C0-B53246A3122B} -> C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll [2017-03-31] (中国工商银行)
BHO-x32: YoutubeAdBlock -> {D1660F2C-BBC4-4D94-A6BA-EB25BC207DA5} -> C:\Program Files (x86)\fIMmcdwsEIE\kmCnzBQh.dll [2018-12-07] ()
DPF: HKLM-x32 {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} hxxps://epass.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2018-03-13] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: sfqwzawm.default
FF ProfilePath: C:\Users\leont_000\AppData\Roaming\Mozilla\Firefox\Profiles\sfqwzawm.default [2018-12-02]
FF Homepage: Mozilla\Firefox\Profiles\sfqwzawm.default -> about:home
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-08-12] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (No Name) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2018-11-23]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2014-08-17] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-06] ()
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-12] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-06] ()
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\Shavon\funshion\funshiontools\npFunshion.dll [No File]
FF Plugin-x32: @icbc.com.cn/npicbc_infosec_certenroll -> C:\Program Files (x86)\ICBCEbankTools\ICBCEbankPlugin\npicbc_infosec_certenroll.dll [2014-02-26] ()
FF Plugin-x32: @icbc.com.cn/npicbc_infosec_netsign -> C:\Program Files (x86)\ICBCEbankTools\ICBCEbankPlugin\npicbc_infosec_netsign.dll [2013-04-11] ( )
FF Plugin-x32: @icbc.com.cn/npicbc_tdr_usbkey -> C:\Program Files (x86)\ICBCEbankTools\ICBCEbankPlugin\npicbc_tdr_usbkey.dll [2013-12-27] (Tendyron Corporation)
FF Plugin-x32: @icbc.com/npChromeClientBinding,ver=1.0.0.0 -> C:\Program Files (x86)\ICBCEbankTools\ICBCChromeExtension\npChromeClientBinding.dll [2016-08-08] (ICBC)
FF Plugin-x32: @icbc.com/npChromeFullScreen,ver=1.0.0.1 -> C:\Program Files (x86)\ICBCEbankTools\ICBCChromeExtension\npChromeFullScreen.dll [2016-08-08] (ICBC)
FF Plugin-x32: @icbc.com/npChromeSubmit,ver=1.0.0.3 -> C:\Program Files (x86)\ICBCEbankTools\ICBCChromeExtension\npChromeSubmit.dll [2016-08-08] (ICBC)
FF Plugin-x32: @icbc.com/npChromeXXin,ver=1.0.0.5 -> C:\Program Files (x86)\ICBCEbankTools\ICBCChromeExtension\npChromeXXin.dll [2017-06-27] (Industrial and Commercial Bank of China)
FF Plugin-x32: @icbc/icbc_ms_npClCache,Version=1.0.0.2 -> C:\Program Files (x86)\ICBCEbankTools\FirefoxPlugins\npClCache.dll [2014-07-29] ()
FF Plugin-x32: @icbc/icbc_ms_npClientBinding,Version=1.0.0.2 -> C:\Program Files (x86)\ICBCEbankTools\FirefoxPlugins\npClientBinding.dll [2014-07-29] ( )
FF Plugin-x32: @icbc/icbc_ms_npFullScreen,Version=1.0.0.2 -> C:\Program Files (x86)\ICBCEbankTools\FirefoxPlugins\npFullScreen.dll [2014-07-29] ()
FF Plugin-x32: @icbc/icbc_ms_npsubmit,Version=1.0.0.9 -> C:\Program Files (x86)\ICBCEbankTools\FirefoxPlugins\npsubmit.dll [2016-02-24] ( )
FF Plugin-x32: @icbc/icbc_ms_npxxin,Version=1.0.0.12 -> C:\Program Files (x86)\ICBCEbankTools\FirefoxPlugins\npxxin.dll [2016-03-02] ( )
FF Plugin-x32: @icbc/npAssistComm,Version=1.0.0.1 -> C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\npAssistComm.dll [2013-12-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-20] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-02] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-12-02] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://securedsearch.xyz/{searchTerms}
CHR DefaultSearchKeyword: Default -> sse
CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
CHR Profile: C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default [2018-12-08]
CHR Extension: (Slides) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-09]
CHR Extension: (Material Incognito Dark Theme) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahifcnpnjgbadkjdhagpfjfkmlapfoel [2018-12-02]
CHR Extension: (ICBCNewChromeExtension) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajmecfihhnibjmmihpecefjjckgbmedh [2018-09-09]
CHR Extension: (Docs) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-09]
CHR Extension: (Google Drive) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-09]
CHR Extension: (Google Sheets Offline) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcbhgpcjaemjonpbfdedpnpplfcfmjmk [2018-06-25] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-09]
CHR Extension: (Google Notes Offline) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjeefngifhocofohcienokjdgeejaga [2018-12-08] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== ATTENTION
CHR Extension: (Stylus) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\clngdbkpkpeebahjckkjfobafhncgmne [2018-12-01]
CHR Extension: (ICBC Chrome Extension from Tendyron) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlombpffcodogboaljnamhpphpdkjdam [2018-09-09]
CHR Extension: (Adblocker for Youtube™) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dncemeillcpbjocckembodmbpaclamkp [2018-12-07] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== ATTENTION
CHR Extension: (ICBCAssistChromeExtension) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebfkjhegjojpombijlnbkmjoabfgohkb [2018-09-09]
CHR Extension: (Sheets) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-09]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2018-11-10]
CHR Extension: (Google Docs Offline) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-09]
CHR Extension: (Secured Search) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic [2018-12-08]
CHR Extension: (Roblox+) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2018-11-23]
CHR Extension: (ICBCChromeExtension) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lehjanbmddecbhgnnncapflmglinppcj [2018-09-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-02]
CHR Extension: (Gmail) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-09]
CHR Extension: (Chrome Media Router) - C:\Users\leont_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-02]
CHR HKLM\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ajmecfihhnibjmmihpecefjjckgbmedh] - C:\Program Files (x86)\ICBCEbankTools\ICBCNewChromeExtension\ICBCNewChromeExtension.crx [2015-12-01]
CHR HKLM-x32\...\Chrome\Extension: [chgogimjcakhbijnfmaengdlnlajhdko] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dlombpffcodogboaljnamhpphpdkjdam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ebfkjhegjojpombijlnbkmjoabfgohkb] - C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\ICBCAssistChromeExtension.crx [2015-12-01]
CHR HKLM-x32\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gcnfpjoimnmmdiokmpaebcacnnpdifbn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lehjanbmddecbhgnnncapflmglinppcj] - C:\Program Files (x86)\ICBCEbankTools\ICBCChromeExtension\ICBCChromeExtension.crx [2013-07-02]
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Instagram Sidebar) - C:\Users\leont_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\eohmfcckophobpbeoncnmkeiellfclka [2018-06-17]
OPR Extension: (Adblocker for Youtube™) - C:\Users\leont_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\fefhaeemdgaophhobcpcopjgfjnmjpop [2018-12-06]
OPR Extension: (Sidebar for YouTube™) - C:\Users\leont_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljkgfkfopogmclcinephnaeekjiikibd [2018-06-17]
OPR Extension: (Adblocker for Youtube™) - C:\Users\leont_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\nmpbgihpdmmclgognfcendlnemeppbna [2018-12-07]
OPR Extension: (Newtab.club) - C:\Users\leont_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\pookachmhghnpgjhebhilcidgdphdlhi [2018-09-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"gijmvmyz" => service could not be unlocked. <==== ATTENTION

R2 abcEBService; C:\Program Files (x86)\ÖйúÅ©ÒµÒøÐÐ\ÖйúÅ©ÒµÒøÐÐÍøÒøÖúÊÖ\abcEBService.exe [2171432 2015-01-19] ()
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-11-01] (EasyAntiCheat Ltd)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-06] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-25] (WildTangent)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-06-11] (Hi-Rez Studios) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)
R2 ICBC Daemon Service; C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN64\IcbcDaemon_64.exe [642048 2017-04-06] () [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156616 2013-06-17] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-09-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-20] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-27] (McAfee, Inc.) [File not signed]
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-24] ()
S3 NanoServicePackUpdate64; C:\Program Files\SystemNanoPacks\Nano Service Pack\BaseNanoServicePackUpdater.exe [874496 2018-10-20] (SystemNanoPacks) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4369680 2016-01-22] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R2 OnKey Service _ICBC; C:\Windows\SysWOW64\D4Ser_ICBC.exe [122848 2016-12-20] (Tendyron Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [347176 2013-08-14] (Acer Incorporated)
S4 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-13] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-13] (Microsoft Corporation)
R2 wtfast.Service; C:\Program Files (x86)\wtfast\service\wtfast.Service.exe [102912 2018-05-22] () [File not signed]
S2 YmUwODNlYTUzZWRh; C:\Program Files\YmUwODNlYTUzZWRh\OGJhYWY4NDVlY.exe [527792 2018-12-04] ()
R2 ZAMSvc; C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15767792 2018-12-02] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-24] (Intel® Corporation)
S2 dahkService; C:\ProgramData\dahkService\dahkService.exe -s 25 [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
R2 ZWQ2YTM2NjE0ZmJjNzM; rundll32.exe C:\Windows\pvdul.pvdkl BUYfcOUuZDbJExPjj [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-24] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-20] (Motorola Solutions, Inc.)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-03] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-24] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-09] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-09] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-08] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-08] ()
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-19] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 NTY2YmFkNj; C:\Windows\System32\drivers\NTY2YmFkNj.sys [205952 2018-06-14] ()
R2 PECKbdProtector; C:\Windows\system32\drivers\PECKP_x64.SYS [53088 2015-06-25] (CSII)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-13] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-13] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Users\leont_000\Downloads\ThrottleStop_860\WinRing0x64.sys [14544 2015-10-13] (OpenLibSys.org)
R2 WtfEngineDrv; C:\Windows\system32\Drivers\WtfEngineDrv.sys [40352 2016-12-16] (AAA Internet Publishing, Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-12-02] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-12-02] (Zemana Ltd.)
S5 gijmvmyz;  <==== ATTENTION: Locked Service
S2 IRNPF; \??\C:\iResearch\Common\npf.sys [X]
R1 MWVmMW; \??\C:\Windows\system32\drivers\MWVmMW [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-08 02:52 - 2018-12-08 02:52 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2018-12-08 02:52 - 2018-12-08 02:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2018-12-07 22:53 - 2018-12-07 22:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-12-07 13:20 - 2018-12-07 13:20 - 000000000 ____D C:\ProgramData\yQydSbNsZfWcTUVB
2018-12-07 13:20 - 2018-12-07 13:20 - 000000000 ____D C:\Program Files (x86)\sIKWXKIwDInJTYRHMzR
2018-12-07 13:20 - 2018-12-07 13:20 - 000000000 ____D C:\Program Files (x86)\KxwMVIqkwqOU2
2018-12-07 13:20 - 2018-12-07 13:20 - 000000000 ____D C:\Program Files (x86)\hZRbVoKbccxYC
2018-12-07 13:20 - 2018-12-07 13:20 - 000000000 ____D C:\Program Files (x86)\hXRTETkozHUn
2018-12-07 13:20 - 2018-12-07 13:20 - 000000000 ____D C:\Program Files (x86)\fIMmcdwsEIE
2018-12-07 13:20 - 2018-12-07 13:20 - 000000000 ____D C:\Program Files (x86)\DVeyIPItU
2018-12-06 23:51 - 2018-12-06 23:51 - 000000000 ____D C:\ProgramData\CEThSMulaGfrgkVB
2018-12-06 23:51 - 2018-12-06 23:51 - 000000000 ____D C:\Program Files (x86)\YRwLvMqsZnlfC
2018-12-06 23:51 - 2018-12-06 23:51 - 000000000 ____D C:\Program Files (x86)\wuudXKCNIAsU2
2018-12-06 23:51 - 2018-12-06 23:51 - 000000000 ____D C:\Program Files (x86)\lmoNmZAVrzxZTVrAjER
2018-12-06 23:44 - 2018-12-06 23:51 - 000000000 ____D C:\Program Files (x86)\uuPUhBmSU
2018-12-06 23:44 - 2018-12-06 23:44 - 000000000 ____D C:\Program Files (x86)\qpHhDuVjrlUn
2018-12-06 23:44 - 2018-12-06 23:44 - 000000000 ____D C:\Program Files (x86)\eDXUULfIWIE
2018-12-05 17:29 - 2018-12-05 17:29 - 000000000 ____D C:\Windows\SysWOW64\gijmvmyz
2018-12-05 00:21 - 2018-12-05 00:21 - 000769536 _____ C:\Windows\pvdul.pvdkl
2018-12-04 04:38 - 2018-12-04 04:38 - 000937472 _____ C:\Windows\MjRmN2Y.exe
2018-12-04 04:38 - 2018-12-04 04:38 - 000175568 _____ C:\Windows\system32\Drivers\MWVmMW
2018-12-04 04:38 - 2018-12-04 04:38 - 000098235 _____ C:\Windows\uninstaller.dat
2018-12-04 00:40 - 2018-12-08 02:56 - 000048228 _____ C:\Users\leont_000\Downloads\FRST.txt
2018-12-04 00:40 - 2018-12-08 02:54 - 000061831 _____ C:\Users\leont_000\Downloads\Addition.txt
2018-12-04 00:38 - 2018-12-04 00:38 - 002417152 _____ (Farbar) C:\Users\leont_000\Downloads\FRST64.exe
2018-12-04 00:17 - 2018-12-04 00:17 - 000000000 ____D C:\AdwCleaner
2018-12-04 00:15 - 2018-12-04 00:16 - 007321808 _____ (Malwarebytes) C:\Users\leont_000\Downloads\adwcleaner_7.2.5.0.exe
2018-12-02 21:46 - 2018-08-21 14:44 - 000001638 _____ C:\Program Files\Common Files\RestoreRevTask.xml.2.back
2018-12-02 21:28 - 2018-12-02 21:28 - 000000000 ____D C:\ProgramData\dbg
2018-12-02 21:18 - 2018-08-21 14:44 - 000001638 _____ C:\Program Files\Common Files\RestoreRevTask.xml.1.back
2018-12-02 18:08 - 2018-12-02 18:08 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\WinRAR
2018-12-02 18:05 - 2018-12-02 18:17 - 000000000 ____D C:\Program Files\RM7Q12EZ24
2018-12-02 18:05 - 2018-12-02 18:05 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\3uhtxcy2foz
2018-12-02 18:01 - 2018-12-02 18:01 - 000000000 ____D C:\Users\leont_000\AppData\Local\Wolf of Webstreet OPC Private Limited
2018-12-02 17:59 - 2018-12-02 17:59 - 867414523 _____ C:\Windows\MEMORY.DMP
2018-12-02 17:52 - 2018-12-02 18:18 - 000320562 _____ C:\Users\Shavon\Desktop\mbst-grab-results.zip
2018-12-02 17:50 - 2018-12-08 02:55 - 000000000 ____D C:\FRST
2018-12-02 17:49 - 2018-12-02 17:49 - 003571440 _____ C:\Users\leont_000\Desktop\mb-support-1.3.1.553.exe
2018-12-02 01:57 - 2018-12-02 01:57 - 000000000 ____D C:\Users\leont_000\AppData\Local\Zemana
2018-12-02 01:55 - 2018-12-08 02:56 - 000123363 _____ C:\Windows\ZAM.krnl.trace
2018-12-02 01:55 - 2018-12-08 02:56 - 000041416 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-12-02 01:55 - 2018-12-02 01:55 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2018-12-02 01:55 - 2018-12-02 01:55 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2018-12-02 01:55 - 2018-12-02 01:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwareFox AntiMalware
2018-12-02 01:55 - 2018-12-02 01:55 - 000000000 ____D C:\Program Files (x86)\MalwareFox AntiMalware
2018-12-02 01:54 - 2018-12-02 01:54 - 006617512 _____ (Zemana Ltd. ) C:\Users\leont_000\Downloads\MalwareFox.exe
2018-12-02 01:47 - 2018-12-02 01:47 - 000003594 _____ C:\Users\leont_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rkill.lnk
2018-12-02 01:43 - 2018-12-02 01:43 - 000000000 ____D C:\Users\leont_000\AppData\Local\mbamtray
2018-12-02 01:39 - 2018-12-02 02:00 - 000004116 _____ C:\Users\Shavon\Desktop\Rkill.txt
2018-12-02 01:39 - 2018-12-02 01:39 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\leont_000\Downloads\rkill.exe
2018-12-02 01:14 - 2018-12-02 01:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-12-02 01:14 - 2018-12-02 01:14 - 000000000 ____D C:\Program Files\CCleaner
2018-12-02 01:09 - 2018-12-02 18:14 - 000000000 ____D C:\Program Files\9QRGPBN15O
2018-12-02 01:09 - 2018-12-02 01:09 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\lnj5qc3qq5k
2018-12-02 00:43 - 2018-12-04 00:20 - 001097804 _____ C:\Windows\ntbtlog.txt
2018-12-02 00:33 - 2018-12-02 00:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-02 00:33 - 2018-12-02 00:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-02 00:33 - 2018-12-02 00:33 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-02 00:33 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-12-02 00:31 - 2018-12-02 00:31 - 080557120 _____ (Malwarebytes ) C:\Users\leont_000\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.8025 (1).exe
2018-12-02 00:27 - 2018-12-02 00:27 - 080557120 _____ (Malwarebytes ) C:\Users\leont_000\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.8025.exe
2018-12-02 00:21 - 2018-12-06 23:54 - 000002368 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-02 00:21 - 2018-12-05 17:47 - 000002360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-02 00:17 - 2018-12-02 18:06 - 000000000 ____D C:\Program Files\BZ4TPT6CCG
2018-12-02 00:17 - 2018-12-02 00:17 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\5js1mkfiquy
2018-12-01 23:39 - 2018-12-01 23:39 - 000580608 ____H C:\Users\Shavon\BITC17E.tmp
2018-12-01 20:43 - 2018-12-02 02:01 - 000000000 ____D C:\Users\leont_000\AppData\LocalLow\AuRiYkFvddjJH
2018-12-01 20:40 - 2018-12-02 18:16 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\uimmrmhxcrf
2018-12-01 20:40 - 2018-12-02 18:06 - 000000000 ____D C:\Program Files\DV0D5TWK7Y
2018-12-01 20:40 - 2018-12-01 20:40 - 000184320 ____H C:\Users\Shavon\BITC18F.tmp
2018-12-01 20:32 - 2018-12-02 18:16 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\dy525v1yp32
2018-12-01 20:32 - 2018-12-02 18:06 - 000000000 ____D C:\Program Files\G2OUPDJJCN
2018-12-01 20:32 - 2018-12-01 20:32 - 000000116 _____ C:\Users\Shavon\AppData\Roaming\iplog.url
2018-11-28 23:39 - 2018-11-28 23:40 - 008992828 _____ C:\Users\leont_000\Downloads\798842 LiLA'c Records - Jue.osz
2018-11-28 14:54 - 2018-11-28 14:54 - 067823280 _____ C:\Users\leont_000\Downloads\GrowtopiaInstaller (1).exe
2018-11-28 14:53 - 2018-11-28 14:53 - 067823280 _____ C:\Users\leont_000\Downloads\GrowtopiaInstaller.exe
2018-11-26 22:45 - 2018-11-26 22:45 - 002795165 _____ C:\Users\leont_000\Downloads\53810 Junichi Masuda - Lavender Town Theme.osz
2018-11-23 23:34 - 2018-11-23 23:34 - 000000040 _____ C:\Windows\wininit.ini
2018-11-23 23:33 - 2018-11-23 23:33 - 000722944 _____ C:\Users\leont_000\AppData\Local\sham.db
2018-11-23 23:32 - 2018-11-23 23:32 - 000000000 ____D C:\Users\leont_000\AppData\Roaming\wypyel0du03
2018-11-23 23:22 - 2018-11-23 23:22 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2018-11-23 23:20 - 2018-11-23 23:21 - 033542144 _____ C:\Users\leont_000\Downloads\EpicInstaller-7.16.0-fortnite-1874dc68351146b0ba1dad4a1eba3c9e.msi
2018-11-23 16:03 - 2018-11-23 16:03 - 004116160 _____ (ppy) C:\Users\leont_000\Downloads\osu!install (3).exe
2018-11-18 01:14 - 2018-11-18 01:14 - 000000000 ____D C:\Users\leont_000\Downloads\ThrottleStop_860
2018-11-18 00:52 - 2018-11-18 00:52 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\e0lxaxcfdb5
2018-11-17 16:05 - 2018-11-17 16:05 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\q0ig4qls4iv
2018-11-17 15:30 - 2018-11-17 15:30 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\5endgy4tp3c
2018-11-17 14:55 - 2018-11-17 14:55 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\vtdeqgj1k52
2018-11-17 14:20 - 2018-11-17 14:20 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\kew05khu2nx
2018-11-17 13:45 - 2018-11-17 13:45 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\pxgysluwope
2018-11-16 23:37 - 2018-11-16 23:37 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\qqp4doriz0r
2018-11-16 23:01 - 2018-11-16 23:01 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\rwbra0fqtjd
2018-11-16 10:17 - 2018-11-16 10:17 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\m4usvpiossq
2018-11-16 02:34 - 2018-10-25 08:54 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-11-16 02:34 - 2018-10-25 08:51 - 000121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2018-11-16 02:34 - 2018-10-25 08:46 - 000205824 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-11-16 02:34 - 2018-10-25 08:45 - 000168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2018-11-16 02:34 - 2018-10-18 10:48 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-16 02:34 - 2018-10-18 10:17 - 020281344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-16 02:34 - 2018-10-16 11:46 - 007371720 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-16 02:34 - 2018-10-16 11:39 - 002171800 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2018-11-16 02:34 - 2018-10-16 11:39 - 001662504 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-11-16 02:34 - 2018-10-16 11:39 - 001063368 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2018-11-16 02:34 - 2018-10-16 11:18 - 001137472 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-11-16 02:34 - 2018-10-16 11:02 - 001563584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2018-11-16 02:34 - 2018-10-16 11:02 - 001214920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-11-16 02:34 - 2018-10-13 04:35 - 000862208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-11-16 02:34 - 2018-10-13 04:26 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-16 02:34 - 2018-10-13 04:25 - 000189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2018-11-16 02:34 - 2018-10-13 04:22 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-11-16 02:34 - 2018-10-13 04:17 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-11-16 02:34 - 2018-10-13 04:16 - 000148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2018-11-16 02:34 - 2018-10-13 04:16 - 000131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2018-11-16 02:34 - 2018-10-13 04:03 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-16 02:34 - 2018-10-13 04:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-11-16 02:34 - 2018-10-13 03:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-11-16 02:34 - 2018-10-13 03:57 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-11-16 02:34 - 2018-10-13 03:56 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-11-16 02:34 - 2018-10-13 03:51 - 000267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2018-11-16 02:34 - 2018-10-13 03:47 - 001049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-11-16 02:34 - 2018-10-13 03:42 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-11-16 02:34 - 2018-10-13 03:38 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-11-16 02:34 - 2018-10-13 03:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-11-16 02:34 - 2018-10-12 10:16 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-11-16 02:34 - 2018-10-12 10:12 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-11-16 02:34 - 2018-10-12 10:10 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-16 02:34 - 2018-10-12 10:10 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-11-16 02:34 - 2018-10-12 10:01 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-11-16 02:34 - 2018-10-12 09:59 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-16 02:34 - 2018-10-12 09:59 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-16 02:34 - 2018-10-12 09:58 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-11-16 02:34 - 2018-10-12 09:58 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-11-16 02:34 - 2018-10-12 09:35 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-11-16 02:34 - 2018-10-12 09:30 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-11-16 02:34 - 2018-10-12 09:27 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-16 02:34 - 2018-10-12 09:27 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-11-16 02:34 - 2018-10-12 09:25 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-16 02:34 - 2018-10-12 09:19 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-16 02:34 - 2018-10-12 09:17 - 000809984 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-11-16 02:34 - 2018-10-12 09:12 - 002882048 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-11-16 02:34 - 2018-10-12 09:06 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-16 02:34 - 2018-10-12 08:55 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-16 02:34 - 2018-10-07 02:14 - 001547192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-11-16 02:34 - 2018-10-07 02:14 - 000388536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-11-16 02:34 - 2018-10-07 02:04 - 001308976 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-11-16 02:34 - 2018-10-07 02:03 - 000356288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-11-16 02:34 - 2018-10-07 00:48 - 004168192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-11-16 02:34 - 2018-10-06 23:41 - 002465792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-11-16 02:34 - 2018-10-06 23:34 - 002175488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-11-16 02:34 - 2018-10-06 23:32 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-11-16 02:34 - 2018-09-28 21:38 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2018-11-16 02:34 - 2018-09-28 21:34 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2018-11-16 02:34 - 2018-09-24 00:47 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-11-16 02:34 - 2018-09-24 00:45 - 000468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-11-16 02:34 - 2018-09-24 00:45 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-11-16 02:34 - 2018-09-24 00:37 - 000774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-11-16 02:34 - 2018-09-24 00:24 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-11-16 02:34 - 2018-09-24 00:23 - 000391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-11-16 02:34 - 2018-09-24 00:23 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-11-16 02:34 - 2018-09-24 00:20 - 002750464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-11-16 02:34 - 2018-09-24 00:17 - 000699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-11-16 02:34 - 2018-09-24 00:00 - 000200192 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-11-16 02:34 - 2018-09-24 00:00 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-11-16 02:34 - 2018-09-23 23:58 - 000904192 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-11-16 02:34 - 2018-09-23 23:56 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-11-16 02:34 - 2018-09-23 23:53 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2018-11-16 02:34 - 2018-09-23 23:51 - 001920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-11-16 02:34 - 2018-09-23 23:50 - 000709632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-11-16 02:34 - 2018-09-13 02:30 - 000137008 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-11-16 02:34 - 2018-09-11 23:30 - 003718144 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-11-16 02:34 - 2018-08-26 11:38 - 001200640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2018-11-16 02:34 - 2018-08-26 11:38 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2018-11-16 02:34 - 2018-08-26 11:21 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2018-11-16 02:34 - 2018-08-26 11:21 - 000200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2018-11-16 02:34 - 2018-08-26 09:45 - 000513448 _____ C:\Windows\SysWOW64\locale.nls
2018-11-16 02:34 - 2018-08-26 09:45 - 000513448 _____ C:\Windows\system32\locale.nls
2018-11-16 02:34 - 2018-08-21 21:39 - 000435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-11-16 02:34 - 2018-08-21 21:35 - 000358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-11-16 02:34 - 2018-08-20 00:22 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-11-16 02:34 - 2018-08-19 23:52 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-11-16 02:34 - 2018-08-19 23:43 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-11-16 00:28 - 2018-12-01 20:33 - 000000000 ____D C:\Program Files (x86)\Chameleon Explorer
2018-11-16 00:28 - 2018-11-16 00:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chameleon Explorer
2018-11-16 00:27 - 2018-11-16 00:27 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\qbqghb1qn0a
2018-11-15 22:09 - 2018-11-15 22:09 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\jdxbb0se5qh
2018-11-15 21:34 - 2018-11-15 21:34 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\gbrkcw5qqaf
2018-11-15 20:27 - 2018-11-15 20:27 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\xildleywubn
2018-11-15 19:52 - 2018-11-15 19:52 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\tgukl5kr22q
2018-11-10 13:52 - 2018-11-10 13:52 - 001437517 _____ C:\Users\leont_000\Downloads\robloxapp-20181028-1758326.wmv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-08 02:54 - 2014-02-27 13:46 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-12-08 02:53 - 2017-12-11 17:23 - 000000000 ____D C:\Users\leont_000\AppData\Local\CrashDumps
2018-12-08 02:53 - 2017-12-08 16:16 - 000000000 ___DO C:\Users\leont_000\OneDrive
2018-12-08 02:52 - 2018-11-01 23:28 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-12-08 02:52 - 2014-12-02 20:13 - 000000514 ____H C:\Windows\Tasks\SystemCreate-S-2690333021.job
2018-12-08 02:52 - 2014-11-02 13:00 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-12-08 02:52 - 2013-08-22 22:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-08 02:33 - 2018-03-12 17:33 - 000000588 _____ C:\Windows\Tasks\Yahoo! Powered sodis.job
2018-12-08 02:14 - 2018-03-26 17:14 - 000001024 _____ C:\Windows\Tasks\Secured Yahoo Powered sodis.job
2018-12-08 02:14 - 2018-03-26 17:14 - 000000000 ____D C:\ProgramData\{BE597B3A-341B-F1FC-B2DD-6FBE289FE470}
2018-12-08 00:00 - 2018-10-14 19:52 - 000001230 _____ C:\Users\leont_000\Desktop\Roblox Studio.lnk
2018-12-08 00:00 - 2017-12-09 02:32 - 000000000 ____D C:\Users\leont_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2018-12-06 23:54 - 2018-06-17 10:13 - 000000004 _____ C:\ProgramData\lock.dat
2018-12-06 23:54 - 2018-06-17 10:11 - 000000258 __RSH C:\Users\leont_000\ntuser.pol
2018-12-06 23:54 - 2018-06-17 10:07 - 000000000 ____D C:\ProgramData\dahkService
2018-12-06 23:54 - 2017-12-08 16:11 - 000000000 ____D C:\Users\leont_000
2018-12-06 01:26 - 2013-08-22 23:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-12-06 01:26 - 2013-08-22 23:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-12-05 17:47 - 2018-03-12 17:35 - 000002392 _____ C:\Users\Shavon\Desktop\Chromium.lnk
2018-12-05 17:44 - 2014-02-27 14:09 - 000048364 _____ C:\Windows\system32\prfh0804.dat
2018-12-05 17:44 - 2014-02-27 14:09 - 000020780 _____ C:\Windows\system32\prfc0804.dat
2018-12-05 17:44 - 2013-10-03 23:30 - 000128534 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-05 17:44 - 2013-08-22 21:36 - 000000000 ____D C:\Windows\Inf
2018-12-05 17:38 - 2018-06-17 10:13 - 000000304 _____ C:\ProgramData\rwi.khad
2018-12-05 00:33 - 2018-03-12 17:33 - 000000000 ____D C:\ProgramData\{BDB678D5-37F4-F213-B132-6C512B70E79F}
2018-12-05 00:32 - 2013-08-22 23:36 - 000000000 ____D C:\Windows\AppReadiness
2018-12-04 23:33 - 2018-03-12 17:33 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\558bb2581cf08746e0fc693de796dcad
2018-12-04 23:23 - 2018-04-02 22:09 - 000000000 ____D C:\Users\Shavon\AppData\Roaming\Skype
2018-12-04 23:21 - 2017-12-09 10:44 - 000000000 ____D C:\Program Files (x86)\Steam
2018-12-04 23:20 - 2014-05-21 21:46 - 000000000 ___RD C:\Users\Shavon\OneDrive
2018-12-04 00:34 - 2017-12-25 02:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-12-04 00:34 - 2014-05-18 14:19 - 000000000 ____D C:\Users\Shavon
2018-12-02 21:39 - 2013-08-22 21:36 - 000000000 ____D C:\Program Files\FlashWin Light
2018-12-02 21:15 - 2013-08-22 22:44 - 000373304 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-02 18:06 - 2018-07-21 22:23 - 000000000 ____D C:\Program Files\EJ5WXH4AHE
2018-12-02 18:06 - 2018-07-21 21:53 - 000000000 ____D C:\Program Files\ABE7WQFMFT
2018-12-02 18:06 - 2018-07-21 21:23 - 000000000 ____D C:\Program Files\CZS9MIW4EW
2018-12-02 18:06 - 2018-07-21 20:53 - 000000000 ____D C:\Program Files\BJ6ET7M8O2
2018-12-02 18:06 - 2018-07-21 20:23 - 000000000 ____D C:\Program Files\KQPRPRD52K
2018-12-02 18:06 - 2018-07-21 19:53 - 000000000 ____D C:\Program Files\W3JT2WFJSV
2018-12-02 18:06 - 2018-07-21 17:35 - 000000000 ____D C:\Program Files\8PJSOJPZAZ
2018-12-02 18:06 - 2018-07-21 17:05 - 000000000 ____D C:\Program Files\BEQK62BTSV
2018-12-02 18:06 - 2018-07-21 16:35 - 000000000 ____D C:\Program Files\8CZXZY45MF
2018-12-02 18:06 - 2018-07-21 16:05 - 000000000 ____D C:\Program Files\4X2DJQ1RGW
2018-12-02 18:06 - 2018-07-21 15:35 - 000000000 ____D C:\Program Files\M36DMLXPKM
2018-12-02 18:06 - 2018-07-21 15:05 - 000000000 ____D C:\Program Files\NK70S6NR4Q
2018-12-02 18:06 - 2018-07-21 13:09 - 000000000 ____D C:\Program Files\CD8CX13O8L
2018-12-02 18:05 - 2018-07-08 20:20 - 000000000 ____D C:\Program Files\OQTDFDO2ZP
2018-12-02 18:05 - 2018-07-08 19:50 - 000000000 ____D C:\Program Files\9G7Q0QUJW4
2018-12-02 18:05 - 2018-07-08 18:07 - 000000000 ____D C:\Program Files\29RIAMVEWK
2018-12-02 18:05 - 2018-07-08 17:07 - 000000000 ____D C:\Program Files\8UYKZL9AFG
2018-12-02 17:59 - 2014-06-01 19:10 - 000000000 ____D C:\Windows\Minidump
2018-12-02 01:55 - 2018-10-04 22:49 - 000000000 ____D C:\Users\leont_000\Desktop\Defence
2018-12-02 01:49 - 2018-08-29 16:06 - 000000000 ____D C:\Users\leont_000\Desktop\osu!
2018-12-02 01:45 - 2017-12-25 21:13 - 000000000 ____D C:\Users\leont_000\AppData\Roaming\Azureus
2018-12-02 00:35 - 2018-04-02 22:09 - 000000345 _____ C:\Users\Shavon\AppData\Roaming\WB.CFG
2018-12-02 00:21 - 2018-09-09 02:05 - 000000000 ____D C:\Users\leont_000\AppData\Local\Deployment
2018-12-02 00:21 - 2014-05-17 22:29 - 000000000 ____D C:\Program Files (x86)\Google
2018-12-01 20:43 - 2013-08-22 23:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-29 16:38 - 2018-09-13 17:21 - 000000000 ____D C:\Users\leont_000\AppData\Local\osu!
2018-11-28 14:54 - 2018-01-17 20:53 - 000000000 ____D C:\Users\leont_000\AppData\Local\Growtopia
2018-11-24 20:04 - 2013-08-22 23:20 - 000000000 ____D C:\Windows\CbsTemp
2018-11-23 23:33 - 2017-03-20 03:50 - 000000000 ____D C:\ProgramData\Adobe
2018-11-23 23:22 - 2018-04-14 15:58 - 000000000 ____D C:\Users\leont_000\AppData\Local\UnrealEngine
2018-11-23 23:22 - 2018-04-14 15:57 - 000000000 ____D C:\Program Files (x86)\Epic Games
2018-11-23 16:06 - 2018-03-01 19:10 - 000000966 _____ C:\Users\leont_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2018-11-20 00:42 - 2017-01-05 12:59 - 000001077 _____ C:\Windows\BRRBCOM.INI
2018-11-19 20:29 - 2013-08-22 23:36 - 000000000 ____D C:\Windows\rescache
2018-11-19 02:06 - 2017-12-09 11:05 - 000000000 ____D C:\Users\leont_000\AppData\Roaming\discord
2018-11-17 14:20 - 2018-04-06 21:33 - 000000000 ____D C:\Users\leont_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-11-17 05:29 - 2018-08-19 20:55 - 000834960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-11-17 05:29 - 2018-08-19 20:55 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-16 22:44 - 2014-05-20 22:51 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-11-16 22:44 - 2014-05-20 22:51 - 000000000 ____D C:\Windows\system32\MRT
2018-11-15 20:21 - 2018-06-17 09:47 - 000000000 ____D C:\Program Files\Opera
2018-11-10 13:30 - 2018-06-17 09:47 - 000001025 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2018-11-08 22:11 - 2018-06-17 10:08 - 000000000 ____D C:\Program Files\YmUwODNlYTUzZWRh

==================== Files in the root of some directories =======

2018-06-17 10:13 - 2018-12-06 23:54 - 000000004 _____ () C:\ProgramData\lock.dat
1601-01-03 21:33 - 1601-01-03 21:33 - 000197120 ____N (Microsoft Corporation) C:\Program Files (x86)\PWtCKuFcYT.exe
2018-06-19 22:31 - 2018-08-21 14:44 - 000003930 _____ () C:\Program Files\Common Files\AppLoaderHelpers.xml
2018-08-19 15:58 - 2018-06-19 22:31 - 000003922 _____ () C:\Program Files\Common Files\AppLoaderHelpers.xml.back
2018-08-20 14:35 - 2018-06-19 22:31 - 000003922 _____ () C:\Program Files\Common Files\AppLoaderHelpers_1.xml.back
2018-08-21 14:44 - 2018-06-19 22:31 - 000003922 _____ () C:\Program Files\Common Files\AppLoaderHelpers_2.xml.back
2018-08-22 19:04 - 2018-10-21 03:00 - 000004820 _____ () C:\Program Files\Common Files\AppLoaderPM.xml
2018-06-17 08:28 - 2018-08-21 14:44 - 000001638 _____ () C:\Program Files\Common Files\RestoreRevTask.xml
2018-12-02 21:18 - 2018-08-21 14:44 - 000001638 _____ () C:\Program Files\Common Files\RestoreRevTask.xml.1.back
2018-12-02 21:46 - 2018-08-21 14:44 - 000001638 _____ () C:\Program Files\Common Files\RestoreRevTask.xml.2.back
2018-08-19 15:58 - 2018-06-17 08:28 - 000001609 _____ () C:\Program Files\Common Files\RestoreRevTask.xml.back
2018-08-20 14:35 - 2018-06-17 08:28 - 000001609 _____ () C:\Program Files\Common Files\RestoreRevTask_1.xml.back
2018-08-21 14:44 - 2018-06-17 08:28 - 000001609 _____ () C:\Program Files\Common Files\RestoreRevTask_2.xml.back
2018-09-21 21:47 - 2018-09-21 21:47 - 000000170 ____H () C:\Program Files\Common Files\service_pack.bat
2018-09-28 15:26 - 2018-09-28 15:26 - 000000000 _____ () C:\Users\leont_000\AppData\Local\oobelibMkey.log
2018-05-29 18:06 - 2018-05-29 18:06 - 000000017 _____ () C:\Users\leont_000\AppData\Local\resmon.resmoncfg
2018-11-23 23:33 - 2018-11-23 23:33 - 000722944 _____ () C:\Users\leont_000\AppData\Local\sham.db

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================

Below is the log for AdwCleaner:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build:    11-26-2018
# Database: 2018-12-07.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    12-08-2018
# Duration: 00:00:18
# OS:       Windows 8.1
# Scanned:  32299
# Detected: 28


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Adware.Agent                    C:\Users\Shavon\AppData\Roaming\CRMSvc
PUP.Optional.FastDataX          C:\Program Files (x86)\FastDataX
PUP.Optional.Legacy             C:\Windows\Syswow64\SSL

***** [ Files ] *****

PUP.Optional.Legacy             C:\Users\Shavon\appdata\local\installationconfiguration.xml

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.FastDataX          C:\Windows\System32\Tasks\FastDataX Task

***** [ Registry ] *****

Adware.Agent                    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D105DFE2-8DF6-4BA0-ABF1-392716658963}
Adware.DNSUnlocker              HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Adware.NeoBar                   HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1655C0CA-7AE7-4012-8502-970C8675E5F8
PUP.Optional.FastDataX          HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastDataX_is1
PUP.Optional.FastDataX          HKCU\Software\FastDataX
PUP.Optional.FastDataX          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D48627F-2494-42B7-98B6-52F090176138}
PUP.Optional.FastDataX          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D48627F-2494-42B7-98B6-52F090176138}
PUP.Optional.FastDataX          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FastDataX Task
PUP.Optional.Wajam              HKLM\Software\Wow6432Node\SrcAAAesom Browser Enhancer
PUP.Optional.Wajam              HKLM\Software\SrcAAAesom Browser Enhancer
PUP.Optional.Wajam              HKCU\Software\WajIEnhance
PUP.Optional.Wajam              HKLM\Software\Wow6432Node\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
PUP.Optional.Wajam              HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
PUP.Optional.YoutubeAdBlock     HKU\S-1-5-21-1589306073-4194362613-1028311373-1004\Software\Microsoft\Internet Explorer\URLSearchHooks|{2C6A44CB-AD42-4731-A544-3FBD3D83AB5B}
Trojan.Agent                    HKCU\Software\Microsoft\Windows\CurrentVersion\Run|VolID

***** [ Chromium (and derivatives) ] *****

PUP.Optional.CastVPN            CastVPN_AE
PUP.Optional.CastVPN            CastVPN_AE
PUP.Optional.Legacy             MSN Homepage & Bing Search Engine
PUP.Optional.SearchManager      Search Manager
PUP.Optional.SearchManager      nahhmpbckpgdidfnmfkfgiflpjijilce
PUP.Optional.SearchManager      Search Manager
PUP.Optional.SecuredSearches    Secured Search Extension
PUP.Optional.SecuredSearches    Secured Search Extension

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [38048 octets] - [04/12/2018 00:18:26]
AdwCleaner[C00].txt - [31956 octets] - [04/12/2018 00:18:58]
AdwCleaner[S01].txt - [37703 octets] - [04/12/2018 00:33:34]
AdwCleaner[C01].txt - [31739 octets] - [04/12/2018 00:34:27]
AdwCleaner[S02].txt - [1909 octets] - [04/12/2018 23:19:29]
AdwCleaner[C02].txt - [1963 octets] - [04/12/2018 23:19:55]
AdwCleaner[S03].txt - [1616 octets] - [04/12/2018 23:21:19]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########
 

By the way, what would happen if I try deleting the file that's trying to run?

Share this post


Link to post
Share on other sites

The reason for that error is you ran the scanner as a normal user. Not with an Admin account. Please log in with an account that has Admin rights and try running it again.

Ran by leont_000 (ATTENTION: The user is not administrator) on SHAVONTEO (08-12-2018 02:55:54)

Share this post


Link to post
Share on other sites

Extremely sorry for my late reply, I keep putting it off to another day. Also, I downloaded something suspicious which was a mistake on my part, and I noticed a DVD that was in my PC section in File Explorer. Chrome also had popups. 

 

FRST.txt

Share this post


Link to post
Share on other sites

Thanks @unrisinq but after this long, it's best we get a new set of all the logs.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

Full protection or simple disinfection?

Download Malwarebytes for Windows for free and you get 14 days of full real-time protection. After the 14 days are up, Malwarebytes for Windows reverts to a very limited but still free version that will only disinfect your computer after an attack. We recommend the full real-time protection of Malwarebytes for Windows Premium to prevent infection in the first place.

Scanning with Malwarebytes for Windows

  • Right-click on the MBAM icon and select Run as Administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu, pane click the Settings tab and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button.
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button. (do not empty quarantine for a few days)
  • While still on the Scan tab, click the View Report button, and in the window that opens, click the Export button, select Text file (*.txt), and save the log to your desktop.
  • The log can also be viewed by clicking the log to select it, then click the View Report button.
  • If you need help please attach the Threat Scan log to your post.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

_frst_scan.jpg.c4da9d55519f9cb858df1efcd

 

 

 

Thanks

Ron

 

Edited by AdvancedSetup
Updated information

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.