Jump to content
tuneguy

Can't remove detected malware

Recommended Posts

I recently ran a scan and a number of threats were detected. However, only one of them could be quarantined/removed. Do I need some other virus removal program? (full log attached as .txt)

Anybody else have this issue?

1489795194_MalwareReport.JPG.7b3b05e1416bb739fb889bac8f557d48.JPG

Full log.txt

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions

Share this post


Link to post
Share on other sites

Thanks for your help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.03.2019 01
Ran by VisionDAW User (administrator) on VISIONDAW-20570 (04-03-2019 17:07:43)
Running from C:\Users\VisionDAW User\Desktop\Good Time
Loaded Profiles: VisionDAW User & LogMeInRemoteUser (Available Profiles: VisionDAW User & LogMeInRemoteUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(TOSHIBA CORPORATION) [File not signed] C:\Windows\System32\cwamiousvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Drobo, Inc. -> Drobo, Inc.) C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Express Vpn LLC -> ) C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(Express Vpn LLC -> ) C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
() [File not signed] C:\Program Files (x86)\Chocks\assertions.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Martin Bjoernsen -> RME) C:\Windows\System32\hdspmix.exe
(Martin Bjoernsen -> RME) C:\Windows\System32\hdsp32.exe
(Smilebox, Inc. -> Smilebox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Smilebox\SmileboxTray.exe
(Kensington) [File not signed] C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
(Drobo, Inc. -> Drobo, Inc.) C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
(DISTRIBUTED CREATION INC. -> Splice) C:\Users\VisionDAW User\AppData\Local\splice\app-3.4.11\Splice.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(Belkin Corporation -> Belkin Corporation) C:\Program Files (x86)\Belkin\Nostromo\nost_LM.exe
(Native Instruments GmbH) [File not signed] C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(PowerISO Computing, Inc.) [File not signed] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(PACE Anti-Piracy, Inc.) [File not signed] C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Intuit) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.) C:\Users\VisionDAW User\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(DISTRIBUTED CREATION INC. -> Distributed Creation, Inc.) C:\Users\VisionDAW User\AppData\Local\splice\app-3.4.11\Splice.Helper.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\QtWebEngineProcess.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
() [File not signed] C:\Program Files (x86)\Chocks\assertions.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
(Sony Creative Software Inc -> Sony Creative Software Inc.) [File not signed] C:\Program Files (x86)\Sony\ACID Pro 7.0\acid70.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\calc.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [446400 2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2010-08-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Run: [HDSPTray2] => C:\Windows\system32\hdspmix.exe [1158144 2012-05-07] (Martin Bjoernsen -> RME)
HKLM\...\Run: [HDSPTray1] => C:\Windows\system32\hdsp32.exe [648192 2012-05-07] (Martin Bjoernsen -> RME)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-18] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [217088 2008-01-20] (PowerISO Computing, Inc.) [File not signed]
HKLM-x32\...\Run: [Kensington TrackballWorks Helper] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [435200 2016-02-22] (Kensington) [File not signed]
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2015-08-19] (Intuit, Inc. -> Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2012-09-14] (Intel Corporation) [File not signed]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\EpmNews.exe
HKLM-x32\...\Run: [EaseUS Cleanup] => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\CleanUpUI.exe" 10 300
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Wondershare Helper Compact.exe] => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [SmileboxTray] => C:\Users\VisionDAW User\AppData\Roaming\Smilebox\SmileboxTray.exe [366552 2017-09-27] (Smilebox, Inc. -> Smilebox, Inc.)
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Kensington TrackballWorks] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [435200 2016-02-22] (Kensington) [File not signed]
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Dropbox Update] => C:\Users\VisionDAW User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [DDAssist] => C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe [623392 2015-05-21] (Drobo, Inc. -> Drobo, Inc.)
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [com.squirrel.splice.Splice] => C:\Users\VisionDAW User\AppData\Local\splice\app-3.4.11\Splice.exe [52374928 2019-02-21] (DISTRIBUTED CREATION INC. -> Splice)
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: J - J:\SETUP.EXE
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: L - L:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: {1bbec3d1-fbd2-11e3-a994-4c72b966cf40} - L:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: {48dd52c4-66b2-11e5-b072-4c72b966cf40} - L:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: {705ce262-0716-11e6-a0bd-4c72b966cf40} - K:\VZW_Software_upgrade_assistant.exe
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-25] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\Windows\system32\LMIinit.dll [2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{97E1814E-5601-41c8-9971-10C319EF61CC}] -> C:\Windows\system32\SRCredentialProvider.dll [2018-10-19] (Splashtop Inc. -> Splashtop Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-09-27]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nostromo Loadout Manager.lnk [2018-07-23]
ShortcutTarget: Nostromo Loadout Manager.lnk -> C:\Windows\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe (Macrovision Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-09-27]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-09-27]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)
Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2019-02-21]
ShortcutTarget: Dropbox.lnk -> C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-04-07]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-03-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2014-06-24]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\VisionDAW User\AppData\Roaming\VERIZON\UA_ar\UA.exe (Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 www.swamengine.com
Tcpip\Parameters: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{3CBBDB9E-2295-4D2E-B468-D1DA72ECCD84}: [DhcpNameServer] 10.126.0.1
Tcpip\..\Interfaces\{4EDEC94B-B772-4EA2-8059-FEDA321FD5DB}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{BD9A9928-2BFB-4A60-9E5C-C4DA1B164FAE}: [NameServer] 8.8.8.8,4.2.2.3
Tcpip\..\Interfaces\{BD9A9928-2BFB-4A60-9E5C-C4DA1B164FAE}: [DhcpNameServer] 192.168.86.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-08] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-12-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
Handler: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: b0xpguy3.default
FF ProfilePath: C:\Users\VisionDAW User\AppData\Roaming\Mozilla\Firefox\Profiles\b0xpguy3.default [2019-03-02]
FF NetworkProxy: Mozilla\Firefox\Profiles\b0xpguy3.default -> type", 4
FF Extension: (Video DownloadHelper) - C:\Users\VisionDAW User\AppData\Roaming\Mozilla\Firefox\Profiles\b0xpguy3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-02-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2018-04-04] [Legacy]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-11-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-3386386071-2981558750-1810538096-1000: @asperasoft.com/AsperaConnect -> C:\Users\VisionDAW User\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.7.4\npasperaweb_3.7.4.147728.dll [2017-09-05] (Aspera, Inc. -> Aspera, Inc. )
FF Plugin HKU\S-1-5-21-3386386071-2981558750-1810538096-1000: signiant.com/SigniantTransfer -> C:\Users\VisionDAW User\AppData\Roaming\SigniantInc\SigniantTransfer\5.4.0.60258\npSigniantTransfer.dll [2014-07-11] (Signiant Corporation -> Signiant Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default [2019-03-04]
CHR Extension: (Slides) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-07]
CHR Extension: (Flash Video Downloader) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-09-28]
CHR Extension: (Docs) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-07]
CHR Extension: (Google Drive) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (MEGA) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2019-02-28]
CHR Extension: (YouTube) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-07]
CHR Extension: (Honey) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-02-14]
CHR Extension: (FVD Suggestions) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\caoielngcdpgeldnckhponffkiajaobo [2018-04-11]
CHR Extension: (Google News) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2018-01-08]
CHR Extension: (Dropbox for Gmail) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2019-02-07]
CHR Extension: (Adobe Acrobat) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-03-29]
CHR Extension: (Google Calendar) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2018-01-08]
CHR Extension: (Google Finance) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2018-01-08]
CHR Extension: (Sheets) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-07]
CHR Extension: (Chrome Remote Desktop) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-03-04]
CHR Extension: (Convert PDF to Word - PDFfiller) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclipekclncjckbhddbiocikflkdekkm [2018-01-08]
CHR Extension: (Google Docs Offline) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (AdBlock) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-28]
CHR Extension: (Google Calendar) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2018-04-11]
CHR Extension: (Grammarly for Chrome) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-03-01]
CHR Extension: (Google Calendar - Week of Aug 9, 2015) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkcpfjbnojkgkmchngbnpbnahpikkgi [2018-01-08]
CHR Extension: (Evernote Web) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2018-01-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-12-07]
CHR Extension: (Video DownloadHelper) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2019-02-03]
CHR Extension: (Google Maps) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2018-01-08]
CHR Extension: (Contacts Sort App) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfbligcoimpkahekefnppbjgmjojkcp [2018-01-08]
CHR Extension: (Google Play Books) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2018-01-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2019-03-01]
CHR Extension: (Evernote Web Clipper) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2019-01-28]
CHR Extension: (Gmail) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-13]
CHR Profile: C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-12]
CHR HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-03-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\hnkdz <==== ATTENTION (Rootkit!)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013280 2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
R2 DDService; C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe [2056992 2015-05-21] (Drobo, Inc. -> Drobo, Inc.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40080 2018-05-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [339168 2018-07-03] (Express Vpn LLC -> )
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2012-09-14] (Intel Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [420296 2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [588232 2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-01-10] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5739008 2011-12-05] (Native Instruments GmbH) [File not signed]
R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-03-07] (Intuit) [File not signed]
R3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-08-19] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-08-19] (Intuit Inc.) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115976 2016-01-28] (Shenzhen Wondershare Information Technology Co., Ltd. -> Wondershare)
S3 GoogleChromeElevationService; "C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\elevation_service.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcgame; C:\Windows\System32\drivers\bcgame.sys [35328 2007-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Belkin Corporation)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 e1qexpress; C:\Windows\System32\DRIVERS\e1q60x64.sys [244736 2009-06-10] (Microsoft Windows -> Intel Corporation)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [54216 2018-05-15] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [101376 2013-07-09] (NTONYX Ltd. -> Eugene V. Muzychenko)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVpn SplitTunnel Driver\driver\expressvpnsplittunnel.sys [18800 2018-07-03] (ExprsVPN LLC -> )
R3 hdsp; C:\Windows\System32\drivers\hdsp_64.sys [102400 2012-05-07] (Martin Bjoernsen -> RME)
S3 HPFXFAX; C:\Windows\System32\drivers\hppdfaxio.sys [23576 2010-12-07] (Hewlett-Packard Company -> Hewlett Packard)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26072 2012-09-14] (Intel Corporation -> Intel Corporation)
S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25752 2012-05-16] (PACE Anti-Piracy, Inc. -> )
R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-03-01] (Malwarebytes Corporation -> Malwarebytes)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [96768 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [213504 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [57776 2008-01-20] (Fenghua Lee -> PowerISO Computing, Inc.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [33488 2015-11-30] (NCH Software -> )
R3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-15] (Steinberg Media Technologies GmbH -> Steinberg Media Technologies GmbH)
S3 tapexpressvpn; C:\Windows\System32\DRIVERS\tapexpressvpn.sys [35696 2018-07-03] (ExprsVPN LLC -> The OpenVPN Project)
R3 tbwkern; C:\Windows\System32\DRIVERS\tbwkern.sys [34656 2016-02-22] (Kensington Computer Products Group -> )
R3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S1 bpeol; \??\C:\Users\VISION~1\AppData\Local\Temp\uphctszv.sys [X] <==== ATTENTION
R4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
R3 knqtxa; system32\drivers\qtxadg.sys [X]
S4 lamurk; System32\drivers\dscvplam.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-04 17:07 - 2019-03-04 17:07 - 000000000 ____D C:\FRST
2019-03-02 15:17 - 2019-03-02 15:17 - 010372016 _____ C:\Users\VisionDAW User\Desktop\bitdefender_online.exe
2019-03-02 12:24 - 2019-03-02 12:24 - 000000000 ____D C:\Users\VisionDAW User\Desktop\New folder (2)
2019-03-01 14:51 - 2019-03-04 17:05 - 000000001 _____ C:\8061vvch9obpgv6
2019-03-01 14:31 - 2019-03-01 14:31 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-03-01 14:28 - 2019-03-01 14:28 - 000145744 ____N C:\Windows\system32\Drivers\sesgknqt.sys
2019-03-01 14:26 - 2019-03-01 14:26 - 000047684 _____ C:\Windows\system32\.crusader
2019-03-01 14:20 - 2019-03-01 14:27 - 000000000 ____D C:\ProgramData\HitmanPro
2019-03-01 14:18 - 2019-03-01 14:20 - 011514112 _____ (SurfRight B.V.) C:\Users\VisionDAW User\Desktop\HitmanPro_x64.exe
2019-02-28 16:15 - 2019-02-28 16:15 - 000000355 _____ C:\Users\VisionDAW User\Desktop\Computer - Shortcut (2).lnk
2019-02-21 17:21 - 2019-02-21 17:21 - 000003012 _____ C:\Windows\System32\Tasks\{F4141091-2D04-4C45-B8E9-FEFA3A93C11F}
2019-02-21 17:21 - 2019-02-21 17:21 - 000003012 _____ C:\Windows\System32\Tasks\{15825107-9085-4D14-BCFE-C0D1BE5BD07B}
2019-02-21 15:49 - 2019-02-21 15:49 - 018914256 _____ (Bitdefender LLC) C:\Users\VisionDAW User\Desktop\BDGandCrabDecryptTool.exe
2019-02-21 14:23 - 2019-02-21 14:23 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-02-13 18:23 - 2019-02-13 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-02-13 11:01 - 2019-02-13 11:01 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-13 11:01 - 2019-02-13 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-13 11:01 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-13 09:43 - 2019-02-13 09:43 - 000081938 _____ C:\Users\VisionDAW User\Desktop\RT. Fiocca Release.pdf
2019-02-13 09:41 - 2019-02-13 09:41 - 000016853 _____ C:\Users\VisionDAW User\Desktop\R. Fiocca Release.pdf
2019-02-08 09:49 - 2019-02-13 18:23 - 000002383 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002334 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-02-04 21:27 - 2019-02-04 21:27 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\Splashtop
2019-02-03 14:59 - 2019-02-03 14:59 - 000000355 _____ C:\Users\VisionDAW User\Desktop\Computer - Shortcut.lnk

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-04 17:08 - 2009-07-13 21:34 - 025952256 _____ C:\Windows\system32\config\HARDWARE
2019-03-04 17:07 - 2018-07-17 14:59 - 000000000 ____D C:\Users\VisionDAW User\Desktop\Good Time
2019-03-04 17:01 - 2015-01-15 12:51 - 000000000 ____D C:\ProgramData\LogMeIn
2019-03-04 16:24 - 2015-07-07 12:17 - 000000954 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000UA.job
2019-03-04 05:01 - 2009-07-13 23:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-03-04 05:01 - 2009-07-13 23:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-03-03 23:24 - 2015-07-07 12:17 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000Core.job
2019-03-02 18:36 - 2013-01-29 10:44 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\HpUpdate
2019-03-02 18:36 - 2013-01-25 14:18 - 000000000 ____D C:\Users\VisionDAW User\Documents\ACID Pro 7.0 Projects
2019-03-02 12:02 - 2018-01-12 16:30 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\CrashDumps
2019-03-01 16:44 - 2013-01-23 12:47 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\ElevatedDiagnostics
2019-03-01 14:49 - 2009-07-14 00:13 - 000788354 _____ C:\Windows\system32\PerfStringBackup.INI
2019-03-01 14:49 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-03-01 14:33 - 2015-01-15 12:51 - 000000950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2019-03-01 14:31 - 2017-06-21 14:33 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Splice
2019-03-01 14:31 - 2016-10-25 18:27 - 000000218 _____ C:\Windows\Tasks\AutoKMS.job
2019-03-01 14:31 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-01 14:30 - 2018-11-12 17:14 - 002921984 _____ (TOSHIBA CORPORATION) C:\Windows\system32\cwamiousvc.exe
2019-03-01 14:26 - 2018-11-12 17:06 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\1337
2019-03-01 14:07 - 2013-01-24 09:50 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\Adobe
2019-03-01 13:11 - 2015-11-06 10:35 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Audacity
2019-02-28 14:39 - 2013-01-31 14:00 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\vlc
2019-02-28 14:11 - 2015-01-15 12:51 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\LogMeInIgnition
2019-02-25 15:33 - 2018-11-13 15:28 - 000002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-25 15:33 - 2018-11-13 15:28 - 000002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-23 23:33 - 2018-03-29 12:03 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-21 18:50 - 2017-06-26 16:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-02-21 18:50 - 2015-07-27 12:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-21 17:32 - 2017-07-07 11:06 - 000000000 ____D C:\Users\VisionDAW User\AppData\LocalLow\Mozilla
2019-02-21 15:50 - 2017-06-26 14:07 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\splice
2019-02-21 15:50 - 2017-06-14 16:32 - 000002149 _____ C:\Users\VisionDAW User\Desktop\Splice.lnk
2019-02-21 15:50 - 2017-06-14 16:32 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Splice
2019-02-21 15:50 - 2017-05-18 12:12 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\SpliceSettings
2019-02-21 14:24 - 2013-01-29 17:58 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Dropbox
2019-02-15 10:14 - 2019-01-21 11:19 - 000000250 _____ C:\Windows\wininit.ini
2019-02-15 10:14 - 2015-07-27 12:30 - 000000000 ____D C:\ProgramData\Mozilla
2019-02-14 12:17 - 2013-01-23 12:59 - 000000000 ____D C:\Users\VisionDAW User\Documents\Cubase Projects
2019-02-13 23:19 - 2015-07-07 12:17 - 000003946 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000UA
2019-02-13 23:19 - 2015-07-07 12:17 - 000003550 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000Core
2019-02-13 18:25 - 2018-11-12 18:09 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-13 18:23 - 2013-01-30 11:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-02-13 11:02 - 2015-02-06 10:49 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-12 22:30 - 2018-03-29 12:03 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-02-12 16:20 - 2014-03-24 10:57 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-02-12 16:20 - 2014-03-24 10:57 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-12 16:20 - 2014-03-24 10:57 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-02-12 16:20 - 2014-03-24 10:57 - 000000000 ____D C:\Windows\system32\Macromed
2019-02-12 16:20 - 2013-01-23 14:50 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-02-04 16:12 - 2015-01-15 12:51 - 000000000 ____D C:\Program Files (x86)\LogMeIn
2019-02-04 16:11 - 2015-01-15 12:51 - 000115168 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll.000.bak
2019-02-04 16:11 - 2015-01-15 12:51 - 000115168 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2019-02-04 16:11 - 2015-01-15 12:51 - 000109504 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll

==================== Files in the root of some directories =======

2018-11-12 17:07 - 2018-11-12 21:08 - 000000221 _____ () C:\ProgramData\report.vbs
2018-11-12 17:11 - 2018-11-12 17:11 - 000009794 _____ () C:\Program Files\SQCFMDTOUY-DECRYPT.txt
2018-11-12 17:11 - 2018-11-12 17:11 - 000009794 _____ () C:\Program Files (x86)\SQCFMDTOUY-DECRYPT.txt
2018-05-12 11:53 - 2018-11-12 17:12 - 000000542 _____ () C:\Users\VisionDAW User\AppData\Roaming\ExplorerFavorites.txt.sqcfmdtouy
2019-01-08 18:17 - 2019-01-09 12:01 - 000030406 _____ () C:\Users\VisionDAW User\AppData\Roaming\QBFileDrTool.log
2016-09-07 14:20 - 2018-11-12 17:12 - 000021645 _____ () C:\Users\VisionDAW User\AppData\Roaming\QBFileDrTool.log.sqcfmdtouy
2018-11-12 17:11 - 2018-11-12 17:11 - 000009794 _____ () C:\Users\VisionDAW User\AppData\Roaming\SQCFMDTOUY-DECRYPT.txt
2013-07-09 08:57 - 2018-11-12 17:12 - 000001459 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.1.txt.sqcfmdtouy
2013-07-09 08:57 - 2018-11-12 17:12 - 000001721 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.2.txt.sqcfmdtouy
2013-07-09 08:57 - 2015-11-30 15:43 - 000000000 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2013-07-09 08:57 - 2018-11-12 17:12 - 000001721 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.txt.sqcfmdtouy
2018-11-12 17:12 - 2018-11-12 17:12 - 000009794 _____ () C:\Users\VisionDAW User\AppData\Roaming\Microsoft\SQCFMDTOUY-DECRYPT.txt
2018-11-12 17:12 - 2018-11-12 17:12 - 000140800 _____ () C:\Users\VisionDAW User\AppData\Local\installer.dat
2018-10-02 19:01 - 2018-10-02 19:01 - 000000000 _____ () C:\Users\VisionDAW User\AppData\Local\oobelibMkey.log
2018-01-12 14:56 - 2018-08-29 17:07 - 000000600 _____ () C:\Users\VisionDAW User\AppData\Local\PUTTY.RND
2017-10-17 12:28 - 2017-10-17 12:28 - 000004949 _____ () C:\Users\VisionDAW User\AppData\Local\recently-used.xbel
2017-02-21 15:57 - 2017-02-21 15:57 - 000007605 _____ () C:\Users\VisionDAW User\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-02-26 17:16 - 2017-02-26 17:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\0tac-68y.dll
2017-02-26 12:16 - 2017-02-26 12:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\59h90s9i.dll
2017-02-26 08:16 - 2017-02-26 08:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\6_2_flif.dll
2017-02-25 20:16 - 2017-02-25 20:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\9pacfkfj.dll
2017-02-25 17:16 - 2017-02-25 17:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\b1wlrafs.dll
2017-02-27 08:16 - 2017-02-27 08:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\bs5sdjzu.dll
2017-02-25 18:16 - 2017-02-25 18:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\c1mtsicc.dll
2017-02-26 02:16 - 2017-02-26 02:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\ga1_gsvf.dll
2017-02-23 16:16 - 2017-02-23 16:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\mhb9hati.dll
2010-03-11 15:13 - 2010-03-11 15:13 - 000174440 ____R (Microsoft Corporation) C:\Users\VisionDAW User\AppData\Local\Temp\ose00000.exe
2007-09-10 20:37 - 2007-09-10 20:37 - 000145184 ____R (Microsoft Corporation) C:\Users\VisionDAW User\AppData\Local\Temp\ose00001.exe
2007-09-10 20:37 - 2007-09-10 20:37 - 000145184 ____R (Microsoft Corporation) C:\Users\VisionDAW User\AppData\Local\Temp\ose00002.exe
2017-02-27 02:16 - 2017-02-27 02:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\oxclyjxc.dll
2017-02-26 01:16 - 2017-02-26 01:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\ozj4pnk_.dll
2018-11-10 02:12 - 2018-11-10 02:12 - 017679620 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\setup.dll
2018-11-14 12:40 - 2018-11-12 17:06 - 000099900 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\sesgknqt.sys -> Access Denied <======= ATTENTION

LastRegBack: 2019-03-04 00:35

==================== End of FRST.txt ============================

 

 

OK, thanks for your help, NAS!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.03.2019 01
Ran by VisionDAW User (administrator) on VISIONDAW-20570 (04-03-2019 17:07:43)
Running from C:\Users\VisionDAW User\Desktop\Good Time
Loaded Profiles: VisionDAW User & LogMeInRemoteUser (Available Profiles: VisionDAW User & LogMeInRemoteUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(TOSHIBA CORPORATION) [File not signed] C:\Windows\System32\cwamiousvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Drobo, Inc. -> Drobo, Inc.) C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Express Vpn LLC -> ) C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(Express Vpn LLC -> ) C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
() [File not signed] C:\Program Files (x86)\Chocks\assertions.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Martin Bjoernsen -> RME) C:\Windows\System32\hdspmix.exe
(Martin Bjoernsen -> RME) C:\Windows\System32\hdsp32.exe
(Smilebox, Inc. -> Smilebox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Smilebox\SmileboxTray.exe
(Kensington) [File not signed] C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
(Drobo, Inc. -> Drobo, Inc.) C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
(DISTRIBUTED CREATION INC. -> Splice) C:\Users\VisionDAW User\AppData\Local\splice\app-3.4.11\Splice.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(Belkin Corporation -> Belkin Corporation) C:\Program Files (x86)\Belkin\Nostromo\nost_LM.exe
(Native Instruments GmbH) [File not signed] C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(PowerISO Computing, Inc.) [File not signed] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(PACE Anti-Piracy, Inc.) [File not signed] C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Intuit) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.) C:\Users\VisionDAW User\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(DISTRIBUTED CREATION INC. -> Distributed Creation, Inc.) C:\Users\VisionDAW User\AppData\Local\splice\app-3.4.11\Splice.Helper.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\QtWebEngineProcess.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
() [File not signed] C:\Program Files (x86)\Chocks\assertions.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
(Sony Creative Software Inc -> Sony Creative Software Inc.) [File not signed] C:\Program Files (x86)\Sony\ACID Pro 7.0\acid70.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\calc.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [446400 2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2010-08-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Run: [HDSPTray2] => C:\Windows\system32\hdspmix.exe [1158144 2012-05-07] (Martin Bjoernsen -> RME)
HKLM\...\Run: [HDSPTray1] => C:\Windows\system32\hdsp32.exe [648192 2012-05-07] (Martin Bjoernsen -> RME)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-18] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [217088 2008-01-20] (PowerISO Computing, Inc.) [File not signed]
HKLM-x32\...\Run: [Kensington TrackballWorks Helper] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [435200 2016-02-22] (Kensington) [File not signed]
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2015-08-19] (Intuit, Inc. -> Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2012-09-14] (Intel Corporation) [File not signed]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\EpmNews.exe
HKLM-x32\...\Run: [EaseUS Cleanup] => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\CleanUpUI.exe" 10 300
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Wondershare Helper Compact.exe] => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [SmileboxTray] => C:\Users\VisionDAW User\AppData\Roaming\Smilebox\SmileboxTray.exe [366552 2017-09-27] (Smilebox, Inc. -> Smilebox, Inc.)
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Kensington TrackballWorks] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [435200 2016-02-22] (Kensington) [File not signed]
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Dropbox Update] => C:\Users\VisionDAW User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [DDAssist] => C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe [623392 2015-05-21] (Drobo, Inc. -> Drobo, Inc.)
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [com.squirrel.splice.Splice] => C:\Users\VisionDAW User\AppData\Local\splice\app-3.4.11\Splice.exe [52374928 2019-02-21] (DISTRIBUTED CREATION INC. -> Splice)
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: J - J:\SETUP.EXE
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: L - L:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: {1bbec3d1-fbd2-11e3-a994-4c72b966cf40} - L:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: {48dd52c4-66b2-11e5-b072-4c72b966cf40} - L:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: {705ce262-0716-11e6-a0bd-4c72b966cf40} - K:\VZW_Software_upgrade_assistant.exe
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-25] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\Windows\system32\LMIinit.dll [2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{97E1814E-5601-41c8-9971-10C319EF61CC}] -> C:\Windows\system32\SRCredentialProvider.dll [2018-10-19] (Splashtop Inc. -> Splashtop Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-09-27]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nostromo Loadout Manager.lnk [2018-07-23]
ShortcutTarget: Nostromo Loadout Manager.lnk -> C:\Windows\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe (Macrovision Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-09-27]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-09-27]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)
Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2019-02-21]
ShortcutTarget: Dropbox.lnk -> C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-04-07]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-03-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2014-06-24]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\VisionDAW User\AppData\Roaming\VERIZON\UA_ar\UA.exe (Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 www.swamengine.com
Tcpip\Parameters: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{3CBBDB9E-2295-4D2E-B468-D1DA72ECCD84}: [DhcpNameServer] 10.126.0.1
Tcpip\..\Interfaces\{4EDEC94B-B772-4EA2-8059-FEDA321FD5DB}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{BD9A9928-2BFB-4A60-9E5C-C4DA1B164FAE}: [NameServer] 8.8.8.8,4.2.2.3
Tcpip\..\Interfaces\{BD9A9928-2BFB-4A60-9E5C-C4DA1B164FAE}: [DhcpNameServer] 192.168.86.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-08] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-12-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
Handler: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: b0xpguy3.default
FF ProfilePath: C:\Users\VisionDAW User\AppData\Roaming\Mozilla\Firefox\Profiles\b0xpguy3.default [2019-03-02]
FF NetworkProxy: Mozilla\Firefox\Profiles\b0xpguy3.default -> type", 4
FF Extension: (Video DownloadHelper) - C:\Users\VisionDAW User\AppData\Roaming\Mozilla\Firefox\Profiles\b0xpguy3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-02-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2018-04-04] [Legacy]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-11-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-3386386071-2981558750-1810538096-1000: @asperasoft.com/AsperaConnect -> C:\Users\VisionDAW User\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.7.4\npasperaweb_3.7.4.147728.dll [2017-09-05] (Aspera, Inc. -> Aspera, Inc. )
FF Plugin HKU\S-1-5-21-3386386071-2981558750-1810538096-1000: signiant.com/SigniantTransfer -> C:\Users\VisionDAW User\AppData\Roaming\SigniantInc\SigniantTransfer\5.4.0.60258\npSigniantTransfer.dll [2014-07-11] (Signiant Corporation -> Signiant Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default [2019-03-04]
CHR Extension: (Slides) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-07]
CHR Extension: (Flash Video Downloader) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-09-28]
CHR Extension: (Docs) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-07]
CHR Extension: (Google Drive) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (MEGA) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2019-02-28]
CHR Extension: (YouTube) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-07]
CHR Extension: (Honey) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-02-14]
CHR Extension: (FVD Suggestions) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\caoielngcdpgeldnckhponffkiajaobo [2018-04-11]
CHR Extension: (Google News) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2018-01-08]
CHR Extension: (Dropbox for Gmail) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2019-02-07]
CHR Extension: (Adobe Acrobat) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-03-29]
CHR Extension: (Google Calendar) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2018-01-08]
CHR Extension: (Google Finance) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2018-01-08]
CHR Extension: (Sheets) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-07]
CHR Extension: (Chrome Remote Desktop) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-03-04]
CHR Extension: (Convert PDF to Word - PDFfiller) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclipekclncjckbhddbiocikflkdekkm [2018-01-08]
CHR Extension: (Google Docs Offline) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (AdBlock) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-28]
CHR Extension: (Google Calendar) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2018-04-11]
CHR Extension: (Grammarly for Chrome) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-03-01]
CHR Extension: (Google Calendar - Week of Aug 9, 2015) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkcpfjbnojkgkmchngbnpbnahpikkgi [2018-01-08]
CHR Extension: (Evernote Web) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2018-01-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-12-07]
CHR Extension: (Video DownloadHelper) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2019-02-03]
CHR Extension: (Google Maps) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2018-01-08]
CHR Extension: (Contacts Sort App) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfbligcoimpkahekefnppbjgmjojkcp [2018-01-08]
CHR Extension: (Google Play Books) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2018-01-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2019-03-01]
CHR Extension: (Evernote Web Clipper) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2019-01-28]
CHR Extension: (Gmail) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-13]
CHR Profile: C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-12]
CHR HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-03-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\hnkdz <==== ATTENTION (Rootkit!)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013280 2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
R2 DDService; C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe [2056992 2015-05-21] (Drobo, Inc. -> Drobo, Inc.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40080 2018-05-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [339168 2018-07-03] (Express Vpn LLC -> )
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2012-09-14] (Intel Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [420296 2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [588232 2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-01-10] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5739008 2011-12-05] (Native Instruments GmbH) [File not signed]
R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-03-07] (Intuit) [File not signed]
R3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-08-19] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-08-19] (Intuit Inc.) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115976 2016-01-28] (Shenzhen Wondershare Information Technology Co., Ltd. -> Wondershare)
S3 GoogleChromeElevationService; "C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\elevation_service.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcgame; C:\Windows\System32\drivers\bcgame.sys [35328 2007-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Belkin Corporation)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 e1qexpress; C:\Windows\System32\DRIVERS\e1q60x64.sys [244736 2009-06-10] (Microsoft Windows -> Intel Corporation)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [54216 2018-05-15] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [101376 2013-07-09] (NTONYX Ltd. -> Eugene V. Muzychenko)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVpn SplitTunnel Driver\driver\expressvpnsplittunnel.sys [18800 2018-07-03] (ExprsVPN LLC -> )
R3 hdsp; C:\Windows\System32\drivers\hdsp_64.sys [102400 2012-05-07] (Martin Bjoernsen -> RME)
S3 HPFXFAX; C:\Windows\System32\drivers\hppdfaxio.sys [23576 2010-12-07] (Hewlett-Packard Company -> Hewlett Packard)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26072 2012-09-14] (Intel Corporation -> Intel Corporation)
S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25752 2012-05-16] (PACE Anti-Piracy, Inc. -> )
R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-03-01] (Malwarebytes Corporation -> Malwarebytes)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [96768 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [213504 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [57776 2008-01-20] (Fenghua Lee -> PowerISO Computing, Inc.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [33488 2015-11-30] (NCH Software -> )
R3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-15] (Steinberg Media Technologies GmbH -> Steinberg Media Technologies GmbH)
S3 tapexpressvpn; C:\Windows\System32\DRIVERS\tapexpressvpn.sys [35696 2018-07-03] (ExprsVPN LLC -> The OpenVPN Project)
R3 tbwkern; C:\Windows\System32\DRIVERS\tbwkern.sys [34656 2016-02-22] (Kensington Computer Products Group -> )
R3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S1 bpeol; \??\C:\Users\VISION~1\AppData\Local\Temp\uphctszv.sys [X] <==== ATTENTION
R4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
R3 knqtxa; system32\drivers\qtxadg.sys [X]
S4 lamurk; System32\drivers\dscvplam.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-04 17:07 - 2019-03-04 17:07 - 000000000 ____D C:\FRST
2019-03-02 15:17 - 2019-03-02 15:17 - 010372016 _____ C:\Users\VisionDAW User\Desktop\bitdefender_online.exe
2019-03-02 12:24 - 2019-03-02 12:24 - 000000000 ____D C:\Users\VisionDAW User\Desktop\New folder (2)
2019-03-01 14:51 - 2019-03-04 17:05 - 000000001 _____ C:\8061vvch9obpgv6
2019-03-01 14:31 - 2019-03-01 14:31 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-03-01 14:28 - 2019-03-01 14:28 - 000145744 ____N C:\Windows\system32\Drivers\sesgknqt.sys
2019-03-01 14:26 - 2019-03-01 14:26 - 000047684 _____ C:\Windows\system32\.crusader
2019-03-01 14:20 - 2019-03-01 14:27 - 000000000 ____D C:\ProgramData\HitmanPro
2019-03-01 14:18 - 2019-03-01 14:20 - 011514112 _____ (SurfRight B.V.) C:\Users\VisionDAW User\Desktop\HitmanPro_x64.exe
2019-02-28 16:15 - 2019-02-28 16:15 - 000000355 _____ C:\Users\VisionDAW User\Desktop\Computer - Shortcut (2).lnk
2019-02-21 17:21 - 2019-02-21 17:21 - 000003012 _____ C:\Windows\System32\Tasks\{F4141091-2D04-4C45-B8E9-FEFA3A93C11F}
2019-02-21 17:21 - 2019-02-21 17:21 - 000003012 _____ C:\Windows\System32\Tasks\{15825107-9085-4D14-BCFE-C0D1BE5BD07B}
2019-02-21 15:49 - 2019-02-21 15:49 - 018914256 _____ (Bitdefender LLC) C:\Users\VisionDAW User\Desktop\BDGandCrabDecryptTool.exe
2019-02-21 14:23 - 2019-02-21 14:23 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-02-13 18:23 - 2019-02-13 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-02-13 11:01 - 2019-02-13 11:01 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-13 11:01 - 2019-02-13 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-13 11:01 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-13 09:43 - 2019-02-13 09:43 - 000081938 _____ C:\Users\VisionDAW User\Desktop\RT. Fiocca Release.pdf
2019-02-13 09:41 - 2019-02-13 09:41 - 000016853 _____ C:\Users\VisionDAW User\Desktop\R. Fiocca Release.pdf
2019-02-08 09:49 - 2019-02-13 18:23 - 000002383 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002334 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-02-04 21:27 - 2019-02-04 21:27 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\Splashtop
2019-02-03 14:59 - 2019-02-03 14:59 - 000000355 _____ C:\Users\VisionDAW User\Desktop\Computer - Shortcut.lnk

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-04 17:08 - 2009-07-13 21:34 - 025952256 _____ C:\Windows\system32\config\HARDWARE
2019-03-04 17:07 - 2018-07-17 14:59 - 000000000 ____D C:\Users\VisionDAW User\Desktop\Good Time
2019-03-04 17:01 - 2015-01-15 12:51 - 000000000 ____D C:\ProgramData\LogMeIn
2019-03-04 16:24 - 2015-07-07 12:17 - 000000954 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000UA.job
2019-03-04 05:01 - 2009-07-13 23:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-03-04 05:01 - 2009-07-13 23:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-03-03 23:24 - 2015-07-07 12:17 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000Core.job
2019-03-02 18:36 - 2013-01-29 10:44 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\HpUpdate
2019-03-02 18:36 - 2013-01-25 14:18 - 000000000 ____D C:\Users\VisionDAW User\Documents\ACID Pro 7.0 Projects
2019-03-02 12:02 - 2018-01-12 16:30 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\CrashDumps
2019-03-01 16:44 - 2013-01-23 12:47 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\ElevatedDiagnostics
2019-03-01 14:49 - 2009-07-14 00:13 - 000788354 _____ C:\Windows\system32\PerfStringBackup.INI
2019-03-01 14:49 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-03-01 14:33 - 2015-01-15 12:51 - 000000950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2019-03-01 14:31 - 2017-06-21 14:33 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Splice
2019-03-01 14:31 - 2016-10-25 18:27 - 000000218 _____ C:\Windows\Tasks\AutoKMS.job
2019-03-01 14:31 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-01 14:30 - 2018-11-12 17:14 - 002921984 _____ (TOSHIBA CORPORATION) C:\Windows\system32\cwamiousvc.exe
2019-03-01 14:26 - 2018-11-12 17:06 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\1337
2019-03-01 14:07 - 2013-01-24 09:50 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\Adobe
2019-03-01 13:11 - 2015-11-06 10:35 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Audacity
2019-02-28 14:39 - 2013-01-31 14:00 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\vlc
2019-02-28 14:11 - 2015-01-15 12:51 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\LogMeInIgnition
2019-02-25 15:33 - 2018-11-13 15:28 - 000002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-25 15:33 - 2018-11-13 15:28 - 000002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-23 23:33 - 2018-03-29 12:03 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-21 18:50 - 2017-06-26 16:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-02-21 18:50 - 2015-07-27 12:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-21 17:32 - 2017-07-07 11:06 - 000000000 ____D C:\Users\VisionDAW User\AppData\LocalLow\Mozilla
2019-02-21 15:50 - 2017-06-26 14:07 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\splice
2019-02-21 15:50 - 2017-06-14 16:32 - 000002149 _____ C:\Users\VisionDAW User\Desktop\Splice.lnk
2019-02-21 15:50 - 2017-06-14 16:32 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Splice
2019-02-21 15:50 - 2017-05-18 12:12 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\SpliceSettings
2019-02-21 14:24 - 2013-01-29 17:58 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Dropbox
2019-02-15 10:14 - 2019-01-21 11:19 - 000000250 _____ C:\Windows\wininit.ini
2019-02-15 10:14 - 2015-07-27 12:30 - 000000000 ____D C:\ProgramData\Mozilla
2019-02-14 12:17 - 2013-01-23 12:59 - 000000000 ____D C:\Users\VisionDAW User\Documents\Cubase Projects
2019-02-13 23:19 - 2015-07-07 12:17 - 000003946 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000UA
2019-02-13 23:19 - 2015-07-07 12:17 - 000003550 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000Core
2019-02-13 18:25 - 2018-11-12 18:09 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-13 18:23 - 2013-01-30 11:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-02-13 11:02 - 2015-02-06 10:49 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-12 22:30 - 2018-03-29 12:03 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-02-12 16:20 - 2014-03-24 10:57 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-02-12 16:20 - 2014-03-24 10:57 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-12 16:20 - 2014-03-24 10:57 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-02-12 16:20 - 2014-03-24 10:57 - 000000000 ____D C:\Windows\system32\Macromed
2019-02-12 16:20 - 2013-01-23 14:50 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-02-04 16:12 - 2015-01-15 12:51 - 000000000 ____D C:\Program Files (x86)\LogMeIn
2019-02-04 16:11 - 2015-01-15 12:51 - 000115168 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll.000.bak
2019-02-04 16:11 - 2015-01-15 12:51 - 000115168 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2019-02-04 16:11 - 2015-01-15 12:51 - 000109504 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll

==================== Files in the root of some directories =======

2018-11-12 17:07 - 2018-11-12 21:08 - 000000221 _____ () C:\ProgramData\report.vbs
2018-11-12 17:11 - 2018-11-12 17:11 - 000009794 _____ () C:\Program Files\SQCFMDTOUY-DECRYPT.txt
2018-11-12 17:11 - 2018-11-12 17:11 - 000009794 _____ () C:\Program Files (x86)\SQCFMDTOUY-DECRYPT.txt
2018-05-12 11:53 - 2018-11-12 17:12 - 000000542 _____ () C:\Users\VisionDAW User\AppData\Roaming\ExplorerFavorites.txt.sqcfmdtouy
2019-01-08 18:17 - 2019-01-09 12:01 - 000030406 _____ () C:\Users\VisionDAW User\AppData\Roaming\QBFileDrTool.log
2016-09-07 14:20 - 2018-11-12 17:12 - 000021645 _____ () C:\Users\VisionDAW User\AppData\Roaming\QBFileDrTool.log.sqcfmdtouy
2018-11-12 17:11 - 2018-11-12 17:11 - 000009794 _____ () C:\Users\VisionDAW User\AppData\Roaming\SQCFMDTOUY-DECRYPT.txt
2013-07-09 08:57 - 2018-11-12 17:12 - 000001459 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.1.txt.sqcfmdtouy
2013-07-09 08:57 - 2018-11-12 17:12 - 000001721 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.2.txt.sqcfmdtouy
2013-07-09 08:57 - 2015-11-30 15:43 - 000000000 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2013-07-09 08:57 - 2018-11-12 17:12 - 000001721 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.txt.sqcfmdtouy
2018-11-12 17:12 - 2018-11-12 17:12 - 000009794 _____ () C:\Users\VisionDAW User\AppData\Roaming\Microsoft\SQCFMDTOUY-DECRYPT.txt
2018-11-12 17:12 - 2018-11-12 17:12 - 000140800 _____ () C:\Users\VisionDAW User\AppData\Local\installer.dat
2018-10-02 19:01 - 2018-10-02 19:01 - 000000000 _____ () C:\Users\VisionDAW User\AppData\Local\oobelibMkey.log
2018-01-12 14:56 - 2018-08-29 17:07 - 000000600 _____ () C:\Users\VisionDAW User\AppData\Local\PUTTY.RND
2017-10-17 12:28 - 2017-10-17 12:28 - 000004949 _____ () C:\Users\VisionDAW User\AppData\Local\recently-used.xbel
2017-02-21 15:57 - 2017-02-21 15:57 - 000007605 _____ () C:\Users\VisionDAW User\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-02-26 17:16 - 2017-02-26 17:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\0tac-68y.dll
2017-02-26 12:16 - 2017-02-26 12:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\59h90s9i.dll
2017-02-26 08:16 - 2017-02-26 08:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\6_2_flif.dll
2017-02-25 20:16 - 2017-02-25 20:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\9pacfkfj.dll
2017-02-25 17:16 - 2017-02-25 17:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\b1wlrafs.dll
2017-02-27 08:16 - 2017-02-27 08:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\bs5sdjzu.dll
2017-02-25 18:16 - 2017-02-25 18:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\c1mtsicc.dll
2017-02-26 02:16 - 2017-02-26 02:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\ga1_gsvf.dll
2017-02-23 16:16 - 2017-02-23 16:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\mhb9hati.dll
2010-03-11 15:13 - 2010-03-11 15:13 - 000174440 ____R (Microsoft Corporation) C:\Users\VisionDAW User\AppData\Local\Temp\ose00000.exe
2007-09-10 20:37 - 2007-09-10 20:37 - 000145184 ____R (Microsoft Corporation) C:\Users\VisionDAW User\AppData\Local\Temp\ose00001.exe
2007-09-10 20:37 - 2007-09-10 20:37 - 000145184 ____R (Microsoft Corporation) C:\Users\VisionDAW User\AppData\Local\Temp\ose00002.exe
2017-02-27 02:16 - 2017-02-27 02:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\oxclyjxc.dll
2017-02-26 01:16 - 2017-02-26 01:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\ozj4pnk_.dll
2018-11-10 02:12 - 2018-11-10 02:12 - 017679620 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\setup.dll
2018-11-14 12:40 - 2018-11-12 17:06 - 000099900 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\sesgknqt.sys -> Access Denied <======= ATTENTION

LastRegBack: 2019-03-04 00:35

==================== End of FRST.txt ============================

Addition.txt

Share this post


Link to post
Share on other sites

Hi,

I have identified a bad SmartService infection.

You will need access to a spare PC and a USB flash drive that has not been in contact with the sick PC...
Let me know if you have access to these devices.

I need to know first if you can enable the Recovery Environment...

Open FRST on the compromised computer:

copy/paste the following inside the text area of FRST. Once done, click on the Fix button. A file called fixlog.txt should appear on your desktop. Attach it in your next reply.

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
End::

frst%2520b.jpg&key=98f8e4fa906452a8ed544

On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
Copy and paste its content in your next reply.

Wait for further instructions.
<<<>>>

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites

Sorry, thought I'd already posted this, but forgot to hit SEND. Thanks again.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by VisionDAW User (17-03-2019 09:09:48) Run:1
Running from C:\Users\VisionDAW User\Desktop\Farber Recovery Tool
Loaded Profiles: VisionDAW User & LogMeInRemoteUser (Available Profiles: VisionDAW User & LogMeInRemoteUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes

*****************


========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========


==== End of Fixlog 09:09:49 ====

Share this post


Link to post
Share on other sites

Also, I am going to get access to a PC laptop this afternoon. Do I need an absolutely fresh thumb drive or can I simply wipe and reformat an existing one exFat on one of my Mac computers?

 

Thanks,

 

rf

Share this post


Link to post
Share on other sites

Hi,

Do not format on a MAC it may not work.

If the Flash drive was not connected while the computer was compromised you can just use it on the other pc.
What you can do is format the Flash drive on the clean compute before starting.

Proceed carefully. Read all before starting.

Preparing the USB Flash Drive

Using the Clean computer download the right version of Farbar program for your system to Desktop.
64-bit or 32 bit version. Select the one you need. From your first log you have the 64 bit.
https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Move the executable (FRST.exe or FRST64.exe) to your USB Flash Drive
 


How to determine whether your computer is running a 32-bit version or 64-bit version of the Windows operating system.
https://support.microsoft.com/en-us/help/827218/how-to-determine-whether-a-computer-is-running-a-32-bit-version-or-64

===

Boot in the Recovery Environment WINDOWS 7 USERS

To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
Restart the computer
Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears

Look at this video if not familiar with it.
http://www.informit.com/articles/article.aspx?p=1400870

Use the arrow keys to select Repair your computer, and press on Enter
Select your keyboard layout (US, French, etc.) and click on Next

Once in the command prompt
Plug your USB Flash Drive in the infected computer
---

Click on Command Prompt to open the command prompt

In the command prompt, type notepad and press on Enter
Notepad will open. Click on the File menu and select Open
Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad

In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter

Note: Replace the letter e with the drive letter of your USB Flash Drive

FRST will open

Click on Yes to accept the disclaimer
Click on the Scan button and wait for the scan to complete
A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply.

Wait for further instructions.

p.s.
If at any time you need additional information please ask before proceeding.

Share this post


Link to post
Share on other sites

I got as far the Advanced Boot options, but then I got this. Error.thumb.jpg.bc7623e4f2c3e1ba8148a3f4dcc51df1.jpgo select "repair your 

Share this post


Link to post
Share on other sites

Are both of the computer you are trying to fix infection use the Windows Operating system?

Of is one of them a MAC?

 

Share this post


Link to post
Share on other sites

No, the infected computer is a PC running Windows 7 Professional. The PC I used to download the Farbar tool is a laptop running Windows 10 (it is not infected and actually I never got far enough to even insert the flash drive drive containing the Farbar tool, as you can see. The infected PC gives me the result I screenshotted in the previous email when I select "Repair your computer."

Puzzling, no? 

 

thanks,

 

rf

Share this post


Link to post
Share on other sites

Hi,

I see you have not seeing what I had expected.
See below.

https://social.technet.microsoft.com/wiki/contents/articles/11028.how-to-access-windows-recovery-environment-in-windows-7.aspx

Instead of using F8 as suggested in the fix, try F11 on this Windows HP

p.s.
Do you have the HP installation disk.
If not Contact HP and see what they can suggest so that you can enter the WinRE (Windows Recovery Environment.

Share this post


Link to post
Share on other sites

Yes, you are correct, sir. Once I choose repair your computer, all I see is the screenshot I sent you.  

I removed all the drives from the infected PC, including the C drive, and decrypted all the GANDCRAB 5.0.4 files on them using an uninfected PC. It worked!

I will be putting them back in later today and will attempt to fix the other issues we discovered using the F11 key this time. I'm not expecting that to work; but I do have my original Windows 7 Pro installation disk so I'm guessing I should be able to boot from that and enter the Recovery Environment that way.

Alternatively, since I do have the opportunity to run antivirus/malware on the C drive of the infected computer using a drive caddy, would you suggest I try disinfecting the drive that way before putting back into the computer?

 

Thanks in advance.

 

rf

Share this post


Link to post
Share on other sites

I do not know but I see no reason for trying.

Share this post


Link to post
Share on other sites

OK, I'm away on business this week but I'll give it a try when I return on Thursday. I'll let you know if it works.

Thank you, sir.

rf

Share this post


Link to post
Share on other sites

Hello, sir. Yes, indeed I am. I just returned from a business trip. As I think I mentioned, I removed the 😄 drive from the infected computer and was able to use a PC laptop to run multiple scans using Bitdefender antivirus and also used the Bitdefender decryptor tool to restore all the files that had been encrypted by GandCrab 5.0.4.

Last night I put the 😄 drive back into the PC tower, which did a "check-desk" operation and then booted up normally;  I was finally able to run the Bitdefender decryption tool.  I left it running overnight to decrypt an 8 TB peripheral drive.

So I think the infection may have been dealt with, but I will run an anti-malwarebytes scan this morning and send you the results. A Bitdefender scan I did previously (before I put the drive back in the tower) showed no signs of virus.

Thanks again for all your help.

 

Share this post


Link to post
Share on other sites

Here is the result of the latest scan:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/29/19
Scan Time: 6:21 PM
Log File: 119201a2-5271-11e9-bbb0-4c72b966cf3f.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.563
Update Package Version: 1.0.9918
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: VISIONDAW-20570\VisionDAW User

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 313663
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 min, 0 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.