Can't remove detected malware

tuneguy · March 2, 2019

I recently ran a scan and a number of threats were detected. However, only one of them could be quarantined/removed. Do I need some other virus removal program? (full log attached as .txt)

Anybody else have this issue?

1489795194_MalwareReport.JPG.7b3b05e1416bb739fb889bac8f557d48.JPG

Full log.txt

nasdaq · March 3, 2019

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs for my review.

Wait for further instructions

tuneguy · March 5, 2019

Thanks for your help!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.03.2019 01
Ran by VisionDAW User (administrator) on VISIONDAW-20570 (04-03-2019 17:07:43)
Running from C:\Users\VisionDAW User\Desktop\Good Time
Loaded Profiles: VisionDAW User & LogMeInRemoteUser (Available Profiles: VisionDAW User & LogMeInRemoteUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(TOSHIBA CORPORATION) [File not signed] C:\Windows\System32\cwamiousvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Drobo, Inc. -> Drobo, Inc.) C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Express Vpn LLC -> ) C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(Express Vpn LLC -> ) C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
() [File not signed] C:\Program Files (x86)\Chocks\assertions.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Martin Bjoernsen -> RME) C:\Windows\System32\hdspmix.exe
(Martin Bjoernsen -> RME) C:\Windows\System32\hdsp32.exe
(Smilebox, Inc. -> Smilebox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Smilebox\SmileboxTray.exe
(Kensington) [File not signed] C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
(Drobo, Inc. -> Drobo, Inc.) C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
(DISTRIBUTED CREATION INC. -> Splice) C:\Users\VisionDAW User\AppData\Local\splice\app-3.4.11\Splice.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(Belkin Corporation -> Belkin Corporation) C:\Program Files (x86)\Belkin\Nostromo\nost_LM.exe
(Native Instruments GmbH) [File not signed] C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(PowerISO Computing, Inc.) [File not signed] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(PACE Anti-Piracy, Inc.) [File not signed] C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Intuit) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.) C:\Users\VisionDAW User\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(DISTRIBUTED CREATION INC. -> Distributed Creation, Inc.) C:\Users\VisionDAW User\AppData\Local\splice\app-3.4.11\Splice.Helper.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\QtWebEngineProcess.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
() [File not signed] C:\Program Files (x86)\Chocks\assertions.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
(Sony Creative Software Inc -> Sony Creative Software Inc.) [File not signed] C:\Program Files (x86)\Sony\ACID Pro 7.0\acid70.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\calc.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [446400 2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2010-08-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Run: [HDSPTray2] => C:\Windows\system32\hdspmix.exe [1158144 2012-05-07] (Martin Bjoernsen -> RME)
HKLM\...\Run: [HDSPTray1] => C:\Windows\system32\hdsp32.exe [648192 2012-05-07] (Martin Bjoernsen -> RME)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-18] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [217088 2008-01-20] (PowerISO Computing, Inc.) [File not signed]
HKLM-x32\...\Run: [Kensington TrackballWorks Helper] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [435200 2016-02-22] (Kensington) [File not signed]
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2015-08-19] (Intuit, Inc. -> Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2012-09-14] (Intel Corporation) [File not signed]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\EpmNews.exe
HKLM-x32\...\Run: [EaseUS Cleanup] => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\CleanUpUI.exe" 10 300
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Wondershare Helper Compact.exe] => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [SmileboxTray] => C:\Users\VisionDAW User\AppData\Roaming\Smilebox\SmileboxTray.exe [366552 2017-09-27] (Smilebox, Inc. -> Smilebox, Inc.)
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Kensington TrackballWorks] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [435200 2016-02-22] (Kensington) [File not signed]
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Dropbox Update] => C:\Users\VisionDAW User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [DDAssist] => C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe [623392 2015-05-21] (Drobo, Inc. -> Drobo, Inc.)
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [com.squirrel.splice.Splice] => C:\Users\VisionDAW User\AppData\Local\splice\app-3.4.11\Splice.exe [52374928 2019-02-21] (DISTRIBUTED CREATION INC. -> Splice)
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: J - J:\SETUP.EXE
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: L - L:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: {1bbec3d1-fbd2-11e3-a994-4c72b966cf40} - L:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: {48dd52c4-66b2-11e5-b072-4c72b966cf40} - L:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\...\MountPoints2: {705ce262-0716-11e6-a0bd-4c72b966cf40} - K:\VZW_Software_upgrade_assistant.exe
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-25] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\Windows\system32\LMIinit.dll [2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{97E1814E-5601-41c8-9971-10C319EF61CC}] -> C:\Windows\system32\SRCredentialProvider.dll [2018-10-19] (Splashtop Inc. -> Splashtop Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-09-27]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nostromo Loadout Manager.lnk [2018-07-23]
ShortcutTarget: Nostromo Loadout Manager.lnk -> C:\Windows\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe (Macrovision Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-09-27]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-09-27]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)
Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2019-02-21]
ShortcutTarget: Dropbox.lnk -> C:\Users\VisionDAW User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-04-07]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-03-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2014-06-24]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\VisionDAW User\AppData\Roaming\VERIZON\UA_ar\UA.exe (Samsung Electronics CO., LTD. -> SAMSUNG Electornics Co., Ltd.)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 www.swamengine.com
Tcpip\Parameters: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{3CBBDB9E-2295-4D2E-B468-D1DA72ECCD84}: [DhcpNameServer] 10.126.0.1
Tcpip\..\Interfaces\{4EDEC94B-B772-4EA2-8059-FEDA321FD5DB}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{BD9A9928-2BFB-4A60-9E5C-C4DA1B164FAE}: [NameServer] 8.8.8.8,4.2.2.3
Tcpip\..\Interfaces\{BD9A9928-2BFB-4A60-9E5C-C4DA1B164FAE}: [DhcpNameServer] 192.168.86.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-08] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-12-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File
Handler: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: b0xpguy3.default
FF ProfilePath: C:\Users\VisionDAW User\AppData\Roaming\Mozilla\Firefox\Profiles\b0xpguy3.default [2019-03-02]
FF NetworkProxy: Mozilla\Firefox\Profiles\b0xpguy3.default -> type", 4
FF Extension: (Video DownloadHelper) - C:\Users\VisionDAW User\AppData\Roaming\Mozilla\Firefox\Profiles\b0xpguy3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-02-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2018-04-04] [Legacy]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-11-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-3386386071-2981558750-1810538096-1000: @asperasoft.com/AsperaConnect -> C:\Users\VisionDAW User\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.7.4\npasperaweb_3.7.4.147728.dll [2017-09-05] (Aspera, Inc. -> Aspera, Inc. )
FF Plugin HKU\S-1-5-21-3386386071-2981558750-1810538096-1000: signiant.com/SigniantTransfer -> C:\Users\VisionDAW User\AppData\Roaming\SigniantInc\SigniantTransfer\5.4.0.60258\npSigniantTransfer.dll [2014-07-11] (Signiant Corporation -> Signiant Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default [2019-03-04]
CHR Extension: (Slides) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-07]
CHR Extension: (Flash Video Downloader) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-09-28]
CHR Extension: (Docs) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-07]
CHR Extension: (Google Drive) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (MEGA) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2019-02-28]
CHR Extension: (YouTube) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-07]
CHR Extension: (Honey) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-02-14]
CHR Extension: (FVD Suggestions) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\caoielngcdpgeldnckhponffkiajaobo [2018-04-11]
CHR Extension: (Google News) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2018-01-08]
CHR Extension: (Dropbox for Gmail) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2019-02-07]
CHR Extension: (Adobe Acrobat) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-03-29]
CHR Extension: (Google Calendar) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2018-01-08]
CHR Extension: (Google Finance) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2018-01-08]
CHR Extension: (Sheets) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-07]
CHR Extension: (Chrome Remote Desktop) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-03-04]
CHR Extension: (Convert PDF to Word - PDFfiller) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclipekclncjckbhddbiocikflkdekkm [2018-01-08]
CHR Extension: (Google Docs Offline) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (AdBlock) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-28]
CHR Extension: (Google Calendar) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2018-04-11]
CHR Extension: (Grammarly for Chrome) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-03-01]
CHR Extension: (Google Calendar - Week of Aug 9, 2015) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkcpfjbnojkgkmchngbnpbnahpikkgi [2018-01-08]
CHR Extension: (Evernote Web) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2018-01-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-12-07]
CHR Extension: (Video DownloadHelper) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2019-02-03]
CHR Extension: (Google Maps) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2018-01-08]
CHR Extension: (Contacts Sort App) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfbligcoimpkahekefnppbjgmjojkcp [2018-01-08]
CHR Extension: (Google Play Books) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2018-01-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2019-03-01]
CHR Extension: (Evernote Web Clipper) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2019-01-28]
CHR Extension: (Gmail) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-13]
CHR Profile: C:\Users\VisionDAW User\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-12]
CHR HKU\S-1-5-21-3386386071-2981558750-1810538096-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-03-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\hnkdz <==== ATTENTION (Rootkit!)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013280 2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
R2 DDService; C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe [2056992 2015-05-21] (Drobo, Inc. -> Drobo, Inc.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40080 2018-05-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [339168 2018-07-03] (Express Vpn LLC -> )
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2012-09-14] (Intel Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [420296 2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [588232 2019-02-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-01-10] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5739008 2011-12-05] (Native Instruments GmbH) [File not signed]
R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-03-07] (Intuit) [File not signed]
R3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-08-19] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-08-19] (Intuit Inc.) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115976 2016-01-28] (Shenzhen Wondershare Information Technology Co., Ltd. -> Wondershare)
S3 GoogleChromeElevationService; "C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\elevation_service.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcgame; C:\Windows\System32\drivers\bcgame.sys [35328 2007-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Belkin Corporation)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 e1qexpress; C:\Windows\System32\DRIVERS\e1q60x64.sys [244736 2009-06-10] (Microsoft Windows -> Intel Corporation)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [54216 2018-05-15] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [101376 2013-07-09] (NTONYX Ltd. -> Eugene V. Muzychenko)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVpn SplitTunnel Driver\driver\expressvpnsplittunnel.sys [18800 2018-07-03] (ExprsVPN LLC -> )
R3 hdsp; C:\Windows\System32\drivers\hdsp_64.sys [102400 2012-05-07] (Martin Bjoernsen -> RME)
S3 HPFXFAX; C:\Windows\System32\drivers\hppdfaxio.sys [23576 2010-12-07] (Hewlett-Packard Company -> Hewlett Packard)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26072 2012-09-14] (Intel Corporation -> Intel Corporation)
S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25752 2012-05-16] (PACE Anti-Piracy, Inc. -> )
R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-03-01] (Malwarebytes Corporation -> Malwarebytes)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [96768 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [213504 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [57776 2008-01-20] (Fenghua Lee -> PowerISO Computing, Inc.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [33488 2015-11-30] (NCH Software -> )
R3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-15] (Steinberg Media Technologies GmbH -> Steinberg Media Technologies GmbH)
S3 tapexpressvpn; C:\Windows\System32\DRIVERS\tapexpressvpn.sys [35696 2018-07-03] (ExprsVPN LLC -> The OpenVPN Project)
R3 tbwkern; C:\Windows\System32\DRIVERS\tbwkern.sys [34656 2016-02-22] (Kensington Computer Products Group -> )
R3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S1 bpeol; \??\C:\Users\VISION~1\AppData\Local\Temp\uphctszv.sys [X] <==== ATTENTION
R4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
R3 knqtxa; system32\drivers\qtxadg.sys [X]
S4 lamurk; System32\drivers\dscvplam.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-04 17:07 - 2019-03-04 17:07 - 000000000 ____D C:\FRST
2019-03-02 15:17 - 2019-03-02 15:17 - 010372016 _____ C:\Users\VisionDAW User\Desktop\bitdefender_online.exe
2019-03-02 12:24 - 2019-03-02 12:24 - 000000000 ____D C:\Users\VisionDAW User\Desktop\New folder (2)
2019-03-01 14:51 - 2019-03-04 17:05 - 000000001 _____ C:\8061vvch9obpgv6
2019-03-01 14:31 - 2019-03-01 14:31 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-03-01 14:28 - 2019-03-01 14:28 - 000145744 ____N C:\Windows\system32\Drivers\sesgknqt.sys
2019-03-01 14:26 - 2019-03-01 14:26 - 000047684 _____ C:\Windows\system32\.crusader
2019-03-01 14:20 - 2019-03-01 14:27 - 000000000 ____D C:\ProgramData\HitmanPro
2019-03-01 14:18 - 2019-03-01 14:20 - 011514112 _____ (SurfRight B.V.) C:\Users\VisionDAW User\Desktop\HitmanPro_x64.exe
2019-02-28 16:15 - 2019-02-28 16:15 - 000000355 _____ C:\Users\VisionDAW User\Desktop\Computer - Shortcut (2).lnk
2019-02-21 17:21 - 2019-02-21 17:21 - 000003012 _____ C:\Windows\System32\Tasks\{F4141091-2D04-4C45-B8E9-FEFA3A93C11F}
2019-02-21 17:21 - 2019-02-21 17:21 - 000003012 _____ C:\Windows\System32\Tasks\{15825107-9085-4D14-BCFE-C0D1BE5BD07B}
2019-02-21 15:49 - 2019-02-21 15:49 - 018914256 _____ (Bitdefender LLC) C:\Users\VisionDAW User\Desktop\BDGandCrabDecryptTool.exe
2019-02-21 14:23 - 2019-02-21 14:23 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-02-13 18:23 - 2019-02-13 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-02-13 11:01 - 2019-02-13 11:01 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-13 11:01 - 2019-02-13 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-13 11:01 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-13 09:43 - 2019-02-13 09:43 - 000081938 _____ C:\Users\VisionDAW User\Desktop\RT. Fiocca Release.pdf
2019-02-13 09:41 - 2019-02-13 09:41 - 000016853 _____ C:\Users\VisionDAW User\Desktop\R. Fiocca Release.pdf
2019-02-08 09:49 - 2019-02-13 18:23 - 000002383 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002334 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-02-08 09:49 - 2019-02-13 18:23 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-02-04 21:27 - 2019-02-04 21:27 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\Splashtop
2019-02-03 14:59 - 2019-02-03 14:59 - 000000355 _____ C:\Users\VisionDAW User\Desktop\Computer - Shortcut.lnk

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-04 17:08 - 2009-07-13 21:34 - 025952256 _____ C:\Windows\system32\config\HARDWARE
2019-03-04 17:07 - 2018-07-17 14:59 - 000000000 ____D C:\Users\VisionDAW User\Desktop\Good Time
2019-03-04 17:01 - 2015-01-15 12:51 - 000000000 ____D C:\ProgramData\LogMeIn
2019-03-04 16:24 - 2015-07-07 12:17 - 000000954 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000UA.job
2019-03-04 05:01 - 2009-07-13 23:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-03-04 05:01 - 2009-07-13 23:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-03-03 23:24 - 2015-07-07 12:17 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000Core.job
2019-03-02 18:36 - 2013-01-29 10:44 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\HpUpdate
2019-03-02 18:36 - 2013-01-25 14:18 - 000000000 ____D C:\Users\VisionDAW User\Documents\ACID Pro 7.0 Projects
2019-03-02 12:02 - 2018-01-12 16:30 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\CrashDumps
2019-03-01 16:44 - 2013-01-23 12:47 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\ElevatedDiagnostics
2019-03-01 14:49 - 2009-07-14 00:13 - 000788354 _____ C:\Windows\system32\PerfStringBackup.INI
2019-03-01 14:49 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-03-01 14:33 - 2015-01-15 12:51 - 000000950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2019-03-01 14:31 - 2017-06-21 14:33 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Splice
2019-03-01 14:31 - 2016-10-25 18:27 - 000000218 _____ C:\Windows\Tasks\AutoKMS.job
2019-03-01 14:31 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-01 14:30 - 2018-11-12 17:14 - 002921984 _____ (TOSHIBA CORPORATION) C:\Windows\system32\cwamiousvc.exe
2019-03-01 14:26 - 2018-11-12 17:06 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\1337
2019-03-01 14:07 - 2013-01-24 09:50 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\Adobe
2019-03-01 13:11 - 2015-11-06 10:35 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Audacity
2019-02-28 14:39 - 2013-01-31 14:00 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\vlc
2019-02-28 14:11 - 2015-01-15 12:51 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\LogMeInIgnition
2019-02-25 15:33 - 2018-11-13 15:28 - 000002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-25 15:33 - 2018-11-13 15:28 - 000002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-23 23:33 - 2018-03-29 12:03 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-21 18:50 - 2017-06-26 16:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-02-21 18:50 - 2015-07-27 12:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-21 17:32 - 2017-07-07 11:06 - 000000000 ____D C:\Users\VisionDAW User\AppData\LocalLow\Mozilla
2019-02-21 15:50 - 2017-06-26 14:07 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\splice
2019-02-21 15:50 - 2017-06-14 16:32 - 000002149 _____ C:\Users\VisionDAW User\Desktop\Splice.lnk
2019-02-21 15:50 - 2017-06-14 16:32 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Splice
2019-02-21 15:50 - 2017-05-18 12:12 - 000000000 ____D C:\Users\VisionDAW User\AppData\Local\SpliceSettings
2019-02-21 14:24 - 2013-01-29 17:58 - 000000000 ____D C:\Users\VisionDAW User\AppData\Roaming\Dropbox
2019-02-15 10:14 - 2019-01-21 11:19 - 000000250 _____ C:\Windows\wininit.ini
2019-02-15 10:14 - 2015-07-27 12:30 - 000000000 ____D C:\ProgramData\Mozilla
2019-02-14 12:17 - 2013-01-23 12:59 - 000000000 ____D C:\Users\VisionDAW User\Documents\Cubase Projects
2019-02-13 23:19 - 2015-07-07 12:17 - 000003946 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000UA
2019-02-13 23:19 - 2015-07-07 12:17 - 000003550 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3386386071-2981558750-1810538096-1000Core
2019-02-13 18:25 - 2018-11-12 18:09 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-13 18:23 - 2013-01-30 11:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-02-13 11:02 - 2015-02-06 10:49 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-12 22:30 - 2018-03-29 12:03 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-02-12 16:20 - 2014-03-24 10:57 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-02-12 16:20 - 2014-03-24 10:57 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-12 16:20 - 2014-03-24 10:57 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-02-12 16:20 - 2014-03-24 10:57 - 000000000 ____D C:\Windows\system32\Macromed
2019-02-12 16:20 - 2013-01-23 14:50 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-02-04 16:12 - 2015-01-15 12:51 - 000000000 ____D C:\Program Files (x86)\LogMeIn
2019-02-04 16:11 - 2015-01-15 12:51 - 000115168 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll.000.bak
2019-02-04 16:11 - 2015-01-15 12:51 - 000115168 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2019-02-04 16:11 - 2015-01-15 12:51 - 000109504 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll

==================== Files in the root of some directories =======

2018-11-12 17:07 - 2018-11-12 21:08 - 000000221 _____ () C:\ProgramData\report.vbs
2018-11-12 17:11 - 2018-11-12 17:11 - 000009794 _____ () C:\Program Files\SQCFMDTOUY-DECRYPT.txt
2018-11-12 17:11 - 2018-11-12 17:11 - 000009794 _____ () C:\Program Files (x86)\SQCFMDTOUY-DECRYPT.txt
2018-05-12 11:53 - 2018-11-12 17:12 - 000000542 _____ () C:\Users\VisionDAW User\AppData\Roaming\ExplorerFavorites.txt.sqcfmdtouy
2019-01-08 18:17 - 2019-01-09 12:01 - 000030406 _____ () C:\Users\VisionDAW User\AppData\Roaming\QBFileDrTool.log
2016-09-07 14:20 - 2018-11-12 17:12 - 000021645 _____ () C:\Users\VisionDAW User\AppData\Roaming\QBFileDrTool.log.sqcfmdtouy
2018-11-12 17:11 - 2018-11-12 17:11 - 000009794 _____ () C:\Users\VisionDAW User\AppData\Roaming\SQCFMDTOUY-DECRYPT.txt
2013-07-09 08:57 - 2018-11-12 17:12 - 000001459 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.1.txt.sqcfmdtouy
2013-07-09 08:57 - 2018-11-12 17:12 - 000001721 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.2.txt.sqcfmdtouy
2013-07-09 08:57 - 2015-11-30 15:43 - 000000000 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2013-07-09 08:57 - 2018-11-12 17:12 - 000001721 _____ () C:\Users\VisionDAW User\AppData\Roaming\trace_FilterInstaller.txt.sqcfmdtouy
2018-11-12 17:12 - 2018-11-12 17:12 - 000009794 _____ () C:\Users\VisionDAW User\AppData\Roaming\Microsoft\SQCFMDTOUY-DECRYPT.txt
2018-11-12 17:12 - 2018-11-12 17:12 - 000140800 _____ () C:\Users\VisionDAW User\AppData\Local\installer.dat
2018-10-02 19:01 - 2018-10-02 19:01 - 000000000 _____ () C:\Users\VisionDAW User\AppData\Local\oobelibMkey.log
2018-01-12 14:56 - 2018-08-29 17:07 - 000000600 _____ () C:\Users\VisionDAW User\AppData\Local\PUTTY.RND
2017-10-17 12:28 - 2017-10-17 12:28 - 000004949 _____ () C:\Users\VisionDAW User\AppData\Local\recently-used.xbel
2017-02-21 15:57 - 2017-02-21 15:57 - 000007605 _____ () C:\Users\VisionDAW User\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-02-26 17:16 - 2017-02-26 17:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\0tac-68y.dll
2017-02-26 12:16 - 2017-02-26 12:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\59h90s9i.dll
2017-02-26 08:16 - 2017-02-26 08:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\6_2_flif.dll
2017-02-25 20:16 - 2017-02-25 20:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\9pacfkfj.dll
2017-02-25 17:16 - 2017-02-25 17:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\b1wlrafs.dll
2017-02-27 08:16 - 2017-02-27 08:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\bs5sdjzu.dll
2017-02-25 18:16 - 2017-02-25 18:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\c1mtsicc.dll
2017-02-26 02:16 - 2017-02-26 02:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\ga1_gsvf.dll
2017-02-23 16:16 - 2017-02-23 16:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\mhb9hati.dll
2010-03-11 15:13 - 2010-03-11 15:13 - 000174440 ____R (Microsoft Corporation) C:\Users\VisionDAW User\AppData\Local\Temp\ose00000.exe
2007-09-10 20:37 - 2007-09-10 20:37 - 000145184 ____R (Microsoft Corporation) C:\Users\VisionDAW User\AppData\Local\Temp\ose00001.exe
2007-09-10 20:37 - 2007-09-10 20:37 - 000145184 ____R (Microsoft Corporation) C:\Users\VisionDAW User\AppData\Local\Temp\ose00002.exe
2017-02-27 02:16 - 2017-02-27 02:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\oxclyjxc.dll
2017-02-26 01:16 - 2017-02-26 01:16 - 000032768 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\ozj4pnk_.dll
2018-11-10 02:12 - 2018-11-10 02:12 - 017679620 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\setup.dll
2018-11-14 12:40 - 2018-11-12 17:06 - 000099900 _____ () C:\Users\VisionDAW User\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\sesgknqt.sys -> Access Denied <======= ATTENTION

LastRegBack: 2019-03-04 00:35

==================== End of FRST.txt ============================

OK, thanks for your help, NAS!