Jump to content
Andrei95

windows cannot find drive.bat virus

Recommended Posts

Hello! I used a virused USB STICKin my PC while my EXTERNAL HDD was connected. Now my 2TB external HDD is virused and "windows cannot find drive.bat" error appears when I try to acces files, and the icons are modified. And now, the files are hidden (the HDD is full but there is no file in the drive). Can you help me recover my files and get rid of the virus, please? Anti-malware, Karpesky, Winows antiviruses say the drive is clean... Thank you!

Share this post


Link to post
Share on other sites

Hello @Andrei95

If the data was encrypted we probably will not be able to assist you. Let me have you run the following though and we'll see what we can find.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

 

 

Share this post


Link to post
Share on other sites

# -------------------------------
# Malwarebytes AdwCleaner 8.0.1.0
# -------------------------------
# Build:    12-17-2019
# Database: 2020-01-06.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-09-2020
# Duration: 00:00:10
# OS:       Windows 10 Pro
# Cleaned:  7
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files\Reimage
Deleted       C:\rei

***** [ Files ] *****

Deleted       C:\Users\GR\Downloads\SpyHunter-Installer.exe

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
Deleted       C:\Users\GR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Reimage
Deleted       HKLM\Software\Wow6432Node\EnigmaSoftwareGroup

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2943 octets] - [09/01/2020 18:21:50]
AdwCleaner[C00].txt - [2817 octets] - [09/01/2020 18:22:07]
AdwCleaner[S01].txt - [1857 octets] - [09/01/2020 22:34:17]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2020
Ran by GR (administrator) on DESKTOP-C63605U (LENOVO 20236) (09-01-2020 22:44:01)
Running from C:\Users\GR\Desktop
Loaded Profiles: GR (Available Profiles: GR)
Platform: Windows 10 Pro Version 1903 18362.535 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dxgiadaptercache.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(Simply Super Software -> Simply Super Software) C:\Program Files (x86)\Trojan Remover\Trjscan.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [909016 2013-10-21] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) [File not signed]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2018-02-10] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2084920 2019-09-27] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\Run: [Chromium] => "c:\users\gr\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [47773264 2019-12-22] (Google LLC -> )
HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\Run: [AvastBrowserAutoLaunch_29444FEB6F6E437784662D7919BD4509] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2015080 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [2487352 2019-09-27] (Adobe Inc. -> Adobe Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.117\Installer\chrmstp.exe [2020-01-09] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2154.121\Installer\chrmstp.exe [2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0291DAC7-A868-4063-88CA-6ED922CF4693} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {0EB87C0A-F1D3-41E2-ADBA-4465DCF32B5A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {198A3F5E-2196-4C33-8306-33E08464C775} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {2C47ECD6-8DA1-4462-8902-978EC043FCA8} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {2E0D790F-0678-49CE-B6B4-14FD56ACD420} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {317720D1-BB50-48D9-BD4C-CD0A5F15AEDF} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
Task: {38520929-5537-4850-867F-67D89E8F1B22} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
Task: {406ED5CE-D10D-4E46-8048-3BB810B482AA} - System32\Tasks\TR_FastScan_AtLogon => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3314400 2019-08-14] (Simply Super Software -> Simply Super Software)
Task: {4FFE0F86-8FFE-4A8F-B1F8-BB93B4B20FCF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {788EF8D6-1C14-43E1-9FC4-91999AA9B550} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
Task: {85D823F6-3DE3-462C-A8CF-A02350E12423} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2015080 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {86AD45F2-9871-4436-AC5C-48FA23A0D111} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-11] (Google Inc -> Google Inc.)
Task: {86F7917C-361B-4380-9ED9-C4A528A603C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-11] (Google Inc -> Google Inc.)
Task: {9CED35AD-C7B7-4177-BE83-10F7DF42E02E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {A3860E91-21B7-4E5D-80D1-801F4BBF814F} - System32\Tasks\TR_AntiHijack => C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe
Task: {A6264E87-3EA8-4B26-B1C4-BE94EDDE4804} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {AC963A36-8162-4851-AE21-51D0F25213E6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
Task: {BEBE9157-8720-4829-A30F-B0121DA629C2} - System32\Tasks\TR_FastScan_Daily_GR => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3314400 2019-08-14] (Simply Super Software -> Simply Super Software)
Task: {C7F971D5-F46B-4E95-9933-40D928E1773C} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2015080 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {CAC1FAF6-A154-48B0-97FD-6992FB906897} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {D302C192-8E05-4655-9408-D118289BD524} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {E4E0B34E-621B-4080-AF03-33762CD127BC} - System32\Tasks\TR_Updater => C:\Program Files (x86)\Trojan Remover\Trupd.exe [2520792 2019-10-03] (Simply Super Software -> Simply Super Software)
Task: {E9CF28F3-4507-42C1-A523-35187BC410D0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-19] (AVAST Software s.r.o. -> AVAST Software)
Task: {FBA236E0-265A-4C91-AE90-95D83AA57C00} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6434670e-a9e0-4ece-ac9c-963b81fdba93}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7167ed4a-5d1e-4fad-9429-fa4cc5027c4e}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-16] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-16] (Google LLC -> Google LLC)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR Notifications: Default -> hxxps://topfilmeonline.net; hxxps://www.youtube.com
CHR Profile: C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default [2020-01-09]
CHR Extension: (Up Pro (Verified)) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdndbhimamboekdkboekhmjfhcfmjpke [2018-08-01]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-01-05]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-07]
CHR Extension: (Chrome Media Router) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-05]
CHR Profile: C:\Users\GR\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-09-11]
CHR Profile: C:\Users\GR\AppData\Local\Google\Chrome\User Data\System Profile [2019-09-11]
CHR HKU\S-1-5-21-4263489620-2654309337-961826061-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\GR\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2019-09-08]
CHR HKU\S-1-5-21-4263489620-2654309337-961826061-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [254488 2018-02-10] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2154.121\elevation_service.exe [1117336 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7013384 2018-03-10] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-11-28] (Microsoft Corporation -> Microsoft Corporation)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [11780320 2020-01-09] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2018-02-11] (Intel(R) pGFX -> Intel Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2020-01-09] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [519904 2020-01-09] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2018-02-10] (Synaptics Incorporated -> Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12135768 2019-09-24] (TeamViewer GmbH -> TeamViewer GmbH)
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-10-13] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 537BFC49; C:\WINDOWS\System32\drivers\537BFC49.sys [478392 2020-01-09] (Kaspersky Lab -> Kaspersky Lab ZAO)
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21625880 2018-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [673304 2018-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [98184 2018-02-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-04-14] (ASUSTeK Computer Inc. -> )
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-01-09] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [276952 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 EnigmaFileMonDriver; C:\WINDOWS\System32\drivers\EnigmaFileMonDriver.sys [68424 2020-01-09] (EnigmaSoft Limited -> EnigmaSoft Limited)
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [121344 2019-03-19] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [218288 2020-01-09] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-01-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-01-09] (Malwarebytes Inc -> Malwarebytes)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-10-01] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-10-01] (MiniTool Solution Ltd -> )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [422656 2018-02-10] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2018-02-10] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
R2 WinDivert1.2; C:\WINDOWS\system32\drivers\WinDivert64.sys [37552 2018-08-01] (Nemea Mjukvaruutveckling AB -> Basil)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2019-12-07] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-09 22:49 - 2020-01-09 22:49 - 000000000 ____D C:\Users\GR\AppData\LocalLow\IGDump
2020-01-09 22:45 - 2020-01-09 22:45 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-01-09 22:45 - 2020-01-09 22:45 - 000218288 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-01-09 22:44 - 2020-01-09 22:48 - 000030739 _____ C:\Users\GR\Desktop\FRST.txt
2020-01-09 22:41 - 2020-01-09 22:41 - 002573312 _____ (Farbar) C:\Users\GR\Downloads\FRST64 (1).exe
2020-01-09 22:35 - 2020-01-09 22:35 - 000003856 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2020-01-09 22:35 - 2020-01-09 22:35 - 000003272 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2020-01-09 22:35 - 2020-01-09 22:35 - 000002570 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2020-01-09 22:35 - 2020-01-09 22:35 - 000002535 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2020-01-09 22:35 - 2020-01-09 22:35 - 000002535 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk
2020-01-09 22:33 - 2020-01-09 22:46 - 000000000 ____D C:\FRST
2020-01-09 22:33 - 2020-01-09 22:33 - 002573312 _____ (Farbar) C:\Users\GR\Desktop\FRST64.exe
2020-01-09 22:33 - 2020-01-09 22:33 - 000003454 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineUA
2020-01-09 22:33 - 2020-01-09 22:33 - 000003330 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineCore
2020-01-09 22:33 - 2020-01-09 22:33 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2020-01-09 22:32 - 2020-01-09 22:32 - 008237744 _____ (Malwarebytes) C:\Users\GR\Downloads\adwcleaner_8.0.1 (1).exe
2020-01-09 22:24 - 2020-01-09 22:27 - 000000000 ____D C:\Users\GR\AppData\Local\BitTorrentHelper
2020-01-09 22:15 - 2020-01-09 22:27 - 000000000 ____D C:\Users\GR\Downloads\SpyHunter v4.22.8.4668 Portable by MaSTeR
2020-01-09 22:15 - 2020-01-09 22:15 - 000010824 _____ C:\Users\GR\Downloads\SpyHunter_v4.22.8.4668_Portable_by_MaSTeR.torrent
2020-01-09 22:05 - 2020-01-09 22:06 - 000000000 ____D C:\Users\GR\Downloads\SpyHunter 4.1.11.0 + Crack
2020-01-09 22:01 - 2020-01-09 22:01 - 000000000 ____D C:\Users\GR\Downloads\Reimage Pc Repair Serial Number
2020-01-09 22:00 - 2020-01-09 22:24 - 000000000 ____D C:\Users\GR\AppData\LocalLow\uTorrent
2020-01-09 19:47 - 2020-01-09 19:55 - 000257512 _____ C:\WINDOWS\ntbtlog.txt
2020-01-09 19:42 - 2020-01-09 19:42 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2020-01-09 19:42 - 2020-01-09 19:42 - 000000000 ___HD C:\ProgramData\Documents\AdobeGC
2020-01-09 19:37 - 2020-01-09 19:37 - 000002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2020-01-09 19:37 - 2020-01-09 19:37 - 000002148 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2020-01-09 19:37 - 2020-01-09 19:37 - 000002148 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2020-01-09 19:37 - 2020-01-09 19:37 - 000000000 ____D C:\Users\GR\AppData\Roaming\AVAST Software
2020-01-09 19:32 - 2020-01-09 22:21 - 000000000 ____D C:\ProgramData\TEMP
2020-01-09 19:30 - 2020-01-09 22:44 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-01-09 19:28 - 2020-01-09 22:38 - 000068424 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2020-01-09 19:28 - 2020-01-09 19:30 - 000848432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2020-01-09 19:28 - 2020-01-09 19:30 - 000460448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2020-01-09 19:28 - 2020-01-09 19:30 - 000161544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-01-09 19:28 - 2020-01-09 19:28 - 000316528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2020-01-09 19:28 - 2020-01-09 19:28 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2020-01-09 19:28 - 2020-01-09 19:28 - 000001055 _____ C:\ProgramData\Desktop\SpyHunter5.lnk
2020-01-09 19:28 - 2020-01-09 19:28 - 000000000 ____D C:\sh5ldr
2020-01-09 19:28 - 2020-01-09 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2020-01-09 19:28 - 2020-01-09 19:28 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2020-01-09 19:28 - 2020-01-09 19:27 - 000355720 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-01-09 19:28 - 2020-01-09 19:27 - 000276952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000274456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000236024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000209552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000204824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000110320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000083792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000065120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000042736 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000037616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000016304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2020-01-09 19:27 - 2020-01-09 19:27 - 000000000 ____D C:\Program Files\EnigmaSoft
2020-01-09 19:25 - 2020-01-09 19:25 - 000000000 ____D C:\Program Files\AVAST Software
2020-01-09 19:24 - 2020-01-09 19:24 - 000230080 _____ (AVAST Software) C:\Users\GR\Downloads\avast_free_antivirus_setup_online.exe
2020-01-09 19:24 - 2020-01-09 19:24 - 000004130 _____ C:\WINDOWS\system32\Tasks\TR_FastScan_Daily_GR
2020-01-09 19:24 - 2020-01-09 19:24 - 000004004 _____ C:\WINDOWS\system32\Tasks\TR_FastScan_AtLogon
2020-01-09 19:24 - 2020-01-09 19:24 - 000003930 _____ C:\WINDOWS\system32\Tasks\TR_Updater
2020-01-09 19:24 - 2020-01-09 19:24 - 000003786 _____ C:\WINDOWS\system32\Tasks\TR_AntiHijack
2020-01-09 19:24 - 2020-01-09 19:24 - 000001367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover FastScan.lnk
2020-01-09 19:24 - 2020-01-09 19:24 - 000001267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover Updater.lnk
2020-01-09 19:24 - 2020-01-09 19:24 - 000001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover.lnk
2020-01-09 19:24 - 2020-01-09 19:24 - 000000000 ____D C:\Users\GR\Documents\Simply Super Software
2020-01-09 19:24 - 2020-01-09 19:24 - 000000000 ____D C:\ProgramData\Simply Super Software
2020-01-09 19:24 - 2020-01-09 19:24 - 000000000 ____D C:\Program Files (x86)\Trojan Remover
2020-01-09 19:23 - 2020-01-09 19:24 - 011779800 _____ (Simply Super Software ) C:\Users\GR\Downloads\trjsetup.exe
2020-01-09 19:15 - 2020-01-09 19:15 - 000478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\537BFC49.sys
2020-01-09 19:14 - 2020-01-09 19:38 - 000000000 ____D C:\KVRT_Data
2020-01-09 19:07 - 2020-01-09 19:26 - 000153224 _____ C:\TDSSKiller.3.1.0.28_09.01.2020_19.07.22_log.txt
2020-01-09 19:07 - 2020-01-09 19:11 - 180774328 _____ (AO Kaspersky Lab) C:\Users\GR\Downloads\KVRT.exe
2020-01-09 19:07 - 2020-01-09 19:07 - 005054744 _____ (AO Kaspersky Lab) C:\Users\GR\Downloads\tdsskiller.exe
2020-01-09 18:59 - 2020-01-09 18:59 - 000000129 _____ C:\Users\GR\Desktop\cleaner.bat
2020-01-09 18:58 - 2020-01-09 18:59 - 000000129 _____ C:\Users\GR\Desktop\New Text Document.txt
2020-01-09 18:47 - 2020-01-09 18:47 - 001917528 _____ (Mister Group ) C:\Users\GR\Downloads\SystemExplorerSetup.exe
2020-01-09 18:40 - 2020-01-09 18:40 - 000001706 _____ C:\Users\GR\Desktop\Shortcut_Virus_Remover_V2.1.3.rar
2020-01-09 18:40 - 2018-07-24 13:24 - 000004005 _____ C:\Users\GR\Desktop\Shortcut_Virus_Remover_V2.1.3.bat
2020-01-09 18:29 - 2020-01-09 18:29 - 000925696 _____ (Farbar) C:\Users\GR\Downloads\FSS (1).exe
2020-01-09 18:25 - 2020-01-09 18:25 - 000000000 ____D C:\Users\GR\AppData\Local\cache
2020-01-09 18:21 - 2020-01-09 18:22 - 000000000 ____D C:\AdwCleaner
2020-01-09 18:21 - 2020-01-09 18:21 - 000925696 _____ (Farbar) C:\Users\GR\Downloads\FSS.exe
2020-01-09 18:20 - 2020-01-09 18:20 - 008237744 _____ (Malwarebytes) C:\Users\GR\Downloads\adwcleaner_8.0.1.exe
2020-01-09 17:46 - 2020-01-09 17:46 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-01-09 17:46 - 2020-01-09 17:46 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-01-09 13:58 - 2020-01-09 14:01 - 000000000 ____D C:\Users\GR\Desktop\apartament  eduard
2020-01-09 13:22 - 2020-01-09 13:28 - 1218883624 _____ C:\Users\GR\Desktop\wetransfer-dee114.zip
2020-01-08 19:24 - 2020-01-08 19:24 - 000000000 ____D C:\Users\GR\Apple
2020-01-05 15:37 - 2020-01-05 16:36 - 000000000 ____D C:\Users\GR\Desktop\neagu ulei
2019-12-12 10:34 - 2019-12-12 10:34 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-12 10:34 - 2019-12-12 10:34 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 002188816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001496080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-12 10:34 - 2019-12-12 10:34 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-12 10:34 - 2019-12-12 10:34 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-12-12 10:34 - 2019-12-12 10:34 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-12-12 10:34 - 2019-12-12 10:34 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-12-12 10:34 - 2019-12-12 10:34 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-12-12 10:34 - 2019-12-12 10:34 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-12-12 10:34 - 2019-12-12 10:34 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2019-12-12 10:34 - 2019-12-12 10:34 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-12-12 10:33 - 2019-12-12 10:34 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-12 10:33 - 2019-12-12 10:33 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-12-12 10:33 - 2019-12-12 10:33 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-12-12 10:33 - 2019-12-12 10:33 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-12 10:33 - 2019-12-12 10:33 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-12-12 10:33 - 2019-12-12 10:33 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-12-12 10:33 - 2019-12-12 10:33 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-12 10:33 - 2019-12-12 10:33 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-12-12 10:33 - 2019-12-12 10:33 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-12-12 10:33 - 2019-12-12 10:33 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-12-12 10:33 - 2019-12-12 10:33 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-12-12 10:33 - 2019-12-12 10:33 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-12-12 08:48 - 2019-12-16 12:34 - 000000000 ____D C:\Users\GR\Desktop\catb
2019-12-10 10:39 - 2020-01-05 15:00 - 000000000 ___HD C:\adobeTemp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-09 22:48 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-09 22:41 - 2019-09-08 21:23 - 000000000 ___RD C:\Users\GR\Google Drive
2020-01-09 22:39 - 2019-09-11 14:51 - 000000000 ___RD C:\Users\GR\Creative Cloud Files
2020-01-09 22:39 - 2018-02-18 17:56 - 000000000 ____D C:\Users\GR\AppData\Local\Adobe
2020-01-09 22:38 - 2018-02-10 18:53 - 000000000 __SHD C:\Users\GR\IntelGraphicsProfiles
2020-01-09 22:37 - 2019-08-29 06:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-09 22:37 - 2019-01-22 23:36 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-01-09 22:36 - 2019-03-19 06:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-01-09 22:34 - 2018-02-11 18:11 - 000002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-09 22:33 - 2018-07-25 12:07 - 000000000 ____D C:\Users\GR\AppData\Local\AVAST Software
2020-01-09 22:33 - 2018-02-18 03:31 - 000000000 ____D C:\Users\GR\AppData\Roaming\uTorrent
2020-01-09 22:32 - 2019-10-24 21:39 - 000000000 ___RD C:\Users\GR\Google Drive (georgerosca1497@gmail.com)
2020-01-09 22:31 - 2019-08-29 06:44 - 000004160 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D9446457-9E4E-4C11-991A-FFD57F12B112}
2020-01-09 22:18 - 2018-02-18 14:33 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-01-09 21:54 - 2019-08-29 06:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-09 19:47 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2020-01-09 19:36 - 2018-07-25 12:27 - 000000000 ____D C:\Users\GR\AppData\Local\CrashDumps
2020-01-09 19:28 - 2019-03-19 06:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-01-09 19:25 - 2018-02-17 18:19 - 000000000 ____D C:\ProgramData\AVAST Software
2020-01-09 19:13 - 2018-02-10 17:44 - 000000000 ____D C:\Users\GR\AppData\Local\Packages
2020-01-09 17:45 - 2019-09-11 01:41 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-01-09 17:45 - 2019-09-11 01:41 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-01-09 17:27 - 2019-09-11 01:42 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-01-09 13:16 - 2019-09-08 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2020-01-08 19:34 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-08 19:34 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-08 19:24 - 2019-08-29 06:27 - 000000000 ____D C:\Users\GR
2020-01-05 14:58 - 2019-10-06 22:38 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-01-05 14:58 - 2019-10-06 22:38 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-01-05 14:55 - 2019-08-29 06:34 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-16 12:46 - 2019-01-22 23:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-12-16 12:41 - 2019-08-29 06:44 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-16 12:41 - 2019-08-29 06:44 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-16 12:28 - 2018-02-13 02:37 - 000000000 ___RD C:\Users\GR\3D Objects
2019-12-16 12:28 - 2018-02-10 17:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-12-16 12:27 - 2019-08-29 06:18 - 000460264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-12 12:05 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-12-12 12:05 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-12 12:05 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-12 10:46 - 2018-02-11 18:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-12 10:42 - 2018-02-11 18:19 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-12 10:41 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp

==================== Files in the root of some directories ========

2018-10-01 21:30 - 2018-10-01 21:30 - 000000000 _____ () C:\Users\GR\AppData\Local\oobelibMkey.log
2018-08-01 17:32 - 2018-08-02 17:07 - 000007605 _____ () C:\Users\GR\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

Share this post


Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/9/20
Scan Time: 10:49 PM
Log File: 7a897672-3321-11ea-a601-208984fe2f8e.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.793
Update Package Version: 1.0.17495
License: Free

-System Information-
OS: Windows 10 (Build 18362.535)
CPU: x64
File System: NTFS
User: DESKTOP-C63605U\GR

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 339402
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 20 min, 8 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end) 

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2020
Ran by GR (administrator) on DESKTOP-C63605U (LENOVO 20236) (09-01-2020 22:44:01)
Running from C:\Users\GR\Desktop
Loaded Profiles: GR (Available Profiles: GR)
Platform: Windows 10 Pro Version 1903 18362.535 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dxgiadaptercache.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(Simply Super Software -> Simply Super Software) C:\Program Files (x86)\Trojan Remover\Trjscan.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [909016 2013-10-21] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) [File not signed]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2018-02-10] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2084920 2019-09-27] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\Run: [Chromium] => "c:\users\gr\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [47773264 2019-12-22] (Google LLC -> )
HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\Run: [AvastBrowserAutoLaunch_29444FEB6F6E437784662D7919BD4509] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2015080 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [2487352 2019-09-27] (Adobe Inc. -> Adobe Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.117\Installer\chrmstp.exe [2020-01-09] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2154.121\Installer\chrmstp.exe [2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0291DAC7-A868-4063-88CA-6ED922CF4693} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {0EB87C0A-F1D3-41E2-ADBA-4465DCF32B5A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {198A3F5E-2196-4C33-8306-33E08464C775} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {2C47ECD6-8DA1-4462-8902-978EC043FCA8} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {2E0D790F-0678-49CE-B6B4-14FD56ACD420} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {317720D1-BB50-48D9-BD4C-CD0A5F15AEDF} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
Task: {38520929-5537-4850-867F-67D89E8F1B22} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
Task: {406ED5CE-D10D-4E46-8048-3BB810B482AA} - System32\Tasks\TR_FastScan_AtLogon => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3314400 2019-08-14] (Simply Super Software -> Simply Super Software)
Task: {4FFE0F86-8FFE-4A8F-B1F8-BB93B4B20FCF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {788EF8D6-1C14-43E1-9FC4-91999AA9B550} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
Task: {85D823F6-3DE3-462C-A8CF-A02350E12423} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2015080 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {86AD45F2-9871-4436-AC5C-48FA23A0D111} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-11] (Google Inc -> Google Inc.)
Task: {86F7917C-361B-4380-9ED9-C4A528A603C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-11] (Google Inc -> Google Inc.)
Task: {9CED35AD-C7B7-4177-BE83-10F7DF42E02E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {A3860E91-21B7-4E5D-80D1-801F4BBF814F} - System32\Tasks\TR_AntiHijack => C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe
Task: {A6264E87-3EA8-4B26-B1C4-BE94EDDE4804} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {AC963A36-8162-4851-AE21-51D0F25213E6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
Task: {BEBE9157-8720-4829-A30F-B0121DA629C2} - System32\Tasks\TR_FastScan_Daily_GR => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3314400 2019-08-14] (Simply Super Software -> Simply Super Software)
Task: {C7F971D5-F46B-4E95-9933-40D928E1773C} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2015080 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {CAC1FAF6-A154-48B0-97FD-6992FB906897} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {D302C192-8E05-4655-9408-D118289BD524} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {E4E0B34E-621B-4080-AF03-33762CD127BC} - System32\Tasks\TR_Updater => C:\Program Files (x86)\Trojan Remover\Trupd.exe [2520792 2019-10-03] (Simply Super Software -> Simply Super Software)
Task: {E9CF28F3-4507-42C1-A523-35187BC410D0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-19] (AVAST Software s.r.o. -> AVAST Software)
Task: {FBA236E0-265A-4C91-AE90-95D83AA57C00} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6434670e-a9e0-4ece-ac9c-963b81fdba93}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7167ed4a-5d1e-4fad-9429-fa4cc5027c4e}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-16] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-16] (Google LLC -> Google LLC)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR Notifications: Default -> hxxps://topfilmeonline.net; hxxps://www.youtube.com
CHR Profile: C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default [2020-01-09]
CHR Extension: (Up Pro (Verified)) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdndbhimamboekdkboekhmjfhcfmjpke [2018-08-01]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-01-05]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-07]
CHR Extension: (Chrome Media Router) - C:\Users\GR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-05]
CHR Profile: C:\Users\GR\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-09-11]
CHR Profile: C:\Users\GR\AppData\Local\Google\Chrome\User Data\System Profile [2019-09-11]
CHR HKU\S-1-5-21-4263489620-2654309337-961826061-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\GR\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2019-09-08]
CHR HKU\S-1-5-21-4263489620-2654309337-961826061-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [254488 2018-02-10] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2154.121\elevation_service.exe [1117336 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7013384 2018-03-10] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-11-28] (Microsoft Corporation -> Microsoft Corporation)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [11780320 2020-01-09] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2018-02-11] (Intel(R) pGFX -> Intel Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2020-01-09] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [519904 2020-01-09] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2018-02-10] (Synaptics Incorporated -> Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12135768 2019-09-24] (TeamViewer GmbH -> TeamViewer GmbH)
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-10-13] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 537BFC49; C:\WINDOWS\System32\drivers\537BFC49.sys [478392 2020-01-09] (Kaspersky Lab -> Kaspersky Lab ZAO)
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21625880 2018-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [673304 2018-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [98184 2018-02-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-04-14] (ASUSTeK Computer Inc. -> )
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-01-09] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [276952 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 EnigmaFileMonDriver; C:\WINDOWS\System32\drivers\EnigmaFileMonDriver.sys [68424 2020-01-09] (EnigmaSoft Limited -> EnigmaSoft Limited)
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [121344 2019-03-19] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [218288 2020-01-09] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-01-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-01-09] (Malwarebytes Inc -> Malwarebytes)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-10-01] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-10-01] (MiniTool Solution Ltd -> )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [422656 2018-02-10] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2018-02-10] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
R2 WinDivert1.2; C:\WINDOWS\system32\drivers\WinDivert64.sys [37552 2018-08-01] (Nemea Mjukvaruutveckling AB -> Basil)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2019-12-07] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-09 22:49 - 2020-01-09 22:49 - 000000000 ____D C:\Users\GR\AppData\LocalLow\IGDump
2020-01-09 22:45 - 2020-01-09 22:45 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-01-09 22:45 - 2020-01-09 22:45 - 000218288 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-01-09 22:44 - 2020-01-09 22:48 - 000030739 _____ C:\Users\GR\Desktop\FRST.txt
2020-01-09 22:41 - 2020-01-09 22:41 - 002573312 _____ (Farbar) C:\Users\GR\Downloads\FRST64 (1).exe
2020-01-09 22:35 - 2020-01-09 22:35 - 000003856 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2020-01-09 22:35 - 2020-01-09 22:35 - 000003272 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2020-01-09 22:35 - 2020-01-09 22:35 - 000002570 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2020-01-09 22:35 - 2020-01-09 22:35 - 000002535 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2020-01-09 22:35 - 2020-01-09 22:35 - 000002535 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk
2020-01-09 22:33 - 2020-01-09 22:46 - 000000000 ____D C:\FRST
2020-01-09 22:33 - 2020-01-09 22:33 - 002573312 _____ (Farbar) C:\Users\GR\Desktop\FRST64.exe
2020-01-09 22:33 - 2020-01-09 22:33 - 000003454 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineUA
2020-01-09 22:33 - 2020-01-09 22:33 - 000003330 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineCore
2020-01-09 22:33 - 2020-01-09 22:33 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2020-01-09 22:32 - 2020-01-09 22:32 - 008237744 _____ (Malwarebytes) C:\Users\GR\Downloads\adwcleaner_8.0.1 (1).exe
2020-01-09 22:24 - 2020-01-09 22:27 - 000000000 ____D C:\Users\GR\AppData\Local\BitTorrentHelper
2020-01-09 22:15 - 2020-01-09 22:27 - 000000000 ____D C:\Users\GR\Downloads\SpyHunter v4.22.8.4668 Portable by MaSTeR
2020-01-09 22:15 - 2020-01-09 22:15 - 000010824 _____ C:\Users\GR\Downloads\SpyHunter_v4.22.8.4668_Portable_by_MaSTeR.torrent
2020-01-09 22:05 - 2020-01-09 22:06 - 000000000 ____D C:\Users\GR\Downloads\SpyHunter 4.1.11.0 + Crack
2020-01-09 22:01 - 2020-01-09 22:01 - 000000000 ____D C:\Users\GR\Downloads\Reimage Pc Repair Serial Number
2020-01-09 22:00 - 2020-01-09 22:24 - 000000000 ____D C:\Users\GR\AppData\LocalLow\uTorrent
2020-01-09 19:47 - 2020-01-09 19:55 - 000257512 _____ C:\WINDOWS\ntbtlog.txt
2020-01-09 19:42 - 2020-01-09 19:42 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2020-01-09 19:42 - 2020-01-09 19:42 - 000000000 ___HD C:\ProgramData\Documents\AdobeGC
2020-01-09 19:37 - 2020-01-09 19:37 - 000002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2020-01-09 19:37 - 2020-01-09 19:37 - 000002148 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2020-01-09 19:37 - 2020-01-09 19:37 - 000002148 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2020-01-09 19:37 - 2020-01-09 19:37 - 000000000 ____D C:\Users\GR\AppData\Roaming\AVAST Software
2020-01-09 19:32 - 2020-01-09 22:21 - 000000000 ____D C:\ProgramData\TEMP
2020-01-09 19:30 - 2020-01-09 22:44 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-01-09 19:28 - 2020-01-09 22:38 - 000068424 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2020-01-09 19:28 - 2020-01-09 19:30 - 000848432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2020-01-09 19:28 - 2020-01-09 19:30 - 000460448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2020-01-09 19:28 - 2020-01-09 19:30 - 000161544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-01-09 19:28 - 2020-01-09 19:28 - 000316528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2020-01-09 19:28 - 2020-01-09 19:28 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2020-01-09 19:28 - 2020-01-09 19:28 - 000001055 _____ C:\ProgramData\Desktop\SpyHunter5.lnk
2020-01-09 19:28 - 2020-01-09 19:28 - 000000000 ____D C:\sh5ldr
2020-01-09 19:28 - 2020-01-09 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2020-01-09 19:28 - 2020-01-09 19:28 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2020-01-09 19:28 - 2020-01-09 19:27 - 000355720 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-01-09 19:28 - 2020-01-09 19:27 - 000276952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000274456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000236024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000209552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000204824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000110320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000083792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000065120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000042736 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000037616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2020-01-09 19:28 - 2020-01-09 19:27 - 000016304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2020-01-09 19:27 - 2020-01-09 19:27 - 000000000 ____D C:\Program Files\EnigmaSoft
2020-01-09 19:25 - 2020-01-09 19:25 - 000000000 ____D C:\Program Files\AVAST Software
2020-01-09 19:24 - 2020-01-09 19:24 - 000230080 _____ (AVAST Software) C:\Users\GR\Downloads\avast_free_antivirus_setup_online.exe
2020-01-09 19:24 - 2020-01-09 19:24 - 000004130 _____ C:\WINDOWS\system32\Tasks\TR_FastScan_Daily_GR
2020-01-09 19:24 - 2020-01-09 19:24 - 000004004 _____ C:\WINDOWS\system32\Tasks\TR_FastScan_AtLogon
2020-01-09 19:24 - 2020-01-09 19:24 - 000003930 _____ C:\WINDOWS\system32\Tasks\TR_Updater
2020-01-09 19:24 - 2020-01-09 19:24 - 000003786 _____ C:\WINDOWS\system32\Tasks\TR_AntiHijack
2020-01-09 19:24 - 2020-01-09 19:24 - 000001367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover FastScan.lnk
2020-01-09 19:24 - 2020-01-09 19:24 - 000001267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover Updater.lnk
2020-01-09 19:24 - 2020-01-09 19:24 - 000001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover.lnk
2020-01-09 19:24 - 2020-01-09 19:24 - 000000000 ____D C:\Users\GR\Documents\Simply Super Software
2020-01-09 19:24 - 2020-01-09 19:24 - 000000000 ____D C:\ProgramData\Simply Super Software
2020-01-09 19:24 - 2020-01-09 19:24 - 000000000 ____D C:\Program Files (x86)\Trojan Remover
2020-01-09 19:23 - 2020-01-09 19:24 - 011779800 _____ (Simply Super Software ) C:\Users\GR\Downloads\trjsetup.exe
2020-01-09 19:15 - 2020-01-09 19:15 - 000478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\537BFC49.sys
2020-01-09 19:14 - 2020-01-09 19:38 - 000000000 ____D C:\KVRT_Data
2020-01-09 19:07 - 2020-01-09 19:26 - 000153224 _____ C:\TDSSKiller.3.1.0.28_09.01.2020_19.07.22_log.txt
2020-01-09 19:07 - 2020-01-09 19:11 - 180774328 _____ (AO Kaspersky Lab) C:\Users\GR\Downloads\KVRT.exe
2020-01-09 19:07 - 2020-01-09 19:07 - 005054744 _____ (AO Kaspersky Lab) C:\Users\GR\Downloads\tdsskiller.exe
2020-01-09 18:59 - 2020-01-09 18:59 - 000000129 _____ C:\Users\GR\Desktop\cleaner.bat
2020-01-09 18:58 - 2020-01-09 18:59 - 000000129 _____ C:\Users\GR\Desktop\New Text Document.txt
2020-01-09 18:47 - 2020-01-09 18:47 - 001917528 _____ (Mister Group ) C:\Users\GR\Downloads\SystemExplorerSetup.exe
2020-01-09 18:40 - 2020-01-09 18:40 - 000001706 _____ C:\Users\GR\Desktop\Shortcut_Virus_Remover_V2.1.3.rar
2020-01-09 18:40 - 2018-07-24 13:24 - 000004005 _____ C:\Users\GR\Desktop\Shortcut_Virus_Remover_V2.1.3.bat
2020-01-09 18:29 - 2020-01-09 18:29 - 000925696 _____ (Farbar) C:\Users\GR\Downloads\FSS (1).exe
2020-01-09 18:25 - 2020-01-09 18:25 - 000000000 ____D C:\Users\GR\AppData\Local\cache
2020-01-09 18:21 - 2020-01-09 18:22 - 000000000 ____D C:\AdwCleaner
2020-01-09 18:21 - 2020-01-09 18:21 - 000925696 _____ (Farbar) C:\Users\GR\Downloads\FSS.exe
2020-01-09 18:20 - 2020-01-09 18:20 - 008237744 _____ (Malwarebytes) C:\Users\GR\Downloads\adwcleaner_8.0.1.exe
2020-01-09 17:46 - 2020-01-09 17:46 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-01-09 17:46 - 2020-01-09 17:46 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-01-09 13:58 - 2020-01-09 14:01 - 000000000 ____D C:\Users\GR\Desktop\apartament  eduard
2020-01-09 13:22 - 2020-01-09 13:28 - 1218883624 _____ C:\Users\GR\Desktop\wetransfer-dee114.zip
2020-01-08 19:24 - 2020-01-08 19:24 - 000000000 ____D C:\Users\GR\Apple
2020-01-05 15:37 - 2020-01-05 16:36 - 000000000 ____D C:\Users\GR\Desktop\neagu ulei
2019-12-12 10:34 - 2019-12-12 10:34 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-12 10:34 - 2019-12-12 10:34 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 002188816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001496080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-12 10:34 - 2019-12-12 10:34 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-12 10:34 - 2019-12-12 10:34 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-12-12 10:34 - 2019-12-12 10:34 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-12-12 10:34 - 2019-12-12 10:34 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-12-12 10:34 - 2019-12-12 10:34 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-12-12 10:34 - 2019-12-12 10:34 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-12-12 10:34 - 2019-12-12 10:34 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2019-12-12 10:34 - 2019-12-12 10:34 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2019-12-12 10:34 - 2019-12-12 10:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-12-12 10:33 - 2019-12-12 10:34 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-12 10:33 - 2019-12-12 10:33 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-12-12 10:33 - 2019-12-12 10:33 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-12-12 10:33 - 2019-12-12 10:33 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-12 10:33 - 2019-12-12 10:33 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-12-12 10:33 - 2019-12-12 10:33 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-12-12 10:33 - 2019-12-12 10:33 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-12 10:33 - 2019-12-12 10:33 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-12-12 10:33 - 2019-12-12 10:33 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-12-12 10:33 - 2019-12-12 10:33 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-12-12 10:33 - 2019-12-12 10:33 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-12-12 10:33 - 2019-12-12 10:33 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-12 10:33 - 2019-12-12 10:33 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-12 10:33 - 2019-12-12 10:33 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-12-12 08:48 - 2019-12-16 12:34 - 000000000 ____D C:\Users\GR\Desktop\catb
2019-12-10 10:39 - 2020-01-05 15:00 - 000000000 ___HD C:\adobeTemp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-09 22:48 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-09 22:41 - 2019-09-08 21:23 - 000000000 ___RD C:\Users\GR\Google Drive
2020-01-09 22:39 - 2019-09-11 14:51 - 000000000 ___RD C:\Users\GR\Creative Cloud Files
2020-01-09 22:39 - 2018-02-18 17:56 - 000000000 ____D C:\Users\GR\AppData\Local\Adobe
2020-01-09 22:38 - 2018-02-10 18:53 - 000000000 __SHD C:\Users\GR\IntelGraphicsProfiles
2020-01-09 22:37 - 2019-08-29 06:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-09 22:37 - 2019-01-22 23:36 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-01-09 22:36 - 2019-03-19 06:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-01-09 22:34 - 2018-02-11 18:11 - 000002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-09 22:33 - 2018-07-25 12:07 - 000000000 ____D C:\Users\GR\AppData\Local\AVAST Software
2020-01-09 22:33 - 2018-02-18 03:31 - 000000000 ____D C:\Users\GR\AppData\Roaming\uTorrent
2020-01-09 22:32 - 2019-10-24 21:39 - 000000000 ___RD C:\Users\GR\Google Drive (georgerosca1497@gmail.com)
2020-01-09 22:31 - 2019-08-29 06:44 - 000004160 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D9446457-9E4E-4C11-991A-FFD57F12B112}
2020-01-09 22:18 - 2018-02-18 14:33 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-01-09 21:54 - 2019-08-29 06:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-09 19:47 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2020-01-09 19:36 - 2018-07-25 12:27 - 000000000 ____D C:\Users\GR\AppData\Local\CrashDumps
2020-01-09 19:28 - 2019-03-19 06:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-01-09 19:25 - 2018-02-17 18:19 - 000000000 ____D C:\ProgramData\AVAST Software
2020-01-09 19:13 - 2018-02-10 17:44 - 000000000 ____D C:\Users\GR\AppData\Local\Packages
2020-01-09 17:45 - 2019-09-11 01:41 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-01-09 17:45 - 2019-09-11 01:41 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-01-09 17:27 - 2019-09-11 01:42 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-01-09 13:16 - 2019-09-08 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2020-01-08 19:34 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-08 19:34 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-08 19:24 - 2019-08-29 06:27 - 000000000 ____D C:\Users\GR
2020-01-05 14:58 - 2019-10-06 22:38 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-01-05 14:58 - 2019-10-06 22:38 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-01-05 14:55 - 2019-08-29 06:34 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-16 12:46 - 2019-01-22 23:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-12-16 12:41 - 2019-08-29 06:44 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-16 12:41 - 2019-08-29 06:44 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-16 12:28 - 2018-02-13 02:37 - 000000000 ___RD C:\Users\GR\3D Objects
2019-12-16 12:28 - 2018-02-10 17:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-12-16 12:27 - 2019-08-29 06:18 - 000460264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-12 12:05 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-12-12 12:05 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-12 12:05 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-12 10:46 - 2018-02-11 18:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-12 10:42 - 2018-02-11 18:19 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-12 10:41 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp

==================== Files in the root of some directories ========

2018-10-01 21:30 - 2018-10-01 21:30 - 000000000 _____ () C:\Users\GR\AppData\Local\oobelibMkey.log
2018-08-01 17:32 - 2018-08-02 17:07 - 000007605 _____ () C:\Users\GR\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ======================== 

Share this post


Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2020
Ran by GR (09-01-2020 22:52:30)
Running from C:\Users\GR\Desktop
Windows 10 Pro Version 1903 18362.535 (X64) (2019-08-29 04:46:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4263489620-2654309337-961826061-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4263489620-2654309337-961826061-503 - Limited - Disabled)
GR (S-1-5-21-4263489620-2654309337-961826061-1001 - Administrator - Enabled) => C:\Users\GR
Guest (S-1-5-21-4263489620-2654309337-961826061-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4263489620-2654309337-961826061-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\uTorrent) (Version: 3.5.5.45503 - BitTorrent Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.0.0.354 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.7 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2019 (HKLM-x32\...\PPRO_13_0_1) (Version: 13.0.1 - Adobe Systems Incorporated)
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 77.2.2154.121 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.5.245.0 - AVAST Software) Hidden
Backup and Sync from Google (HKLM\...\{7B473CF8-CE4F-4AE1-A86D-CFBDDCC85FAF}) (Version: 3.47.8667.1399 - Google, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.21.50 - Conexant)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.117 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.12228.20364 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{49e969a1-2990-464d-92b5-25f6f34573c6}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{d2c8df0e-f15d-4426-9e51-f13f329f9cb4}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Need for Speed Most Wanted (black edition) (HKLM-x32\...\Need for Speed Most Wanted (black edition)) (Version: 1.3 - Electronic Arts)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PUBG Lite (HKLM-x32\...\PUBG Lite_is1) (Version: 1.0.0.7 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Rocket League (HKLM-x32\...\Rocket League_is1) (Version:  - Psyonix)
Skype version 8.33 (HKLM-x32\...\Skype_is1) (Version: 8.33 - Skype Technologies S.A.)
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.7.24.155 - EnigmaSoft Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.6.4835 - TeamViewer)
The Jackbox Party Pack (HKLM-x32\...\The Jackbox Party Pack_is1) (Version:  - )
Trojan Remover (HKLM-x32\...\Trojan Remover_is1) (Version:  - Simply Super Software)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
VCDS Release 12.12.0 (HKLM-x32\...\VCDS Release 12.12) (Version: 12.12.0 - Ross-Tech)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-09-11] (Adobe Systems Incorporated)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa [2020-01-05] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2020-01-05] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4263489620-2654309337-961826061-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092020224923990_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-602996F2CD43} -> [Creative Cloud Files] => C:\Users\GR\Creative Cloud Files [2019-09-11 14:51]
CustomCLSID: HKU\S-1-5-21-4263489620-2654309337-961826061-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092020224923990_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4263489620-2654309337-961826061-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092020224923990_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-4263489620-2654309337-961826061-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-602996F2CD43} -> [Creative Cloud Files] => C:\Users\GR\Creative Cloud Files [2019-09-11 14:51]
CustomCLSID: HKU\S-1-5-21-4263489620-2654309337-961826061-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4263489620-2654309337-961826061-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-12-22] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-12-22] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-12-22] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ !!!smico] -> {C6E713CA-A7FD-4C73-9E34-AD7676CB957F} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-12-22] (Google LLC -> Google)
ContextMenuHandlers1: [SmartMountShlExt] -> {3871F95B-BF7A-4C17-950B-3ECBCA765A45} =>  -> No File
ContextMenuHandlers1: [SMShellExts] -> {3871F95B-BF7A-4c17-950B-3ECBCA765A45} =>  -> No File
ContextMenuHandlers1: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [SmartMountShlExt] -> {3871F95B-BF7A-4C17-950B-3ECBCA765A45} =>  -> No File
ContextMenuHandlers2: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-12-22] (Google LLC -> Google)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers4: [SmartMountShlExt] -> {3871F95B-BF7A-4C17-950B-3ECBCA765A45} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-02-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\GR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --app=hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=3&click_id=dca008733b5232d8d0840ef7856e73fa9e069738 --app-window-size=1366,768
ShortcutWithArgument: C:\Users\GR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> %SNP%
ShortcutWithArgument: C:\Users\GR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --app=hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=3&click_id=dca008733b5232d8d0840ef7856e73fa9e069738 --app-window-size=1366,768
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> %SNP%

==================== Loaded Modules (Whitelisted) =============

2020-01-09 22:43 - 2020-01-09 22:43 - 000114176 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\_ctypes.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000173056 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\_elementtree.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 001808896 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\_hashlib.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000032256 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\_multiprocessing.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000046080 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\_psutil_windows.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000047616 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\_socket.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 002241024 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\_ssl.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000026112 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\_yappi.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000080896 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\bz2.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000016384 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\common.time34.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000007680 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\hashobjs_ext.pyd
2020-01-09 22:42 - 2020-01-09 22:43 - 000301568 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\PIL._imaging.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000169472 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\pyexpat.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 001084416 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\pysqlite2._sqlite.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000548864 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\pythoncom27.dll
2020-01-09 22:43 - 2020-01-09 22:43 - 000137728 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\pywintypes27.dll
2020-01-09 22:43 - 2020-01-09 22:43 - 000010752 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\select.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000020992 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\thumbnails_ext.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000689664 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\unicodedata.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000119808 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\usb_ext.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000128512 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32api.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000438784 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32com.shell.shell.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000011776 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32crypt.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000023040 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32event.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000149504 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32file.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000223232 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32gui.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000048128 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32inet.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000029696 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32pdh.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000027648 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32pipe.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000044032 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32process.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000020480 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32profile.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000136192 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32security.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000026624 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\win32ts.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000034816 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\windows.conditional.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000038400 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\windows.connectivity.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000071680 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\windows.device_monitor.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000109056 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\windows.volumes.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000020480 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\windows.winwrap.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 001325056 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wx._controls_.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 001489408 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wx._core_.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 001007104 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wx._gdi_.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000103424 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wx._html2.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 000916992 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wx._misc_.pyd
2020-01-09 22:43 - 2020-01-09 22:43 - 001039872 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wx._windows_.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000114176 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\_ctypes.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000173056 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\_elementtree.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 001808896 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\_hashlib.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000032256 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\_multiprocessing.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000046080 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\_psutil_windows.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000047616 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\_socket.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 002241024 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\_ssl.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000026112 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\_yappi.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000080896 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\bz2.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000016384 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\common.time34.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000007680 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\hashobjs_ext.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000301568 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\PIL._imaging.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000169472 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\pyexpat.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 001084416 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\pysqlite2._sqlite.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000548864 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\pythoncom27.dll
2020-01-09 22:42 - 2020-01-09 22:42 - 000137728 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\pywintypes27.dll
2020-01-09 22:42 - 2020-01-09 22:42 - 000010752 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\select.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000020992 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\thumbnails_ext.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000689664 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\unicodedata.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000119808 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\usb_ext.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000128512 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32api.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000438784 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32com.shell.shell.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000011776 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32crypt.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000023040 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32event.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000149504 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32file.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000223232 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32gui.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000048128 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32inet.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000029696 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32pdh.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000027648 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32pipe.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000044032 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32process.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000020480 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32profile.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000136192 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32security.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000026624 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\win32ts.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000034816 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\windows.conditional.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000038400 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\windows.connectivity.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000071680 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\windows.device_monitor.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000109056 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\windows.volumes.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000020480 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\windows.winwrap.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 001325056 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wx._controls_.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 001489408 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wx._core_.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 001007104 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wx._gdi_.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000103424 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wx._html2.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 000916992 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wx._misc_.pyd
2020-01-09 22:42 - 2020-01-09 22:42 - 001039872 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wx._windows_.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000114176 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\_ctypes.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000173056 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\_elementtree.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 001808896 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\_hashlib.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000032256 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\_multiprocessing.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000046080 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\_psutil_windows.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000047616 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\_socket.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 002241024 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\_ssl.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000026112 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\_yappi.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000080896 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\bz2.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000016384 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\common.time34.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000007680 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\hashobjs_ext.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000301568 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\PIL._imaging.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000169472 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\pyexpat.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 001084416 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\pysqlite2._sqlite.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000548864 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\pythoncom27.dll
2020-01-09 22:38 - 2020-01-09 22:38 - 000137728 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\pywintypes27.dll
2020-01-09 22:38 - 2020-01-09 22:38 - 000010752 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\select.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000020992 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\thumbnails_ext.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000689664 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\unicodedata.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000119808 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\usb_ext.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000128512 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32api.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000438784 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32com.shell.shell.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000011776 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32crypt.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000023040 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32event.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000149504 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32file.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000223232 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32gui.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000048128 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32inet.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000029696 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32pdh.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000027648 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32pipe.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000044032 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32process.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000020480 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32profile.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000136192 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32security.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000026624 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\win32ts.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000034816 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\windows.conditional.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000038400 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\windows.connectivity.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000071680 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\windows.device_monitor.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000109056 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\windows.volumes.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000020480 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\windows.winwrap.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 001325056 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wx._controls_.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 001489408 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wx._core_.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 001007104 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wx._gdi_.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000103424 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wx._html2.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 000916992 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wx._misc_.pyd
2020-01-09 22:38 - 2020-01-09 22:38 - 001039872 _____ () [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wx._windows_.pyd
2019-01-22 23:34 - 2019-01-22 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2019-01-22 23:34 - 2019-01-22 23:34 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2020-01-09 22:43 - 2020-01-09 22:43 - 003042816 _____ (Python Software Foundation) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\python27.dll
2020-01-09 22:42 - 2020-01-09 22:42 - 003042816 _____ (Python Software Foundation) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\python27.dll
2020-01-09 22:38 - 2020-01-09 22:38 - 003042816 _____ (Python Software Foundation) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\python27.dll
2020-01-09 22:43 - 2020-01-09 22:43 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wxbase30u_net_vc90_x64.dll
2020-01-09 22:43 - 2020-01-09 22:43 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wxbase30u_vc90_x64.dll
2020-01-09 22:43 - 2020-01-09 22:43 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wxmsw30u_adv_vc90_x64.dll
2020-01-09 22:43 - 2020-01-09 22:43 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wxmsw30u_core_vc90_x64.dll
2020-01-09 22:43 - 2020-01-09 22:43 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wxmsw30u_html_vc90_x64.dll
2020-01-09 22:43 - 2020-01-09 22:43 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI114482\wxmsw30u_webview_vc90_x64.dll
2020-01-09 22:42 - 2020-01-09 22:42 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wxbase30u_net_vc90_x64.dll
2020-01-09 22:42 - 2020-01-09 22:42 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wxbase30u_vc90_x64.dll
2020-01-09 22:42 - 2020-01-09 22:42 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wxmsw30u_adv_vc90_x64.dll
2020-01-09 22:42 - 2020-01-09 22:42 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wxmsw30u_core_vc90_x64.dll
2020-01-09 22:42 - 2020-01-09 22:42 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wxmsw30u_html_vc90_x64.dll
2020-01-09 22:42 - 2020-01-09 22:42 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI88442\wxmsw30u_webview_vc90_x64.dll
2020-01-09 22:38 - 2020-01-09 22:38 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wxbase30u_net_vc90_x64.dll
2020-01-09 22:38 - 2020-01-09 22:38 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wxbase30u_vc90_x64.dll
2020-01-09 22:38 - 2020-01-09 22:38 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wxmsw30u_adv_vc90_x64.dll
2020-01-09 22:38 - 2020-01-09 22:38 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wxmsw30u_core_vc90_x64.dll
2020-01-09 22:38 - 2020-01-09 22:38 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wxmsw30u_html_vc90_x64.dll
2020-01-09 22:38 - 2020-01-09 22:38 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\GR\AppData\Local\Temp\_MEI89922\wxmsw30u_webview_vc90_x64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [286]
AlternateDataStreams: C:\Users\GR\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\GR\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\537BFC49.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\537BFC49.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2019-01-05 20:26 - 002097703 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz

2018-02-22 23:07 - 2018-02-22 23:07 - 000000444 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Windows Live\Shared
HKU\S-1-5-21-4263489620-2654309337-961826061-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\StartupApproved\StartupFolder: => "BznMMQqmAG.url"
HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\StartupApproved\StartupFolder: => "winmsvc.lnk"
HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\StartupApproved\Run: => "23BA.tmp"
HKU\S-1-5-21-4263489620-2654309337-961826061-1001\...\StartupApproved\Run: => "UGF2W0PW0UEXL3E"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7EEF006C-B698-4CFD-9356-1EFDC8BCC8FE}] => (Allow) F:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{A7B2B1C0-CBBD-4498-A4D1-2DB456D7B515}] => (Allow) F:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{D46E9A64-7530-444B-A542-A3A4695276C9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DB34D5A3-3058-4A21-9619-B88BC98413C0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{95BC16C7-35FF-4B76-90AA-301E7BC9B911}] => (Allow) F:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed]
FirewallRules: [{FCA4F4C8-5844-4CBC-851F-031B41AC1235}] => (Allow) F:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed]
FirewallRules: [{11D41B83-CF7B-430D-8F25-9D648BC16508}] => (Allow) F:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed]
FirewallRules: [{20F5EFED-3FF0-41D8-B917-C9A2F092BB87}] => (Allow) F:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed]
FirewallRules: [{D6B13319-51F0-4A55-B486-F7147B65ED93}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FE20CE61-98CD-43C1-9E69-0DA011C0B2F6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5BFD52F1-B1BA-4BB8-BF4B-FC22DB52BDEE}] => (Block) %ProgramFiles% (x86)\rocketleague\Binaries\Win32\RocketLeague.exe No File
FirewallRules: [{DEE3A580-B1A0-4E92-9F46-66D3908A3A3D}] => (Allow) F:\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{E4544E5E-7E20-444E-8E3F-ACBD3C67CD73}] => (Allow) F:\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{2F27E96C-58A9-4875-974D-AF920E820D67}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7C4C9115-6204-4B5C-B76B-DDCD6DB4D374}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F0EF7983-7D7D-45DA-945B-F3D84096C0C5}] => (Allow) F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{BFC9F784-E238-4957-AD9B-BAA4F2739DFF}] => (Allow) F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E973090C-E9B8-4208-9AEC-E37353BC46CB}] => (Allow) F:\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe (Codemasters Software Company Limited) [File not signed]
FirewallRules: [{9642FCDC-D440-4574-AB1E-7D9B09B941F8}] => (Allow) F:\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe (Codemasters Software Company Limited) [File not signed]
FirewallRules: [{762C9965-A60F-4C1B-830E-FE1033A5D37E}] => (Allow) LPort=1900
FirewallRules: [{D83E7237-932A-439B-B07E-92EA423A3938}] => (Allow) LPort=2869
FirewallRules: [{E7A5A658-973F-407F-84C1-9AB38EEF29F5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EE74444F-BB69-492D-A851-1DBB63BB0991}] => (Allow) F:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4D9014EB-06F4-4FFF-A534-9EBE4B1C8192}] => (Allow) F:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D0E147FC-E23E-4F8C-AEDE-14B8E07ACEFE}] => (Allow) LPort=1688
FirewallRules: [{0FC7C794-6642-4996-898B-38822FAD1D4F}] => (Allow) F:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{3B8EA9EC-F230-49E7-BAD4-DCE1C62F1272}] => (Allow) F:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{D6DE18A2-5A7F-481D-93C4-9B6AF5C077B6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{7AA65796-51A4-4EC0-BC04-D2D5ED99594D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{FF8DCC37-4677-4D2E-88FD-8EFEF5C675B0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B3A2C1A8-D536-40D8-89C3-D11D06F601E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{7D3637D5-6BFC-4C66-8382-8C9021CE7124}] => (Allow) F:\steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed]
FirewallRules: [{B8878C5D-61D3-418B-9B81-115AAA529329}] => (Allow) F:\steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed]
FirewallRules: [{B5A7B94B-20CF-41AB-A46A-8C0980347290}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{45A25EF8-34D6-4AED-98AA-7DC4D9B8899B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E1CEEA1E-CEA5-402F-82A4-229E2973EB21}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D2E5C642-B1AE-4320-A943-2FF287197A49}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6456741A-4B63-43E5-9F83-328814C2AC9B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7974920D-BD25-40EF-ACE5-B5B484BCB4D3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{97FC61E1-51FC-4B1D-8DC8-CED451E6B584}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2ABA1646-89F1-49E2-88B6-29C15FEE6532}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DD072EC7-BB51-497C-A36C-AC58540EB9BC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6A635C51-2CE6-4153-A332-20FC102558A3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3F341512-12A6-4237-AD5B-A619FA420D57}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

12-12-2019 10:04:24 Windows Modules Installer
08-01-2020 20:05:07 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/09/2020 11:05:24 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10376,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/09/2020 10:59:13 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5824,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/09/2020 10:56:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Trjscan.exe version 6.9.5.1364 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 18e0

Start Time: 01d5c72caf0998af

Termination Time: 23

Application Path: C:\Program Files (x86)\Trojan Remover\Trjscan.exe

Report Id: c42d7422-0b8f-41bc-9fed-d878c33a055d

Faulting package full name: 

Faulting package-relative application ID: 

Hang type: Unknown

Error: (01/09/2020 10:53:25 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9832,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/09/2020 10:49:57 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: Failed to begin a Windows Installer transaction C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserUpdateHelper.msi. Error 1618 occurred while beginning the transaction.

Error: (01/09/2020 10:47:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2580,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/09/2020 10:37:42 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (01/09/2020 10:21:27 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed


System errors:
=============
Error: (01/09/2020 11:05:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (01/09/2020 11:05:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (01/09/2020 10:45:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Update Orchestrator Service service hung on starting.

Error: (01/09/2020 10:42:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (01/09/2020 10:35:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-C63605U)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (01/09/2020 10:35:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-C63605U)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (01/09/2020 10:35:44 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-C63605U)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.

Error: (01/09/2020 10:35:44 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-C63605U)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2020-01-09 19:34:16.791
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D6EBF840-6BB7-4594-8012-D5C94FA12BED}
Scan Type: Antimalware
Scan Parameters: Custom Scan

Date: 2020-01-09 16:04:27.165
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CE637E63-3DFF-4DC2-A8F7-025A61C5A406}
Scan Type: Antimalware
Scan Parameters: Custom Scan

Date: 2020-01-09 15:46:02.398
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E41CFCA3-1612-44DE-9216-E0341D59AF4A}
Scan Type: Antimalware
Scan Parameters: Custom Scan

Date: 2019-12-12 11:13:11.672
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CAD7D9BE-7D7F-4877-A62F-028054F34558}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-10 13:37:44.214
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DF94EE50-BBD7-4D41-ABD7-D56EC63EB635}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-12 08:54:31.816
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.307.309.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16600.7
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2019-12-07 19:23:11.095
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.307.37.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16600.7
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2019-11-23 14:41:34.916
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.305.2572.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16500.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2019-09-13 02:47:24.513
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.301.1134.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16300.1
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2019-09-10 19:12:31.319
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.301.783.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16300.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

CodeIntegrity:
===================================

Date: 2020-01-09 22:54:33.786
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-09 22:54:33.781
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-09 22:54:32.199
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-09 22:54:32.028
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-09 22:41:40.859
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-01-09 22:41:38.834
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-01-09 22:41:36.811
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-01-09 22:41:33.259
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

BIOS: LENOVO 78CN19WW(V1.07) 07/04/2013
Motherboard: LENOVO INVALID
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 80%
Total physical RAM: 6012.85 MB
Available physical RAM: 1163.96 MB
Total Virtual: 7804.85 MB
Available Virtual: 1603.57 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:199.23 GB) (Free:80.75 GB) NTFS
Drive d: (Elements) (Fixed) (Total:1862.98 GB) (Free:12.79 GB) NTFS
Drive f: (Local Disk) (Fixed) (Total:731.02 GB) (Free:454.61 GB) NTFS

\\?\Volume{d9fa2484-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{d9fa2484-0000-0000-0000-20ee31000000}\ () (Fixed) (Total:0.77 GB) (Free:0.3 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=199.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=786 MB) - (Type=27)
Partition 4: (Not Active) - (Size=731 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==================== End of Addition.txt ======================= 

Share this post


Link to post
Share on other sites

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

 

Thanks

 

Share this post


Link to post
Share on other sites

Thank you, I will do this today! 

Also I have to mention that my infected external drive letter is 😧

Share this post


Link to post
Share on other sites
1 minute ago, Andrei95 said:

Thank you, I will do this today! 

Also I have to mention that my infected external drive letter is 😧

D

Share this post


Link to post
Share on other sites

It worked! All files are in place. Thank you so much, I do not have enough words. Hope you have a wonderful year! Gratitudes and cheers! 

Share this post


Link to post
Share on other sites

This should also be a wake up call to remind you that you should have a back up plan in place using an external USB drive at minimum. I'll post more on that soon.

 

Share this post


Link to post
Share on other sites

If you're not backing up your data and you're still using Google Chrome then you're just not serious about Privacy, Safety, and protecting your data. Malwarebytes is a fantastic program but you still need to back up your data and you still need to block scripts and Ads in your browser. 
If you're still using Google Chrome I would highly suggest you consider using Firefox instead. For more advanced users you might consider installing NoScript as well (it does have a higher learning curve though)

PrivacyTools - Encryption, and tools to protect against global mass surveillance - https://www.privacytools.io

Help Secure your browsers
 
You may be interested in using our new Malwarebytes Browser Guard to help protect your browser from items that uBlock or others don't target.

Please install uBlock Origin for your browsers to better protect your system.

FireFox, ChromeOpera , SafariMicrosoft Edge
AdBlock Plus for Internet Explorer

How to use uBlock Origin to protect your online privacy and security | uBlock Origin tutorial 2018
This video tutorial above explains how to use uBlock Origin in advanced user mode and all the advanced settings to protect your online privacy and help prevent unwanted sites from changing your browser settings

Delete Cookies Automatically

Cookie AutoDelete plugin
Chrome  | Firefox 

Browser push notifications: a feature asking to be abused
HTTPS Everywhere
NOTHING TO HIDE documentary

Review your email and Office choices

Quit Gmail for free encrypted email - Tutanota
Why ProtonMail Is More Secure Than Gmail
LibreOffice - Free and open source office suite

Use Password Management software

Bitwarden
KeePass Password Safe

Make sure you use a strong master password
Then set the key transformation settings (the link below helps provide information on how to choose good settings)
https://pthree.org/2016/06/29/further-investigation-into-scrypt-and-argon2-password-hashing
KeePass Password Manager: Full Detailed Setup (good YouTube video on setup and using Keepass but choose the Argon2 method for Key transformation)

Encrypted Instant Messenger and Voice Calls

Please review the following site for a breakdown of features of different Messenger applications.

SafeSwiss
Riot
Signal
Wire     
NOTE: Recent news of Wire having new investors and moving to the United States.
Wickr Me

Follow-up Reading

Everything you need to know about cybercrime
10 easy ways to prevent malware infection 
Keep your data backed up

Thank you for choosing Malwarebytes as your preferred security protection software and tell your friends and family too. We're here to help.


 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.