Inactive-A Computer not acting properly

Status
Not open for further replies.

cableman

TS Booster
I started a virus system clean about 6 months ago but didn't completely finish it due to the fact that our internet hardline had to be replaced and due to the time required to fix it, the computer seemed to act fine so I took no further actions.
Now a completely different problem has presented itself. The computer will want to reboot websites for no reason. Sometimes when I type, the letters are all wrong and it is not me; I thought I could be making mistakes at first but that is not it. I have noticed a substantial time lag in response from certain things that should not be lagging. Also some programs just plainly refuse to run. There is more that I am sure can be seen from the logs.
 

cableman

TS Booster
Here is the first post I was asked to list :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.09.2018
Ran by Cableman (administrator) on CABLEMAN-PC (12-10-2018 22:25:10)
Running from E:\Downloads (E Disc)
Loaded Profiles: Cableman (Available Profiles: Cableman & Alienvape)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Logitech Inc.) E:\program Files\LWS\Webcam Software\LWS.exe
() E:\program Files\LWS\Webcam Software\CameraHelperShell.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LWS] => E:\program Files\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-472246324-4182351025-1742220698-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2018-01-21] (Siber Systems)
HKU\S-1-5-21-472246324-4182351025-1742220698-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-472246324-4182351025-1742220698-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe [1367552 2018-05-15] (Adobe Systems Incorporated)
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
Startup: C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2018-10-11]
ShortcutTarget: Logitech . Product Registration.lnk -> E:\program Files\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2018-09-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{556A0634-C59C-448B-8E03-E2392A335438}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{55D76FDF-660D-4311-80DF-7F798AE0F150}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-472246324-4182351025-1742220698-1000 -> DefaultScope {271CD41F-B832-471F-8225-FC01F8ED3721} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-472246324-4182351025-1742220698-1000 -> {271CD41F-B832-471F-8225-FC01F8ED3721} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-01-21] (Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-27] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-27] (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-01-21] (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-01-21] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-01-21] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-472246324-4182351025-1742220698-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-01-21] (Siber Systems Inc.)

FireFox:
========
FF DefaultProfile: orqz79o3.default-1479538638542-1528069793611
FF DefaultProfile: cableman@bellsouth.net
FF ProfilePath: C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611 [2018-10-12]
FF user.js: detected! => C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611\user.js [2018-07-19]
FF NetworkProxy: Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611 -> type", 0
FF Extension: (AdBlocker Ultimate) - C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611\Extensions\adblockultimate@adblockultimate.net.xpi [2018-08-29]
FF Extension: (RoboForm Password Manager) - C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611\Extensions\rf-firefox@siber.com.xpi [2018-07-27]
FF Extension: (Ad-Blocker) - C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611\Extensions\{b89efd87-232e-4829-87d2-22148919d72f}.xpi [2018-06-06]
FF Extension: (Adblock Plus) - C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-08-30]
FF Extension: (Telemetry coverage) - C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611\features\{016afd5f-302c-4a50-979e-fd0d62cdf3ab}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-09] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-10] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
StartMenuInternet: Firefox-C781389E15BFD1A7 - E:\program Files\firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/webhp?source=search_app"
CHR Profile: C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default [2018-10-12]
CHR Extension: (Slides) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-05]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2018-08-14]
CHR Extension: (YouTube) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-16]
CHR Extension: (uBlock Origin) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-09-30]
CHR Extension: (Google Search) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-09-23]
CHR Extension: (Sheets) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20]
CHR Extension: (Windscribe - Free VPN and Ad Blocker) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2018-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-01]
CHR Extension: (RoboForm Password Manager) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2018-10-06]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2018-01-21]
CHR HKU\S-1-5-21-472246324-4182351025-1742220698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2018-01-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc.)
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2195280 2018-06-07] (Bitdefender)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1284032 2018-07-31] (Bitdefender)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2072896 2011-10-12] (TuneUp Software)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [239400 2018-06-07] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [239400 2018-06-07] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [239400 2018-09-21] (Bitdefender)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 atc; C:\Windows\System32\DRIVERS\atc.sys [1292296 2018-09-21] (BitDefender S.R.L. Bucharest, ROMANIA)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
R0 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [357768 2018-10-10] (Bitdefender)
R3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [282008 2018-09-21] (BitDefender S.R.L. Bucharest, ROMANIA)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
R0 Gemma; C:\Windows\System32\DRIVERS\Gemma.sys [352704 2018-10-10] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\Windows\System32\drivers\gzflt.sys [193184 2018-07-04] (BitDefender LLC)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-10-11] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-10-11] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [58400 2018-10-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-10-11] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [100664 2018-10-12] (Malwarebytes)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2016-09-21] (The OpenVPN Project)
R2 trufos; C:\Windows\System32\drivers\trufos.sys [609576 2018-09-21] (Bitdefender)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-09-22] (TuneUp Software)
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102576 2015-08-10] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25904 2015-08-10] ()
S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [701232 2015-08-10] ()
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-09-30] (C-Media Electronics Inc)
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-11 18:39 - 2018-10-12 19:42 - 000100664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-10-11 18:39 - 2018-10-11 18:39 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-10-11 18:39 - 2018-10-11 18:39 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-10-11 18:39 - 2018-10-11 18:39 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-10-11 18:39 - 2018-10-11 18:39 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-10-11 18:39 - 2018-10-11 18:39 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-11 18:39 - 2018-10-11 18:39 - 000000000 ____D C:\Users\Cableman\AppData\Local\mbamtray
2018-10-11 18:39 - 2018-10-11 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-11 18:38 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-10-11 18:28 - 2018-10-11 18:28 - 000000000 ____D C:\Users\Cableman\AppData\Local\mbam
2018-10-11 14:35 - 2018-10-11 14:35 - 000010635 _____ C:\Users\Cableman\Desktop\Training - Train Units Contract Calculator.rar
2018-10-11 14:33 - 2018-10-11 14:33 - 000407966 _____ C:\Users\Cableman\Desktop\Solving Soldiers Inc v2 (1).zip
2018-10-11 14:28 - 2018-10-11 14:28 - 006080539 _____ C:\Users\Cableman\Desktop\Soldiers Inc. Files and Info.rar
2018-10-11 14:14 - 2018-10-11 14:53 - 000000000 ____D C:\Users\Cableman\Desktop\Soldiers Inc. Files and Info
2018-10-11 13:52 - 2018-10-11 13:52 - 000001413 _____ C:\Users\Alienvape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-10-11 13:52 - 2018-10-11 13:52 - 000000020 ___SH C:\Users\Alienvape\ntuser.ini
2018-10-11 13:52 - 2018-10-11 13:52 - 000000000 ____D C:\Users\Alienvape\AppData\Roaming\Adobe
2018-10-11 13:52 - 2018-10-11 13:52 - 000000000 ____D C:\Users\Alienvape\AppData\Local\VirtualStore
2018-10-11 13:52 - 2018-10-11 13:52 - 000000000 ____D C:\Users\Alienvape\AppData\Local\Google
2018-10-11 13:52 - 2018-10-11 13:52 - 000000000 ____D C:\Users\Alienvape
2018-10-11 13:52 - 2015-12-29 16:43 - 000000000 ____D C:\Users\Alienvape\AppData\Local\Microsoft Help
2018-10-11 13:52 - 2010-11-21 03:16 - 000000000 ____D C:\Users\Alienvape\AppData\Roaming\Media Center Programs
2018-10-10 06:28 - 2018-10-10 06:28 - 000352704 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\Gemma.sys
2018-10-10 01:17 - 2018-10-10 01:17 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-10-10 01:17 - 2018-10-10 01:17 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2018-10-10 01:17 - 2018-10-10 01:17 - 000000000 ____D C:\Users\Cableman\AppData\Local\Apple
2018-10-10 01:17 - 2018-10-10 01:17 - 000000000 ____D C:\Program Files\Bonjour
2018-10-10 01:17 - 2018-10-10 01:17 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-10-10 01:17 - 2018-10-10 01:17 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-10-10 01:16 - 2018-10-10 01:17 - 000000000 ____D C:\ProgramData\Apple
2018-10-10 01:16 - 2018-10-10 01:17 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-10-07 09:54 - 2018-10-07 09:54 - 000000000 ____D C:\Program Files (x86)\Logitech
2018-09-19 03:48 - 2018-09-19 04:34 - 000000000 ____D C:\Users\Cableman\Desktop\Ruby Casino
2018-09-16 17:33 - 2018-10-01 20:08 - 000000416 _____ C:\Windows\Tasks\DriverDR Scheduled Scan.job
2018-09-16 17:33 - 2018-09-16 17:33 - 000003828 _____ C:\Windows\System32\Tasks\DriverDR Scheduled Scan
2018-09-16 17:33 - 2018-09-16 17:33 - 000000975 _____ C:\Users\Public\Desktop\DriverDR.lnk
2018-09-16 17:33 - 2018-09-16 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverDR
2018-09-16 17:33 - 2018-09-16 17:33 - 000000000 ____D C:\Program Files\DriverDR.com
2018-09-12 05:53 - 2018-09-12 05:53 - 002186621 _____ C:\Users\Cableman\Desktop\friends.txt
2018-09-12 05:53 - 2018-09-12 05:53 - 000000000 ____D C:\Users\Cableman\Desktop\friends_files
2018-09-12 05:39 - 2018-09-12 05:39 - 000000000 ____D C:\Users\Cableman\Videos\Documents\OneNote Notebooks

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-12 22:25 - 2018-01-13 18:54 - 000000000 ____D C:\FRST
2018-10-12 22:24 - 2017-02-16 15:49 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2018-10-12 04:12 - 2009-07-14 00:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-12 04:12 - 2009-07-14 00:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-12 02:00 - 2014-11-05 06:18 - 000000000 ____D C:\Users\Cableman\AppData\Local\Adobe
2018-10-11 18:55 - 2018-06-14 21:19 - 000000000 ____D C:\Users\Cableman\Desktop\Fabar Tool
2018-10-11 15:31 - 2016-11-20 09:07 - 000000000 ____D C:\Users\Cableman\AppData\LocalLow\Mozilla
2018-10-11 14:01 - 2009-07-14 01:13 - 000796254 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-11 14:01 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-10-11 13:56 - 2016-10-28 17:05 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2018-10-11 13:54 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-11 00:08 - 2016-07-06 22:33 - 000000406 _____ C:\Windows\Tasks\EasyShare Registration Task.job
2018-10-10 08:18 - 2018-07-13 06:51 - 000004474 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-10-10 08:18 - 2014-11-05 06:21 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-10-10 08:18 - 2014-11-05 06:21 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-10 08:18 - 2014-11-05 06:21 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-10-10 08:18 - 2014-11-05 06:21 - 000000000 ____D C:\Windows\system32\Macromed
2018-10-10 05:56 - 2017-11-09 17:07 - 000357768 _____ (Bitdefender) C:\Windows\system32\Drivers\bddci.sys
2018-10-10 02:09 - 2015-07-20 04:22 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-07 09:54 - 2018-05-13 23:04 - 000001624 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2018-10-07 09:54 - 2018-05-13 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2018-10-07 09:47 - 2014-12-09 23:03 - 000000000 ____D C:\Users\Cableman\AppData\Local\ElevatedDiagnostics
2018-10-05 20:29 - 2016-12-25 11:03 - 000000000 ___DC C:\Users\Cableman\AppData\Local\MigWiz
2018-09-21 12:28 - 2018-06-11 04:43 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-09-21 12:28 - 2014-11-04 18:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-09-21 03:50 - 2017-06-23 11:02 - 001292296 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys
2018-09-21 03:50 - 2017-02-16 15:50 - 000282008 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\edrsensor.sys
2018-09-21 03:50 - 2017-02-16 15:49 - 000609576 _____ (Bitdefender) C:\Windows\system32\Drivers\trufos.sys
2018-09-19 19:37 - 2017-05-28 15:20 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-19 19:37 - 2017-05-28 15:20 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-09-19 19:01 - 2014-12-28 05:08 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-09-17 19:41 - 2015-02-08 15:37 - 000007891 _____ C:\Windows\BRRBCOM.INI

==================== Files in the root of some directories =======

2018-06-14 20:38 - 2018-06-14 20:38 - 000007605 _____ () C:\Users\Cableman\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-25 16:28

==================== End of FRST.txt
 

cableman

TS Booster
Here is the second part of the first post I was asked to list :
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.09.2018
Ran by Cableman (12-10-2018 22:26:13)
Running from E:\Downloads (E Disc)
Windows 7 Ultimate Service Pack 1 (X64) (2014-11-04 22:03:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-472246324-4182351025-1742220698-500 - Administrator - Disabled)
Alienvape (S-1-5-21-472246324-4182351025-1742220698-1003 - Administrator - Enabled) => C:\Users\Alienvape
ASPNET (S-1-5-21-472246324-4182351025-1742220698-1002 - Limited - Enabled)
Cableman (S-1-5-21-472246324-4182351025-1742220698-1000 - Administrator - Enabled) => C:\Users\Cableman
Guest (S-1-5-21-472246324-4182351025-1742220698-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-472246324-4182351025-1742220698-1000\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0CB84A7D-9697-4526-A819-60FB050E8F05}) (Version: 7.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.5.14 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{3A8008D5-C834-1CA9-68CB-E9F49F0AB120}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{884596CF-79B1-13A0-7334-563BB3A75F45}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{223D250A-AABB-A9AA-7D07-7FA086D7BF62}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{58714532-951F-0C3A-8860-2ED7411C6D85}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1D89886C-1BC7-978A-7790-BDF741552029}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{C2E207A0-6375-140A-3170-50737EB32D29}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{FF8A9A91-1E72-EE4A-04DA-6E7F65CB626D}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{78B5E5BC-C2B2-3439-0750-C9FC7AAE173B}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{28B38E4C-1FCC-0AB9-F2CE-7079DF8CF8A5}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{6CD61388-4F40-E91A-17A1-E821F0BB92E1}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{F38E5A65-9C76-3757-9D69-672FACA088D4}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{994B3C1F-F48C-B29E-D88A-06322D70B45C}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{7C42C52E-DFF2-8BD6-5134-DCB5FBB8A5EE}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{3372CE65-1178-B53F-C228-254C7F7F118F}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{80C20F9B-C28F-E3ED-726C-86BFC24EEE3B}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{16FC5B97-5AC3-056E-1A1B-FF36B790575E}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{D955A619-B0BA-FB07-0590-675FA7A127CF}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{686AF1D4-4D23-8115-9968-FE32775067C8}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{168E9C24-F28F-D630-74BB-4F4D66CFC871}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{66F96B6D-33A7-938C-2910-CA9C76E00742}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{59546E97-8B2F-0F51-5191-BF19438164A8}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Dreams Casino (HKLM-x32\...\{B8D65208-7D74-4510-ADCE-E328BF744980}) (Version: 18.07.0-RTG - RealTimeGaming Software)
DriverDR 6.5.0 (HKLM\...\DriverDR_is1) (Version: 6.5.0.0 - DriverDR.com)
Electrum-LTC (HKU\S-1-5-21-472246324-4182351025-1742220698-1000\...\Electrum-LTC) (Version: 2.6.4.2 - Electrum Technologies GmbH)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Firefox 62.0 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0 (x64 en-US)) (Version: 62.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.2 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
MultiBit HD 0.5.1 (HKLM\...\6925-4794-5772-4956) (Version: 0.5.1 - KeepKey,LLC)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Quick JPEG Image Resize and Crop (HKLM-x32\...\{2FDB98BE-6E6D-4543-A5FD-C4ABB6214FC9}) (Version: 1.0.0 - zzornixnet)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)
RoboForm 7-9-31-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-31-1 - Siber Systems)
RogueKiller version 12.12.21.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.21.0 - Adlice Software)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SWvape 1.10 (HKLM-x32\...\SWvape) (Version: 1.10 - SnowWolf)
TuneUp Utilities 2012 (HKLM-x32\...\{32364CEA-7855-4A3C-B674-53D8E9B97936}) (Version: 12.0.2012.117 - TuneUp Software) Hidden
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.2012.117 - TuneUp Software)
TuneUp Utilities Language Pack (en-US) (HKLM-x32\...\{A95A76C9-6F65-477E-83A0-9F884B6DC21B}) (Version: 12.0.2012.117 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WinDirStat 1.1.2 (HKU\S-1-5-21-472246324-4182351025-1742220698-1000\...\WinDirStat) (Version: - )
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wisdom-soft ScreenHunter 6.0 Pro (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Pro) (Version: - Wisdom Software Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [TuneUp Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-x64.dll [2011-10-12] (TuneUp Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {109A5B93-6535-4C9D-A4DA-88CDF83D241E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [2018-09-20] (AVAST Software)
Task: {152B9F39-8139-40DD-A58D-D27AF5DACF33} - System32\Tasks\{322D0C4F-6480-4025-A220-F0062D278362} => C:\Windows\system32\pcalua.exe -a C:\Users\Cableman\AppData\Local\Temp\jre-8u73-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {312BD938-A0D2-49C1-8F08-98BB9C922F0C} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-07-31] (Bitdefender)
Task: {3A2ADC24-413D-43FD-8E05-7E665859EADD} - System32\Tasks\{F795EA66-7CC9-4721-A632-F337E6C71C2E} => C:\Windows\system32\pcalua.exe -a C:\Users\Cableman\Downloads\install_easyshare.exe -d C:\Users\Cableman\Downloads
Task: {42B3AA22-C1A9-4279-9003-7D1ED44DAFAF} - System32\Tasks\EasyShare Registration Task => C:\Windows\system32\rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOffer@16
Task: {44CD2235-AC3A-43DE-854F-99E8818FFE85} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMJLLMKMJLNMGMHMHMCNJMKMLMNMCNKLKLNMNLCNJMMLKMNLCNJMJLLMKLJLNMNLLMGMKLGMPMJNJICMIMCNGMCNMMOMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMNMKMIMIMJNHICMEKMICNJJCKJNBJCMFLAJMIKJPIHJPNKLNIGJMJPNMKCJGJLIHJJNKJC (the data entry has 70 more characters).
Task: {4B72D81B-F319-4BFC-9694-17730164B605} - System32\Tasks\{F8033A37-DF19-4014-B889-46CCB2539EE0} => C:\Windows\system32\pcalua.exe -a "E:\Downloads (E Disc)\install_easyshare(1).exe" -d "E:\Downloads (E Disc)"
Task: {64954FCB-9E4D-4945-B25F-DB30E4695707} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-07-21] (Oracle Corporation)
Task: {65EE791C-C81A-492F-A1E4-2AEE37009A3E} - System32\Tasks\{BD660FDA-AFB1-4B27-8172-4C24A4C63963} => C:\Windows\system32\pcalua.exe -a D:\CH340SER.EXE -d D:\
Task: {6A788492-F89A-42F5-BB13-457B56D71F29} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-10] (Adobe Systems Incorporated)
Task: {7D1E889D-BB66-409B-9BEA-3B34C407F108} - System32\Tasks\DriverDR Scheduled Scan => C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe [2016-12-12] (DriverDR.com)
Task: {91C3AC90-3654-4096-ADA4-A26AE459A896} - System32\Tasks\AdobeAAMUpdater-1.0-Cableman-PC-Cableman => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {9A67BB4B-90DA-477D-8F93-CC6437F77015} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {9F9EC7CA-5947-4698-AFB7-E39FDD15A238} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-28] (Google Inc.)
Task: {AE65B875-E28C-4E90-854F-75FF535C7284} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-07-18] (Advanced Micro Devices, Inc.)
Task: {B481C4E9-274C-4DEF-8EBB-0FDA8DD94524} - System32\Tasks\{533492E2-CD07-432B-A8E0-FACBCFBD7843} => C:\Windows\system32\pcalua.exe -a C:\Users\Cableman\AppData\Local\Temp\jre-8u77-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {B4B19044-AC51-404E-AF6B-9F97D9F36921} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {C72DA0F5-4F9E-4E92-B14C-4C45F7F68884} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {CEF6C372-4F49-4753-B256-FC506596628F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-28] (Google Inc.)
Task: {E60A1567-8E35-47C1-B421-D22C6C0CCA8F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {FEA6FB26-2A04-401D-8421-8DDAA5802B80} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2018-01-21] (Siber Systems)
Task: {FF1B02A6-A51A-448D-83C3-E1DFD26D22FC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe [2018-05-15] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DriverDR Scheduled Scan.job => C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe--scan C:\Program Files\DriverDR.com
Task: C:\Windows\Tasks\EasyShare Registration Task.job => rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-08-22 22:18 - 2018-08-22 22:18 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-08-22 22:18 - 2018-08-22 22:18 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-02-16 15:50 - 2018-06-07 04:14 - 000278280 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2018-05-08 08:26 - 2018-05-08 08:26 - 000992704 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_002\ashttpbr.mdl
2018-05-08 08:26 - 2018-05-08 08:26 - 000543344 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_002\ashttpdsp.mdl
2018-05-08 08:26 - 2018-05-08 08:26 - 003228632 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_002\ashttpph.mdl
2018-05-08 08:26 - 2018-05-08 08:26 - 001527808 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_002\ashttprbl.mdl
2012-09-13 00:38 - 2012-09-13 00:38 - 000264040 _____ () E:\program Files\LWS\Webcam Software\CameraHelperShell.exe
2018-10-11 18:39 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-10-11 18:38 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-09-19 19:37 - 2018-09-15 04:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-19 19:37 - 2018-09-15 04:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll
2018-10-09 14:35 - 2018-10-09 14:35 - 031308288 _____ () C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\PepperFlash\31.0.0.122\pepflashplayer.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 002144104 _____ () E:\program Files\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 007955304 _____ () E:\program Files\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000341352 _____ () E:\program Files\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000028008 _____ () E:\program Files\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000127336 _____ () E:\program Files\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 000336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-12-05 07:40 - 2014-12-05 07:40 - 003502080 _____ () C:\Windows\SysWow64\ffdshow.ax

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\atieclxx.exe:BDU [1]
AlternateDataStreams: C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550 [2302]
AlternateDataStreams: C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656 [2302]
AlternateDataStreams: C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981 [2302]
AlternateDataStreams: C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587 [2302]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-11-01 03:28 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-472246324-4182351025-1742220698-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\startupreg: uTorrent => "C:\Users\Cableman\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{C7382027-A9BF-4D07-AFA6-DDEFA1635802}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [UDP Query User{C1DAFF23-EFB9-4852-9915-B90F6C08BA69}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [{21D54765-7A5C-4E3E-932E-BCC9321E312E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B097CEAA-E65F-49B6-85C8-14D3E043372B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{26DD1240-1DCA-42FC-8793-C174A17D21E4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{E98B12FE-3D80-4A82-B470-8A820646A251}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{D62B1FDB-4A70-4182-B4E8-B282DAB11F21}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{6F0D7993-2FFE-4A3D-831D-53580720A851}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{65EEB2D1-6FEA-4F74-81C9-6C2158A7F532}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{30ED9D58-7207-41EB-80C3-FAFB0A273E93}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{9C1323C5-36FC-45AE-AEE9-28A550A0A2CB}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [UDP Query User{771A8BF9-EEE3-4159-A240-AE96F503E6C5}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [{FA91D765-D533-49D5-AD9A-4C9A090E6771}] => (Allow) C:\Users\Cableman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C78E8A1C-75DB-4D1D-AEE0-DBD404503420}] => (Allow) C:\Users\Cableman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{48484C7B-449A-428F-B3FE-DB40F11FF40F}E:\program files\firefox.exe] => (Allow) E:\program files\firefox.exe
FirewallRules: [UDP Query User{CF038AFA-E209-468A-BA1A-4FD2608AEFA5}E:\program files\firefox.exe] => (Allow) E:\program files\firefox.exe
FirewallRules: [TCP Query User{598106F8-600A-4FC3-B4A3-13AAABAD17B0}E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe] => (Allow) E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe
FirewallRules: [UDP Query User{02B76AC4-612A-48E2-828A-16F697FD180D}E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe] => (Allow) E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe
FirewallRules: [{9869A8DB-C760-41F4-8E6E-E243F5AF85EA}] => (Allow) E:\program Files\firefox.exe
FirewallRules: [{76FB027D-7030-4E9B-9FBE-516C0699C0EE}] => (Allow) E:\program Files\firefox.exe
FirewallRules: [{4C1D1CDE-E28D-41C5-A754-5001BC608C45}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A8A237AD-3182-4ACE-8256-44C5B69CE780}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BF25AADD-7DCD-4AF8-9E7B-4FE25DF957EF}E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe] => (Allow) E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe
FirewallRules: [UDP Query User{09037A23-2BEE-4BC0-A3D9-FD3DEAB69505}E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe] => (Allow) E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe
FirewallRules: [{ABAD5013-B63A-4FD7-8B5D-7BB8BF801852}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{858FB30C-06F5-4EDF-BD9C-E33E074F9986}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{E74F2960-5F2C-433D-B4BE-038269151BDE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{60BFF013-84AC-4043-9D36-F3961C1AF70A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B312AB63-770A-4845-8843-1C324FD3BF72}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AABAF341-4D39-40A8-A147-3311217D861C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

==================== Restore Points =========================

10-10-2018 01:17:21 Installed iTunes

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/11/2018 01:55:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/10/2018 01:18:22 AM) (Source: MsiInstaller) (EventID: 11303) (User: Cableman-PC)
Description: Product: iTunes -- Error 1303. The installer has insufficient privileges to access this directory: E:\program Files\iTunes.Resources\de.lproj. The installation cannot continue. Log on as administrator or contact your system administrator.

Error: (10/10/2018 01:18:19 AM) (Source: MsiInstaller) (EventID: 11303) (User: Cableman-PC)
Description: Product: iTunes -- Error 1303. The installer has insufficient privileges to access this directory: E:\program Files\iTunes.Resources\de.lproj. The installation cannot continue. Log on as administrator or contact your system administrator.

Error: (10/10/2018 01:18:15 AM) (Source: MsiInstaller) (EventID: 11303) (User: Cableman-PC)
Description: Product: iTunes -- Error 1303. The installer has insufficient privileges to access this directory: E:\program Files\iTunes.Resources\de.lproj. The installation cannot continue. Log on as administrator or contact your system administrator.

Error: (10/10/2018 01:18:11 AM) (Source: MsiInstaller) (EventID: 11303) (User: Cableman-PC)
Description: Product: iTunes -- Error 1303. The installer has insufficient privileges to access this directory: E:\program Files\iTunes.Resources\de.lproj. The installation cannot continue. Log on as administrator or contact your system administrator.

Error: (10/10/2018 01:18:07 AM) (Source: MsiInstaller) (EventID: 11303) (User: Cableman-PC)
Description: Product: iTunes -- Error 1303. The installer has insufficient privileges to access this directory: E:\program Files\iTunes.Resources\de.lproj. The installation cannot continue. Log on as administrator or contact your system administrator.

Error: (10/05/2018 08:28:36 PM) (Source: MsiInstaller) (EventID: 11606) (User: Cableman-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (10/05/2018 08:28:35 PM) (Source: MsiInstaller) (EventID: 11606) (User: Cableman-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.


System errors:
=============
Error: (10/12/2018 06:58:11 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/12/2018 06:58:09 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/12/2018 06:58:07 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/12/2018 06:58:04 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/12/2018 06:58:02 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/12/2018 06:58:00 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/12/2018 06:57:58 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/12/2018 06:57:56 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.


Windows Defender:
===================================
Date: 2016-05-05 03:12:44.749
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x8050800d
Error description:Some history items could not be displayed. Please wait a few minutes and try again. If that doesn't work, clear the history and then try again.
Signature version:1.219.648.0
Engine version:1.1.12706.0

Date: 2016-04-30 02:43:47.991
Description:
%1 engine has been terminated due to an unexpected error.
Failure Type:%5
Exception code:%6
Resource:%3

Date: 2016-03-30 06:08:38.359
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x8050800d
Error description:Some history items could not be displayed. Please wait a few minutes and try again. If that doesn't work, clear the history and then try again.
Signature version:1.217.23.0
Engine version:1.1.12603.0

CodeIntegrity:
===================================

Date: 2016-11-01 03:28:26.924
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-01 03:28:26.846
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-01 03:28:26.706
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-01 03:28:26.628
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-13 04:47:44.894
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-13 04:47:44.792
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-17 22:06:45.742
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-17 22:06:45.695
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Xeon(R) CPU E5420 @ 2.50GHz
Percentage of memory in use: 41%
Total physical RAM: 32765.66 MB
Available physical RAM: 19244.21 MB
Total Virtual: 65529.5 MB
Available Virtual: 51073.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:24.7 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:232.83 GB) (Free:206.95 GB) NTFS

\\?\Volume{c9a29847-648d-11e4-a990-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 2C0BAB62)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.8 GB) (Disk ID: 23982539)
Partition 1: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
You actually started two topics in the past. One of them abandoned and another one, you never continued.
This can't happen again. If it does I won't be able to help you in the future.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

cableman

TS Booster
Would you please give me a chance to fix my computer. I am home bound and have to live where I am hated. Every day is a nightmare and night is the same or worse with the night terrors if I even sleep. My only way of making any money is using the computer. As you know you can handle bank accounts; actually any account that has an online access and there are many ways to make a little money here and there when all you have is time all day long in a closed room. I don't need anybody feeling sorry for me cause this world never promises anyone anything but I do expect you to listen to my apology for wasting your valuable time in the past. I honestly don't remember why I stopped responding the first time you are referring to but the second time we had a terrible lightning storm and it ran through the internet and phone cables and it seemed like it was a month for them to get all the lines replaced underground. This last week I have been doing my best to figure a way out of this place. I am waiting on the results from my disability hearing last month so that will give me options and I have been trying to catch up on all the unfinished business around here so if I get the chance I will be able to leave immediately and I lost track of the time working all day and night most of the week. It is no excuse, I don't offer excuses. I only offer sincere apologies and the truth. If you will continue to work with me I promise not to get behind again. My computer is my life support. I am enclosing the scan results in case you change your mind and decide to take a look.
RogueKiller V12.13.5.0 (x64) [Oct 15 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Cableman [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 10/18/2018 12:10:58 (Duration : 00:43:18)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] b94acabeb7afa9f7f746c1aeb661aef4
[BSP] fee4b8c015ddb781f619a422882acf0f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114370 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 46a82c0c693a56b88ea2ffa8ed812859
[BSP] ef24a8f7d405a17b654ef10fe0e82727 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238416 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

cableman

TS Booster
Just is case you might be interested, here are the results of the MalWareBytes scan :
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/18/18
Scan Time: 1:36 PM
Log File: 505e42e6-d2fc-11e8-84ca-0023cdb0c4c0.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7419
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cableman-PC\Cableman

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 288842
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 33 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

cableman

TS Booster
Just in case you decided to follow my log reports, then here is the last one you asked for :
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-18-2018
# Duration: 00:00:00
# OS: Windows 7 Ultimate
# Cleaned: 2
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask
Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1505 octets] - [17/06/2018 21:36:37]
AdwCleaner[C00].txt - [1615 octets] - [17/06/2018 21:38:53]
AdwCleaner[S01].txt - [1414 octets] - [18/10/2018 13:57:37]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
IF YOU READ THIS FAR THEN PERHAPS YOUR ARE NOT QUITE READY TO GIVE UP ON ME IF I KEEP BEHAVING. THANK YOU IF YOU ARE READING THIS.
 

Broni

Malware Annihilator
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

cableman

TS Booster
I ran the scan again and here is the first log :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.09.2018
Ran by Cableman (administrator) on CABLEMAN-PC (23-10-2018 14:39:20)
Running from E:\Downloads (E Disc)
Loaded Profiles: Cableman (Available Profiles: Cableman & Alienvape)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Logitech Inc.) E:\program Files\LWS\Webcam Software\LWS.exe
() E:\program Files\LWS\Webcam Software\CameraHelperShell.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Wisdom Software Inc. ) C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Pro\ScreenHunter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LWS] => E:\program Files\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-472246324-4182351025-1742220698-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2018-01-21] (Siber Systems)
HKU\S-1-5-21-472246324-4182351025-1742220698-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-472246324-4182351025-1742220698-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe [1367552 2018-05-15] (Adobe Systems Incorporated)
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
Startup: C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2018-10-11]
ShortcutTarget: Logitech . Product Registration.lnk -> E:\program Files\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2018-09-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{556A0634-C59C-448B-8E03-E2392A335438}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{55D76FDF-660D-4311-80DF-7F798AE0F150}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-472246324-4182351025-1742220698-1000 -> DefaultScope {271CD41F-B832-471F-8225-FC01F8ED3721} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-472246324-4182351025-1742220698-1000 -> {271CD41F-B832-471F-8225-FC01F8ED3721} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-01-21] (Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-27] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-27] (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-01-21] (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-01-21] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-01-21] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-472246324-4182351025-1742220698-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-01-21] (Siber Systems Inc.)

FireFox:
========
FF DefaultProfile: orqz79o3.default-1479538638542-1528069793611
FF DefaultProfile: cableman@bellsouth.net
FF ProfilePath: C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611 [2018-10-23]
FF user.js: detected! => C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611\user.js [2018-07-19]
FF NetworkProxy: Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611 -> type", 0
FF Extension: (AdBlocker Ultimate) - C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611\Extensions\adblockultimate@adblockultimate.net.xpi [2018-10-19]
FF Extension: (RoboForm Password Manager) - C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611\Extensions\rf-firefox@siber.com.xpi [2018-07-27]
FF Extension: (Ad-Blocker) - C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611\Extensions\{b89efd87-232e-4829-87d2-22148919d72f}.xpi [2018-06-06]
FF Extension: (Adblock Plus) - C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-08-30]
FF Extension: (Telemetry coverage) - C:\Users\Cableman\AppData\Roaming\Mozilla\Firefox\Profiles\orqz79o3.default-1479538638542-1528069793611\features\{666f1fea-a27a-4aaf-a43a-6434fcdb3d02}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-17] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-18] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
StartMenuInternet: Firefox-C781389E15BFD1A7 - E:\program Files\firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/webhp?source=search_app"
CHR Profile: C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default [2018-10-23]
CHR Extension: (Slides) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2018-08-14]
CHR Extension: (YouTube) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-16]
CHR Extension: (uBlock Origin) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-09-30]
CHR Extension: (Google Search) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-09-23]
CHR Extension: (Sheets) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20]
CHR Extension: (Windscribe - Free VPN and Ad Blocker) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2018-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-18]
CHR Extension: (RoboForm Password Manager) - C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2018-10-06]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2018-01-21]
CHR HKU\S-1-5-21-472246324-4182351025-1742220698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2018-01-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc.)
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2195280 2018-06-07] (Bitdefender)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1284032 2018-07-31] (Bitdefender)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2072896 2011-10-12] (TuneUp Software)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [239400 2018-06-07] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [239400 2018-06-07] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [239400 2018-09-21] (Bitdefender)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 atc; C:\Windows\System32\DRIVERS\atc.sys [1292296 2018-09-21] (BitDefender S.R.L. Bucharest, ROMANIA)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
R0 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [357768 2018-10-10] (Bitdefender)
R3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [282008 2018-09-21] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 Gemma; C:\Windows\System32\DRIVERS\Gemma.sys [352704 2018-10-10] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\Windows\System32\drivers\gzflt.sys [193184 2018-07-04] (BitDefender LLC)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2016-09-21] (The OpenVPN Project)
R2 trufos; C:\Windows\System32\drivers\trufos.sys [609576 2018-09-21] (Bitdefender)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-09-22] (TuneUp Software)
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102576 2015-08-10] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25904 2015-08-10] ()
S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [701232 2015-08-10] ()
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-09-30] (C-Media Electronics Inc)
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-18 13:45 - 2018-10-18 13:45 - 007592144 _____ (Malwarebytes) C:\Users\Cableman\Desktop\AdwCleaner.exe
2018-10-18 13:30 - 2018-10-18 13:30 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-18 13:30 - 2018-10-18 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-18 13:30 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-10-18 13:29 - 2018-10-18 13:29 - 000000000 ____D C:\Program Files\Malwarebytes
2018-10-18 13:26 - 2018-10-18 13:26 - 000000000 ____D C:\ProgramData\MB3Install
2018-10-18 13:22 - 2018-10-18 13:23 - 080022264 _____ (Malwarebytes ) C:\Users\Cableman\Desktop\mb3-setup-54035.54035-3.6.1.2711-1.0.463-1.0.6913.exe
2018-10-18 12:03 - 2018-10-18 12:06 - 036961368 _____ (Adlice Software ) C:\Users\Cableman\Desktop\RogueKiller_setup_ref3.exe
2018-10-16 16:39 - 2018-10-16 16:39 - 000000000 ____D C:\Users\Cableman\Desktop\All Things Bitcoin
2018-10-13 18:30 - 2018-10-13 18:30 - 000001225 _____ C:\Users\Cableman\Desktop\Plarium Play.lnk
2018-10-13 18:30 - 2018-10-13 18:30 - 000000000 ____D C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plarium
2018-10-13 18:30 - 2018-10-13 18:30 - 000000000 ____D C:\Users\Cableman\AppData\Local\Plarium
2018-10-13 18:29 - 2018-10-13 18:30 - 000000000 ____D C:\Users\Cableman\AppData\Local\Package Cache
2018-10-12 22:52 - 2018-10-12 22:56 - 000000000 ____D C:\Users\Cableman\Desktop\Scan logs etc. for computer repaire
2018-10-11 18:39 - 2018-10-11 18:39 - 000000000 ____D C:\Users\Cableman\AppData\Local\mbamtray
2018-10-11 18:28 - 2018-10-11 18:28 - 000000000 ____D C:\Users\Cableman\AppData\Local\mbam
2018-10-11 14:35 - 2018-10-11 14:35 - 000010635 _____ C:\Users\Cableman\Desktop\Training - Train Units Contract Calculator.rar
2018-10-11 14:33 - 2018-10-11 14:33 - 000407966 _____ C:\Users\Cableman\Desktop\Solving Soldiers Inc v2 (1).zip
2018-10-11 14:28 - 2018-10-11 14:28 - 006080539 _____ C:\Users\Cableman\Desktop\Soldiers Inc. Files and Info.rar
2018-10-11 14:14 - 2018-10-11 14:53 - 000000000 ____D C:\Users\Cableman\Desktop\Soldiers Inc. Files and Info
2018-10-11 13:52 - 2018-10-11 13:52 - 000001413 _____ C:\Users\Alienvape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-10-11 13:52 - 2018-10-11 13:52 - 000000020 ___SH C:\Users\Alienvape\ntuser.ini
2018-10-11 13:52 - 2018-10-11 13:52 - 000000000 ____D C:\Users\Alienvape\AppData\Roaming\Adobe
2018-10-11 13:52 - 2018-10-11 13:52 - 000000000 ____D C:\Users\Alienvape\AppData\Local\VirtualStore
2018-10-11 13:52 - 2018-10-11 13:52 - 000000000 ____D C:\Users\Alienvape\AppData\Local\Google
2018-10-11 13:52 - 2018-10-11 13:52 - 000000000 ____D C:\Users\Alienvape
2018-10-11 13:52 - 2015-12-29 16:43 - 000000000 ____D C:\Users\Alienvape\AppData\Local\Microsoft Help
2018-10-11 13:52 - 2010-11-21 03:16 - 000000000 ____D C:\Users\Alienvape\AppData\Roaming\Media Center Programs
2018-10-10 06:28 - 2018-10-10 06:28 - 000352704 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\Gemma.sys
2018-10-10 01:17 - 2018-10-10 01:17 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-10-10 01:17 - 2018-10-10 01:17 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2018-10-10 01:17 - 2018-10-10 01:17 - 000000000 ____D C:\Users\Cableman\AppData\Local\Apple
2018-10-10 01:17 - 2018-10-10 01:17 - 000000000 ____D C:\Program Files\Bonjour
2018-10-10 01:17 - 2018-10-10 01:17 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-10-10 01:17 - 2018-10-10 01:17 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-10-10 01:16 - 2018-10-10 01:17 - 000000000 ____D C:\ProgramData\Apple
2018-10-10 01:16 - 2018-10-10 01:17 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-10-07 09:54 - 2018-10-07 09:54 - 000000000 ____D C:\Program Files (x86)\Logitech

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-23 14:39 - 2018-01-13 18:54 - 000000000 ____D C:\FRST
2018-10-23 14:38 - 2017-02-16 15:49 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2018-10-23 04:26 - 2009-07-14 00:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-23 04:26 - 2009-07-14 00:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-21 15:43 - 2015-02-08 15:37 - 000007891 _____ C:\Windows\BRRBCOM.INI
2018-10-19 02:00 - 2014-11-05 06:18 - 000000000 ____D C:\Users\Cableman\AppData\Local\Adobe
2018-10-18 15:46 - 2016-11-20 09:07 - 000000000 ____D C:\Users\Cableman\AppData\LocalLow\Mozilla
2018-10-18 15:07 - 2018-07-13 06:51 - 000004474 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-10-18 15:07 - 2014-11-05 06:21 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-10-18 15:07 - 2014-11-05 06:21 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-18 15:07 - 2014-11-05 06:21 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-10-18 15:07 - 2014-11-05 06:21 - 000000000 ____D C:\Windows\system32\Macromed
2018-10-18 14:11 - 2009-07-14 01:13 - 000796254 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-18 14:11 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-10-18 14:07 - 2016-10-28 17:05 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2018-10-18 14:04 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-18 13:29 - 2018-06-11 04:43 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-10-18 13:29 - 2014-12-03 08:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-18 13:29 - 2014-11-04 18:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-10-18 13:28 - 2018-09-16 17:33 - 000000416 _____ C:\Windows\Tasks\DriverDR Scheduled Scan.job
2018-10-18 12:11 - 2015-07-17 06:43 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-10-18 12:10 - 2018-06-17 18:51 - 000000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-10-18 12:10 - 2016-09-05 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-10-18 12:10 - 2016-09-05 19:22 - 000000000 ____D C:\Program Files\RogueKiller
2018-10-16 17:38 - 2017-05-28 15:20 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-16 17:38 - 2017-05-28 15:20 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-10-16 14:48 - 2018-09-19 03:48 - 000000000 ____D C:\Users\Cableman\Desktop\Ruby Casino
2018-10-15 10:06 - 2017-11-04 14:28 - 000000000 ____D C:\Users\Cableman\Desktop\Soldiers Inc
2018-10-11 18:55 - 2018-06-14 21:19 - 000000000 ____D C:\Users\Cableman\Desktop\Fabar Tool
2018-10-11 00:08 - 2016-07-06 22:33 - 000000406 _____ C:\Windows\Tasks\EasyShare Registration Task.job
2018-10-10 05:56 - 2017-11-09 17:07 - 000357768 _____ (Bitdefender) C:\Windows\system32\Drivers\bddci.sys
2018-10-10 02:09 - 2015-07-20 04:22 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-07 09:54 - 2018-05-13 23:04 - 000001624 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2018-10-07 09:54 - 2018-05-13 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2018-10-07 09:47 - 2014-12-09 23:03 - 000000000 ____D C:\Users\Cableman\AppData\Local\ElevatedDiagnostics
2018-10-05 20:29 - 2016-12-25 11:03 - 000000000 ___DC C:\Users\Cableman\AppData\Local\MigWiz

==================== Files in the root of some directories =======

2018-06-14 20:38 - 2018-06-14 20:38 - 000007605 _____ () C:\Users\Cableman\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-10-18 12:10 - 2017-05-12 14:24 - 001732864 _____ (Microsoft Corporation) C:\Users\Cableman\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-18 14:31

==================== End of FRST.txt ============================
 

cableman

TS Booster
And here is the addition text :
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.09.2018
Ran by Cableman (23-10-2018 14:40:23)
Running from E:\Downloads (E Disc)
Windows 7 Ultimate Service Pack 1 (X64) (2014-11-04 22:03:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-472246324-4182351025-1742220698-500 - Administrator - Disabled)
Alienvape (S-1-5-21-472246324-4182351025-1742220698-1003 - Administrator - Enabled) => C:\Users\Alienvape
ASPNET (S-1-5-21-472246324-4182351025-1742220698-1002 - Limited - Enabled)
Cableman (S-1-5-21-472246324-4182351025-1742220698-1000 - Administrator - Enabled) => C:\Users\Cableman
Guest (S-1-5-21-472246324-4182351025-1742220698-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-472246324-4182351025-1742220698-1000\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0CB84A7D-9697-4526-A819-60FB050E8F05}) (Version: 7.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.5.14 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{3A8008D5-C834-1CA9-68CB-E9F49F0AB120}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{884596CF-79B1-13A0-7334-563BB3A75F45}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{223D250A-AABB-A9AA-7D07-7FA086D7BF62}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{58714532-951F-0C3A-8860-2ED7411C6D85}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1D89886C-1BC7-978A-7790-BDF741552029}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{C2E207A0-6375-140A-3170-50737EB32D29}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{FF8A9A91-1E72-EE4A-04DA-6E7F65CB626D}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{78B5E5BC-C2B2-3439-0750-C9FC7AAE173B}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{28B38E4C-1FCC-0AB9-F2CE-7079DF8CF8A5}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{6CD61388-4F40-E91A-17A1-E821F0BB92E1}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{F38E5A65-9C76-3757-9D69-672FACA088D4}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{994B3C1F-F48C-B29E-D88A-06322D70B45C}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{7C42C52E-DFF2-8BD6-5134-DCB5FBB8A5EE}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{3372CE65-1178-B53F-C228-254C7F7F118F}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{80C20F9B-C28F-E3ED-726C-86BFC24EEE3B}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{16FC5B97-5AC3-056E-1A1B-FF36B790575E}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{D955A619-B0BA-FB07-0590-675FA7A127CF}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{686AF1D4-4D23-8115-9968-FE32775067C8}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{168E9C24-F28F-D630-74BB-4F4D66CFC871}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{66F96B6D-33A7-938C-2910-CA9C76E00742}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{59546E97-8B2F-0F51-5191-BF19438164A8}) (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Dreams Casino (HKLM-x32\...\{B8D65208-7D74-4510-ADCE-E328BF744980}) (Version: 18.07.0-RTG - RealTimeGaming Software)
DriverDR 6.5.0 (HKLM\...\DriverDR_is1) (Version: 6.5.0.0 - DriverDR.com)
Electrum-LTC (HKU\S-1-5-21-472246324-4182351025-1742220698-1000\...\Electrum-LTC) (Version: 2.6.4.2 - Electrum Technologies GmbH)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.67 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Firefox 62.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0.3 (x64 en-US)) (Version: 62.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.2 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
MultiBit HD 0.5.1 (HKLM\...\6925-4794-5772-4956) (Version: 0.5.1 - KeepKey,LLC)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Plarium Play (HKLM-x32\...\{2E1A784A-C6F3-4BBA-B953-3EEEFC0EADE4}) (Version: 2.0.0.0 - Plarium) Hidden
Plarium Play (HKU\S-1-5-21-472246324-4182351025-1742220698-1000\...\{5482783f-c6d5-4834-9ef7-bed55f1750e1}) (Version: 2.0.0.0 - Plarium)
Quick JPEG Image Resize and Crop (HKLM-x32\...\{2FDB98BE-6E6D-4543-A5FD-C4ABB6214FC9}) (Version: 1.0.0 - zzornixnet)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)
RoboForm 7-9-31-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-31-1 - Siber Systems)
RogueKiller version 12.13.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.13.5.0 - Adlice Software)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SWvape 1.10 (HKLM-x32\...\SWvape) (Version: 1.10 - SnowWolf)
TuneUp Utilities 2012 (HKLM-x32\...\{32364CEA-7855-4A3C-B674-53D8E9B97936}) (Version: 12.0.2012.117 - TuneUp Software) Hidden
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.2012.117 - TuneUp Software)
TuneUp Utilities Language Pack (en-US) (HKLM-x32\...\{A95A76C9-6F65-477E-83A0-9F884B6DC21B}) (Version: 12.0.2012.117 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WinDirStat 1.1.2 (HKU\S-1-5-21-472246324-4182351025-1742220698-1000\...\WinDirStat) (Version: - )
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wisdom-soft ScreenHunter 6.0 Pro (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Pro) (Version: - Wisdom Software Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [TuneUp Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-x64.dll [2011-10-12] (TuneUp Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {109A5B93-6535-4C9D-A4DA-88CDF83D241E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [2018-09-20] (AVAST Software)
Task: {152B9F39-8139-40DD-A58D-D27AF5DACF33} - System32\Tasks\{322D0C4F-6480-4025-A220-F0062D278362} => C:\Windows\system32\pcalua.exe -a C:\Users\Cableman\AppData\Local\Temp\jre-8u73-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {312BD938-A0D2-49C1-8F08-98BB9C922F0C} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-07-31] (Bitdefender)
Task: {3A2ADC24-413D-43FD-8E05-7E665859EADD} - System32\Tasks\{F795EA66-7CC9-4721-A632-F337E6C71C2E} => C:\Windows\system32\pcalua.exe -a C:\Users\Cableman\Downloads\install_easyshare.exe -d C:\Users\Cableman\Downloads
Task: {42B3AA22-C1A9-4279-9003-7D1ED44DAFAF} - System32\Tasks\EasyShare Registration Task => C:\Windows\system32\rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOffer@16
Task: {44CD2235-AC3A-43DE-854F-99E8818FFE85} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMJLLMKMJLNMGMHMHMCNJMKMLMNMCNKLKLNMNLCNJMMLKMNLCNJMJLLMKLJLNMNLLMGMKLGMPMJNJICMIMCNGMCNMMOMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMNMKMIMIMJNHICMEKMICNJJCKJNBJCMFLAJMIKJPIHJPNKLNIGJMJPNMKCJGJLIHJJNKJC (the data entry has 70 more characters).
Task: {4B72D81B-F319-4BFC-9694-17730164B605} - System32\Tasks\{F8033A37-DF19-4014-B889-46CCB2539EE0} => C:\Windows\system32\pcalua.exe -a "E:\Downloads (E Disc)\install_easyshare(1).exe" -d "E:\Downloads (E Disc)"
Task: {64954FCB-9E4D-4945-B25F-DB30E4695707} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-07-21] (Oracle Corporation)
Task: {65EE791C-C81A-492F-A1E4-2AEE37009A3E} - System32\Tasks\{BD660FDA-AFB1-4B27-8172-4C24A4C63963} => C:\Windows\system32\pcalua.exe -a D:\CH340SER.EXE -d D:\
Task: {6A788492-F89A-42F5-BB13-457B56D71F29} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-18] (Adobe Systems Incorporated)
Task: {7D1E889D-BB66-409B-9BEA-3B34C407F108} - System32\Tasks\DriverDR Scheduled Scan => C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe [2016-12-12] (DriverDR.com)
Task: {91C3AC90-3654-4096-ADA4-A26AE459A896} - System32\Tasks\AdobeAAMUpdater-1.0-Cableman-PC-Cableman => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {9A67BB4B-90DA-477D-8F93-CC6437F77015} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {9F9EC7CA-5947-4698-AFB7-E39FDD15A238} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-28] (Google Inc.)
Task: {AE65B875-E28C-4E90-854F-75FF535C7284} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-07-18] (Advanced Micro Devices, Inc.)
Task: {B481C4E9-274C-4DEF-8EBB-0FDA8DD94524} - System32\Tasks\{533492E2-CD07-432B-A8E0-FACBCFBD7843} => C:\Windows\system32\pcalua.exe -a C:\Users\Cableman\AppData\Local\Temp\jre-8u77-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {B4B19044-AC51-404E-AF6B-9F97D9F36921} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {C72DA0F5-4F9E-4E92-B14C-4C45F7F68884} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {CEF6C372-4F49-4753-B256-FC506596628F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-28] (Google Inc.)
Task: {E60A1567-8E35-47C1-B421-D22C6C0CCA8F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {FEA6FB26-2A04-401D-8421-8DDAA5802B80} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2018-01-21] (Siber Systems)
Task: {FF1B02A6-A51A-448D-83C3-E1DFD26D22FC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe [2018-05-15] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DriverDR Scheduled Scan.job => C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe--scan C:\Program Files\DriverDR.com
Task: C:\Windows\Tasks\EasyShare Registration Task.job => rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-08-22 22:18 - 2018-08-22 22:18 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-08-22 22:18 - 2018-08-22 22:18 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-02-16 15:50 - 2018-06-07 04:14 - 000278280 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2018-05-08 08:26 - 2018-05-08 08:26 - 000992704 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_002\ashttpbr.mdl
2018-05-08 08:26 - 2018-05-08 08:26 - 000543344 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_002\ashttpdsp.mdl
2018-05-08 08:26 - 2018-05-08 08:26 - 003228632 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_002\ashttpph.mdl
2018-05-08 08:26 - 2018-05-08 08:26 - 001527808 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_002\ashttprbl.mdl
2012-09-13 00:38 - 2012-09-13 00:38 - 000264040 _____ () E:\program Files\LWS\Webcam Software\CameraHelperShell.exe
2018-10-16 17:38 - 2018-10-15 20:01 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.67\libglesv2.dll
2018-10-16 17:38 - 2018-10-15 20:01 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.67\libegl.dll
2018-10-09 14:35 - 2018-10-09 14:35 - 031308288 _____ () C:\Users\Cableman\AppData\Local\Google\Chrome\User Data\PepperFlash\31.0.0.122\pepflashplayer.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 002144104 _____ () E:\program Files\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 007955304 _____ () E:\program Files\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000341352 _____ () E:\program Files\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000028008 _____ () E:\program Files\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000127336 _____ () E:\program Files\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 000336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\atieclxx.exe:BDU [1]
AlternateDataStreams: C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550 [2302]
AlternateDataStreams: C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656 [2302]
AlternateDataStreams: C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981 [2302]
AlternateDataStreams: C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587 [2302]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-11-01 03:28 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-472246324-4182351025-1742220698-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cableman\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\startupreg: uTorrent => "C:\Users\Cableman\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{C7382027-A9BF-4D07-AFA6-DDEFA1635802}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [UDP Query User{C1DAFF23-EFB9-4852-9915-B90F6C08BA69}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [{21D54765-7A5C-4E3E-932E-BCC9321E312E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B097CEAA-E65F-49B6-85C8-14D3E043372B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{26DD1240-1DCA-42FC-8793-C174A17D21E4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{E98B12FE-3D80-4A82-B470-8A820646A251}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{D62B1FDB-4A70-4182-B4E8-B282DAB11F21}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{6F0D7993-2FFE-4A3D-831D-53580720A851}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{65EEB2D1-6FEA-4F74-81C9-6C2158A7F532}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{30ED9D58-7207-41EB-80C3-FAFB0A273E93}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{9C1323C5-36FC-45AE-AEE9-28A550A0A2CB}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [UDP Query User{771A8BF9-EEE3-4159-A240-AE96F503E6C5}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [{FA91D765-D533-49D5-AD9A-4C9A090E6771}] => (Allow) C:\Users\Cableman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C78E8A1C-75DB-4D1D-AEE0-DBD404503420}] => (Allow) C:\Users\Cableman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{48484C7B-449A-428F-B3FE-DB40F11FF40F}E:\program files\firefox.exe] => (Allow) E:\program files\firefox.exe
FirewallRules: [UDP Query User{CF038AFA-E209-468A-BA1A-4FD2608AEFA5}E:\program files\firefox.exe] => (Allow) E:\program files\firefox.exe
FirewallRules: [TCP Query User{598106F8-600A-4FC3-B4A3-13AAABAD17B0}E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe] => (Allow) E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe
FirewallRules: [UDP Query User{02B76AC4-612A-48E2-828A-16F697FD180D}E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe] => (Allow) E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe
FirewallRules: [{9869A8DB-C760-41F4-8E6E-E243F5AF85EA}] => (Allow) E:\program Files\firefox.exe
FirewallRules: [{76FB027D-7030-4E9B-9FBE-516C0699C0EE}] => (Allow) E:\program Files\firefox.exe
FirewallRules: [{4C1D1CDE-E28D-41C5-A754-5001BC608C45}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A8A237AD-3182-4ACE-8256-44C5B69CE780}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BF25AADD-7DCD-4AF8-9E7B-4FE25DF957EF}E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe] => (Allow) E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe
FirewallRules: [UDP Query User{09037A23-2BEE-4BC0-A3D9-FD3DEAB69505}E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe] => (Allow) E:\$recycle.bin\bitcoin info\all things bitcoin\ip reporter\ipreporter.exe
FirewallRules: [{858FB30C-06F5-4EDF-BD9C-E33E074F9986}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{E74F2960-5F2C-433D-B4BE-038269151BDE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{60BFF013-84AC-4043-9D36-F3961C1AF70A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B312AB63-770A-4845-8843-1C324FD3BF72}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AABAF341-4D39-40A8-A147-3311217D861C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{3B4E19EF-B062-492C-9F76-6EA0CDB447E9}H:\all things bitcoin\ip reporter\ipreporter.exe] => (Allow) H:\all things bitcoin\ip reporter\ipreporter.exe
FirewallRules: [UDP Query User{EF487A7B-7E4E-4209-8580-FA573663F125}H:\all things bitcoin\ip reporter\ipreporter.exe] => (Allow) H:\all things bitcoin\ip reporter\ipreporter.exe
FirewallRules: [{F8A94127-99C9-4621-8844-940BDFE3B5D1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

22-10-2018 06:57:52 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/23/2018 02:35:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NOTEPAD.EXE version 6.1.7601.18917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 67c

Start Time: 01d46aff0055a734

Termination Time: 65

Application Path: C:\Windows\system32\NOTEPAD.EXE

Report Id:

Error: (10/18/2018 02:06:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/18/2018 01:31:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/18/2018 01:29:56 PM) (Source: MBAMIService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/17/2018 04:46:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90
Faulting module name: ntdll.dll, version: 6.1.7601.23807, time stamp: 0x5915fdce
Exception code: 0xc0000005
Fault offset: 0x0000000000048f24
Faulting process id: 0x181c
Faulting application start time: 0x01d461b3378d7c74
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: c7db161a-d24d-11e8-811b-0023ae846f78

Error: (10/11/2018 01:55:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/10/2018 01:18:22 AM) (Source: MsiInstaller) (EventID: 11303) (User: Cableman-PC)
Description: Product: iTunes -- Error 1303. The installer has insufficient privileges to access this directory: E:\program Files\iTunes.Resources\de.lproj. The installation cannot continue. Log on as administrator or contact your system administrator.

Error: (10/10/2018 01:18:19 AM) (Source: MsiInstaller) (EventID: 11303) (User: Cableman-PC)
Description: Product: iTunes -- Error 1303. The installer has insufficient privileges to access this directory: E:\program Files\iTunes.Resources\de.lproj. The installation cannot continue. Log on as administrator or contact your system administrator.


System errors:
=============
Error: (10/22/2018 06:54:01 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/22/2018 06:53:59 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/22/2018 06:53:57 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/22/2018 06:53:54 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/22/2018 06:53:52 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/22/2018 06:53:50 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/22/2018 06:53:47 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/22/2018 06:53:45 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.


Windows Defender:
===================================
Date: 2016-05-05 03:12:44.749
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x8050800d
Error description:Some history items could not be displayed. Please wait a few minutes and try again. If that doesn't work, clear the history and then try again.
Signature version:1.219.648.0
Engine version:1.1.12706.0

Date: 2016-04-30 02:43:47.991
Description:
%1 engine has been terminated due to an unexpected error.
Failure Type:%5
Exception code:%6
Resource:%3

Date: 2016-03-30 06:08:38.359
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x8050800d
Error description:Some history items could not be displayed. Please wait a few minutes and try again. If that doesn't work, clear the history and then try again.
Signature version:1.217.23.0
Engine version:1.1.12603.0

CodeIntegrity:
===================================

Date: 2016-11-01 03:28:26.924
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-01 03:28:26.846
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-01 03:28:26.706
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-01 03:28:26.628
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-13 04:47:44.894
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-13 04:47:44.792
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-17 22:06:45.742
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-17 22:06:45.695
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Xeon(R) CPU E5420 @ 2.50GHz
Percentage of memory in use: 81%
Total physical RAM: 32765.66 MB
Available physical RAM: 6086.92 MB
Total Virtual: 65529.5 MB
Available Virtual: 37028.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:25.09 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:232.83 GB) (Free:206.95 GB) NTFS

\\?\Volume{c9a29847-648d-11e4-a990-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 2C0BAB62)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.8 GB) (Disk ID: 23982539)
Partition 1: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Do NOT create new topic each time you reply!
Please reply right in this topic!


=====================================================

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

Broni

Malware Annihilator
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.