Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2019
Ran by Administrator (administrator) on CODER (Acer Aspire A515-51G) (14-06-2019 09:14:22)
Running from E:\TechSpot_Virus_Removal_Instructions\TechSpot Instruction
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows 10 Enterprise Version 1709 16299.192 (X64) Language: English (United States)
Default browser: "M:\FirefoxPortable\App\Firefox64\firefox.exe" -osint -url "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
() [File not signed] L:\Applications\Portable Application For Use\Launchy\Launchy.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVAST Software s.r.o. -> AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(ESET, spol. s r.o. -> ESET) D:\Program Files\ESET\ESET Security\egui.exe
(ESET, spol. s r.o. -> ESET) D:\Program Files\ESET\ESET Security\ekrn.exe
(Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxext.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\IntelCpHeciSvc.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation -> Mozilla Corporation) M:\FirefoxPortable\App\Firefox64\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) M:\FirefoxPortable\App\Firefox64\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) M:\FirefoxPortable\App\Firefox64\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) M:\FirefoxPortable\App\Firefox64\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) M:\FirefoxPortable\App\Firefox64\firefox.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Rare Ideas, LLC -> PortableApps.com) M:\FirefoxPortable\FirefoxPortable.exe
(Rare Ideas, LLC -> PortableApps.com) M:\GoogleChromePortable\GoogleChromePortable.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ShenZhen Foscam Intelligent Technology Co,Ltd -> ) D:\Program Files (x86)\IPCWebComponents\FosIPCCoreManager.exe
(ShenZhen Foscam Intelligent Technology Co,Ltd -> ) D:\Program Files (x86)\IPCWebComponents\IPCPlgSvr.exe
(TrueCrypt Foundation -> TrueCrypt Foundation) E:\TrueCrypt\TrueCrypt.exe
Failed to access process -> svchost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585296 2017-11-22] (Acronis International GmbH -> )
HKLM\...\Run: [RtHDVBg_CTPreset] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1484288 2017-04-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_ASC] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1484288 2017-04-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381312 2017-04-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [egui] => D:\Program Files\ESET\ESET Security\ecmds.exe [324216 2017-10-10] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvLaunch.exe [261000 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-11-22] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4620720 2017-11-22] (Acronis International GmbH -> )
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369240 2015-10-20] (Microsoft Corporation -> Microsoft Corp.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\MountPoints2: {94497376-2854-11e8-8b9a-9822ef5d28ca} - "G:\.\StartModem.exe"
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [309168 2016-02-02] (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\Windows\Jaksta\AC\x86\jaudcap.dll => C:\Windows\Jaksta\AC\x86\jaudcap.dll [261552 2016-02-02] (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd)
IFEO\osppsvc.exe: [Debugger] SppExtComObjPatcher.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013.lnk [2018-03-19]
ShortcutTarget: Outlook 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe (Microsoft Corporation -> )
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-07-05]
ShortcutTarget: Send to OneNote.lnk -> D:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00BF79A1-3FBD-4FBC-ADE3-1DF80D1C9B67} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {096FD4F4-9B45-4F79-972E-195DA43546F5} - System32\Tasks\Microsoft\Windows\PLA\MyDataCollector => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1462272 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
Task: {0973A22E-04AE-4CDC-BD04-7506C35BB1B1} - System32\Tasks\Stop VI => C:\Users\Administrator\Desktop\stop.bat
Task: {09B1DBE4-3B37-42B9-B688-92D0268E04BB} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [445744 2017-02-15] (Acer Incorporated -> Acer Incorporated)
Task: {0AC40EA4-FFFA-41F7-AD50-22706DEA6576} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [473904 2017-02-22] (Acer Incorporated -> Acer Incorporated)
Task: {18E48433-E259-413B-A5BD-F13CADABDE36} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [745920 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {29581800-DE6F-4DAA-88E4-24E875539A5E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CODER-Administrator Coder => D:\Program Files\Microsoft Office\Office15\MsoSync.exe [469640 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {393F8911-A151-4E38-A558-7B78F2D9FBF2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {396CDF69-AB09-417A-8893-1B7822BFD6F8} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4645168 2017-05-24] (Acer Incorporated -> )
Task: {42CDFE7E-E565-4E86-8F8D-789B756E559E} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2767664 2017-02-15] (Acer Incorporated -> Acer Incorporated)
Task: {54CBFF78-B6CC-463F-A01D-8CF8BC00D10A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd -> Piriform Ltd)
Task: {60116705-1C0D-4B43-9B08-2F815F8AF822} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1864640 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6D3F7826-1A11-4D90-8D45-130DC0483413} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
Task: {6FEE2E7B-90DA-42EE-AF01-1946C5FDB0EF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {78F053F1-B562-4691-ABE2-BF0E663B4F4E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [745920 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7C3706F7-5604-4DB7-A95F-4331AA274CF3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {7D260263-EC70-41C9-BEBB-D8DBAD5A7D1C} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41264 2017-02-22] (Acer Incorporated -> )
Task: {933EDA72-8974-4A57-A8B8-60BD97E7135C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [657856 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {990748EC-D28B-4409-9C4D-569F2B0A5CC1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [964544 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A53C7E44-37C0-4964-89D9-83D24EFEC47D} - System32\Tasks\Microsoft\Windows\PLA\System Resource Report => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1462272 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
Task: {A54A85BE-4325-4930-AEAF-E471B3E016B3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A9BC49B2-B000-43D4-B4D3-BCF5067B2D15} - System32\Tasks\Avast Emergency Update => D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2925960 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
Task: {ABC2A8CE-766D-49C9-9126-FDEA4B45FB34} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update => {A6BA00FE-40E8-477C-B713-C64A14F18ADB} C:\Windows\System32\wuautoappupdate.dll [57856 2017-11-26] (Microsoft Windows -> Microsoft Corporation)
Task: {ACB0FAB4-27E6-4AA4-96D7-644992BBB499} - System32\Tasks\DELUSER => C:\Users\Administrator\Desktop\del.bat [24 2019-06-13] () [File not signed]
Task: {E4290767-9AFE-4B69-B222-0D9FF0E0462A} - System32\Tasks\klcp_update => d:\program files (x86)\k-lite codec pack\tools\codectweaktool.exe [1179648 2018-03-19] () [File not signed]
Task: {E5CD5C38-9DE6-4985-92F3-1BF170B7CDFE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [521152 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E6440054-6A9E-4EF8-BD1B-2DBA0BB6E66E} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920752 2017-05-24] (Acer Incorporated -> )
Task: {ED014DF2-C992-4016-AB07-3EC5E44D0C34} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {F261EE35-9E83-41C7-B60A-55C09B520852} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [657856 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FB235D23-1341-4308-827B-C038FE425E5E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [543536 2016-12-06] (Intel(R) Trust Services -> Intel(R) Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.8.8
Tcpip\..\Interfaces\{4bc6fbac-6a36-4a4a-a401-f4a4f901f0e2}: [NameServer] 10.255.255.254
Tcpip\..\Interfaces\{d660a15d-478e-4d1a-891a-9b9d571f15d7}: [DhcpNameServer] 8.8.8.8 8.8.8.8
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-14] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_162\bin\ssv.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_162\bin\jp2ssv.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-14] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 5dfsawqm.default
FF DefaultProfile: as51hvxm.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Pencil\Profiles\5dfsawqm.default [2019-04-26]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\as51hvxm.default [2019-06-13]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1jxc1iaw.dev-edition-default [2018-08-01]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\cmop4avn.NonDevWorks [2018-08-15]
FF HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - D:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-02-28] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2018-03-26] [Legacy] [not signed]
FF HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - D:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-21] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\dtplugin\npDeployJava1.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\plugin2\npjp2.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-21] (Adobe Systems Incorporated -> )
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google Inc. -> Google, Inc.)
FF Plugin-x32: @IPCWebComponents -> D:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2017-05-27] (ShenZhen Foscam Intelligent Technology Co,Ltd -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems Incorporated -> Adobe Systems)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-01]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-01]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2721824 2017-11-22] (Acronis International GmbH -> Acronis International GmbH)
S3 aswbIDSAgent; D:\Program Files\AVAST Software\Avast\aswidsagent.exe [6660888 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2017-04-17] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [362488 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; D:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2015-10-20] (Microsoft Corporation -> Microsoft Corp.)
R2 ekrn; D:\Program Files\ESET\ESET Security\ekrn.exe [2648184 2017-10-10] (ESET, spol. s r.o. -> ESET)
S3 FileZilla Server; C:\xampp\filezillaftp\filezillaserver.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
R2 FosCloudSvr; D:\Program Files (x86)\IPCWebComponents\IPCPlgSvr.exe [91776 2017-05-27] (ShenZhen Foscam Intelligent Technology Co,Ltd -> )
R2 FosIPCameraPluginService; D:\Program Files (x86)\IPCWebComponents\FosIPCCoreManager.exe [186496 2017-05-27] (ShenZhen Foscam Intelligent Technology Co,Ltd -> )
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
S3 hns; C:\Windows\System32\HostNetSvc.dll [1412096 2018-01-01] (Microsoft Windows -> Microsoft Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [630048 2016-12-06] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Jenkins; D:\Program Files (x86)\Jenkins\jenkins.exe [360448 2018-07-18] (CloudBees, Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [196200 2017-02-19] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S2 MBAMService; D:\Program Files\Malewarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2017-11-22] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2017-11-22] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1742456 2017-11-22] (Acronis International GmbH -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OpenVPNService; D:\Program Files\OpenVPN\bin\openvpnserv.exe [38016 2017-10-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [461616 2017-02-15] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [506672 2017-02-15] (Acer Incorporated -> Acer Incorporated)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665136 2019-01-16] (TeamViewer GmbH -> TeamViewer GmbH)
S3 VMAuthdService; D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [96232 2018-01-08] (VMware, Inc. -> VMware, Inc.)
S3 vmcompute; C:\Windows\system32\vmcompute.exe [2542592 2018-01-01] (Microsoft Windows -> Microsoft Corporation)
S4 VMwareHostd; D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14347240 2018-01-08] (VMware, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-31] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-31] (Microsoft Corporation -> Microsoft Corporation)
S2 Memcached11211; C:\memcached\memcached.exe -d runservice -p 11211 [X]
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S4 postgres; "C:\xampp\pgsql\9.5\bin\pg_ctl.exe" runservice -N "postgres" -D "C:\xampp\pgsql\9.5\data"
S4 postgressql; "C:\xampp\pgsql\9.5\bin\pg_ctl.exe" runservice -N "postgressql" -D "C:\xampp\pgsql\9.5\data"
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [254128 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196000 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswblog; C:\Windows\System32\drivers\aswblog.sys [320624 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57888 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [15488 2019-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [257832 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166848 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1031000 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [476768 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [220640 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380160 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [133352 2017-12-11] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107344 2017-04-07] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15872 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [180088 2017-10-11] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [50752 2017-04-07] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [78192 2017-04-07] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [102160 2017-09-25] (ESET, spol. s r.o. -> ESET)
R2 file_protector; C:\Windows\System32\DRIVERS\file_protector.sys [564304 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [379664 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 hvsocketcontrol; C:\Windows\system32\drivers\hvsocketcontrol.sys [26112 2018-03-25] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [89912 2016-08-30] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R1 ISODrive; D:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
R3 jakstaVA; C:\Windows\system32\DRIVERS\jaksta_va.sys [103816 2014-12-09] (Jaksta Technologies Pty Ltd -> e2eSoft)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [22320 2017-02-15] (Acer Incorporated -> Acer Incorporated)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 mtkmbim; C:\Windows\System32\drivers\mtkmbim7_x64.sys [208896 2012-12-13] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvac.inf_amd64_2fc0d3600c3c3d39\nvlddmkm.sys [17036560 2018-01-10] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50624 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2412976 2017-04-16] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15664 2017-02-15] (Acer Incorporated -> Acer Incorporated)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [947712 2017-01-16] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [779232 2016-12-15] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1310552 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [213336 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 tnd; C:\Windows\system32\DRIVERS\tnd.sys [690520 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R4 truecrypt; E:\TrueCrypt\truecrypt-x64.sys [230864 2014-01-03] (TrueCrypt Foundation -> TrueCrypt Foundation)
S3 VBoxNetAdp; C:\Windows\System32\drivers\VBoxNetAdp6.sys [203328 2018-02-26] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [213632 2018-02-26] (Oracle Corporation -> Oracle Corporation)
R1 VfpExt; C:\Windows\System32\drivers\vfpext.sys [1207808 2018-01-01] (Microsoft Windows -> Microsoft Corporation)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [331976 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 volume_tracker; C:\Windows\System32\DRIVERS\volume_tracker.sys [243472 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc. -> VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc. -> VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2018-03-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [288296 2018-03-31] (Microsoft Windows -> Microsoft Corporation)
S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [81408 2013-02-22] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-31] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-06-14 01:09 - 2019-06-14 01:10 - 011279328 _____ C:\Users\Administrator\Downloads\1058292343265.mp4
2019-06-14 01:09 - 2019-06-14 01:09 - 012680095 _____ C:\Users\Administrator\Downloads\1058291343259.mp4
2019-06-13 23:55 - 2019-06-13 23:56 - 000003590 _____ C:\Windows\System32\Tasks\DELUSER
2019-06-13 23:53 - 2019-06-13 23:54 - 000000024 _____ C:\Users\Administrator\Desktop\del.bat
2019-06-13 22:14 - 2019-06-13 22:19 - 000000000 _____ C:\Windows\SysWOW64\net
2019-06-13 13:53 - 2019-06-13 13:53 - 000000788 _____ C:\Users\Administrator\Desktop\newnew - Shortcut.lnk
2019-06-13 13:48 - 2019-06-13 13:48 - 000001445 _____ C:\Users\Administrator\Desktop\Step2.txt - Shortcut.lnk
2019-06-13 13:48 - 2019-06-13 13:48 - 000001166 _____ C:\Users\Administrator\Desktop\TechSpot Instruction - Shortcut (2).lnk
2019-06-13 13:17 - 2019-06-13 15:02 - 000000000 ____D C:\Users\Administrator\Desktop\do
2019-06-13 13:09 - 2019-06-13 13:33 - 000000000 ____D C:\ProgramData\RogueKiller
2019-06-13 13:07 - 2019-06-13 13:53 - 000000000 ____D C:\AdwCleaner
2019-06-13 13:07 - 2019-06-13 09:32 - 007025360 _____ (Malwarebytes) C:\Users\Administrator\Desktop\AdwCleaner.exe
2019-06-13 13:06 - 2019-06-13 13:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbamtray
2019-06-13 13:06 - 2019-06-13 13:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbam
2019-06-13 13:06 - 2019-06-13 13:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-06-13 13:06 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-06-13 13:06 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-06-13 13:02 - 2019-06-13 14:00 - 000000000 ____D C:\Program Files\RogueKiller
2019-06-13 13:02 - 2019-06-13 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-06-12 14:06 - 2019-06-12 14:06 - 000001166 _____ C:\Users\Administrator\Desktop\TechSpot Instruction - Shortcut.lnk
2019-06-12 12:47 - 2019-06-14 09:14 - 000000000 ____D C:\FRST
2019-06-12 12:42 - 2019-06-12 12:42 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2019-06-12 12:37 - 2019-06-12 12:37 - 000001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2019-06-12 12:35 - 2019-06-12 12:35 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-06-12 12:33 - 2019-06-14 08:43 - 000004264 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-06-12 12:33 - 2019-06-12 12:33 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-06-12 12:33 - 2019-06-12 12:32 - 001031000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000476768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000380160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-06-12 12:33 - 2019-06-12 12:32 - 000320624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000257832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000254128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000220640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000196000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000166848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000088160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000015488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2019-06-12 12:27 - 2019-06-12 12:33 - 000000000 ____D C:\ProgramData\AVAST Software
2019-06-12 11:22 - 2019-06-12 11:22 - 000008645 _____ C:\Users\Administrator\.bash_history
2019-06-12 11:17 - 2019-06-12 11:17 - 000000784 _____ C:\Users\Administrator\Desktop\github_c#_things - Shortcut.lnk
2019-06-10 10:59 - 2019-06-12 12:41 - 000000931 _____ C:\Users\Administrator\Desktop\virus - Shortcut.lnk
2019-06-10 10:53 - 2019-06-10 10:53 - 000001144 _____ C:\Users\Administrator\Desktop\Project - messagespersiaaustraliaanswered=✔ - Shortcut.lnk
2019-06-09 23:06 - 2019-06-13 13:06 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-06-09 23:06 - 2019-06-09 23:06 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5456C697.sys
2019-06-09 23:03 - 2019-06-09 23:22 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-06-09 23:03 - 2019-06-09 23:03 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2019-06-08 03:19 - 2019-06-13 17:27 - 000002406 _____ C:\Windows\System32\Tasks\Stop VI
2019-06-08 02:40 - 2019-06-09 08:10 - 000000574 _____ C:\Users\Administrator\Desktop\stop.bat_
2019-06-07 19:02 - 2019-06-07 19:02 - 000000738 _____ C:\Users\Administrator\AppData\Local\recently-used.xbel
2019-06-05 22:21 - 2019-06-05 22:21 - 000002153 _____ C:\Users\Administrator\Desktop\لیست ارائه دروس.lnk
2019-06-05 15:24 - 2019-06-05 15:24 - 000000853 _____ C:\Users\Administrator\Desktop\Archive T,TT2,TT3,TT4,TT4 Deleted...Copy From AData.lnk
2019-06-05 14:45 - 2019-06-05 14:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\gtk-3.0
2019-06-05 12:45 - 2019-06-05 12:45 - 000000775 _____ C:\Users\Administrator\Desktop\Cut From HTDocs - Shortcut.lnk
2019-06-05 10:40 - 2019-06-05 10:41 - 001060857 _____ C:\Users\Administrator\Downloads\video.mp4
2019-06-05 09:19 - 2019-06-05 09:19 - 000001459 _____ C:\Users\Administrator\Desktop\project86066 - Shortcut.lnk
2019-06-04 22:46 - 2019-06-04 22:46 - 000000798 _____ C:\Users\Administrator\Desktop\check files.lnk
2019-06-04 14:44 - 2019-06-04 14:44 - 000001342 _____ C:\Users\Administrator\Desktop\PHP Personal Finance - Shortcut.lnk
2019-06-04 10:52 - 2019-06-04 10:52 - 000000901 _____ C:\Users\Administrator\Desktop\Eclips - Shortcut.lnk
2019-06-03 15:01 - 2019-06-03 15:01 - 000000919 _____ C:\Users\Administrator\Desktop\استفاده برای روشن بودن سیستم در روز و کلیک برای دریافت پول بیت کوین......بررسی اون سایت مربوط به حجاوااسکریپت که بیت کوین جمع می کرد.lnk
2019-06-03 14:58 - 2019-06-03 14:58 - 000000000 ____D C:\Users\Administrator\workspace
2019-06-02 11:43 - 2019-06-02 11:43 - 003180712 _____ C:\Users\Administrator\Downloads\61204038_2128133783970722_9090820503427527366_n.mp4
2019-06-02 11:42 - 2019-06-02 11:42 - 002094038 _____ C:\Users\Administrator\Downloads\60740600_193844208264326_2299228890290000967_n.mp4
2019-06-01 14:42 - 2019-06-08 13:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\PHP Language Server
2019-06-01 13:58 - 2019-06-01 13:58 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Obsidium
2019-06-01 13:35 - 2019-06-01 13:35 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Visual Studio Code
2019-05-31 18:14 - 2019-05-31 18:14 - 000118247 _____ C:\Windows\SysWOW64\package-lock.json
2019-05-31 17:30 - 2019-06-01 00:20 - 000000000 ____D C:\Users\Administrator\Desktop\convert CSV to QIF
2019-05-26 13:21 - 2019-05-26 13:21 - 000001097 _____ C:\Users\Administrator\Desktop\fireox addone for download images - Shortcut.lnk
2019-05-23 11:02 - 2019-05-23 11:02 - 000001122 _____ C:\Users\Administrator\Desktop\plese learn this vendor componenets.lnk
2019-05-22 17:59 - 2019-05-22 17:59 - 000000971 _____ C:\Users\Administrator\Desktop\website_image_downloader - Shortcut.lnk
2019-05-22 12:17 - 2019-05-22 12:17 - 000000000 ____D C:\Users\Administrator\Downloads\خرید دیجی کالا
2019-05-20 13:57 - 2019-05-20 13:57 - 000000910 _____ C:\Users\Administrator\Desktop\سرور پایتون.lnk
2019-05-17 22:32 - 2019-05-17 22:32 - 000001131 _____ C:\Users\Administrator\Desktop\Project-Python-Platform_Blogs-Auto-Publisher - Shortcut.lnk
2019-05-16 10:23 - 2019-05-16 10:24 - 000000000 ____D C:\Users\Administrator\Desktop\agahi jadid
2019-05-16 10:10 - 2019-05-16 10:10 - 000001459 _____ C:\Users\Administrator\Desktop\research about this.lnk
2019-05-16 10:06 - 2019-05-16 10:06 - 000001513 _____ C:\Users\Administrator\Desktop\project20057460 - Shortcut.lnk