Inactive PC Freezes After I Open Any Application.

D

Daniel Burkus

Posts: 161   +7
Since this morning my PC has been acting strange. In normal mode (I am writing in Safe Mode with Networking), it seems that I can open only one application or process (open a folder, click on a piece of software, and so on), and after that the PC freezes. Maybe it is best to limit my diagnosis to this, and see what the malware scans might reveal.

I am going to assume that this is some kind of malware, and would appreciate any help that you can give.

As always, thank you for your time, and for your help.


-- Daniel M. Burkus
 
You know the drill.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thank you, Broni.

I was unable to initiate a virus scan earlier. I will try to do so again, and let you know. Meanwhile I have run the FRST scan and RogueKiller scan. FRST and addition will follow; RogueKiller was negative.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by Daniel M. Burkus (administrator) on PC (30-03-2018 10:28:03)
Running from C:\Users\Daniel M. Burkus.PC\Desktop
Loaded Profiles: Daniel M. Burkus (Available Profiles: Daniel M. Burkus)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-05] ()
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-10] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7765936 2018-03-24] (SUPERAntiSpyware)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7980776 2018-01-09] (Piriform Ltd)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [KakaoTalk] => C:\Program Files\Kakao\KakaoTalk\KakaoTalk.exe [9663264 2018-03-29] (Kakao Corp. )
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
BootExecute: autocheck autochk * ROBoot \??\C:\Windows\system32\ASOROSet.bin

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 210.220.163.82 219.250.36.130
Tcpip\..\Interfaces\{66B87001-DA33-470B-9512-77BE9AE4D883}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7E8271E6-6142-41FD-83BE-949EBBBBA13D}: [DhcpNameServer] 210.220.163.82 219.250.36.130
Tcpip\..\Interfaces\{B3CE4C30-3C2F-4806-AE63-1892B7E644A5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B467908D-00FC-4908-9541-083B36A379AE}: [DhcpNameServer] 210.220.163.82 219.250.36.130

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180101__yaie
SearchScopes: HKU\S-1-5-21-1259038908-1583320175-680065255-1005 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180101__yaie&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-05] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-03-10] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-15] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-10] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-15] (AVAST Software)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2017-12-04] (Belarc, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008 [2018-03-30]
FF Homepage: Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008 -> hxxps://login.yahoo.com/?.src=ym&.intl=us&.done=https%3A%2F%2Fmail.yahoo.com%2F
FF NewTab: Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180101__yaff
FF Extension: (AdBlocker Ultimate) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\adblockultimate@adblockultimate.net.xpi [2017-12-13]
FF Extension: (Flash Video Downloader) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\artur.dubovoy@gmail.com.xpi [2018-03-27]
FF Extension: (FlashStopper) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\flashstopper@byo.co.il.xpi [2017-10-18] [Legacy]
FF Extension: (Google Search by Image) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\google@hitachi.com.xpi [2017-02-02] [Legacy]
FF Extension: (Markdown Viewer) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\markdownviewer@thiht.fr.xpi [2017-01-07] [Legacy]
FF Extension: (Restart Button) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\restartbutton@strk.jp.xpi [2016-08-16] [Legacy]
FF Extension: (Avast SafePrice) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\sp@avast.com.xpi [2018-03-08]
FF Extension: (Avast Online Security) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\wrc@avast.com.xpi [2017-10-18]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-03-28]
FF Extension: (Vimeo Free Downloader) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{0042f50c-7bcb-4349-8ba9-db2fc901abf2}.xpi [2018-03-27]
FF Extension: (Bulk Media Downloader) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{72b2e02b-3a71-4895-886c-fd12ebe36ba3}.xpi [2017-11-07]
FF Extension: (CacheViewer Fx21) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{81328583-3CA7-4809-B4BA-570A85818FBB} [2017-03-24] [Legacy]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2018-03-29]
FF Extension: (Video DownloadHelper) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-17]
FF Extension: (Google Hangouts Web Messenger) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{c4c8bd04-e508-46df-a109-92af7ea4992b}.xpi [2017-12-19]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\features\{4d496747-80e0-4676-a1c2-a75c401e944f}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-29] [Legacy]
FF SearchPlugin: C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\searchplugins\yahoo-lavasoft.xml [2018-01-01]
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-06-08] [Legacy]
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM\idmmzcc5 [2018-03-29] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-14] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-10] (Oracle Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-09] (SUPERAntiSpyware.com)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5909888 2018-03-10] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-10] (AVAST Software)
S2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [792944 2016-01-28] (Nero AG)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [466880 2017-12-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [466880 2017-12-16] (NVIDIA Corporation)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 5AF767F5; C:\Windows\System32\drivers\5AF767F5.sys [153784 2016-04-01] (Kaspersky Lab ZAO)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-03-10] (AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-03-10] (AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-03-10] (AVAST Software)
S0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-03-10] (AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-03-10] (AVAST Software)
S1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [169536 2018-03-10] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-03-10] (AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124392 2018-03-10] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100032 2018-03-10] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70816 2018-03-10] (AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783608 2018-03-10] (AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [391856 2018-03-10] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-03-10] (AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-03-10] (AVAST Software)
S3 eapihdrv; C:\Users\DANIEL~1.PC\AppData\Local\Temp\ehdrv.sys [135760 2018-03-30] (ESET)
S1 epp; C:\EEK\bin32\epp.sys [105248 2016-11-23] (Emsisoft Ltd)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [221600 2018-03-30] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-12-16] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [44992 2017-12-16] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [50112 2017-12-16] (NVIDIA Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [134928 2016-02-14] (Ray Hinchliffe)
S3 tatertot.scr; C:\Windows\system32\drivers\tatertot.scr.sys [34816 2017-06-01] ()
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh6.sys [X]
S3 catchme; \??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-30 10:28 - 2018-03-30 10:29 - 000018284 _____ C:\Users\Daniel M. Burkus.PC\Desktop\FRST.txt
2018-03-30 10:21 - 2018-03-30 10:21 - 000000000 ____D C:\FRST
2018-03-30 10:20 - 2018-03-30 10:20 - 001764352 _____ (Farbar) C:\Users\Daniel M. Burkus.PC\Desktop\FRST.exe
2018-03-30 10:18 - 2018-03-30 10:18 - 036513656 _____ (Adlice Software ) C:\Users\Daniel M. Burkus.PC\Desktop\RogueKiller_setup_ref3.exe
2018-03-30 10:00 - 2018-03-30 10:27 - 000152758 _____ C:\Windows\ntbtlog.txt
2018-03-30 09:41 - 2018-03-30 09:41 - 000000300 ____H C:\Windows\Tasks\CCleaner Update.job
2018-03-30 09:25 - 2018-03-30 09:25 - 000032015 _____ C:\ComboFix.txt
2018-03-30 09:08 - 2011-06-26 15:45 - 000256000 _____ C:\Windows\PEV.exe
2018-03-30 09:08 - 2010-11-08 02:20 - 000208896 _____ C:\Windows\MBR.exe
2018-03-30 09:08 - 2009-04-20 13:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-03-30 09:08 - 2000-08-31 09:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-03-30 09:08 - 2000-08-31 09:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-03-30 09:08 - 2000-08-31 09:00 - 000098816 _____ C:\Windows\sed.exe
2018-03-30 09:08 - 2000-08-31 09:00 - 000080412 _____ C:\Windows\grep.exe
2018-03-30 09:08 - 2000-08-31 09:00 - 000068096 _____ C:\Windows\zip.exe
2018-03-29 22:49 - 2018-03-29 22:54 - 159383552 _____ C:\Users\Daniel M. Burkus.PC\Documents\Dan0001.avi
2018-03-29 22:49 - 2018-03-29 22:49 - 000780000 _____ C:\Users\Daniel M. Burkus.PC\Documents\Dan0001.avi.bak
2018-03-29 22:14 - 2018-03-29 22:19 - 150994944 _____ C:\Users\Daniel M. Burkus.PC\Documents\Lee Nam-soo0001.avi
2018-03-29 22:14 - 2018-03-29 22:14 - 000780000 _____ C:\Users\Daniel M. Burkus.PC\Documents\Lee Nam-soo0001.avi.bak
2018-03-29 12:05 - 2018-03-29 12:05 - 000624083 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Simmered Kabocha Squash.htm
2018-03-29 12:05 - 2018-03-29 12:05 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Simmered Kabocha Squash_files
2018-03-26 22:12 - 2018-03-26 22:12 - 000000034 _____ C:\Users\Daniel M. Burkus.PC\Desktop\CHAT.txt
2018-03-23 16:32 - 2018-03-23 16:32 - 000000016 _____ C:\Users\Daniel M. Burkus.PC\Desktop\rat baby.txt
2018-03-16 11:41 - 2018-03-16 11:41 - 000000020 _____ C:\Users\Daniel M. Burkus.PC\Desktop\shrug emoji.txt
2018-03-12 23:32 - 2018-03-12 23:32 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Haansoft Dictionary.lnk
2018-03-12 23:32 - 2018-03-12 23:32 - 000002477 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Hangul 2002.lnk
2018-03-12 23:32 - 2018-03-12 23:32 - 000000048 _____ C:\Windows\Hjimesv.ini
2018-03-12 23:32 - 2018-03-12 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HAANSOFT
2018-03-12 22:38 - 2018-03-30 09:26 - 000000000 ____D C:\Qoobox
2018-03-10 11:37 - 2018-03-10 12:40 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Documents\Mipony
2018-03-10 11:19 - 2018-03-10 11:19 - 000000000 ____D C:\Program Files\Common Files\Java
2018-03-10 11:18 - 2018-03-10 11:18 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2018-03-10 11:13 - 2018-03-10 12:41 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mipony
2018-03-10 11:13 - 2018-03-10 11:13 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
2018-03-10 11:09 - 2018-03-10 11:09 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Downloads\Three Billboards Outside Ebbing Missouri 2017 720p BluRay
2018-03-10 08:14 - 2018-03-10 08:13 - 000319392 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-03-03 23:50 - 2018-03-03 23:50 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\FreemakeVideoConverter
2018-03-03 23:46 - 2018-03-04 10:57 - 000000000 ____D C:\ProgramData\Freemake
2018-03-03 23:46 - 2018-03-03 23:46 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Documents\Freemake

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-30 10:25 - 2017-06-30 20:06 - 000221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-03-30 10:24 - 2016-01-29 01:50 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-30 10:23 - 2009-07-14 13:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-30 10:03 - 2016-11-16 20:55 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\LocalLow\Mozilla
2018-03-30 09:41 - 2017-05-23 07:20 - 000000000 ____D C:\EEK
2018-03-30 09:23 - 2009-07-14 11:04 - 000000215 _____ C:\Windows\system.ini
2018-03-30 08:57 - 2017-08-20 05:18 - 025688576 ___SH C:\Users\Daniel M. Burkus.PC\Desktop\Thumbs.db
2018-03-29 23:38 - 2016-03-26 19:27 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\CrashDumps
2018-03-29 23:08 - 2009-07-14 13:34 - 000024208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-29 23:08 - 2009-07-14 13:34 - 000024208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-29 21:05 - 2016-08-06 20:33 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\DMCache
2018-03-29 09:02 - 2017-05-23 22:05 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-03-29 09:02 - 2016-11-16 16:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-25 18:18 - 2016-08-18 23:06 - 000000087 _____ C:\Users\Daniel M. Burkus.PC\Desktop\movie time.txt
2018-03-25 07:27 - 2016-04-25 09:15 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Chanoyu to wa
2018-03-24 15:16 - 2017-05-30 07:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-03-24 15:16 - 2016-02-15 14:58 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-03-24 15:16 - 2016-02-15 14:57 - 000000000 ____D C:\Program Files\RogueKiller
2018-03-24 08:23 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20180325-091210.backup
2018-03-24 08:15 - 2016-03-25 18:43 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-03-23 19:08 - 2016-09-25 20:36 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM
2018-03-23 07:39 - 2017-12-10 16:39 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\LocalLow\uTorrent
2018-03-22 19:19 - 2017-09-12 19:18 - 000000137 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Movies to Search.txt
2018-03-20 15:23 - 2017-01-02 11:08 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Blog Photos
2018-03-20 13:18 - 2017-08-31 07:03 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Media Files
2018-03-19 19:56 - 2009-07-14 11:37 - 000000000 ____D C:\Windows\inf
2018-03-19 18:13 - 2017-01-07 16:59 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\AV Media Files
2018-03-18 19:20 - 2018-02-07 15:32 - 000012368 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Names of Guests .txt
2018-03-18 06:39 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20180324-082320.backup
2018-03-17 08:53 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20180318-063956.backup
2018-03-16 13:40 - 2016-03-24 20:56 - 000001404 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Blog Templates.txt
2018-03-14 19:03 - 2016-01-29 05:02 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-03-14 19:03 - 2016-01-29 05:02 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-03-14 19:03 - 2016-01-29 05:02 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-14 09:53 - 2016-08-12 12:43 - 000000109 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Tumblr URLs.txt
2018-03-13 18:05 - 2017-10-18 15:14 - 000000246 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Banyeo 3-dong Address.txt
2018-03-13 14:42 - 2016-03-24 08:37 - 000064960 _____ C:\Users\Daniel M. Burkus.PC\AppData\Local\GDIPFONTCACHEV1.DAT
2018-03-13 07:42 - 2009-07-14 13:33 - 000311232 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-12 23:33 - 2016-01-30 08:30 - 000000000 ____D C:\HNC
2018-03-12 23:31 - 2009-07-14 16:49 - 000000000 ____D C:\Windows\ShellNew
2018-03-12 23:25 - 2016-01-30 08:24 - 000000016 _____ C:\Windows\system32\hwincfg.ini
2018-03-11 08:18 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20180317-085352.backup
2018-03-10 18:34 - 2016-04-13 21:34 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\vlc
2018-03-10 11:20 - 2017-12-12 21:00 - 000000000 ____D C:\ProgramData\Oracle
2018-03-10 11:18 - 2017-12-12 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-03-10 11:17 - 2017-12-12 21:00 - 000000000 ____D C:\Program Files\Java
2018-03-10 08:19 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20180311-081856.backup
2018-03-10 08:14 - 2017-11-11 07:14 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-03-10 08:14 - 2017-09-08 21:39 - 000152344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-03-10 08:14 - 2017-09-08 21:39 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-03-10 08:14 - 2017-09-08 21:35 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-03-10 08:14 - 2017-09-08 21:35 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-03-10 08:14 - 2017-09-08 21:29 - 000391856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-03-10 08:14 - 2017-09-08 21:29 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-03-10 08:14 - 2017-09-08 21:29 - 000100032 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-03-10 08:13 - 2017-12-22 08:35 - 000169536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-03-10 08:13 - 2017-09-08 21:39 - 000276688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2018-03-10 08:13 - 2017-09-08 21:39 - 000185432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2018-03-10 08:13 - 2017-09-08 21:39 - 000157368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2018-03-10 08:13 - 2017-09-08 21:39 - 000050336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
2018-03-10 08:13 - 2017-09-08 21:29 - 000783608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-03-09 07:33 - 2009-07-14 13:53 - 000032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-04 08:12 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20180310-081905.backup
2018-03-03 23:37 - 2016-07-05 13:38 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\MPC-BE
2018-03-03 10:31 - 2016-08-03 15:36 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\SCAN TOOLS
2018-03-03 10:31 - 2016-06-04 16:56 - 000000923 _____ C:\DelFix.txt
2018-03-02 11:41 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20180304-081240.backup
2018-02-28 21:45 - 2016-10-24 12:08 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Documentaries

==================== Files in the root of some directories =======

2017-08-22 23:24 - 2017-12-12 22:35 - 000007608 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-29 12:23

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by Daniel M. Burkus (30-03-2018 10:30:21)
Running from C:\Users\Daniel M. Burkus.PC\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-01-28 16:14:06)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1259038908-1583320175-680065255-500 - Administrator - Disabled)
Daniel M. Burkus (S-1-5-21-1259038908-1583320175-680065255-1005 - Administrator - Enabled) => C:\Users\Daniel M. Burkus.PC
Guest (S-1-5-21-1259038908-1583320175-680065255-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1259038908-1583320175-680065255-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbleWord v3.0 (HKLM\...\AbleWord_is1) (Version: - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Belarc Advisor 8.6 (HKLM\...\Belarc Advisor) (Version: 8.6.0.0 - Belarc Inc.)
Boilsoft Video Cutter 1.23 (HKLM\...\{C72AB84A-4F9E-4D80-8243-C9547773BE73}_is1) (Version: - Boilsoft, Inc.)
Boilsoft Video Joiner 6.57 (HKLM\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version: - Boilsoft, Inc.)
Boilsoft Video Splitter 6.34 (HKLM\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.)
calibre (HKLM\...\{1E376DEC-875A-4F53-9149-168582A0E274}) (Version: 2.71.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - )
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
Direct MIDI to MP3 Converter version 7.0.0.0 (HKLM\...\Direct MIDI to MP3 Converter_is1) (Version: 7.0.0.0 - Piston Software)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FormatFactory 3.9.0.1 (HKLM\...\FormatFactory) (Version: 3.9.0.1 - Free Time)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
FreeOCR v5.4 (HKLM\...\freeocr_is1) (Version: - )
Hangul 2002 SE (HKLM\...\{CECBC29F-6D3A-4ED6-A686-7220EF9B69CC}) (Version: 5.7.5.3007 - Haansoft)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
IrfanView 4.50 (32-bit) (HKLM\...\IrfanView) (Version: 4.50 - Irfan Skiljan)
Java 8 Update 161 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KakaoTalk (HKLM\...\KakaoTalk) (Version: 2.6.5.1762 - Kakao Corp.)
K-Lite Mega Codec Pack 10.4.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.5 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MKVToolNix 8.3.0 (32bit) (HKLM\...\MKVToolNix) (Version: 8.3.0 - Moritz Bunkus)
Movavi Video Converter 14 (HKLM\...\Movavi Video Converter 14) (Version: 14.3.0 - Movavi)
Mozilla Firefox 59.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x86 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
MP3 Toolkit 1.0.5 (HKLM\...\MP3 Toolkit_is1) (Version: - MP3Toolkit.com)
MPC-BE 1.4.5.787 (HKLM\...\{903D098F-DD50-4342-AD23-DA868FCA3126}_is1) (Version: 1.4.5.787 - MPC-BE Team)
Nero 2016 (HKLM\...\{9C637A56-4287-487F-95BF-1422FC1AA879}) (Version: 17.0.04500 - Nero AG)
Nero Info (HKLM\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
Nero WaveEditor (HKLM\...\{D0656D0B-9712-45BD-9243-21FEBF5B05E5}) (Version: 14.0.00600 - Nero AG)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.71 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADEF}) (Version: 4.0.21 - dotPDN LLC)
Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0010 - Nero AG) Hidden
Prerequisite installer (HKLM\...\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RogueKiller version 12.12.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.9.0 - Adlice Software)
R-Undelete 5.0 (HKLM\...\R-Undelete 5.0NSIS) (Version: 5.0.164588 - R-Tools Technology Inc.)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Stashimi Stub Installer (HKLM\...\{910B539D-F257-46C8-9CB8-6C95EFF9CF22}) (Version: 18.001.1 - Nero AG) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
Tipard PDF Converter Platinum 3.2.10 (HKLM\...\{7ABFBBCF-9DA2-4a62-B54D-3AFCA72FBBA4}_is1) (Version: 3.2.10 - Tipard Studio)
Tray Tools 2000 (HKLM\...\Tray Tools 2000) (Version: Tray Tools 2000 - Version 2.7 - Gregory Braun -- Software Design)
TreeSize Free V3.4.5 (HKLM\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-10] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-10] (AVAST Software)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_103.dll [2013-06-18] (Free Time)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-10] (AVAST Software)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-05] ()
ContextMenuHandlers4: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_103.dll [2013-06-18] (Free Time)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-16] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-10] (AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-05] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {23FDC21F-512F-4484-911F-AD05F2ADD72E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater32.exe [2017-12-16] (NVIDIA Corporation)
Task: {2AD9CBDA-821B-40BC-B08D-3D5D9DACF2C3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-12-16] (NVIDIA Corporation)
Task: {31D44F80-200D-479A-8724-51DD2AEFFBA7} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-16] (NVIDIA Corporation)
Task: {33EFE6B2-0ACA-428B-BC75-9DC0B373EDBC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-12-16] (NVIDIA Corporation)
Task: {37D13423-5FF3-4E87-944F-E0C4CDD81BC7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-14] (Adobe Systems Incorporated)
Task: {4F9FCC77-0961-45B7-8B19-A5FC610B40A8} - System32\Tasks\SafeZone scheduled Autoupdate 1498554344 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {521571B3-88C9-4F3A-9296-984100592DA5} - System32\Tasks\{192A14D5-1617-470C-AB03-F92AFA889304} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel M. Burkus.PC\Desktop\A78GA-M2T_080115_B.exe" -d "C:\Users\Daniel M. Burkus.PC\Desktop"
Task: {5439F437-1585-4F4B-B335-75DE0926C042} - System32\Tasks\{C91B6667-6FA7-4977-BE1A-CC3C386768BD} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel M. Burkus.PC\Desktop\vcredist_x86.exe" -d "C:\Users\Daniel M. Burkus.PC\Desktop"
Task: {56FDB460-B837-44D0-BF48-B27FB59F8914} - System32\Tasks\{8BDA641D-7880-4690-8B38-75DCC0CDA57D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen\Easy Video Editor v2.0.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen"
Task: {7609A09A-65AD-4EA1-9094-339D2D39D483} - System32\Tasks\{8703A1E3-955E-4714-B632-178F571D3F03} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)\Nero-6[1].6.0.18.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)"
Task: {98C055B9-AF23-45CB-9D0F-392B2DADFF72} - System32\Tasks\Nero\Nero Info => C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe [2016-03-01] (Nero AG)
Task: {BBD59322-0946-4595-85CE-4C4EC0140309} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {C7399ABE-1E4A-49C8-BA3C-2BD498749EEF} - System32\Tasks\SafeZone scheduled Autoupdate 1458735473 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {D5DD3FEC-D131-4B98-AC19-2414A423DC37} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater32.exe [2017-12-16] (NVIDIA Corporation)
Task: {D6C559EA-22F9-4CEF-8675-46685F8EFAE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-14] (Adobe Systems Incorporated)
Task: {D966045A-80D1-409D-9B1D-88D5D3171782} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-12-16] (NVIDIA Corporation)
Task: {DBE50434-C523-46DB-8DAD-CC6418C098EF} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-12-16] (NVIDIA Corporation)
Task: {DFAF1FCC-5359-4AE2-97DA-2CA30A98BFE8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {DFC3BA9C-F002-470B-8B20-0F3F18D03E9A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-16] (NVIDIA Corporation)
Task: {E0BEB5F0-C2D8-4F26-B4B3-0112A5BD01E0} - System32\Tasks\{98A6AAFD-D93D-499D-9F0E-2F5A130C370E} => C:\Windows\system32\pcalua.exe -a "C:\My Documents\A - Software Shortcuts\Set-up Files\converter.exe" -d "C:\My Documents\A - Software Shortcuts\Set-up Files"
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player NPAPI Notifier" /ENABLE
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\SafeZone scheduled Autoupdate 1458735473" /ENABLE
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\SafeZone scheduled Autoupdate 1498554344" /ENABLE
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\{192A14D5-1617-470C-AB03-F92AFA889304}" /ENABLE
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\{98A6AAFD-D93D-499D-9F0E-2F5A130C370E}" /ENABLE
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\{C91B6667-6FA7-4977-BE1A-CC3C386768BD}" /ENABLE
Task: {E70885C3-1E43-4F99-A7A2-0DDF0E9E2DA8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {E8983BDC-3EE4-4520-81E3-76E6ED36DCED} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-10] (AVAST Software)
Task: {F857E1A7-6248-4487-A478-1A025701E05E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-06] (AVAST Software)
Task: {FF55AC69-9AD3-4DC5-8418-69E159A58B32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2010-07-05 06:32 - 2010-07-05 06:32 - 000010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-01-29 16:48 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-10-18 09:27 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\5AF767F5.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\5AF767F5.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.

IE trusted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123simsen.com -> www.123simsen.com

There are 7935 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-05-31 22:49 - 2018-03-25 09:12 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 15597 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 210.220.163.82 - 219.250.36.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AB035A13-5F60-4C15-AD6D-F3740287AB2A}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{46A04708-A71C-47A9-B967-D1C29970E410}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{B36792AD-C22F-4AD5-A86A-58D4966FB2AF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{48C47700-5F30-457F-B126-0B5E37C48496}] => (Allow) C:\Program Files\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{85F7091D-F663-43CF-8309-8DB3E9020295}] => (Allow) C:\Program Files\Nero\KM\NMDllHost.exe
FirewallRules: [{B91AC728-BBF8-48A5-8717-069BCA465C6C}] => (Allow) C:\Program Files\Nero\KM\MediaHome.exe
FirewallRules: [{BDEDE059-95C2-4437-A88D-F9DD786FB4A0}] => (Allow) C:\Program Files\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{44024E3E-8628-47F5-826F-6D1B8C53570D}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{BE219DF0-6551-4830-9C73-63730DE92272}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{A07B9198-22F5-48B0-88F7-9A088AD2B0CB}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{F85D6425-9E30-4683-BE9E-A98A865D2AFD}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [TCP Query User{01DBBB7E-5C1F-431D-8166-39BBC37EE8D6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{16E5C799-7688-4A3F-994C-F6D8EB1D84D9}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{519D31D1-370E-4C65-AF47-9D8768E95A66}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E13B8375-E38E-4CF0-BBD1-05049B0D05A6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{88A6D0C8-A914-4DAD-BA5D-80DF22724A19}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9EED5CCD-D9CE-4E2B-9FFC-B3D66868D551}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{67F90290-B342-438C-B96A-96843A5D2665}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5C9CBA3C-5AF8-48FB-A5DD-0F561638E703}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C942CE76-D847-46C9-B54F-74D77FF60570}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ABD6A68B-0ACA-4C11-9E9E-A7DA2688E9BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{48E29C9C-2F61-4F9C-A0E0-1533A136F854}] => (Allow) C:\Users\Daniel M. Burkus.PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{107D0FAF-2808-4099-A8A4-3E642211E6CF}] => (Allow) C:\Users\Daniel M. Burkus.PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A53813AF-2E9A-4CBE-97C5-8B4CE4A577A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitnet.exe] => Enabled:Orbit

==================== Restore Points =========================

20-03-2018 17:16:39 Scheduled Checkpoint
28-03-2018 11:09:30 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4d36e969-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2018 09:45:24 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/30/2018 09:45:24 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/30/2018 09:45:24 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/30/2018 09:45:24 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/30/2018 09:45:24 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (03/30/2018 09:45:18 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/30/2018 09:45:18 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f) (0x8004117f)

Error: (03/30/2018 09:45:18 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (03/30/2018 10:27:38 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/30/2018 10:27:38 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/30/2018 10:27:33 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/30/2018 10:27:24 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/30/2018 10:27:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswArPot
aswbidsdriver
aswbidsh
aswblog
aswbuniv
aswHdsKe
aswRvrt
aswSnx
aswSP
aswVmm
discache
epp
SASDIFSV
SASKUTIL
spldr
vpcvmm
Wanarpv6

Error: (03/30/2018 10:24:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/30/2018 10:24:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (03/30/2018 10:00:56 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}


Windows Defender:
===================================
Date: 2016-07-17 12:24:41.352
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{7A0F274B-64A0-4A24-A926-F369F71D1BB3}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-05-05 08:04:04.241
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{503FF450-A0D8-4657-8106-C6E437AF632B}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-04-17 11:32:04.907
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{EFF7DBD9-80AF-4189-BAD0-20590AAF8AC9}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-04-17 11:31:55.890
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{D28D66A7-DC09-40E7-ACC8-0E989B162064}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-03-22 10:32:32.490
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{50E193B1-C98E-4950-AFE5-8CB20042B81D}
Scan Type:AntiSpyware
Scan Parameters:Full Scan

Date: 2016-01-30 09:25:58.257
Description:
Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Sdbot&threatid=2722
Name:Backdoor:Win32/Sdbot
ID:2722
Severity:Severe
Category:Backdoor
Path:
Action:Remove
Error Code:0x80508023
Error description:The program could not find the spyware and other potentially unwanted software on this computer.
Status:

CodeIntegrity:
===================================

Date: 2017-06-24 12:28:59.040
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DANIEL~1.PC\AppData\Local\temp\24992B468C.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-24 12:28:59.034
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DANIEL~1.PC\AppData\Local\temp\24992B468C.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-30 08:13:32.112
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Daniel M. Burkus.PC\AppData\Local\temp\46718817-3A6B268A-D70FA871-D9A8C342\1478bef5d3.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:48.985
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:34.352
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:18.393
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:18.097
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\EEK\Run\epp32.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:17.925
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+
Percentage of memory in use: 23%
Total physical RAM: 2047.3 MB
Available physical RAM: 1559.04 MB
Total Virtual: 4094.61 MB
Available Virtual: 3668.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:23.87 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Data Storage) (Fixed) (Total:232.88 GB) (Free:22 GB) NTFS
Drive g: (Data Storage) (Fixed) (Total:232.79 GB) (Free:26.13 GB) NTFS

\\?\Volume{07e6e721-c667-11e5-84aa-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 697FBEB8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: BCE48856)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: B31CAE79)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
As I said, I can not do anything when the PC is running in the ordinary mode, so the FRST and RogueKiller scans were run with the PC in "Safe Mode" (with networking). I hope this will not impact on the results. (This was why I could not run a virus scan: Avast is not working in "Safe Mode" and I could not open the engine to run the scan in ordinary mode. I will reboot and give it another shot, but do not know if that will be successful or not....)

-- Daniel M. Burkus
 
I tried again but was not able to open the Avast engine in regular mode (pushing on the Avast icon in the tray froze the PC). And Avast can not be opened in "Safe Mode" (I thought I might be able to set a "boot time scan" so it would scan before Windows loaded, but the engine could not be opened even that far in "Safe Mode.") I am attempting to run an "ESET Online Scan" now in "Safe Mode" (which, if I can get it to work, will probably take a couple of hours to complete). In either case I will get back to you either with the results, or a report of a failure.

-- Daniel M. Burkus
 
Ok, the "ESET Online Scan" just finished. It listed several programs as "potentially problematic" (a download manager, and a video reformatting tool). These programs have been on my PC for months/years without issue (and I have been running the "ESET Online Scan" once per month or so for several months, without them ever showing up there before), or without ever having been flagged by any anti-virus/malware scans. Just to be on the safe side, I let "ESET Online Scan" remove them, rebooted the PC, and nothing is changed. It still freezes whenever I try to run any program (or when I try to shut the PC down). I am back in "Safe Mode" now.

Please let me know if or when I should proceed to the next scan. Thank you.

-- Daniel M. Burkus
 
First of all, observe my rules. One of them says:
"Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest."

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
Sorry, Broni, I suddenly had to go out of the city yesterday. As for the scan, I could see no other way to run a virus scan, since I was unable to access Avast. Running that scan enabled me to run the PC without having to use "Safe Mode."

I re-ran FRST this morning, as well as RogueKiller, Malwarebytes, and AdwareCleaner, and will post those results now.
 
FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by Daniel M. Burkus (administrator) on PC (01-04-2018 12:10:04)
Running from C:\Users\Daniel M. Burkus.PC\Desktop
Loaded Profiles: Daniel M. Burkus (Available Profiles: Daniel M. Burkus)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Node.js) C:\Program Files\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Kakao Corp. ) C:\Program Files\Kakao\KakaoTalk\KakaoTalk.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-05] ()
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-10] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7765936 2018-03-24] (SUPERAntiSpyware)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7980776 2018-01-09] (Piriform Ltd)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [KakaoTalk] => C:\Program Files\Kakao\KakaoTalk\KakaoTalk.exe [9663264 2018-03-29] (Kakao Corp. )
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
BootExecute: autocheck autochk * ROBoot \??\C:\Windows\system32\ASOROSet.bin

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 210.220.163.82 219.250.36.130
Tcpip\..\Interfaces\{66B87001-DA33-470B-9512-77BE9AE4D883}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7E8271E6-6142-41FD-83BE-949EBBBBA13D}: [DhcpNameServer] 210.220.163.82 219.250.36.130
Tcpip\..\Interfaces\{B3CE4C30-3C2F-4806-AE63-1892B7E644A5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B467908D-00FC-4908-9541-083B36A379AE}: [DhcpNameServer] 210.220.163.82 219.250.36.130

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180101__yaie
SearchScopes: HKU\S-1-5-21-1259038908-1583320175-680065255-1005 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180101__yaie&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-05] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-03-10] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-15] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-10] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-15] (AVAST Software)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2017-12-04] (Belarc, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008 [2018-04-01]
FF Homepage: Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008 -> hxxps://login.yahoo.com/?.src=ym&.intl=us&.done=https%3A%2F%2Fmail.yahoo.com%2F
FF NewTab: Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180101__yaff
FF Extension: (AdBlocker Ultimate) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\adblockultimate@adblockultimate.net.xpi [2017-12-13]
FF Extension: (Flash Video Downloader) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\artur.dubovoy@gmail.com.xpi [2018-03-27]
FF Extension: (FlashStopper) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\flashstopper@byo.co.il.xpi [2017-10-18] [Legacy]
FF Extension: (Google Search by Image) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\google@hitachi.com.xpi [2017-02-02] [Legacy]
FF Extension: (Markdown Viewer) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\markdownviewer@thiht.fr.xpi [2017-01-07] [Legacy]
FF Extension: (Restart Button) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\restartbutton@strk.jp.xpi [2016-08-16] [Legacy]
FF Extension: (Avast SafePrice) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\sp@avast.com.xpi [2018-03-08]
FF Extension: (Avast Online Security) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\wrc@avast.com.xpi [2017-10-18]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-03-28]
FF Extension: (Vimeo Free Downloader) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{0042f50c-7bcb-4349-8ba9-db2fc901abf2}.xpi [2018-03-27]
FF Extension: (Bulk Media Downloader) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{72b2e02b-3a71-4895-886c-fd12ebe36ba3}.xpi [2017-11-07]
FF Extension: (CacheViewer Fx21) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{81328583-3CA7-4809-B4BA-570A85818FBB} [2017-03-24] [Legacy]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2018-03-29]
FF Extension: (Video DownloadHelper) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-17]
FF Extension: (Google Hangouts Web Messenger) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{c4c8bd04-e508-46df-a109-92af7ea4992b}.xpi [2017-12-19]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\features\{4d496747-80e0-4676-a1c2-a75c401e944f}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-29] [Legacy]
FF SearchPlugin: C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\searchplugins\yahoo-lavasoft.xml [2018-01-01]
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-06-08] [Legacy]
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM\idmmzcc5 [2018-03-31] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-14] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-10] (Oracle Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-09] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5909888 2018-03-10] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-10] (AVAST Software)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Inc.)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [792944 2016-01-28] (Nero AG)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [466880 2017-12-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [466880 2017-12-16] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 5AF767F5; C:\Windows\System32\drivers\5AF767F5.sys [153784 2016-04-01] (Kaspersky Lab ZAO)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-03-10] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-03-10] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-03-10] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-03-10] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-03-10] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [169536 2018-03-10] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-03-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124392 2018-03-10] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100032 2018-03-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70816 2018-03-10] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783608 2018-03-10] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [391856 2018-03-10] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-03-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-03-10] (AVAST Software)
R1 epp; C:\EEK\bin32\epp.sys [105248 2016-11-23] (Emsisoft Ltd)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [221600 2018-04-01] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-12-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [44992 2017-12-16] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [50112 2017-12-16] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [134928 2016-02-14] (Ray Hinchliffe)
S3 tatertot.scr; C:\Windows\system32\drivers\tatertot.scr.sys [34816 2017-06-01] ()
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh6.sys [X]
S3 catchme; \??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-01 12:09 - 2018-04-01 12:09 - 000005218 _____ C:\Users\Daniel M. Burkus.PC\Desktop\RogueKiller.txt
2018-04-01 11:00 - 2018-04-01 11:00 - 008222496 _____ (Malwarebytes) C:\Users\Daniel M. Burkus.PC\Desktop\AdwCleaner.exe
2018-04-01 10:28 - 2018-04-01 10:28 - 000000514 _____ C:\Users\Daniel M. Burkus.PC\Desktop\ROGUE KILLER REPORT INSTRUCTIONS.txt
2018-03-30 10:28 - 2018-04-01 12:11 - 000019902 _____ C:\Users\Daniel M. Burkus.PC\Desktop\FRST.txt
2018-03-30 10:21 - 2018-04-01 12:10 - 000000000 ____D C:\FRST
2018-03-30 10:20 - 2018-03-30 10:20 - 001764352 _____ (Farbar) C:\Users\Daniel M. Burkus.PC\Desktop\FRST.exe
2018-03-30 09:25 - 2018-03-30 09:25 - 000032015 _____ C:\ComboFix.txt
2018-03-30 09:08 - 2011-06-26 15:45 - 000256000 _____ C:\Windows\PEV.exe
2018-03-30 09:08 - 2010-11-08 02:20 - 000208896 _____ C:\Windows\MBR.exe
2018-03-30 09:08 - 2009-04-20 13:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-03-30 09:08 - 2000-08-31 09:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-03-30 09:08 - 2000-08-31 09:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-03-30 09:08 - 2000-08-31 09:00 - 000098816 _____ C:\Windows\sed.exe
2018-03-30 09:08 - 2000-08-31 09:00 - 000080412 _____ C:\Windows\grep.exe
2018-03-30 09:08 - 2000-08-31 09:00 - 000068096 _____ C:\Windows\zip.exe
2018-03-29 22:49 - 2018-03-29 22:49 - 000780000 _____ C:\Users\Daniel M. Burkus.PC\Documents\Dan0001.avi.bak
2018-03-29 22:14 - 2018-03-29 22:14 - 000780000 _____ C:\Users\Daniel M. Burkus.PC\Documents\Lee Nam-soo0001.avi.bak
2018-03-29 12:05 - 2018-03-29 12:05 - 000624083 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Simmered Kabocha Squash.htm
2018-03-29 12:05 - 2018-03-29 12:05 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Simmered Kabocha Squash_files
2018-03-26 22:12 - 2018-03-26 22:12 - 000000034 _____ C:\Users\Daniel M. Burkus.PC\Desktop\CHAT.txt
2018-03-23 16:32 - 2018-03-23 16:32 - 000000016 _____ C:\Users\Daniel M. Burkus.PC\Desktop\rat baby.txt
2018-03-16 11:41 - 2018-03-16 11:41 - 000000020 _____ C:\Users\Daniel M. Burkus.PC\Desktop\shrug emoji.txt
2018-03-12 23:32 - 2018-03-12 23:32 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Haansoft Dictionary.lnk
2018-03-12 23:32 - 2018-03-12 23:32 - 000002477 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Hangul 2002.lnk
2018-03-12 23:32 - 2018-03-12 23:32 - 000000048 _____ C:\Windows\Hjimesv.ini
2018-03-12 23:32 - 2018-03-12 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HAANSOFT
2018-03-12 22:38 - 2018-03-30 09:26 - 000000000 ____D C:\Qoobox
2018-03-10 11:37 - 2018-03-10 12:40 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Documents\Mipony
2018-03-10 11:19 - 2018-03-10 11:19 - 000000000 ____D C:\Program Files\Common Files\Java
2018-03-10 11:18 - 2018-03-10 11:18 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2018-03-10 11:13 - 2018-03-10 12:41 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mipony
2018-03-10 11:13 - 2018-03-10 11:13 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
2018-03-10 11:09 - 2018-03-10 11:09 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Downloads\Three Billboards Outside Ebbing Missouri 2017 720p BluRay
2018-03-10 08:14 - 2018-03-10 08:13 - 000319392 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-03-03 23:50 - 2018-03-03 23:50 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\FreemakeVideoConverter
2018-03-03 23:46 - 2018-03-04 10:57 - 000000000 ____D C:\ProgramData\Freemake
2018-03-03 23:46 - 2018-03-03 23:46 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Documents\Freemake

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-01 11:01 - 2016-11-16 20:55 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\LocalLow\Mozilla
2018-04-01 11:00 - 2016-02-15 14:58 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-04-01 10:59 - 2017-05-30 07:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-04-01 10:59 - 2016-02-15 14:57 - 000000000 ____D C:\Program Files\RogueKiller
2018-04-01 10:23 - 2016-08-12 12:43 - 000000339 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Tumblr URLs.txt
2018-04-01 10:20 - 2009-07-14 13:34 - 000024208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-01 10:20 - 2009-07-14 13:34 - 000024208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-01 10:16 - 2016-01-29 01:50 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-01 10:12 - 2017-06-30 20:06 - 000221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-04-01 10:10 - 2009-07-14 13:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-31 18:51 - 2016-08-06 20:33 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\DMCache
2018-03-31 18:29 - 2016-09-25 20:36 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM
2018-03-31 18:28 - 2009-07-14 11:37 - 000000000 ____D C:\Windows\inf
2018-03-31 16:10 - 2017-08-20 05:18 - 025901056 ___SH C:\Users\Daniel M. Burkus.PC\Desktop\Thumbs.db
2018-03-30 09:41 - 2017-05-23 07:20 - 000000000 ____D C:\EEK
2018-03-30 09:23 - 2009-07-14 11:04 - 000000215 _____ C:\Windows\system.ini
2018-03-29 23:38 - 2016-03-26 19:27 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\CrashDumps
2018-03-29 09:02 - 2017-05-23 22:05 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-03-29 09:02 - 2016-11-16 16:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-25 18:18 - 2016-08-18 23:06 - 000000087 _____ C:\Users\Daniel M. Burkus.PC\Desktop\movie time.txt
2018-03-25 09:12 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20180401-082641.backup
2018-03-25 07:27 - 2016-04-25 09:15 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Chanoyu to wa
2018-03-24 08:23 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20180325-091210.backup
2018-03-24 08:15 - 2016-03-25 18:43 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-03-23 07:39 - 2017-12-10 16:39 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\LocalLow\uTorrent
2018-03-22 19:19 - 2017-09-12 19:18 - 000000137 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Movies to Search.txt
2018-03-20 15:23 - 2017-01-02 11:08 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Blog Photos
2018-03-20 13:18 - 2017-08-31 07:03 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Media Files
2018-03-19 18:13 - 2017-01-07 16:59 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\AV Media Files
2018-03-18 19:20 - 2018-02-07 15:32 - 000012368 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Names of Guests .txt
2018-03-18 06:39 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20180324-082320.backup
2018-03-17 08:53 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20180318-063956.backup
2018-03-16 13:40 - 2016-03-24 20:56 - 000001404 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Blog Templates.txt
2018-03-14 19:03 - 2016-01-29 05:02 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-03-14 19:03 - 2016-01-29 05:02 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-03-14 19:03 - 2016-01-29 05:02 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-13 18:05 - 2017-10-18 15:14 - 000000246 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Banyeo 3-dong Address.txt
2018-03-13 14:42 - 2016-03-24 08:37 - 000064960 _____ C:\Users\Daniel M. Burkus.PC\AppData\Local\GDIPFONTCACHEV1.DAT
2018-03-13 07:42 - 2009-07-14 13:33 - 000311232 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-12 23:33 - 2016-01-30 08:30 - 000000000 ____D C:\HNC
2018-03-12 23:31 - 2009-07-14 16:49 - 000000000 ____D C:\Windows\ShellNew
2018-03-12 23:25 - 2016-01-30 08:24 - 000000016 _____ C:\Windows\system32\hwincfg.ini
2018-03-11 08:18 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20180317-085352.backup
2018-03-10 18:34 - 2016-04-13 21:34 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\vlc
2018-03-10 11:20 - 2017-12-12 21:00 - 000000000 ____D C:\ProgramData\Oracle
2018-03-10 11:18 - 2017-12-12 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-03-10 11:17 - 2017-12-12 21:00 - 000000000 ____D C:\Program Files\Java
2018-03-10 08:19 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20180311-081856.backup
2018-03-10 08:14 - 2017-11-11 07:14 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-03-10 08:14 - 2017-09-08 21:39 - 000152344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-03-10 08:14 - 2017-09-08 21:39 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-03-10 08:14 - 2017-09-08 21:35 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-03-10 08:14 - 2017-09-08 21:35 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-03-10 08:14 - 2017-09-08 21:29 - 000391856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-03-10 08:14 - 2017-09-08 21:29 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-03-10 08:14 - 2017-09-08 21:29 - 000100032 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-03-10 08:13 - 2017-12-22 08:35 - 000169536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-03-10 08:13 - 2017-09-08 21:39 - 000276688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2018-03-10 08:13 - 2017-09-08 21:39 - 000185432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2018-03-10 08:13 - 2017-09-08 21:39 - 000157368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2018-03-10 08:13 - 2017-09-08 21:39 - 000050336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
2018-03-10 08:13 - 2017-09-08 21:29 - 000783608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-03-09 07:33 - 2009-07-14 13:53 - 000032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-04 08:12 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20180310-081905.backup
2018-03-03 23:37 - 2016-07-05 13:38 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\MPC-BE
2018-03-03 10:31 - 2016-08-03 15:36 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\SCAN TOOLS
2018-03-03 10:31 - 2016-06-04 16:56 - 000000923 _____ C:\DelFix.txt
2018-03-02 11:41 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20180304-081240.backup

==================== Files in the root of some directories =======

2017-08-22 23:24 - 2017-12-12 22:35 - 000007608 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-04-01 11:00 - 2017-09-14 00:10 - 001310528 _____ (Microsoft Corporation) C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-29 12:23

==================== End of FRST.txt ============================
 
FRST (Addition):

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by Daniel M. Burkus (01-04-2018 12:12:14)
Running from C:\Users\Daniel M. Burkus.PC\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-01-28 16:14:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1259038908-1583320175-680065255-500 - Administrator - Disabled)
Daniel M. Burkus (S-1-5-21-1259038908-1583320175-680065255-1005 - Administrator - Enabled) => C:\Users\Daniel M. Burkus.PC
Guest (S-1-5-21-1259038908-1583320175-680065255-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1259038908-1583320175-680065255-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbleWord v3.0 (HKLM\...\AbleWord_is1) (Version: - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Belarc Advisor 8.6 (HKLM\...\Belarc Advisor) (Version: 8.6.0.0 - Belarc Inc.)
Boilsoft Video Cutter 1.23 (HKLM\...\{C72AB84A-4F9E-4D80-8243-C9547773BE73}_is1) (Version: - Boilsoft, Inc.)
Boilsoft Video Joiner 6.57 (HKLM\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version: - Boilsoft, Inc.)
Boilsoft Video Splitter 6.34 (HKLM\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.)
calibre (HKLM\...\{1E376DEC-875A-4F53-9149-168582A0E274}) (Version: 2.71.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - )
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
Direct MIDI to MP3 Converter version 7.0.0.0 (HKLM\...\Direct MIDI to MP3 Converter_is1) (Version: 7.0.0.0 - Piston Software)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FormatFactory 3.9.0.1 (HKLM\...\FormatFactory) (Version: 3.9.0.1 - Free Time)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
FreeOCR v5.4 (HKLM\...\freeocr_is1) (Version: - )
Hangul 2002 SE (HKLM\...\{CECBC29F-6D3A-4ED6-A686-7220EF9B69CC}) (Version: 5.7.5.3007 - Haansoft)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
IrfanView 4.50 (32-bit) (HKLM\...\IrfanView) (Version: 4.50 - Irfan Skiljan)
Java 8 Update 161 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KakaoTalk (HKLM\...\KakaoTalk) (Version: 2.6.5.1762 - Kakao Corp.)
K-Lite Mega Codec Pack 10.4.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.5 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MKVToolNix 8.3.0 (32bit) (HKLM\...\MKVToolNix) (Version: 8.3.0 - Moritz Bunkus)
Movavi Video Converter 14 (HKLM\...\Movavi Video Converter 14) (Version: 14.3.0 - Movavi)
Mozilla Firefox 59.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x86 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
MP3 Toolkit 1.0.5 (HKLM\...\MP3 Toolkit_is1) (Version: - MP3Toolkit.com)
MPC-BE 1.4.5.787 (HKLM\...\{903D098F-DD50-4342-AD23-DA868FCA3126}_is1) (Version: 1.4.5.787 - MPC-BE Team)
Nero 2016 (HKLM\...\{9C637A56-4287-487F-95BF-1422FC1AA879}) (Version: 17.0.04500 - Nero AG)
Nero Info (HKLM\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
Nero WaveEditor (HKLM\...\{D0656D0B-9712-45BD-9243-21FEBF5B05E5}) (Version: 14.0.00600 - Nero AG)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.71 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADEF}) (Version: 4.0.21 - dotPDN LLC)
Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0010 - Nero AG) Hidden
Prerequisite installer (HKLM\...\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RogueKiller version 12.12.10.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.10.0 - Adlice Software)
R-Undelete 5.0 (HKLM\...\R-Undelete 5.0NSIS) (Version: 5.0.164588 - R-Tools Technology Inc.)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Stashimi Stub Installer (HKLM\...\{910B539D-F257-46C8-9CB8-6C95EFF9CF22}) (Version: 18.001.1 - Nero AG) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
Tipard PDF Converter Platinum 3.2.10 (HKLM\...\{7ABFBBCF-9DA2-4a62-B54D-3AFCA72FBBA4}_is1) (Version: 3.2.10 - Tipard Studio)
Tray Tools 2000 (HKLM\...\Tray Tools 2000) (Version: Tray Tools 2000 - Version 2.7 - Gregory Braun -- Software Design)
TreeSize Free V3.4.5 (HKLM\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-10] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-10] (AVAST Software)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_103.dll [2013-06-18] (Free Time)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-10] (AVAST Software)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-05] ()
ContextMenuHandlers4: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_103.dll [2013-06-18] (Free Time)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-16] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-10] (AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-05] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {23FDC21F-512F-4484-911F-AD05F2ADD72E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater32.exe [2017-12-16] (NVIDIA Corporation)
Task: {2AD9CBDA-821B-40BC-B08D-3D5D9DACF2C3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-12-16] (NVIDIA Corporation)
Task: {31D44F80-200D-479A-8724-51DD2AEFFBA7} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-16] (NVIDIA Corporation)
Task: {33EFE6B2-0ACA-428B-BC75-9DC0B373EDBC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-12-16] (NVIDIA Corporation)
Task: {37D13423-5FF3-4E87-944F-E0C4CDD81BC7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-14] (Adobe Systems Incorporated)
Task: {4BC42726-91BD-4504-9FB8-C3FC4023F482} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {4F9FCC77-0961-45B7-8B19-A5FC610B40A8} - System32\Tasks\SafeZone scheduled Autoupdate 1498554344 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {521571B3-88C9-4F3A-9296-984100592DA5} - System32\Tasks\{192A14D5-1617-470C-AB03-F92AFA889304} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel M. Burkus.PC\Desktop\A78GA-M2T_080115_B.exe" -d "C:\Users\Daniel M. Burkus.PC\Desktop"
Task: {5439F437-1585-4F4B-B335-75DE0926C042} - System32\Tasks\{C91B6667-6FA7-4977-BE1A-CC3C386768BD} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel M. Burkus.PC\Desktop\vcredist_x86.exe" -d "C:\Users\Daniel M. Burkus.PC\Desktop"
Task: {56FDB460-B837-44D0-BF48-B27FB59F8914} - System32\Tasks\{8BDA641D-7880-4690-8B38-75DCC0CDA57D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen\Easy Video Editor v2.0.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen"
Task: {7609A09A-65AD-4EA1-9094-339D2D39D483} - System32\Tasks\{8703A1E3-955E-4714-B632-178F571D3F03} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)\Nero-6[1].6.0.18.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)"
Task: {98C055B9-AF23-45CB-9D0F-392B2DADFF72} - System32\Tasks\Nero\Nero Info => C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe [2016-03-01] (Nero AG)
Task: {BBD59322-0946-4595-85CE-4C4EC0140309} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {C7399ABE-1E4A-49C8-BA3C-2BD498749EEF} - System32\Tasks\SafeZone scheduled Autoupdate 1458735473 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {D5DD3FEC-D131-4B98-AC19-2414A423DC37} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater32.exe [2017-12-16] (NVIDIA Corporation)
Task: {D6C559EA-22F9-4CEF-8675-46685F8EFAE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-14] (Adobe Systems Incorporated)
Task: {D966045A-80D1-409D-9B1D-88D5D3171782} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-12-16] (NVIDIA Corporation)
Task: {DBE50434-C523-46DB-8DAD-CC6418C098EF} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-12-16] (NVIDIA Corporation)
Task: {DFC3BA9C-F002-470B-8B20-0F3F18D03E9A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-16] (NVIDIA Corporation)
Task: {E0BEB5F0-C2D8-4F26-B4B3-0112A5BD01E0} - System32\Tasks\{98A6AAFD-D93D-499D-9F0E-2F5A130C370E} => C:\Windows\system32\pcalua.exe -a "C:\My Documents\A - Software Shortcuts\Set-up Files\converter.exe" -d "C:\My Documents\A - Software Shortcuts\Set-up Files"
Task: {E8983BDC-3EE4-4520-81E3-76E6ED36DCED} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-10] (AVAST Software)
Task: {F857E1A7-6248-4487-A478-1A025701E05E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-06] (AVAST Software)
Task: {FF55AC69-9AD3-4DC5-8418-69E159A58B32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-03-10 08:13 - 2018-03-10 08:13 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-10 08:13 - 2018-03-10 08:13 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-03-31 23:01 - 2018-03-31 23:01 - 005810832 _____ () C:\Program Files\AVAST Software\Avast\defs\18033100\algo.dll
2018-03-10 08:13 - 2018-03-10 08:13 - 000756952 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-03-10 08:13 - 2018-03-10 08:13 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-03-10 08:13 - 2018-03-10 08:13 - 000964824 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-03-10 08:13 - 2018-03-10 08:13 - 000475352 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-03-10 08:13 - 2018-03-10 08:13 - 000339672 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2016-01-29 19:14 - 2016-01-22 16:56 - 000089008 _____ () C:\Windows\System32\cpwmon2k.dll
2017-12-27 13:52 - 2017-12-16 09:16 - 001040320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-01-29 16:48 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-10-18 09:27 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-29 16:48 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-10-18 09:27 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-10-18 09:27 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-01-30 07:47 - 2010-07-05 06:32 - 000004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2010-07-05 06:32 - 2010-07-05 06:32 - 000010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2018-03-10 08:13 - 2018-03-10 08:13 - 000618200 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2016-01-30 07:47 - 2010-07-05 04:51 - 000017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2018-03-10 08:14 - 2018-03-10 08:14 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-03-10 08:13 - 2018-03-10 08:13 - 000275160 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\5AF767F5.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\5AF767F5.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.

IE trusted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-05-31 22:49 - 2018-04-01 08:26 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 15597 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 210.220.163.82 - 219.250.36.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AB035A13-5F60-4C15-AD6D-F3740287AB2A}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{46A04708-A71C-47A9-B967-D1C29970E410}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{B36792AD-C22F-4AD5-A86A-58D4966FB2AF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{48C47700-5F30-457F-B126-0B5E37C48496}] => (Allow) C:\Program Files\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{85F7091D-F663-43CF-8309-8DB3E9020295}] => (Allow) C:\Program Files\Nero\KM\NMDllHost.exe
FirewallRules: [{B91AC728-BBF8-48A5-8717-069BCA465C6C}] => (Allow) C:\Program Files\Nero\KM\MediaHome.exe
FirewallRules: [{BDEDE059-95C2-4437-A88D-F9DD786FB4A0}] => (Allow) C:\Program Files\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{44024E3E-8628-47F5-826F-6D1B8C53570D}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{BE219DF0-6551-4830-9C73-63730DE92272}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{A07B9198-22F5-48B0-88F7-9A088AD2B0CB}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{F85D6425-9E30-4683-BE9E-A98A865D2AFD}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [TCP Query User{01DBBB7E-5C1F-431D-8166-39BBC37EE8D6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{16E5C799-7688-4A3F-994C-F6D8EB1D84D9}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{519D31D1-370E-4C65-AF47-9D8768E95A66}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E13B8375-E38E-4CF0-BBD1-05049B0D05A6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{88A6D0C8-A914-4DAD-BA5D-80DF22724A19}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9EED5CCD-D9CE-4E2B-9FFC-B3D66868D551}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{67F90290-B342-438C-B96A-96843A5D2665}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5C9CBA3C-5AF8-48FB-A5DD-0F561638E703}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C942CE76-D847-46C9-B54F-74D77FF60570}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ABD6A68B-0ACA-4C11-9E9E-A7DA2688E9BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A53813AF-2E9A-4CBE-97C5-8B4CE4A577A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitnet.exe] => Enabled:Orbit

==================== Restore Points =========================

20-03-2018 17:16:39 Scheduled Checkpoint
28-03-2018 11:09:30 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4d36e969-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2018 12:36:37 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 2960. Message ID: [0x2509].

Error: (03/31/2018 11:28:48 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3648. Message ID: [0x2509].

Error: (03/31/2018 11:23:30 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3108. Message ID: [0x2509].

Error: (03/31/2018 11:20:44 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5528. Message ID: [0x2509].

Error: (03/31/2018 11:20:26 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3580. Message ID: [0x2509].

Error: (03/31/2018 11:17:34 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4036. Message ID: [0x2509].

Error: (03/31/2018 11:14:44 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 6068. Message ID: [0x2509].

Error: (03/31/2018 11:01:20 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1259038908-1583320175-680065255-1005}/">.


System errors:
=============
Error: (04/01/2018 10:10:22 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:08:54 AM on ‎4/‎1/‎2018 was unexpected.

Error: (04/01/2018 08:20:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/01/2018 08:20:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (04/01/2018 08:19:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/01/2018 08:19:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (04/01/2018 01:05:13 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (03/31/2018 11:00:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/31/2018 11:00:08 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.


Windows Defender:
===================================
Date: 2016-07-17 12:24:41.352
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{7A0F274B-64A0-4A24-A926-F369F71D1BB3}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-05-05 08:04:04.241
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{503FF450-A0D8-4657-8106-C6E437AF632B}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-04-17 11:32:04.907
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{EFF7DBD9-80AF-4189-BAD0-20590AAF8AC9}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-04-17 11:31:55.890
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{D28D66A7-DC09-40E7-ACC8-0E989B162064}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-03-22 10:32:32.490
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{50E193B1-C98E-4950-AFE5-8CB20042B81D}
Scan Type:AntiSpyware
Scan Parameters:Full Scan

Date: 2016-01-30 09:25:58.257
Description:
Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Sdbot&threatid=2722
Name:Backdoor:Win32/Sdbot
ID:2722
Severity:Severe
Category:Backdoor
Path:
Action:Remove
Error Code:0x80508023
Error description:The program could not find the spyware and other potentially unwanted software on this computer.
Status:

CodeIntegrity:
===================================

Date: 2017-06-24 12:28:59.040
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DANIEL~1.PC\AppData\Local\temp\24992B468C.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-24 12:28:59.034
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DANIEL~1.PC\AppData\Local\temp\24992B468C.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-30 08:13:32.112
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Daniel M. Burkus.PC\AppData\Local\temp\46718817-3A6B268A-D70FA871-D9A8C342\1478bef5d3.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:48.985
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:34.352
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:18.393
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:18.097
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\EEK\Run\epp32.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:17.925
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+
Percentage of memory in use: 76%
Total physical RAM: 2047.3 MB
Available physical RAM: 480.13 MB
Total Virtual: 4094.61 MB
Available Virtual: 2655.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:23.28 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Data Storage) (Fixed) (Total:232.88 GB) (Free:20.98 GB) NTFS
Drive g: (Data Storage) (Fixed) (Total:232.79 GB) (Free:26.13 GB) NTFS

\\?\Volume{07e6e721-c667-11e5-84aa-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 697FBEB8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: BCE48856)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: B31CAE79)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
RogueKiller:

RogueKiller V12.12.10.0 [Mar 26 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Daniel M. Burkus [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 04/01/2018 11:00:16 (Duration : 00:52:52)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[PUM.HomePage][Firefox:Config] 9ywgrdrs.default-1471039942008 : user_pref("browser.startup.homepage", "https://login.yahoo.com/?.src=ym&.intl=us&.done=https://mail.yahoo.com/"); -> Found
[PUM.SearchEngine][Firefox:Config] 9ywgrdrs.default-1471039942008 : user_pref("browser.search.selectedEngine", "Yahoo®"); -> Found
[PUM.SearchEngine][Firefox:Config] 9ywgrdrs.default-1471039942008 : user_pref("browser.search.defaultenginename", "Yahoo®"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3250318AS ATA Device +++++
--- User ---
[MBR] b1a2fd097a23ca69b6b12abaa342e59f
[BSP] ce62516d74e7e2fae782be4f7008cdb8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG SP2504C ATA Device +++++
--- User ---
[MBR] 049945051fe77a2a7945126d5255a9c2
[BSP] 320f4a557e8738f56ad4a861745f1b0e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238372 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SAMSUNG SP2504C ATA Device +++++
--- User ---
[MBR] d151fc54efa59ff995497b97b7e64c5e
[BSP] bac9892ba4763ddb0e6fe1b910530a9c : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238472 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
MalwareBytes:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/1/18
Scan Time: 12:16 PM
Log File: Malwarebytes Scan.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.4570
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: PC\Daniel M. Burkus

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357416
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 36 min, 59 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 
AdwareCleaner (SO) [I will add the AdwareCleaner (CO) file, showing the deleted files, at the bottom of this post, below the double-dashed line]:

# AdwCleaner 7.0.8.0 - Logfile created on Sun Apr 01 04:05:33 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-30.1
# Running on Windows 7 Ultimate (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\Daniel M. Burkus.PC\AppData\Roaming\mipony
PUP.Optional.Legacy, C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mipony
PUP.Optional.Legacy, C:\Users\Daniel M. Burkus.PC\Documents\mipony
PUP.Optional.WebCompanion, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion


***** [ Files ] *****

PUP.Optional.Legacy, C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\searchplugins\yahoo-lavasoft.xml


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.



AdwareCleaner

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Software\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.SpyHunter, [Key] - HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########


=================================================================================================


# AdwCleaner 7.0.8.0 - Logfile created on Sun Apr 01 04:11:52 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Ultimate (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\Daniel M. Burkus.PC\AppData\Roaming\mipony
Deleted: C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mipony
Deleted: C:\Users\Daniel M. Burkus.PC\Documents\mipony
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion


***** [ Files ] *****

Deleted: C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\searchplugins\yahoo-lavasoft.xml


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Software\Lavasoft\Web Companion
Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2003 B] - [2018/4/1 4:5:33]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
Finally, Broni, I should mention (actually, remind you) that I can not run the JunkwareRemovalTool (which is usually next in the series of scans) because it destroys the messenger and its archived messages that I rely on to communicate with just about everyone. So we will have to avoid this scan, since there seems no way to either opt the messenger out of the scan, or protect/firewall the message archive.

-- Daniel M. Burkus
 
JRT is not supported anymore and I didn't ask to run it.

There is nothing malicious there.
Your issues must be coming from something else.
I suggest new topic in Windows forum.
 
You must log in or register to reply here.

Similar threads

Mickey1
PC Freezes & won't open anything
Replies
3
Views
529
info12345
info12345
H
Freezes after BSOD
Replies
10
Views
1K
bazz2004
B
A
Unbelievable lag when playing PC games in the evening only
Replies
3
Views
732
Mark Fuller
M

Latest posts

Back