Solved PC Shutting Down During Malware Scans, Presumed Malware Infection (Windows 7)

Daniel Burkus

Posts: 161   +7
This issue has been happening for a while -- even though my PC has been scanned on several occasions and found "clean" -- and it seems to be getting much worse of late. Whenever I try to run certain malware scans (Dr. Web, MalwareBytes, among others), the scan progresses to a certain point and then the PC shuts down (apparently the processor is overheating). The reason I am posting in the Malware Forum is because it appears to be an issue with infected file(s), that, when the scan comes to the file in question, the file initiates a burst of activity (my guess as to what is happening, since I know no way to document precisely what is going on) that overheats the processor -- this is the best way I can explain it, from my careful observations. The shut-downs always occur at precisely the same point(s) in the scan.

Recently it has become increasingly difficult to run malware scans. Yesterday it appeared that GomPlayer had become infected or corrupted (videos were playing strangely, or crashing; and the uninstall file "Uninstall.exe" was missing, and GomPlayer not listed in the Add/Remove Programs list). The only thing I could think to do was redownload the install file, reinstall the program over top of the corrupted one, and then use the newly created "Uninstall.exe" file to remove the program from my PC. This has helped a little (I was able to keep the machine from shutting down while I scheduled the Boot Scan), but not really solved the problem. Earlier today, after removing the GomPlayer, I managed to keep Avast! open long enough to schedule a boot-time scan (and get the additional definitions downloaded and installed as well), and the scan found two issues (I can not find a way to get the results after the fact when running a boot-time scan, so perhaps they are not saved; and, knowing that from past experience, I copied these things down while the scan was running):

1) EICAR TEST-NOT VIRUS!!! (sic) [This item was moved from C:...\AppData\Local\temp to Avast!'s Virus Vault. This item, in a file named "AV-test.txt", was detected early in the scan, at the same point where some scans have failed when run after Windows had loaded.]

2) C:hiberfk.sys Win32:ISOM "Delete error 0xC0000043 {A file can not be opened because the share access flags are incompatible}." [Apparently nothing was done, since the file remained in situ in C:. This item was listed quite late in the scan, when it was around 97% complete, and this point corresponds to the failure of other scans -- notably Dr. Web and MalwareBytes.]

I am running Windows 7 Ultimate (with SP1), 32-bit O/S. If other details are needed, please tell me what to list.

Rather than trying to second guess the process and start running scans on my own, I will wait to be told what to do. However, I need to make one comment at the beginning: the Junkware Removal Tool (if this still remains in the scan series) removes the messenger (and destroys all chat backups) that is absolutely necessary for my communicating with other people, and there seems to be no way to configure JRT so that it excepts the messenger. Consequently, it would be better not to run this scan, if at all possible.

Thank you very much for your time, and for any help you can give.

-- Daniel M. Burkus
 

Broni

Posts: 55,719   +501
You know the drill...

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 

Daniel Burkus

Posts: 161   +7
Thank you for your reply, Broni. I hope you are well.

Ok, first, Antivirus scan (Avast!): attempting to run while the PC is on, the machine crashes 4 or 5 minutes into the scan (I tried this twice, once when the PC had been running for a while; and the second time after it had been shut down for a couple of hours to cool down: it shut down both times). Should I run a Boot-time scan again?

Farbar Recovery Scan Tool: I downloaded it from the link in the 4-Step Virus Removal Instructions. However, the tool gives an error when I try to run it: Failed to update (3). I downloaded it again from the old BleepingComputer link, and this version of the tool was able to run without problems. As this is the end of the first step, I will post the FRST logs here:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16.05.2018 01
Ran by Daniel M. Burkus (administrator) on PC (30-05-2018 19:35:05)
Running from C:\Users\Daniel M. Burkus.PC\Desktop
Loaded Profiles: Daniel M. Burkus (Available Profiles: Daniel M. Burkus)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(McAfee, Inc.) C:\Program Files\McAfee\Real Protect\RealProtect.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Kakao Corp. ) C:\Program Files\Kakao\KakaoTalk\KakaoTalk.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-05] ()
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-17] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [5706544 2018-05-29] (McAfee, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7765936 2018-03-24] (SUPERAntiSpyware)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7980776 2018-01-09] (Piriform Ltd)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [KakaoTalk] => C:\Program Files\Kakao\KakaoTalk\KakaoTalk.exe [10151712 2018-05-21] (Kakao Corp. )
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
BootExecute: autocheck autochk * ROBoot \??\C:\Windows\system32\ASOROSet.binsdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1259038908-1583320175-680065255-1005] => localhost:8080
AutoConfigURL: [S-1-5-21-1259038908-1583320175-680065255-1005] => localhost:8080
Tcpip\Parameters: [DhcpNameServer] 210.220.163.82 219.250.36.130
Tcpip\..\Interfaces\{66B87001-DA33-470B-9512-77BE9AE4D883}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7E8271E6-6142-41FD-83BE-949EBBBBA13D}: [DhcpNameServer] 210.220.163.82 219.250.36.130
Tcpip\..\Interfaces\{B3CE4C30-3C2F-4806-AE63-1892B7E644A5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B467908D-00FC-4908-9541-083B36A379AE}: [DhcpNameServer] 210.220.163.82 219.250.36.130

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10438__180415__yaie
SearchScopes: HKU\S-1-5-21-1259038908-1583320175-680065255-1005 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10438__180415__yaie&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2018-05-16] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-03-10] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-10] (Oracle Corporation)
Toolbar: HKLM - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2017-12-04] (Belarc, Inc.)

FireFox:
========
FF DefaultProfile: qbm87xwr.default-1471039942008-1523758240612
FF ProfilePath: C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\qbm87xwr.default-1471039942008-1523758240612 [2018-05-30]
FF Homepage: Mozilla\Firefox\Profiles\qbm87xwr.default-1471039942008-1523758240612 -> hxxps://login.yahoo.com/?.src=ym&.intl=us&.done=https%3A%2F%2Fmail.yahoo.com%2F
FF Extension: (AdBlocker Ultimate) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\qbm87xwr.default-1471039942008-1523758240612\Extensions\adblockultimate@adblockultimate.net.xpi [2018-04-15]
FF Extension: (Flash Video Downloader) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\qbm87xwr.default-1471039942008-1523758240612\Extensions\artur.dubovoy@gmail.com.xpi [2018-05-01]
FF Extension: (Reload Skip Cache Button) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\qbm87xwr.default-1471039942008-1523758240612\Extensions\reload-skip-cache-single@codefisher.org.xpi [2018-04-15]
FF Extension: (Avast SafePrice) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\qbm87xwr.default-1471039942008-1523758240612\Extensions\sp@avast.com.xpi [2018-05-18]
FF Extension: (Avast Online Security) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\qbm87xwr.default-1471039942008-1523758240612\Extensions\wrc@avast.com.xpi [2018-05-26]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\qbm87xwr.default-1471039942008-1523758240612\features\{07b4eee2-b64d-4c19-8a93-6f819b3ff1cf}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-05-25] [Legacy]
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files\Internet Download Manager\idmmzcc3.xpi [2018-05-12]
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM\idmmzcc5 [2018-05-20] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-09] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-10] (Oracle Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR DefaultSearchURL: ChromeDefaultData -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> Default Search
CHR Profile: C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2018-05-29] <==== ATTENTION
CHR Extension: (Slides) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-14]
CHR Extension: (Flash Video Downloader) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-04-14]
CHR Extension: (Docs) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-14]
CHR Extension: (Google Drive) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-14]
CHR Extension: (YouTube) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-14]
CHR Extension: (Avast SafePrice) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-04-14]
CHR Extension: (Sheets) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-14]
CHR Extension: (Google Docs Offline) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-15]
CHR Extension: (Avast Online Security) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-14]
CHR Extension: (IDM Integration Module) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-14]
CHR Extension: (Gmail) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-14]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2018-05-17]
CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-09] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5963368 2018-05-17] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-17] (AVAST Software)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4707104 2018-03-27] (Malwarebytes)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [792944 2016-01-28] (Nero AG)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [466880 2017-12-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [466880 2017-12-16] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 5AF767F5; C:\Windows\System32\drivers\5AF767F5.sys [153784 2016-04-01] (Kaspersky Lab ZAO)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-05-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-03-10] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-03-10] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-03-10] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-03-10] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [184632 2018-05-17] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-05-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [133160 2018-05-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100544 2018-05-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71840 2018-05-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784112 2018-05-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [392368 2018-05-17] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-05-17] (AVAST Software)
R1 epp; C:\EEK\BIN32\epp.sys [115976 2018-04-22] (Emsisoft Ltd)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [94936 2018-04-29] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-05-17] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-12-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [44992 2017-12-16] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [50112 2017-12-16] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [134928 2016-02-14] (Ray Hinchliffe)
S3 tatertot.scr; C:\Windows\system32\drivers\tatertot.scr.sys [34816 2017-06-01] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2018-05-29] ()
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh6.sys [X]
S3 catchme; \??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S1 SMR521; \SystemRoot\System32\drivers\SMR521.SYS [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-05] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-30 19:35 - 2018-05-30 19:37 - 000021736 _____ C:\Users\Daniel M. Burkus.PC\Desktop\FRST.txt
2018-05-30 19:28 - 2018-05-30 19:35 - 000000000 ____D C:\FRST
2018-05-30 19:26 - 2018-05-30 19:31 - 001773568 _____ (Farbar) C:\Users\Daniel M. Burkus.PC\Desktop\FRST.exe
2018-05-29 21:49 - 2018-05-29 21:49 - 000001989 _____ C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2018-05-29 21:49 - 2018-05-29 21:49 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\GRETECH
2018-05-29 21:49 - 2018-05-29 21:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM
2018-05-29 21:49 - 2018-05-29 21:49 - 000000000 ____D C:\Program Files\GRETECH
2018-05-29 21:49 - 2018-05-29 21:49 - 000000000 _____ C:\end
2018-05-29 17:28 - 2018-05-29 17:38 - 000000000 ____D C:\Program Files\stinger
2018-05-29 17:28 - 2018-05-29 17:28 - 000000000 ____D C:\Program Files\McAfee
2018-05-28 09:42 - 2018-05-28 09:42 - 000107550 _____ C:\Users\Daniel M. Burkus.PC\Desktop\TIC-TAC UFO VIDEO.mp4
2018-05-27 10:29 - 2018-05-27 10:29 - 010706374 _____ C:\Users\Daniel M. Burkus.PC\Desktop\TIC-TAC UFO EXECUTIVE REPORT.pdf
2018-05-22 20:41 - 2018-05-22 20:41 - 000000007 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Movie Times.txt
2018-05-21 11:54 - 2018-05-21 11:54 - 000546850 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Some fairy tales may be 6000 years old.htm
2018-05-21 11:54 - 2018-05-21 11:54 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Some fairy tales may be 6000 years old_files
2018-05-20 10:51 - 2018-05-20 10:51 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-05-20 10:51 - 2018-05-20 10:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-05-19 13:53 - 2018-05-19 13:54 - 000000504 _____ C:\Users\Daniel M. Burkus.PC\Desktop\References to Ankokuji E-kei.txt
2018-05-19 11:41 - 2018-05-19 11:41 - 000000025 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Xia Song.txt
2018-05-17 12:24 - 2018-05-12 12:39 - 000449772 _____ C:\Windows\system32\Drivers\etc\hosts.20180517-122429.backup
2018-05-17 10:04 - 2018-05-17 10:02 - 000320728 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-05-17 01:43 - 2018-03-01 23:36 - 000149688 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2018-05-13 21:54 - 2018-05-13 22:10 - 000262144 _____ C:\Windows\system32\config\ELAM
2018-05-13 17:00 - 2018-05-13 17:00 - 000551959 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Corridas FERIA DE ABRIL, COMPLETAS, INCLUYE PREVIO.htm
2018-05-13 17:00 - 2018-05-13 17:00 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Corridas FERIA DE ABRIL, COMPLETAS, INCLUYE PREVIO_files
2018-05-12 12:39 - 2018-05-06 13:08 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts.20180512-123904.backup
2018-05-09 10:19 - 2018-05-09 10:19 - 000000137 _____ C:\Users\Daniel M. Burkus.PC\Desktop\...like a fat kid on a seesaw.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-30 19:28 - 2009-07-14 13:34 - 000024208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-30 19:28 - 2009-07-14 13:34 - 000024208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-30 19:25 - 2016-11-16 20:55 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\LocalLow\Mozilla
2018-05-30 19:20 - 2016-01-29 01:50 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-30 19:19 - 2016-01-29 16:48 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2018-05-30 19:19 - 2009-07-14 13:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-30 10:29 - 2017-08-20 05:18 - 030584832 ___SH C:\Users\Daniel M. Burkus.PC\Desktop\Thumbs.db
2018-05-29 22:26 - 2016-06-04 16:56 - 000000393 _____ C:\DelFix.txt
2018-05-29 18:28 - 2016-04-13 21:34 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\vlc
2018-05-29 18:06 - 2017-05-30 07:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-05-29 18:06 - 2016-02-15 14:58 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-05-29 18:06 - 2016-02-15 14:57 - 000000000 ____D C:\Program Files\RogueKiller
2018-05-29 17:54 - 2016-08-03 15:36 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\SCAN TOOLS
2018-05-29 13:44 - 2009-07-14 11:04 - 000000215 _____ C:\Windows\system.ini
2018-05-29 10:50 - 2017-05-23 07:20 - 000000000 ____D C:\EEK
2018-05-29 09:43 - 2009-07-14 13:53 - 000032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-05-28 21:12 - 2017-05-24 11:42 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\NPE
2018-05-27 19:55 - 2016-09-25 20:36 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM
2018-05-26 07:52 - 2017-05-31 22:49 - 000449772 ____R C:\Windows\system32\Drivers\etc\hosts.20180527-093607.backup
2018-05-23 21:42 - 2016-08-06 20:33 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\DMCache
2018-05-21 22:07 - 2009-07-14 11:37 - 000000000 ____D C:\Windows\inf
2018-05-21 08:02 - 2016-09-17 08:58 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\CutePDF Writer
2018-05-20 11:26 - 2016-09-25 20:35 - 000000000 ____D C:\Program Files\Internet Download Manager
2018-05-20 07:10 - 2017-05-31 22:49 - 000449772 ____R C:\Windows\system32\Drivers\etc\hosts.20180526-075227.backup
2018-05-19 13:27 - 2018-04-16 14:24 - 000001692 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Part 35 (notes).txt
2018-05-19 13:22 - 2018-04-16 14:23 - 000002114 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Part 35 (text).txt
2018-05-19 11:43 - 2017-08-31 07:03 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Media Files
2018-05-19 11:42 - 2017-01-02 11:08 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Blog Photos
2018-05-18 20:48 - 2016-12-06 09:07 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Rikyu Chanoyu Sho
2018-05-18 18:21 - 2016-08-12 12:43 - 000000180 _____ C:\Users\Daniel M. Burkus.PC\Desktop\TUMBLR.txt
2018-05-18 08:59 - 2018-04-14 11:28 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-17 13:50 - 2018-04-22 22:08 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-05-17 12:24 - 2017-05-31 22:49 - 000449772 ____R C:\Windows\system32\Drivers\etc\hosts.20180520-071015.backup
2018-05-17 10:03 - 2017-11-11 07:14 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-05-17 10:03 - 2017-09-08 21:39 - 000152344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-05-17 10:03 - 2017-09-08 21:39 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-05-17 10:03 - 2017-09-08 21:35 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-05-17 10:03 - 2017-09-08 21:35 - 000071840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-05-17 10:03 - 2017-09-08 21:29 - 000392368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-05-17 10:03 - 2017-09-08 21:29 - 000133160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-05-17 10:03 - 2017-09-08 21:29 - 000100544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-05-17 10:01 - 2017-12-22 08:35 - 000184632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-05-17 10:01 - 2017-09-08 21:29 - 000784112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-05-17 09:58 - 2017-05-23 22:05 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-05-17 09:58 - 2016-11-16 16:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-15 13:37 - 2016-03-09 06:03 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-14 16:34 - 2016-01-29 04:56 - 000000000 ____D C:\Program Files\Common Files\AV
2018-05-14 12:54 - 2018-02-07 15:32 - 000013240 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Names of Guests .txt
2018-05-13 22:23 - 2017-05-14 09:25 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-05-13 22:23 - 2017-05-14 09:25 - 000000000 ____D C:\Program Files\Kaspersky Lab
2018-05-13 22:18 - 2016-03-24 07:59 - 000000000 ____D C:\Users\Daniel M. Burkus.PC
2018-05-13 22:10 - 2016-03-23 15:46 - 000000000 ____D C:\Users\TEMP
2018-05-13 22:10 - 2016-01-30 09:26 - 000000000 ____D C:\Users\Daniel M. Burkus
2018-05-13 21:49 - 2016-11-06 10:41 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-05-13 07:44 - 2016-04-25 09:15 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Chanoyu to wa
2018-05-12 12:29 - 2017-10-18 15:14 - 000000482 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Banyeo 3-dong Address.txt
2018-05-09 09:06 - 2016-01-29 05:02 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-05-09 09:06 - 2016-01-29 05:02 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-05-09 09:06 - 2016-01-29 05:02 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-07 17:30 - 2016-03-26 19:27 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\CrashDumps
2018-05-05 21:33 - 2018-03-23 16:32 - 000000018 _____ C:\Users\Daniel M. Burkus.PC\Desktop\rat baby.txt
2018-05-03 21:02 - 2017-05-31 22:49 - 000449772 ____R C:\Windows\system32\Drivers\etc\hosts.20180506-080511.backup

==================== Files in the root of some directories =======

2017-08-22 23:24 - 2017-12-12 22:35 - 000007608 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-05-29 13:56 - 2018-05-29 13:56 - 000053248 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\catchme.dll
2018-05-29 18:06 - 2017-09-14 00:10 - 001310528 _____ (Microsoft Corporation) C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\dllnt_dump.dll
2018-05-29 18:07 - 2017-08-11 15:19 - 000872448 _____ (Microsoft Corporation) C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\kernel32.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-28 12:41

==================== End of FRST.txt ============================
 
Last edited:

Daniel Burkus

Posts: 161   +7
And FRST's Addition log:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16.05.2018 01
Ran by Daniel M. Burkus (30-05-2018 19:37:44)
Running from C:\Users\Daniel M. Burkus.PC\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-01-28 16:14:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1259038908-1583320175-680065255-500 - Administrator - Disabled)
Daniel M. Burkus (S-1-5-21-1259038908-1583320175-680065255-1005 - Administrator - Enabled) => C:\Users\Daniel M. Burkus.PC
Guest (S-1-5-21-1259038908-1583320175-680065255-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1259038908-1583320175-680065255-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbleWord v3.0 (HKLM\...\AbleWord_is1) (Version: - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
Belarc Advisor 8.6 (HKLM\...\Belarc Advisor) (Version: 8.6.0.0 - Belarc Inc.)
Boilsoft Video Cutter 1.23 (HKLM\...\{C72AB84A-4F9E-4D80-8243-C9547773BE73}_is1) (Version: - Boilsoft, Inc.)
Boilsoft Video Joiner 6.57 (HKLM\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version: - Boilsoft, Inc.)
Boilsoft Video Splitter 6.34 (HKLM\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.)
calibre (HKLM\...\{1E376DEC-875A-4F53-9149-168582A0E274}) (Version: 2.71.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) <==== ATTENTION
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
Direct MIDI to MP3 Converter version 7.0.0.0 (HKLM\...\Direct MIDI to MP3 Converter_is1) (Version: 7.0.0.0 - Piston Software)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FormatFactory 3.9.0.1 (HKLM\...\FormatFactory) (Version: 3.9.0.1 - Free Time)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
FreeOCR v5.4 (HKLM\...\freeocr_is1) (Version: - )
GOM Player (HKLM\...\GOM Player) (Version: 2.3.30.5289 - GOM & Company)
Google Chrome (HKLM\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hangul 2002 SE (HKLM\...\{CECBC29F-6D3A-4ED6-A686-7220EF9B69CC}) (Version: 5.7.5.3007 - Haansoft)
IrfanView 4.50 (32-bit) (HKLM\...\IrfanView) (Version: 4.50 - Irfan Skiljan)
Java 8 Update 161 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KakaoTalk (HKLM\...\KakaoTalk) (Version: 2.6.6.1809 - Kakao Corp.)
K-Lite Mega Codec Pack 10.4.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.5 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MKVToolNix 8.3.0 (32bit) (HKLM\...\MKVToolNix) (Version: 8.3.0 - Moritz Bunkus)
Movavi Video Converter 14 (HKLM\...\Movavi Video Converter 14) (Version: 14.3.0 - Movavi)
Mozilla Firefox 60.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x86 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1.6710 - Mozilla)
MP3 Toolkit 1.0.5 (HKLM\...\MP3 Toolkit_is1) (Version: - MP3Toolkit.com)
MPC-BE 1.4.5.787 (HKLM\...\{903D098F-DD50-4342-AD23-DA868FCA3126}_is1) (Version: 1.4.5.787 - MPC-BE Team)
Nero 2016 (HKLM\...\{9C637A56-4287-487F-95BF-1422FC1AA879}) (Version: 17.0.04500 - Nero AG)
Nero Info (HKLM\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
Nero WaveEditor (HKLM\...\{D0656D0B-9712-45BD-9243-21FEBF5B05E5}) (Version: 14.0.00600 - Nero AG)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.71 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADEF}) (Version: 4.0.21 - dotPDN LLC)
Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0010 - Nero AG) Hidden
Prerequisite installer (HKLM\...\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RogueKiller version 12.12.19.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.19.0 - Adlice Software)
R-Undelete 5.0 (HKLM\...\R-Undelete 5.0NSIS) (Version: 5.0.164588 - R-Tools Technology Inc.)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Stashimi Stub Installer (HKLM\...\{910B539D-F257-46C8-9CB8-6C95EFF9CF22}) (Version: 18.001.1 - Nero AG) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
Tipard PDF Converter Platinum 3.2.10 (HKLM\...\{7ABFBBCF-9DA2-4a62-B54D-3AFCA72FBBA4}_is1) (Version: 3.2.10 - Tipard Studio)
Tray Tools 2000 (HKLM\...\Tray Tools 2000) (Version: Tray Tools 2000 - Version 2.7 - Gregory Braun -- Software Design)
TreeSize Free V3.4.5 (HKLM\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_103.dll [2013-06-18] (Free Time)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2018-02-06] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-05] ()
ContextMenuHandlers4: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_103.dll [2013-06-18] (Free Time)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-16] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2018-02-06] (Safer-Networking Ltd.)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-05] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {23FDC21F-512F-4484-911F-AD05F2ADD72E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater32.exe [2017-12-16] (NVIDIA Corporation)
Task: {2AD5C7C7-7E2C-4A2D-9F22-E82AF6E141D9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {2AD9CBDA-821B-40BC-B08D-3D5D9DACF2C3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-12-16] (NVIDIA Corporation)
Task: {2D2DA7CE-4665-46DA-9A7E-65AE2C02D25C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {31D44F80-200D-479A-8724-51DD2AEFFBA7} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-16] (NVIDIA Corporation)
Task: {33EFE6B2-0ACA-428B-BC75-9DC0B373EDBC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-12-16] (NVIDIA Corporation)
Task: {37D13423-5FF3-4E87-944F-E0C4CDD81BC7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {4F9FCC77-0961-45B7-8B19-A5FC610B40A8} - System32\Tasks\SafeZone scheduled Autoupdate 1498554344 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {521571B3-88C9-4F3A-9296-984100592DA5} - System32\Tasks\{192A14D5-1617-470C-AB03-F92AFA889304} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel M. Burkus.PC\Desktop\A78GA-M2T_080115_B.exe" -d "C:\Users\Daniel M. Burkus.PC\Desktop"
Task: {5439F437-1585-4F4B-B335-75DE0926C042} - System32\Tasks\{C91B6667-6FA7-4977-BE1A-CC3C386768BD} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel M. Burkus.PC\Desktop\vcredist_x86.exe" -d "C:\Users\Daniel M. Burkus.PC\Desktop"
Task: {56FDB460-B837-44D0-BF48-B27FB59F8914} - System32\Tasks\{8BDA641D-7880-4690-8B38-75DCC0CDA57D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen\Easy Video Editor v2.0.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen"
Task: {7609A09A-65AD-4EA1-9094-339D2D39D483} - System32\Tasks\{8703A1E3-955E-4714-B632-178F571D3F03} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)\Nero-6[1].6.0.18.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)"
Task: {8DD551E9-1010-4802-9D35-D5E495D31783} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {987DB1D1-7880-4827-ACC8-B87CF0D85836} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-17] (AVAST Software)
Task: {98C055B9-AF23-45CB-9D0F-392B2DADFF72} - System32\Tasks\Nero\Nero Info => C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe [2016-03-01] (Nero AG)
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player NPAPI Notifier" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\SafeZone scheduled Autoupdate 1458735473" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\SafeZone scheduled Autoupdate 1498554344" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\{192A14D5-1617-470C-AB03-F92AFA889304}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\{98A6AAFD-D93D-499D-9F0E-2F5A130C370E}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(20): schtasks.exe -> /Change /TN "\{C91B6667-6FA7-4977-BE1A-CC3C386768BD}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(21): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {B9FEA743-555D-4017-A2E1-3E8E19BC3C76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-04-14] (Google Inc.)
Task: {C7399ABE-1E4A-49C8-BA3C-2BD498749EEF} - System32\Tasks\SafeZone scheduled Autoupdate 1458735473 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {D5DD3FEC-D131-4B98-AC19-2414A423DC37} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater32.exe [2017-12-16] (NVIDIA Corporation)
Task: {D6C559EA-22F9-4CEF-8675-46685F8EFAE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {D966045A-80D1-409D-9B1D-88D5D3171782} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-12-16] (NVIDIA Corporation)
Task: {DBE50434-C523-46DB-8DAD-CC6418C098EF} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-12-16] (NVIDIA Corporation)
Task: {DFC3BA9C-F002-470B-8B20-0F3F18D03E9A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-16] (NVIDIA Corporation)
Task: {E0BEB5F0-C2D8-4F26-B4B3-0112A5BD01E0} - System32\Tasks\{98A6AAFD-D93D-499D-9F0E-2F5A130C370E} => C:\Windows\system32\pcalua.exe -a "C:\My Documents\A - Software Shortcuts\Set-up Files\converter.exe" -d "C:\My Documents\A - Software Shortcuts\Set-up Files"
Task: {E25BEA41-9BBF-4A56-A87A-8DEC1AEF8707} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {EFD22947-3D31-4242-9DCA-7A5468CAB974} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-04-14] (Google Inc.)
Task: {F857E1A7-6248-4487-A478-1A025701E05E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-04-14] (AVAST Software)
Task: {FF55AC69-9AD3-4DC5-8418-69E159A58B32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-05-17 10:02 - 2018-05-17 10:02 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-30 18:04 - 2018-05-30 18:04 - 005790352 _____ () C:\Program Files\AVAST Software\Avast\defs\18053000\algo.dll
2018-05-17 10:01 - 2018-05-17 10:01 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-17 10:02 - 2018-05-17 10:02 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-17 10:01 - 2018-05-17 10:01 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-05-17 10:01 - 2018-05-17 10:01 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-17 10:01 - 2018-05-17 10:01 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2016-01-29 19:14 - 2016-01-22 16:56 - 000089008 _____ () C:\Windows\System32\cpwmon2k.dll
2017-12-27 13:52 - 2017-12-16 09:16 - 001040320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-01-30 07:47 - 2010-07-05 06:32 - 000004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2018-05-17 10:01 - 2018-05-17 10:01 - 000632024 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2016-01-30 07:47 - 2010-07-05 04:51 - 000017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2018-03-10 08:14 - 2018-03-10 08:14 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-17 10:01 - 2018-05-17 10:01 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\5AF767F5.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\5AF767F5.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR521 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR521.SYS => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.

IE trusted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123simsen.com -> www.123simsen.com

There are 7935 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-05-31 22:49 - 2018-05-29 13:43 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 210.220.163.82 - 219.250.36.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AB035A13-5F60-4C15-AD6D-F3740287AB2A}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{46A04708-A71C-47A9-B967-D1C29970E410}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{B36792AD-C22F-4AD5-A86A-58D4966FB2AF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{48C47700-5F30-457F-B126-0B5E37C48496}] => (Allow) C:\Program Files\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{85F7091D-F663-43CF-8309-8DB3E9020295}] => (Allow) C:\Program Files\Nero\KM\NMDllHost.exe
FirewallRules: [{B91AC728-BBF8-48A5-8717-069BCA465C6C}] => (Allow) C:\Program Files\Nero\KM\MediaHome.exe
FirewallRules: [{BDEDE059-95C2-4437-A88D-F9DD786FB4A0}] => (Allow) C:\Program Files\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{44024E3E-8628-47F5-826F-6D1B8C53570D}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{BE219DF0-6551-4830-9C73-63730DE92272}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{A07B9198-22F5-48B0-88F7-9A088AD2B0CB}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{F85D6425-9E30-4683-BE9E-A98A865D2AFD}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [TCP Query User{01DBBB7E-5C1F-431D-8166-39BBC37EE8D6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{16E5C799-7688-4A3F-994C-F6D8EB1D84D9}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{519D31D1-370E-4C65-AF47-9D8768E95A66}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E13B8375-E38E-4CF0-BBD1-05049B0D05A6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{88A6D0C8-A914-4DAD-BA5D-80DF22724A19}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9EED5CCD-D9CE-4E2B-9FFC-B3D66868D551}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{67F90290-B342-438C-B96A-96843A5D2665}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5C9CBA3C-5AF8-48FB-A5DD-0F561638E703}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C942CE76-D847-46C9-B54F-74D77FF60570}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ABD6A68B-0ACA-4C11-9E9E-A7DA2688E9BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A53813AF-2E9A-4CBE-97C5-8B4CE4A577A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{6F2D0082-3CA5-4730-AE9F-1A0422A123F4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitnet.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

29-05-2018 22:25:42 End of disinfection

==================== Faulty Device Manager Devices =============

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4d36e969-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Symantec SMR Utility Service 5.2.1
Description: Symantec SMR Utility Service 5.2.1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SMR521
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2018 08:43:49 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4824. Message ID: [0x2509].

Error: (05/30/2018 08:43:04 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4996. Message ID: [0x2509].

Error: (05/30/2018 08:38:42 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 1036. Message ID: [0x2509].

Error: (05/30/2018 08:37:16 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5072. Message ID: [0x2509].

Error: (05/30/2018 08:34:40 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3632. Message ID: [0x2509].

Error: (05/30/2018 08:29:43 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 856. Message ID: [0x2509].

Error: (05/30/2018 08:15:33 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1259038908-1583320175-680065255-1005}/">.

Error: (05/30/2018 08:14:03 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (05/30/2018 07:20:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SMR521

Error: (05/30/2018 07:19:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:17:59 PM on ‎5/‎30/‎2018 was unexpected.

Error: (05/30/2018 06:49:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SMR521

Error: (05/30/2018 06:48:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:37:26 PM on ‎5/‎30/‎2018 was unexpected.

Error: (05/30/2018 06:02:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SMR521

Error: (05/30/2018 01:39:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (05/30/2018 08:14:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/30/2018 08:14:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.


Windows Defender:
===================================
Date: 2016-07-17 12:24:41.352
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{7A0F274B-64A0-4A24-A926-F369F71D1BB3}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-05-05 08:04:04.241
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{503FF450-A0D8-4657-8106-C6E437AF632B}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-04-17 11:32:04.907
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{EFF7DBD9-80AF-4189-BAD0-20590AAF8AC9}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-04-17 11:31:55.890
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{D28D66A7-DC09-40E7-ACC8-0E989B162064}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-03-22 10:32:32.490
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{50E193B1-C98E-4950-AFE5-8CB20042B81D}
Scan Type:AntiSpyware
Scan Parameters:Full Scan

Date: 2016-01-30 09:25:58.257
Description:
Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Sdbot&threatid=2722
Name:Backdoor:Win32/Sdbot
ID:2722
Severity:Severe
Category:Backdoor
Path:
Action:Remove
Error Code:0x80508023
Error description:The program could not find the spyware and other potentially unwanted software on this computer.
Status:

CodeIntegrity:
===================================

Date: 2017-06-24 12:28:59.040
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DANIEL~1.PC\AppData\Local\temp\24992B468C.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-24 12:28:59.034
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DANIEL~1.PC\AppData\Local\temp\24992B468C.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-30 08:13:32.112
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Daniel M. Burkus.PC\AppData\Local\temp\46718817-3A6B268A-D70FA871-D9A8C342\1478bef5d3.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:48.985
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:34.352
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:18.393
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:18.097
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\EEK\Run\epp32.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:17.925
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+
Percentage of memory in use: 84%
Total physical RAM: 2047.3 MB
Available physical RAM: 325.32 MB
Total Virtual: 4094.61 MB
Available Virtual: 1740.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:23.38 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Data Storage) (Fixed) (Total:232.88 GB) (Free:19.34 GB) NTFS
Drive g: (Data Storage) (Fixed) (Total:232.79 GB) (Free:21.41 GB) NTFS

\\?\Volume{07e6e721-c667-11e5-84aa-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 697FBEB8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: BCE48856)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: B31CAE79)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Broni

Posts: 55,719   +501
I don't see much there but let's run couple more checks...

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

Daniel Burkus

Posts: 161   +7
Ok, Broni, I tried to run the scans as instructed.

1) RogueKiller: PC shut down when run in regular mode; scan was successfully completed in Safe Mode. The report is here:

RogueKiller V12.12.19.0 [May 28 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode
User : Daniel M. Burkus [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 05/31/2018 12:03:27 (Duration : 00:48:33)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[PUM.Proxy] HKEY_USERS\S-1-5-21-1259038908-1583320175-680065255-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080 -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 210.220.163.82 219.250.36.130 ([X][X]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 210.220.163.82 219.250.36.130 ([X][X]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7E8271E6-6142-41FD-83BE-949EBBBBA13D} | DhcpNameServer : 210.220.163.82 219.250.36.130 ([X][X]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B467908D-00FC-4908-9541-083B36A379AE} | DhcpNameServer : 210.220.163.82 219.250.36.130 ([X][X]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7E8271E6-6142-41FD-83BE-949EBBBBA13D} | DhcpNameServer : 210.220.163.82 219.250.36.130 ([X][X]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B467908D-00FC-4908-9541-083B36A379AE} | DhcpNameServer : 210.220.163.82 219.250.36.130 ([X][X]) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] qbm87xwr.default-1471039942008-1523758240612 : user_pref("browser.startup.homepage", "https://login.yahoo.com/?.src=ym&.intl=us&.done=https://mail.yahoo.com/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3250318AS ATA Device +++++
--- User ---
[MBR] b1a2fd097a23ca69b6b12abaa342e59f
[BSP] ce62516d74e7e2fae782be4f7008cdb8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG SP2504C ATA Device +++++
--- User ---
[MBR] 049945051fe77a2a7945126d5255a9c2
[BSP] 320f4a557e8738f56ad4a861745f1b0e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238372 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SAMSUNG SP2504C ATA Device +++++
--- User ---
[MBR] d151fc54efa59ff995497b97b7e64c5e
[BSP] bac9892ba4763ddb0e6fe1b910530a9c : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238472 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

Daniel Burkus

Posts: 161   +7
2) MalwareBytes: PC shut down when attempting to run the scan in regular mode. PC shut down when attempting to run the scan in Safe Mode. (This is what happened before I posted this topic -- and, in fact, what lead me to post in the first place.)

Also, when I turned the PC on after it shut down (when attempting the MalwareBytes scan in regular mode), following the "Welcome" screen, the monitor went white, and perhaps a minute later loaded the background of the desktop, and 20 or 30 seconds later the files. After the PC shut down in Safe Mode, the same thing when I turned it on, but this time the "white screen" lasted for nearly 2 minutes, after which the background and then files loaded as above.

MalwareBytes was freshly installed from the link in your post.

I have not tried to run the AdwCleaner yet, pending your instructions.

Thank you for your time, and your help!

-- Daniel M. Burkus
 

Daniel Burkus

Posts: 161   +7
Ok, Broni, I was able to run the AdwCleaner. The scan results were:

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-05-30.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-01-2018
# Duration: 00:01:04
# OS: Windows 7 Ultimate
# Scanned: 40974
# Detected: 16


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\Users\Daniel M. Burkus.PC\AppData\Roaming\mipony
PUP.Optional.Legacy C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mipony
PUP.Optional.Legacy C:\Users\Daniel M. Burkus.PC\Documents\mipony

***** [ Files ] *****

PUP.Optional.Legacy C:\END

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKCU\Software\Lavasoft\Web Companion
PUP.Optional.Legacy HKLM\Software\Lavasoft\Web Companion
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.Legacy HKLM\Software\Classes\mpybrowser
PUP.Optional.Legacy HKLM\Software\Classes\mipony
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\Main|Start Page

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy Ask
PUP.Optional.Legacy Ask
PUP.Optional.Legacy Ask
PUP.Optional.Legacy AOL
PUP.Optional.Legacy AOL
PUP.Optional.Legacy AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

_____________________________________________________________________________________________________

And the results after cleaning (a message stated that 6 items were not removed) were:

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-05-30.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-01-2018
# Duration: 00:00:15
# OS: Windows 7 Ultimate
# Cleaned: 10
# Failed: 6


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Daniel M. Burkus.PC\AppData\Roaming\mipony
Deleted C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mipony
Deleted C:\Users\Daniel M. Burkus.PC\Documents\mipony

***** [ Files ] *****

Deleted C:\END

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKLM\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\Software\Classes\mpybrowser
Deleted HKLM\Software\Classes\mipony
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Not Deleted Ask
Not Deleted Ask
Not Deleted Ask
Not Deleted AOL
Not Deleted AOL
Not Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

_____________________________________________________________________________________________________

And on a side note, I attempted to run MalwareBytes after cleaning, but the PC shut down, as before (though somewhat later in the scan).

-- Daniel M. Burkus
 

Broni

Posts: 55,719   +501
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

Daniel Burkus

Posts: 161   +7
Ok, Broni. First, though, I re-ran AdwCleaner, and it said that it removed the other six files.


Here are the results of FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16.05.2018 01
Ran by Daniel M. Burkus (administrator) on PC (02-06-2018 10:14:25)
Running from C:\Users\Daniel M. Burkus.PC\Desktop
Loaded Profiles: Daniel M. Burkus (Available Profiles: Daniel M. Burkus)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Node.js) C:\Program Files\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(McAfee, Inc.) C:\Program Files\McAfee\Real Protect\RealProtect.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Kakao Corp. ) C:\Program Files\Kakao\KakaoTalk\KakaoTalk.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-05] ()
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-17] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [5706544 2018-05-29] (McAfee, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7765936 2018-03-24] (SUPERAntiSpyware)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7980776 2018-01-09] (Piriform Ltd)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [KakaoTalk] => C:\Program Files\Kakao\KakaoTalk\KakaoTalk.exe [10151712 2018-05-21] (Kakao Corp. )
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
BootExecute: autocheck autochk * ROBoot \??\C:\Windows\system32\ASOROSet.binsdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 210.220.163.82 219.250.36.130
Tcpip\..\Interfaces\{66B87001-DA33-470B-9512-77BE9AE4D883}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B3CE4C30-3C2F-4806-AE63-1892B7E644A5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B467908D-00FC-4908-9541-083B36A379AE}: [DhcpNameServer] 210.220.163.82 219.250.36.130

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1259038908-1583320175-680065255-1005 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10438__180415__yaie&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2018-05-16] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-03-10] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-10] (Oracle Corporation)
Toolbar: HKLM - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2017-12-04] (Belarc, Inc.)

FireFox:
========
FF DefaultProfile: qbm87xwr.default-1471039942008-1523758240612
FF ProfilePath: C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\qbm87xwr.default-1471039942008-1523758240612 [2018-06-02]
FF Homepage: Mozilla\Firefox\Profiles\qbm87xwr.default-1471039942008-1523758240612 -> hxxps://login.yahoo.com/?.src=ym&.intl=us&.done=https%3A%2F%2Fmail.yahoo.com%2F
FF Extension: (AdBlocker Ultimate) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\qbm87xwr.default-1471039942008-1523758240612\Extensions\adblockultimate@adblockultimate.net.xpi [2018-04-15]
FF Extension: (Flash Video Downloader) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\qbm87xwr.default-1471039942008-1523758240612\Extensions\artur.dubovoy@gmail.com.xpi [2018-05-01]
FF Extension: (Reload Skip Cache Button) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\qbm87xwr.default-1471039942008-1523758240612\Extensions\reload-skip-cache-single@codefisher.org.xpi [2018-04-15]
FF Extension: (Avast SafePrice) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\qbm87xwr.default-1471039942008-1523758240612\Extensions\sp@avast.com.xpi [2018-05-18]
FF Extension: (Avast Online Security) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\qbm87xwr.default-1471039942008-1523758240612\Extensions\wrc@avast.com.xpi [2018-05-26]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\qbm87xwr.default-1471039942008-1523758240612\features\{0904f0f7-ce2f-499c-8de0-4f6672f42fe0}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-05-31] [Legacy]
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files\Internet Download Manager\idmmzcc3.xpi [2018-05-12]
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM\idmmzcc5 [2018-05-20] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-09] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-10] (Oracle Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR DefaultSearchURL: ChromeDefaultData -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> Default Search
CHR Profile: C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2018-05-29] <==== ATTENTION
CHR Extension: (Slides) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-14]
CHR Extension: (Flash Video Downloader) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-04-14]
CHR Extension: (Docs) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-14]
CHR Extension: (Google Drive) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-14]
CHR Extension: (YouTube) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-14]
CHR Extension: (Avast SafePrice) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-04-14]
CHR Extension: (Sheets) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-14]
CHR Extension: (Google Docs Offline) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-15]
CHR Extension: (Avast Online Security) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-14]
CHR Extension: (IDM Integration Module) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-14]
CHR Extension: (Gmail) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-14]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2018-05-17]
CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-09] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5963368 2018-05-17] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-17] (AVAST Software)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [792944 2016-01-28] (Nero AG)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [466880 2017-12-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [466880 2017-12-16] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 5AF767F5; C:\Windows\System32\drivers\5AF767F5.sys [153784 2016-04-01] (Kaspersky Lab ZAO)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-05-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-03-10] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-03-10] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-03-10] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-03-10] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [184632 2018-05-17] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-05-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [133160 2018-05-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100544 2018-05-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71840 2018-05-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784112 2018-05-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [392368 2018-05-17] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-05-17] (AVAST Software)
R1 epp; C:\EEK\BIN32\epp.sys [115976 2018-04-22] (Emsisoft Ltd)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-06-01] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-12-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [44992 2017-12-16] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [50112 2017-12-16] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [134928 2016-02-14] (Ray Hinchliffe)
S3 tatertot.scr; C:\Windows\system32\drivers\tatertot.scr.sys [34816 2017-06-01] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2018-05-31] ()
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh6.sys [X]
S3 catchme; \??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S1 SMR521; \SystemRoot\System32\drivers\SMR521.SYS [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-05] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-01 18:17 - 2018-06-01 18:17 - 000000300 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
2018-06-01 10:16 - 2018-06-01 10:16 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-01 10:15 - 2018-06-01 10:15 - 000001985 _____ C:\Users\Daniel M. Burkus.PC\Desktop\AdwCleaner[C00].txt
2018-06-01 10:11 - 2018-06-01 10:11 - 000002156 _____ C:\Users\Daniel M. Burkus.PC\Desktop\AdwCleaner[S00].txt
2018-06-01 10:02 - 2018-06-01 10:12 - 000000000 ____D C:\AdwCleaner
2018-05-31 13:44 - 2018-05-31 13:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-31 13:38 - 2018-05-31 13:38 - 000007160 _____ C:\Users\Daniel M. Burkus.PC\Desktop\RogueKiller Report.txt
2018-05-31 11:18 - 2018-05-31 11:18 - 075629776 _____ (Malwarebytes ) C:\Users\Daniel M. Burkus.PC\Desktop\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5188.exe
2018-05-31 11:18 - 2018-05-31 11:18 - 007271632 _____ (Malwarebytes) C:\Users\Daniel M. Burkus.PC\Desktop\AdwCleaner.exe
2018-05-31 11:17 - 2018-05-31 11:18 - 036617024 _____ (Adlice Software ) C:\Users\Daniel M. Burkus.PC\Desktop\RogueKiller_setup_ref3.exe
2018-05-31 02:12 - 2018-06-01 18:17 - 000716868 _____ C:\Windows\ntbtlog.txt
2018-05-30 19:37 - 2018-05-30 19:40 - 000045808 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Addition.txt
2018-05-30 19:35 - 2018-06-02 10:15 - 000020845 _____ C:\Users\Daniel M. Burkus.PC\Desktop\FRST.txt
2018-05-30 19:28 - 2018-06-02 10:14 - 000000000 ____D C:\FRST
2018-05-30 19:26 - 2018-05-30 19:31 - 001773568 _____ (Farbar) C:\Users\Daniel M. Burkus.PC\Desktop\FRST.exe
2018-05-29 21:49 - 2018-05-29 21:49 - 000001989 _____ C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2018-05-29 21:49 - 2018-05-29 21:49 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\GRETECH
2018-05-29 21:49 - 2018-05-29 21:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM
2018-05-29 21:49 - 2018-05-29 21:49 - 000000000 ____D C:\Program Files\GRETECH
2018-05-29 17:28 - 2018-05-29 17:38 - 000000000 ____D C:\Program Files\stinger
2018-05-29 17:28 - 2018-05-29 17:28 - 000000000 ____D C:\Program Files\McAfee
2018-05-28 09:42 - 2018-05-28 09:42 - 000107550 _____ C:\Users\Daniel M. Burkus.PC\Desktop\TIC-TAC UFO VIDEO.mp4
2018-05-27 10:29 - 2018-05-27 10:29 - 010706374 _____ C:\Users\Daniel M. Burkus.PC\Desktop\TIC-TAC UFO EXECUTIVE REPORT.pdf
2018-05-22 20:41 - 2018-06-02 08:33 - 000000000 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Movie Times.txt
2018-05-21 11:54 - 2018-05-21 11:54 - 000546850 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Some fairy tales may be 6000 years old.htm
2018-05-21 11:54 - 2018-05-21 11:54 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Some fairy tales may be 6000 years old_files
2018-05-20 10:51 - 2018-05-20 10:51 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-05-20 10:51 - 2018-05-20 10:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-05-19 13:53 - 2018-05-19 13:54 - 000000504 _____ C:\Users\Daniel M. Burkus.PC\Desktop\References to Ankokuji E-kei.txt
2018-05-19 11:41 - 2018-05-19 11:41 - 000000025 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Xia Song.txt
2018-05-17 12:24 - 2018-05-12 12:39 - 000449772 _____ C:\Windows\system32\Drivers\etc\hosts.20180517-122429.backup
2018-05-17 10:04 - 2018-05-17 10:02 - 000320728 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-05-17 01:43 - 2018-03-01 23:36 - 000149688 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2018-05-13 21:54 - 2018-05-13 22:10 - 000262144 _____ C:\Windows\system32\config\ELAM
2018-05-13 17:00 - 2018-05-13 17:00 - 000551959 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Corridas FERIA DE ABRIL, COMPLETAS, INCLUYE PREVIO.htm
2018-05-13 17:00 - 2018-05-13 17:00 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Corridas FERIA DE ABRIL, COMPLETAS, INCLUYE PREVIO_files
2018-05-12 12:39 - 2018-05-06 13:08 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts.20180512-123904.backup
2018-05-09 10:19 - 2018-05-09 10:19 - 000000137 _____ C:\Users\Daniel M. Burkus.PC\Desktop\...like a fat kid on a seesaw.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-02 10:14 - 2016-11-16 20:55 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\LocalLow\Mozilla
2018-06-02 08:41 - 2009-07-14 13:34 - 000024208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-02 08:41 - 2009-07-14 13:34 - 000024208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-02 08:32 - 2016-01-29 16:48 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2018-06-02 08:32 - 2016-01-29 01:50 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-02 08:32 - 2009-07-14 13:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-01 22:10 - 2016-08-06 20:33 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\DMCache
2018-06-01 18:15 - 2017-08-20 05:18 - 030640128 ___SH C:\Users\Daniel M. Burkus.PC\Desktop\Thumbs.db
2018-05-31 13:44 - 2016-01-29 16:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-31 13:43 - 2009-07-14 11:37 - 000000000 ____D C:\Windows\inf
2018-05-31 12:03 - 2016-02-15 14:58 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-05-31 11:32 - 2017-05-30 07:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-05-31 11:32 - 2016-02-15 14:57 - 000000000 ____D C:\Program Files\RogueKiller
2018-05-31 09:11 - 2016-04-25 09:15 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Chanoyu to wa
2018-05-30 20:31 - 2016-09-25 20:36 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM
2018-05-29 22:26 - 2016-06-04 16:56 - 000000393 _____ C:\DelFix.txt
2018-05-29 18:28 - 2016-04-13 21:34 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\vlc
2018-05-29 17:54 - 2016-08-03 15:36 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\SCAN TOOLS
2018-05-29 13:44 - 2009-07-14 11:04 - 000000215 _____ C:\Windows\system.ini
2018-05-29 10:50 - 2017-05-23 07:20 - 000000000 ____D C:\EEK
2018-05-29 09:43 - 2009-07-14 13:53 - 000032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-05-28 21:12 - 2017-05-24 11:42 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\NPE
2018-05-26 07:52 - 2017-05-31 22:49 - 000449772 ____R C:\Windows\system32\Drivers\etc\hosts.20180527-093607.backup
2018-05-21 08:02 - 2016-09-17 08:58 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\CutePDF Writer
2018-05-20 11:26 - 2016-09-25 20:35 - 000000000 ____D C:\Program Files\Internet Download Manager
2018-05-20 07:10 - 2017-05-31 22:49 - 000449772 ____R C:\Windows\system32\Drivers\etc\hosts.20180526-075227.backup
2018-05-19 13:27 - 2018-04-16 14:24 - 000001692 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Part 35 (notes).txt
2018-05-19 13:22 - 2018-04-16 14:23 - 000002114 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Part 35 (text).txt
2018-05-19 11:43 - 2017-08-31 07:03 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Media Files
2018-05-19 11:42 - 2017-01-02 11:08 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Blog Photos
2018-05-18 20:48 - 2016-12-06 09:07 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Rikyu Chanoyu Sho
2018-05-18 18:21 - 2016-08-12 12:43 - 000000180 _____ C:\Users\Daniel M. Burkus.PC\Desktop\TUMBLR.txt
2018-05-18 08:59 - 2018-04-14 11:28 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-17 12:24 - 2017-05-31 22:49 - 000449772 ____R C:\Windows\system32\Drivers\etc\hosts.20180520-071015.backup
2018-05-17 10:03 - 2017-11-11 07:14 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-05-17 10:03 - 2017-09-08 21:39 - 000152344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-05-17 10:03 - 2017-09-08 21:39 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-05-17 10:03 - 2017-09-08 21:35 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-05-17 10:03 - 2017-09-08 21:35 - 000071840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-05-17 10:03 - 2017-09-08 21:29 - 000392368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-05-17 10:03 - 2017-09-08 21:29 - 000133160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-05-17 10:03 - 2017-09-08 21:29 - 000100544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-05-17 10:01 - 2017-12-22 08:35 - 000184632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-05-17 10:01 - 2017-09-08 21:29 - 000784112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-05-17 09:58 - 2017-05-23 22:05 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-05-17 09:58 - 2016-11-16 16:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-15 13:37 - 2016-03-09 06:03 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-14 16:34 - 2016-01-29 04:56 - 000000000 ____D C:\Program Files\Common Files\AV
2018-05-14 12:54 - 2018-02-07 15:32 - 000013240 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Names of Guests .txt
2018-05-13 22:23 - 2017-05-14 09:25 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-05-13 22:23 - 2017-05-14 09:25 - 000000000 ____D C:\Program Files\Kaspersky Lab
2018-05-13 22:18 - 2016-03-24 07:59 - 000000000 ____D C:\Users\Daniel M. Burkus.PC
2018-05-13 22:10 - 2016-03-23 15:46 - 000000000 ____D C:\Users\TEMP
2018-05-13 22:10 - 2016-01-30 09:26 - 000000000 ____D C:\Users\Daniel M. Burkus
2018-05-13 21:49 - 2016-11-06 10:41 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-05-12 12:29 - 2017-10-18 15:14 - 000000482 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Banyeo 3-dong Address.txt
2018-05-09 09:06 - 2016-01-29 05:02 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-05-09 09:06 - 2016-01-29 05:02 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-05-09 09:06 - 2016-01-29 05:02 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-07 17:30 - 2016-03-26 19:27 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\CrashDumps
2018-05-05 21:33 - 2018-03-23 16:32 - 000000018 _____ C:\Users\Daniel M. Burkus.PC\Desktop\rat baby.txt
2018-05-03 21:02 - 2017-05-31 22:49 - 000449772 ____R C:\Windows\system32\Drivers\etc\hosts.20180506-080511.backup

==================== Files in the root of some directories =======

2017-08-22 23:24 - 2017-12-12 22:35 - 000007608 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-05-29 13:56 - 2018-05-29 13:56 - 000053248 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\catchme.dll
2018-05-29 18:06 - 2017-09-14 00:10 - 001310528 _____ (Microsoft Corporation) C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\dllnt_dump.dll
2018-05-29 18:07 - 2017-08-11 15:19 - 000872448 _____ (Microsoft Corporation) C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\kernel32.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-28 12:41

==================== End of FRST.txt ============================
 

Daniel Burkus

Posts: 161   +7
And the Addition:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16.05.2018 01
Ran by Daniel M. Burkus (02-06-2018 10:16:08)
Running from C:\Users\Daniel M. Burkus.PC\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-01-28 16:14:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1259038908-1583320175-680065255-500 - Administrator - Disabled)
Daniel M. Burkus (S-1-5-21-1259038908-1583320175-680065255-1005 - Administrator - Enabled) => C:\Users\Daniel M. Burkus.PC
Guest (S-1-5-21-1259038908-1583320175-680065255-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1259038908-1583320175-680065255-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbleWord v3.0 (HKLM\...\AbleWord_is1) (Version: - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
Belarc Advisor 8.6 (HKLM\...\Belarc Advisor) (Version: 8.6.0.0 - Belarc Inc.)
Boilsoft Video Cutter 1.23 (HKLM\...\{C72AB84A-4F9E-4D80-8243-C9547773BE73}_is1) (Version: - Boilsoft, Inc.)
Boilsoft Video Joiner 6.57 (HKLM\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version: - Boilsoft, Inc.)
Boilsoft Video Splitter 6.34 (HKLM\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.)
calibre (HKLM\...\{1E376DEC-875A-4F53-9149-168582A0E274}) (Version: 2.71.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) <==== ATTENTION
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
Direct MIDI to MP3 Converter version 7.0.0.0 (HKLM\...\Direct MIDI to MP3 Converter_is1) (Version: 7.0.0.0 - Piston Software)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FormatFactory 3.9.0.1 (HKLM\...\FormatFactory) (Version: 3.9.0.1 - Free Time)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
FreeOCR v5.4 (HKLM\...\freeocr_is1) (Version: - )
GOM Player (HKLM\...\GOM Player) (Version: 2.3.30.5289 - GOM & Company)
Google Chrome (HKLM\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hangul 2002 SE (HKLM\...\{CECBC29F-6D3A-4ED6-A686-7220EF9B69CC}) (Version: 5.7.5.3007 - Haansoft)
IrfanView 4.50 (32-bit) (HKLM\...\IrfanView) (Version: 4.50 - Irfan Skiljan)
Java 8 Update 161 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KakaoTalk (HKLM\...\KakaoTalk) (Version: 2.6.6.1809 - Kakao Corp.)
K-Lite Mega Codec Pack 10.4.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.5 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MKVToolNix 8.3.0 (32bit) (HKLM\...\MKVToolNix) (Version: 8.3.0 - Moritz Bunkus)
Movavi Video Converter 14 (HKLM\...\Movavi Video Converter 14) (Version: 14.3.0 - Movavi)
Mozilla Firefox 60.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x86 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1.6710 - Mozilla)
MP3 Toolkit 1.0.5 (HKLM\...\MP3 Toolkit_is1) (Version: - MP3Toolkit.com)
MPC-BE 1.4.5.787 (HKLM\...\{903D098F-DD50-4342-AD23-DA868FCA3126}_is1) (Version: 1.4.5.787 - MPC-BE Team)
Nero 2016 (HKLM\...\{9C637A56-4287-487F-95BF-1422FC1AA879}) (Version: 17.0.04500 - Nero AG)
Nero Info (HKLM\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
Nero WaveEditor (HKLM\...\{D0656D0B-9712-45BD-9243-21FEBF5B05E5}) (Version: 14.0.00600 - Nero AG)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.71 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADEF}) (Version: 4.0.21 - dotPDN LLC)
Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0010 - Nero AG) Hidden
Prerequisite installer (HKLM\...\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RogueKiller version 12.12.19.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.19.0 - Adlice Software)
R-Undelete 5.0 (HKLM\...\R-Undelete 5.0NSIS) (Version: 5.0.164588 - R-Tools Technology Inc.)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Stashimi Stub Installer (HKLM\...\{910B539D-F257-46C8-9CB8-6C95EFF9CF22}) (Version: 18.001.1 - Nero AG) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
Tipard PDF Converter Platinum 3.2.10 (HKLM\...\{7ABFBBCF-9DA2-4a62-B54D-3AFCA72FBBA4}_is1) (Version: 3.2.10 - Tipard Studio)
Tray Tools 2000 (HKLM\...\Tray Tools 2000) (Version: Tray Tools 2000 - Version 2.7 - Gregory Braun -- Software Design)
TreeSize Free V3.4.5 (HKLM\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_103.dll [2013-06-18] (Free Time)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2018-02-06] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-05] ()
ContextMenuHandlers4: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_103.dll [2013-06-18] (Free Time)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-16] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2018-02-06] (Safer-Networking Ltd.)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-05] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {23FDC21F-512F-4484-911F-AD05F2ADD72E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater32.exe [2017-12-16] (NVIDIA Corporation)
Task: {2AD5C7C7-7E2C-4A2D-9F22-E82AF6E141D9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {2AD9CBDA-821B-40BC-B08D-3D5D9DACF2C3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-12-16] (NVIDIA Corporation)
Task: {2D2DA7CE-4665-46DA-9A7E-65AE2C02D25C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {31D44F80-200D-479A-8724-51DD2AEFFBA7} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-16] (NVIDIA Corporation)
Task: {33EFE6B2-0ACA-428B-BC75-9DC0B373EDBC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-12-16] (NVIDIA Corporation)
Task: {37D13423-5FF3-4E87-944F-E0C4CDD81BC7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {4F9FCC77-0961-45B7-8B19-A5FC610B40A8} - System32\Tasks\SafeZone scheduled Autoupdate 1498554344 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {521571B3-88C9-4F3A-9296-984100592DA5} - System32\Tasks\{192A14D5-1617-470C-AB03-F92AFA889304} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel M. Burkus.PC\Desktop\A78GA-M2T_080115_B.exe" -d "C:\Users\Daniel M. Burkus.PC\Desktop"
Task: {5439F437-1585-4F4B-B335-75DE0926C042} - System32\Tasks\{C91B6667-6FA7-4977-BE1A-CC3C386768BD} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel M. Burkus.PC\Desktop\vcredist_x86.exe" -d "C:\Users\Daniel M. Burkus.PC\Desktop"
Task: {56FDB460-B837-44D0-BF48-B27FB59F8914} - System32\Tasks\{8BDA641D-7880-4690-8B38-75DCC0CDA57D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen\Easy Video Editor v2.0.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen"
Task: {7609A09A-65AD-4EA1-9094-339D2D39D483} - System32\Tasks\{8703A1E3-955E-4714-B632-178F571D3F03} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)\Nero-6[1].6.0.18.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)"
Task: {8DD551E9-1010-4802-9D35-D5E495D31783} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {987DB1D1-7880-4827-ACC8-B87CF0D85836} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-17] (AVAST Software)
Task: {98C055B9-AF23-45CB-9D0F-392B2DADFF72} - System32\Tasks\Nero\Nero Info => C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe [2016-03-01] (Nero AG)
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player NPAPI Notifier" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\SafeZone scheduled Autoupdate 1458735473" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\SafeZone scheduled Autoupdate 1498554344" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\{192A14D5-1617-470C-AB03-F92AFA889304}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\{98A6AAFD-D93D-499D-9F0E-2F5A130C370E}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(20): schtasks.exe -> /Change /TN "\{C91B6667-6FA7-4977-BE1A-CC3C386768BD}" /ENABLE
Task: {B053F6F8-F447-4B50-ACBF-3BE3E112F28C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(21): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {B9FEA743-555D-4017-A2E1-3E8E19BC3C76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-04-14] (Google Inc.)
Task: {C7399ABE-1E4A-49C8-BA3C-2BD498749EEF} - System32\Tasks\SafeZone scheduled Autoupdate 1458735473 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {D5DD3FEC-D131-4B98-AC19-2414A423DC37} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater32.exe [2017-12-16] (NVIDIA Corporation)
Task: {D6C559EA-22F9-4CEF-8675-46685F8EFAE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {D966045A-80D1-409D-9B1D-88D5D3171782} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-12-16] (NVIDIA Corporation)
Task: {DBE50434-C523-46DB-8DAD-CC6418C098EF} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-12-16] (NVIDIA Corporation)
Task: {DFC3BA9C-F002-470B-8B20-0F3F18D03E9A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-16] (NVIDIA Corporation)
Task: {E0BEB5F0-C2D8-4F26-B4B3-0112A5BD01E0} - System32\Tasks\{98A6AAFD-D93D-499D-9F0E-2F5A130C370E} => C:\Windows\system32\pcalua.exe -a "C:\My Documents\A - Software Shortcuts\Set-up Files\converter.exe" -d "C:\My Documents\A - Software Shortcuts\Set-up Files"
Task: {E25BEA41-9BBF-4A56-A87A-8DEC1AEF8707} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {EFD22947-3D31-4242-9DCA-7A5468CAB974} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-04-14] (Google Inc.)
Task: {F857E1A7-6248-4487-A478-1A025701E05E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-01] (AVAST Software)
Task: {FF55AC69-9AD3-4DC5-8418-69E159A58B32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\Daniel M. Burkus.PC\Desktop\AdwCleaner.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-05-17 10:02 - 2018-05-17 10:02 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-17 10:01 - 2018-05-17 10:01 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-17 10:02 - 2018-05-17 10:02 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-17 10:01 - 2018-05-17 10:01 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-05-17 10:01 - 2018-05-17 10:01 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-17 10:01 - 2018-05-17 10:01 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-06-02 08:34 - 2018-06-02 08:34 - 005790864 _____ () C:\Program Files\AVAST Software\Avast\defs\18060102\algo.dll
2016-01-29 19:14 - 2016-01-22 16:56 - 000089008 _____ () C:\Windows\System32\cpwmon2k.dll
2016-01-30 07:47 - 2010-07-05 06:32 - 000004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2017-12-27 13:52 - 2017-12-16 09:16 - 001040320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-05-17 10:01 - 2018-05-17 10:01 - 000632024 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2016-01-30 07:47 - 2010-07-05 04:51 - 000017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2018-03-10 08:14 - 2018-03-10 08:14 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-17 10:01 - 2018-05-17 10:01 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\5AF767F5.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\5AF767F5.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR521 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR521.SYS => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.

IE trusted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123simsen.com -> www.123simsen.com

There are 7935 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-05-31 22:49 - 2018-05-29 13:43 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 210.220.163.82 - 219.250.36.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AB035A13-5F60-4C15-AD6D-F3740287AB2A}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{46A04708-A71C-47A9-B967-D1C29970E410}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{B36792AD-C22F-4AD5-A86A-58D4966FB2AF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{48C47700-5F30-457F-B126-0B5E37C48496}] => (Allow) C:\Program Files\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{85F7091D-F663-43CF-8309-8DB3E9020295}] => (Allow) C:\Program Files\Nero\KM\NMDllHost.exe
FirewallRules: [{B91AC728-BBF8-48A5-8717-069BCA465C6C}] => (Allow) C:\Program Files\Nero\KM\MediaHome.exe
FirewallRules: [{BDEDE059-95C2-4437-A88D-F9DD786FB4A0}] => (Allow) C:\Program Files\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{44024E3E-8628-47F5-826F-6D1B8C53570D}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{BE219DF0-6551-4830-9C73-63730DE92272}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{A07B9198-22F5-48B0-88F7-9A088AD2B0CB}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{F85D6425-9E30-4683-BE9E-A98A865D2AFD}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [TCP Query User{01DBBB7E-5C1F-431D-8166-39BBC37EE8D6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{16E5C799-7688-4A3F-994C-F6D8EB1D84D9}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{519D31D1-370E-4C65-AF47-9D8768E95A66}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E13B8375-E38E-4CF0-BBD1-05049B0D05A6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{88A6D0C8-A914-4DAD-BA5D-80DF22724A19}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9EED5CCD-D9CE-4E2B-9FFC-B3D66868D551}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{67F90290-B342-438C-B96A-96843A5D2665}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5C9CBA3C-5AF8-48FB-A5DD-0F561638E703}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C942CE76-D847-46C9-B54F-74D77FF60570}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ABD6A68B-0ACA-4C11-9E9E-A7DA2688E9BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A53813AF-2E9A-4CBE-97C5-8B4CE4A577A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{6F2D0082-3CA5-4730-AE9F-1A0422A123F4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitnet.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

29-05-2018 22:25:42 End of disinfection

==================== Faulty Device Manager Devices =============

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4d36e969-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Symantec SMR Utility Service 5.2.1
Description: Symantec SMR Utility Service 5.2.1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SMR521
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2018 08:43:49 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4824. Message ID: [0x2509].

Error: (05/30/2018 08:43:04 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4996. Message ID: [0x2509].

Error: (05/30/2018 08:38:42 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 1036. Message ID: [0x2509].

Error: (05/30/2018 08:37:16 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5072. Message ID: [0x2509].

Error: (05/30/2018 08:34:40 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3632. Message ID: [0x2509].

Error: (05/30/2018 08:29:43 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 856. Message ID: [0x2509].

Error: (05/30/2018 08:15:33 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1259038908-1583320175-680065255-1005}/">.

Error: (05/30/2018 08:14:03 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (06/02/2018 08:32:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SMR521

Error: (06/01/2018 10:11:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (06/01/2018 06:18:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SMR521

Error: (06/01/2018 06:17:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (06/01/2018 06:15:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/01/2018 06:15:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/01/2018 06:15:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/01/2018 06:15:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.


Windows Defender:
===================================
Date: 2016-07-17 12:24:41.352
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{7A0F274B-64A0-4A24-A926-F369F71D1BB3}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-05-05 08:04:04.241
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{503FF450-A0D8-4657-8106-C6E437AF632B}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-04-17 11:32:04.907
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{EFF7DBD9-80AF-4189-BAD0-20590AAF8AC9}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-04-17 11:31:55.890
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{D28D66A7-DC09-40E7-ACC8-0E989B162064}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-03-22 10:32:32.490
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{50E193B1-C98E-4950-AFE5-8CB20042B81D}
Scan Type:AntiSpyware
Scan Parameters:Full Scan

Date: 2016-01-30 09:25:58.257
Description:
Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Sdbot&threatid=2722
Name:Backdoor:Win32/Sdbot
ID:2722
Severity:Severe
Category:Backdoor
Path:
Action:Remove
Error Code:0x80508023
Error description:The program could not find the spyware and other potentially unwanted software on this computer.
Status:

CodeIntegrity:
===================================

Date: 2017-06-24 12:28:59.040
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DANIEL~1.PC\AppData\Local\temp\24992B468C.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-24 12:28:59.034
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DANIEL~1.PC\AppData\Local\temp\24992B468C.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-30 08:13:32.112
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Daniel M. Burkus.PC\AppData\Local\temp\46718817-3A6B268A-D70FA871-D9A8C342\1478bef5d3.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:48.985
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:34.352
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:18.393
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:18.097
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\EEK\Run\epp32.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:17.925
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+
Percentage of memory in use: 40%
Total physical RAM: 2047.3 MB
Available physical RAM: 1225.37 MB
Total Virtual: 4094.61 MB
Available Virtual: 2810.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:25.66 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Data Storage) (Fixed) (Total:232.88 GB) (Free:20.15 GB) NTFS
Drive g: (Data Storage) (Fixed) (Total:232.79 GB) (Free:21.41 GB) NTFS

\\?\Volume{07e6e721-c667-11e5-84aa-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 697FBEB8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: BCE48856)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: B31CAE79)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



Thank you for your help, Broni.

-- Daniel M. Burkus
 

Broni

Posts: 55,719   +501
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    869 bytes · Views: 5

Daniel Burkus

Posts: 161   +7
Thank you, Broni. Here is the Fixlog:

Fix result of Farbar Recovery Scan Tool (x86) Version: 16.05.2018 01
Ran by Daniel M. Burkus (03-06-2018 10:27:11) Run:1
Running from C:\Users\Daniel M. Burkus.PC\Desktop
Loaded Profiles: Daniel M. Burkus (Available Profiles: Daniel M. Burkus)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Toolbar: HKLM - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh6.sys [X]
S3 catchme; \??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S1 SMR521; \SystemRoot\System32\drivers\SMR521.SYS [X]
2017-08-22 23:24 - 2017-12-12 22:35 - 000007608 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\Resmon.ResmonCfg
2018-05-29 13:56 - 2018-05-29 13:56 - 000053248 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\catchme.dll
2018-05-29 18:06 - 2017-09-14 00:10 - 001310528 _____ (Microsoft Corporation) C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\dllnt_dump.dll
2018-05-29 18:07 - 2017-08-11 15:19 - 000872448 _____ (Microsoft Corporation) C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\kernel32.dll

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => removed successfully.
HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => not found
"HKLM\System\CurrentControlSet\Services\BCMH43XX" => removed successfully.
BCMH43XX => service removed successfully.
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully.
catchme => service removed successfully.
"HKLM\System\CurrentControlSet\Services\SMR521" => removed successfully.
SMR521 => service removed successfully.
C:\Users\Daniel M. Burkus.PC\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\catchme.dll => moved successfully
C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\dllnt_dump.dll => moved successfully
C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\kernel32.dll => moved successfully

==== End of Fixlog 10:27:21 ====
 

Broni

Posts: 55,719   +501
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 

Daniel Burkus

Posts: 161   +7
Ok, Broni, here are the first two scans, SecurityCheck:

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x86 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
CCleaner
Java 8 Update 161
Java version 32-bit out of Date!
Adobe Flash Player 29.0.0.171
Mozilla Firefox (60.0.1)
Google Chrome (66.0.3359.181)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast aswidsagent.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

______________________________________________________________________________________________________

and FSS:

Farbar Service Scanner Version: 27-01-2016
Ran by Daniel M. Burkus (administrator) on 04-06-2018 at 10:12:35
Running from "C:\Users\Daniel M. Burkus.PC\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****



I will run TFC now, and then the Sophos Virus Removal Tool (which will take a couple of hours). I will be going out in a little while, so I will post the results when I get back, probably late afternoon or early evening.

Thank you, again, for your help!

-- Daniel M. Burkus
 

Daniel Burkus

Posts: 161   +7
Oh, I just noticed that SecurityCheck indicates that the Java is out of date. I have tried to update this several times in the past month or so, but it either failed, or subsequently indicated that it needed to be updated shortly after it appeared to have successfully updated.

-- Daniel M. Burkus
 

Daniel Burkus

Posts: 161   +7
Thank you for the Java link, Broni. I will attend to that in a minute (apparently I have to uninstall the previous version and then install the new one).

The Sophos scan finished, and indicated that there were no malicious files found. The program generated two .log files (SophosVirusRemovalTool.log and SophosVirusRemovalTool_cloud4.log), but I am not able to copy and paste them here (even though I saved them as .txt files). If you need the data, please tell me how to get the files to you -- attempting to copy and paste results in the browser freezing.

I will attempt to uninstall and then install the Java program now.

Thank you for your help.

-- Daniel M. Burkus
 

Broni

Posts: 55,719   +501
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.
 

Daniel Burkus

Posts: 161   +7
Thank you, Broni.

However, with respect to the recommendations, every week (at least) I run (in this order) CCleaner (latest version), Super AntiSpyware (this I usually run every day, to get rid of the website cookies), SpyBot (definitions updated and PC immunized two times per week), MalwareBytes, and finally the Sophos Virus Removal Tool. It was when running through this (hopefully) preemptive series of scans that the MalwareBytes issue emerged, prompting my starting of this topic.

I have not run any scans other than what you have told me to run for the duration of this cleaning process. And since it seemed that we had reached the end, I started to run these scans once again -- before posting that everything was alright (the PC was running well after the DelFix step). And again, unfortunately, when I ran the MalwareBytes scan, the PC shut down (I am sorry, I was out of the room when it shut down, but know it was during the last stages of the scan, either near the end of the programs scan, or during the heuristics scan). When I restarted the PC, after logging in, and following the "Welcome" page, the monitor went white; and after a minute or two (without loading the desktop), the PC shut down. I tried to start it again after a couple of minutes, and this time (following the white-screen) the desktop loaded, but after a minute or two the PC froze (I could not open any programs), and some minutes later it shut down.

The only thing I could think to do (since I could not open the browser) was perform a system restore (to the restore point created by DelFix). Starting the PC after that operation was finished, first the white screen appeared briefly, then the desktop loaded and it seems to be running normally (at least I could open the browser to write this).

So, we appear to be back at the beginning. I should add that, worried that the MalwareBytes program had somehow become corrupted (though I recently uninstalled it and reinstalled it before attempting to run it as part of the scan series), I uninstalled MalwareBytes again, and deleted the install file. I then downloaded a new install file directly from the MalwareBytes site, and installed it before attempting to run it.

What do you suggest I do?

Thank you very much for your time.

-- Daniel M. Burkus
 

Daniel Burkus

Posts: 161   +7
This is basically the same thing that has been happening since I first posted in this forum a couple of years ago: at that time it was just Dr. Web. While running this scan series helps, it seems that the problem remains somewhere in the background. Then, over time, the number of malware scans affected by this has increased.

As I said, Broni, I have been using the various scans regularly -- all of the ones Iisted at least weekly, and some more frequently (depending on the scan -- an update on SpyBot, for example, "lasts" 6 days, and so it needs to be updated twice a week). Everything was going as usual when the MalwareBytes joined the scans that cause the PC to shut down when it scans some file (to my eyes, it is as if scanning the file causes something like a "bomb" archive to go off -- a sudden burst of activity that overheats the CPU and so shuts down the PC). I have not been doing anything differently, so I do not know what would have precipitated this issue (though, suspicion tells me that, as MalwareBytes continues to evolve, it has recently begun to look at the file that is at the heart of this -- the file that Dr. Web originally found, though the PC shut down before the file could be identified -- and since it now attempts to scan that file, it sets off the problem: this always seems to happen when the scan, regardless of what it is, reaches a certain point in the series).

My thoughts....

-- Daniel M. Burkus
 

Broni

Posts: 55,719   +501
The best option would be to create new topic at MBAM forum. Over there they have means of reading MBAM troubleshooting logs.
They'll ask you to install some small tools to create those logs.
If your MBAM is a paid version you can also contact their support directly.
You can mention this topic so they know your computer is clean.
 

Daniel Burkus

Posts: 161   +7
Ok, thank you Broni. I do not see a TechSpot MBAM Forum, so I assume you mean the forums run by MalwareBytes?

Thank you very much for your help! Please have a great day!

-- Daniel M. Burkus