Solved Rootkit? (Win 7 x64)

JT4866

TS Member
So far I've figured out that someone I entrusted my computer to while I was on vacation has used it for downloading god knows what through programs called vuze and popcorn-time desktop. Some executable files are running in my processes that upon discovery, are revealed locked and hidden. I found that out through the rootkit removal program aswMBR that told me it killed those processes but upon reboot, unfortunately it had not. The processes aunricz.exe *32 and wmcgkrd.exe are starting through another program hidden and locked in Sys 32 called scivwrnsvc.exe that on delay calls up a supposed print driver host (no printer was ever connected to this machine by me) called pciakow.exe. I would appreciate a nudge in the right direction from some of the pros. Thank you for any help!
 

Broni

Malware Annihilator
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/topics/updated-4-step-viruses-spyware-malware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
  • Like
Reactions: JT4866

JT4866

TS Member
I did all that but it won't let me post the results. It keeps telling me it looks like spam and I know I'm not putting too many characters in. I got started but quit out of frustration at how many guesses it took just to get that one post on here.
 

JT4866

TS Member
Sorry, I misunderstood the post you pointed me to. It said "start a new topic" so I assumed I should and that this one would get deleted. Anyway, here they are. Thank you for your patience.
 

Attachments

Broni

Malware Annihilator
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by Owner (administrator) on RANDOM-PC (12-02-2018 17:40:35)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & Twins & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\scivwrnsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
() C:\Users\Owner\AppData\Local\vdeaixl\wmcgkrd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Cisco Systems, Inc.) C:\Program Files\Immunet\6.0.8\sfc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-31] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Users\Owner\Documents\GWX_control_panel.exe [4559944 2016-02-11] (UltimateOutsider)
HKLM\...\Run: [frascatiripley] => "C:\Program Files (x86)\bureaucracy\khalaf.exe"
HKLM\...\Run: [frascatifrascati] => "C:\Program Files (x86)\Beside\transgress.exe"
HKLM\...\Run: [frascati] => "C:\Program Files (x86)\Tried\transgress.exe"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2013-11-23] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [347768 2010-04-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [Raptr] => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
HKLM-x32\...\Run: [PlaysTV] => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [hatchedlukman] => "C:\Program Files (x86)\bureaucracy\khalaf.exe"
HKLM-x32\...\Run: [hatchedhatched] => "C:\Program Files (x86)\Beside\transgress.exe"
HKLM-x32\...\Run: [hatched] => "C:\Program Files (x86)\Tried\transgress.exe"
HKLM-x32\...\Run: [Immunet Protect] => C:\Program Files\Immunet\6.0.8\iptray.exe [3844288 2018-02-12] (Immunet)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3190048 2018-01-25] (Valve Corporation)
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Run: [snores] => "C:\Program Files (x86)\garters\snores.exe"
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Run: [ripleyripley] => "C:\Program Files (x86)\Beside\transgress.exe"
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Run: [ripleyfrascati] => "C:\Program Files (x86)\bureaucracy\khalaf.exe"
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Run: [ripley] => "C:\Program Files (x86)\Tried\transgress.exe"
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Run: [reeder] => "C:\Program Files (x86)\Tried\transgress.exe"
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Run: [optdbb] => rundll32.exe "C:\Users\Owner\AppData\Local\optdbb.dll",optdbb <==== ATTENTION
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Run: [MyComGames] => "C:\Users\Owner\AppData\Local\MyComGames\MyComGames.exe" -autostart
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Run: [lukmanlukman] => "C:\Program Files (x86)\Beside\transgress.exe"
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Run: [lukmanhatched] => "C:\Program Files (x86)\bureaucracy\khalaf.exe"
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Run: [lukman] => "C:\Program Files (x86)\Tried\transgress.exe"
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\MountPoints2: {9388977e-875d-11e7-ba0f-f4ce462c004a} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\MountPoints2: {ae9ca562-1bc8-11e7-80ef-f4ce462c004a} - E:\LG_PC_Programs.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BackupRemind.lnk [2017-08-22]
ShortcutTarget: BackupRemind.lnk -> C:\Program Files (x86)\Wondershare\Wondershare dr.fone toolkit for Android\Addins\AndroidBackupRestore\BackupRemind.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2017-08-07]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-06]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.11.500\SSScheduler.exe (No File)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2017-08-25]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Owner\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wreck.lnk [2018-02-11]
ShortcutTarget: wreck.lnk -> C:\Program Files (x86)\Tried\transgress.exe (No File)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wreckwreck.lnk [2018-02-11]
ShortcutTarget: wreckwreck.lnk -> C:\Program Files (x86)\bureaucracy\khalaf.exe (No File)
BootExecute: autocheck autochk * Partizan
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-217011151-2072011241-3863041349-1004\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{503FDFFA-D982-4EFB-B7A2-850941419CBC}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{503FDFFA-D982-4EFB-B7A2-850941419CBC}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.accuweather.com/en/us/springfield-il/62701/weather-forecast/328763
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-01-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-21] (Oracle Corporation)
Handler: WSISVCUchrome - No CLSID Value

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-04-12] ()
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-04-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-11] (Google Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.wunderground.com/weather/us/il/springfield/39.785332%2C-89.6533936"
CHR NewTab: Default -> Not-active:"chrome-extension://miocdidnaandmhoncmppenehgcaiachi/newtab/newtab.html"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2018-02-12]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-08]
CHR Extension: (DuckDuckGo) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2018-02-07]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-08]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-26]
CHR Extension: (Dark YouTube Theme - Black YouTube & FB Skin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\djhcepodfooinnfhfccmoeabagbjchhg [2017-11-24]
CHR Extension: (VideoCast (VLC/Chromecast)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclhodkofgoighinmongpkpncdpalejb [2016-06-09]
CHR Extension: (Chrome Populer Downloader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmjancgdemcbgpbmfialhipkbgkonmoj [2017-10-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-04-09]
CHR Extension: (Directions and Maps) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi [2017-12-09]
CHR Extension: (Google Hangouts) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-01-31]
CHR Extension: (Online Safety) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnjgmgbacmemmopeianhhabkgajjng [2017-12-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Tubi TV - Free Movies) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdahblbohmnbbldhjedicpckkjbmoad [2018-01-16]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-08]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-217011151-2072011241-3863041349-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\erzmnkd <==== ATTENTION (Rootkit!)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7002120 2017-12-20] ()
R2 ImmunetProtect_6.0.8; C:\Program Files\Immunet\6.0.8\sfc.exe [1250880 2018-02-12] (Cisco Systems, Inc.)
R2 Intel(R) PROSet Monitoring Service; C:\windows\system32\IProsetMonitor.exe [505856 2017-02-10] (Intel Corporation) [File not signed]
S3 scan; C:\Program Files\Immunet\tetra\scan.dll [652568 2018-02-12] (Bitdefender)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 20271752; C:\windows\System32\drivers\20271752.sys [255928 2018-02-11] (Malwarebytes)
R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [31872 2012-02-02] (Advanced Micro Devices, Inc.)
S3 dg_ssudbus; C:\windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2016-06-14] (Arainia Solutions LLC)
R2 ImmunetNetworkMonitorDriver; C:\windows\System32\Drivers\ImmunetNetworkMonitor.sys [119608 2018-02-12] (Cisco Systems, Inc.)
R1 ImmunetProtectDriver; C:\windows\System32\Drivers\immunetprotect.sys [113976 2018-02-12] (Cisco Systems, Inc.)
R1 ImmunetSelfProtectDriver; C:\windows\System32\Drivers\immunetselfprotect.sys [77624 2018-02-12] (Cisco Systems, Inc.)
S3 MxEFLF; C:\windows\system32\drivers\MxEFLF64.sys [116224 2011-08-16] (Matrox Graphics Inc.)
S3 MxEFUF; C:\windows\system32\drivers\MxEFUF64.sys [157696 2011-08-16] (Matrox Graphics Inc.)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2018-02-12] (Greatis Software)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [28400 2016-12-18] () [File not signed]
S3 semav6msr64; C:\windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 ssudmdm; C:\windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-02-12] ()
R3 Trufos; C:\windows\System32\Drivers\trufos.sys [442848 2018-02-12] (BitDefender S.R.L.)
R3 t_mouse.sys; C:\windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 lpsvzc; system32\drivers\svycfi.sys [X]
S3 MFE_RR; \??\C:\Users\Owner\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
S2 npf; \??\C:\windows\system32\drivers\npf.sys [X]
S4 SMR520; System32\drivers\SMR520.SYS [X]
S3 ybbbee; system32\drivers\vvvvyy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-12 17:40 - 2018-02-12 17:40 - 000019167 _____ C:\Users\Owner\Downloads\FRST.txt
2018-02-12 17:40 - 2018-02-12 17:40 - 000000000 ____D C:\Users\Owner\Downloads\FRST-OlderVersion
2018-02-12 17:39 - 2018-02-12 17:40 - 000000000 ____D C:\Program Files\Immunet
2018-02-12 17:39 - 2018-02-12 17:39 - 000442848 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys
2018-02-12 17:39 - 2018-02-12 17:39 - 000119608 _____ (Cisco Systems, Inc.) C:\windows\system32\Drivers\ImmunetNetworkMonitor.sys
2018-02-12 17:39 - 2018-02-12 17:39 - 000113976 _____ (Cisco Systems, Inc.) C:\windows\system32\Drivers\immunetprotect.sys
2018-02-12 17:39 - 2018-02-12 17:39 - 000077624 _____ (Cisco Systems, Inc.) C:\windows\system32\Drivers\immunetselfprotect.sys
2018-02-12 17:39 - 2018-02-12 17:39 - 000071088 _____ (Cisco Systems, Inc.) C:\windows\system32\Drivers\ImmunetUtilDriver.sys
2018-02-12 17:39 - 2018-02-12 17:39 - 000000000 ____H C:\windows\system32\Drivers\Msft_Kernel_ImmunetNetworkMonitor_01009.Wdf
2018-02-12 17:39 - 2018-02-12 17:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immunet
2018-02-12 17:38 - 2018-02-12 17:38 - 001123608 _____ (Cisco Systems, Inc.) C:\Users\Owner\Downloads\ImmunetSetup.exe
2018-02-12 17:38 - 2018-02-12 17:38 - 000000000 ____D C:\ProgramData\Immunet
2018-02-12 14:30 - 2018-02-12 14:30 - 000142672 ____N C:\windows\system32\Drivers\avksvycf.sys
2018-02-12 12:12 - 2018-02-12 12:12 - 007189760 _____ (VS Revo Group ) C:\Users\Owner\Downloads\revosetup.exe
2018-02-12 11:44 - 2018-02-12 11:44 - 000028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2018-02-12 11:42 - 2018-02-12 12:05 - 000000000 ____D C:\ProgramData\RogueKiller
2018-02-12 11:28 - 2018-02-12 11:28 - 000040304 _____ (Greatis Software) C:\windows\SysWOW64\Drivers\Partizan.sys
2018-02-12 11:06 - 2018-02-12 11:06 - 026937928 _____ (Adlice Software) C:\Users\Owner\Downloads\RogueKiller_portable64.exe
2018-02-12 10:40 - 2018-02-12 10:40 - 000221662 _____ C:\Users\Owner\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2018-02-12 10:31 - 2018-02-12 10:32 - 000276512 _____ C:\windows\Minidump\021218-34039-01.dmp
2018-02-12 10:21 - 2018-02-12 10:22 - 000276512 _____ C:\windows\Minidump\021218-36785-01.dmp
2018-02-12 10:15 - 2018-02-12 17:40 - 002405376 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2018-02-12 09:24 - 2018-02-12 09:24 - 000066600 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-12 08:40 - 2017-09-06 08:30 - 000000826 _____ C:\windows\system32\Drivers\etc\hosts.old
2018-02-12 08:34 - 2018-02-12 17:19 - 000000250 _____ C:\windows\SysWOW64\PARTIZAN.TXT
2018-02-12 08:25 - 2018-02-12 08:25 - 000000000 ____D C:\@RestoreQuarantine
2018-02-12 08:24 - 2018-02-12 08:24 - 000294088 _____ C:\windows\system32\FNTCACHE.DAT
2018-02-12 08:10 - 2018-02-12 11:30 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2018-02-12 08:10 - 2018-02-12 11:28 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2018-02-12 08:10 - 2018-02-12 11:28 - 000000000 ____D C:\Users\Owner\Documents\RegRun2
2018-02-12 08:10 - 2018-02-12 08:10 - 000003326 _____ C:\windows\System32\Tasks\UnHackMe Task Scheduler
2018-02-12 08:10 - 2018-02-12 08:10 - 000000974 _____ C:\Users\Owner\Desktop\UnHackMe.lnk
2018-02-12 08:10 - 2018-02-12 08:10 - 000000002 RSHOT C:\windows\winstart.bat
2018-02-12 08:10 - 2018-02-12 08:10 - 000000002 RSHOT C:\windows\SysWOW64\CONFIG.NT
2018-02-12 08:10 - 2018-02-12 08:10 - 000000002 RSHOT C:\windows\SysWOW64\AUTOEXEC.NT
2018-02-12 08:10 - 2018-02-12 08:10 - 000000000 ____D C:\ProgramData\RegRun
2018-02-12 08:10 - 2018-02-12 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2018-02-12 08:10 - 2018-01-31 13:32 - 000014984 _____ (Greatis Software, LLC.) C:\windows\SysWOW64\Drivers\UnHackMeDrv.sys
2018-02-12 08:10 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\windows\system32\partizan.exe
2018-02-12 08:08 - 2018-02-09 05:07 - 018322776 _____ (Greatis Software, LLC. ) C:\Users\Owner\Downloads\unhackme_setup.exe
2018-02-12 08:07 - 2018-02-12 08:08 - 018297972 _____ C:\Users\Owner\Downloads\unhackmeb.zip
2018-02-12 08:05 - 2018-02-12 08:05 - 000784152 _____ (McAfee, Inc.) C:\Users\Owner\Downloads\rootkitremover.exe
2018-02-12 08:01 - 2018-02-12 09:33 - 000000114 ___RH C:\Users\Owner\Downloads\Stinger.opt
2018-02-12 07:58 - 2018-02-12 08:01 - 000000821 _____ C:\Users\Owner\Downloads\Stinger_12022018_075816.html
2018-02-12 07:58 - 2018-02-12 07:58 - 000000000 ____D C:\Program Files\McAfee
2018-02-12 07:57 - 2018-02-12 07:57 - 016121728 _____ (McAfee Inc) C:\Users\Owner\Downloads\stinger64.exe
2018-02-11 23:23 - 2018-02-11 23:23 - 000003441 _____ C:\Users\Owner\Documents\aswMBR.txt
2018-02-11 23:23 - 2018-02-11 23:23 - 000000512 _____ C:\Users\Owner\Documents\MBR.dat
2018-02-11 22:57 - 2018-02-11 22:57 - 000255928 _____ (Malwarebytes) C:\windows\system32\Drivers\20271752.sys
2018-02-11 22:55 - 2018-02-11 22:55 - 000000000 ____D C:\KVRT_Data
2018-02-11 22:50 - 2018-02-11 22:50 - 000002958 _____ C:\windows\System32\Tasks\{31D0CC95-82DF-4E83-A962-E621FA252850}
2018-02-11 22:40 - 2018-02-11 22:41 - 000013591 _____ C:\Users\Owner\Desktop\MBRCheck_02.11.18_22.40.57.txt
2018-02-11 22:40 - 2018-02-11 22:40 - 000881904 _____ (Plumbytes Software) C:\Users\Owner\Downloads\antimalwaresetup.exe
2018-02-11 22:17 - 2018-02-11 22:17 - 000080384 _____ C:\Users\Owner\Downloads\MBRCheck.exe
2018-02-11 21:47 - 2018-02-11 21:47 - 005200384 _____ (AVAST Software) C:\Users\Owner\Downloads\aswmbr.exe
2018-02-11 21:43 - 2018-02-11 21:43 - 000390776 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\TrufosAlt.sys
2018-02-11 21:38 - 2018-02-11 21:38 - 000003122 _____ C:\windows\System32\Tasks\{ABDB8FBC-6C46-447A-BF5C-354A7A14DF15}
2018-02-11 21:34 - 2018-02-11 21:34 - 001525384 _____ C:\Users\Owner\Downloads\sarsfx.exe
2018-02-11 21:32 - 2018-02-11 21:32 - 011427128 _____ (Bitdefender LLC) C:\Users\Owner\Downloads\BootkitRemoval_x64.exe
2018-02-11 21:19 - 2018-02-11 21:19 - 000000000 ____D C:\Users\Owner\AppData\Local\iSkysoft
2018-02-11 21:19 - 2018-02-11 21:19 - 000000000 ____D C:\ProgramData\iSkysoft
2018-02-11 21:13 - 2018-02-11 21:13 - 000000492 _____ C:\TDSSKiller.3.1.0.16_11.02.2018_21.13.25_log.txt
2018-02-11 20:51 - 2018-02-12 09:29 - 000000000 ____D C:\NPE
2018-02-11 20:50 - 2018-02-12 09:30 - 000000000 ____D C:\Users\Owner\AppData\Local\NPE
2018-02-11 20:50 - 2018-02-11 21:08 - 000016894 _____ C:\windows\system32\Drivers\SMR520.dat
2018-02-11 20:50 - 2018-02-11 20:50 - 000000000 ____D C:\ProgramData\Norton
2018-02-11 20:45 - 2018-02-11 20:45 - 001137360 _____ (F-Secure Corporation) C:\Users\Owner\Downloads\fsbl.exe
2018-02-11 20:44 - 2018-02-11 20:44 - 014999000 _____ (Trend Micro Inc.) C:\Users\Owner\Downloads\RootkitBusterV5.0-1203x64.exe
2018-02-11 20:42 - 2018-02-11 20:42 - 009494240 _____ (Symantec Corporation) C:\Users\Owner\Downloads\NPE.exe
2018-02-11 19:55 - 2018-02-11 20:54 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-02-11 19:44 - 2018-02-11 19:45 - 000018198 _____ C:\TDSSKiller.3.1.0.16_11.02.2018_19.44.58_log.txt
2018-02-11 18:43 - 2018-02-11 21:47 - 000000000 ____D C:\AdwCleaner
2018-02-11 18:42 - 2018-02-11 22:54 - 000000000 ____D C:\Users\Owner\Desktop\rkill
2018-02-11 18:41 - 2018-02-11 22:55 - 000001942 _____ C:\Users\Owner\Desktop\Rkill.txt
2018-02-11 18:41 - 2018-02-11 18:41 - 008222496 _____ (Malwarebytes) C:\Users\Owner\Downloads\AdwCleaner.exe
2018-02-11 18:41 - 2018-02-11 18:41 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.exe
2018-02-11 18:36 - 2016-03-11 14:53 - 000380928 _____ C:\Users\Owner\Downloads\gmer.exe
2018-02-11 17:57 - 2018-02-11 17:57 - 000255928 _____ (Malwarebytes) C:\windows\system32\Drivers\4423FC0D.sys
2018-02-11 17:56 - 2018-02-11 17:57 - 000013956 _____ C:\TDSSKiller.3.1.0.16_11.02.2018_17.56.02_log.txt
2018-02-11 17:52 - 2018-02-11 17:52 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.10.3.1001.exe
2018-02-11 17:51 - 2018-02-11 17:51 - 004944584 _____ (AO Kaspersky Lab) C:\Users\Owner\Downloads\tdsskiller.exe
2018-02-11 17:47 - 2018-02-11 17:47 - 000003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-11 17:47 - 2018-02-11 17:47 - 000003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-11 17:47 - 2018-02-11 17:47 - 000002263 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-11 17:47 - 2018-02-11 17:47 - 000002222 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-11 17:33 - 2018-02-11 17:47 - 000000000 ____D C:\Users\Owner\AppData\Local\Deployment
2018-02-11 16:45 - 2018-02-12 11:01 - 000000000 ____D C:\Users\Owner\AppData\Local\wdbplit
2018-02-11 16:26 - 2018-02-11 16:26 - 000192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2018-02-11 16:25 - 2018-02-11 23:10 - 000000000 ____D C:\Users\Owner\Desktop\mbar
2018-02-11 16:25 - 2018-02-11 22:56 - 000192952 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2018-02-11 15:17 - 2018-02-12 17:38 - 000000000 ____D C:\Users\Owner\AppData\Local\pciakow
2018-02-11 15:17 - 2018-02-11 17:14 - 000000000 ____D C:\Users\Owner\AppData\Local\vdeaixl
2018-02-11 15:16 - 2018-02-12 17:19 - 002888704 _____ (TOSHIBA CORPORATION) C:\windows\system32\scivwrnsvc.exe
2018-02-11 15:16 - 2018-02-11 15:16 - 000000000 ____D C:\windows\SysWOW64\svdnixc
2018-02-11 15:16 - 2018-02-11 15:16 - 000000000 ____D C:\windows\system32\svdnixc
2018-02-11 15:15 - 2018-02-11 15:15 - 000003072 _____ C:\Users\Owner\AppData\Local\UNINSTALLVDK.del
2018-02-11 15:15 - 2018-02-11 15:15 - 000000012 _____ C:\windows\b68209745
2018-02-11 15:15 - 2018-02-11 15:15 - 000000000 ____D C:\Users\Owner\AppData\Roaming\et
2018-02-11 14:57 - 2018-02-11 14:57 - 000009216 _____ C:\windows\catalyze.exe
2018-02-11 14:56 - 2018-02-11 14:56 - 000022814 _____ C:\Users\Owner\Downloads\Better.Watch.Out.2017.720p.BluRay.H264.AAC-RARBG-[rarbg.to] (1).torrent
2018-02-11 14:55 - 2018-02-11 14:55 - 000032669 _____ C:\Users\Owner\Downloads\King.Arthur.Legend.of.the.Sword.2017.720p.BluRay.H264.AAC-RARBG-[rarbg.to].torrent
2018-02-11 14:52 - 2018-02-11 14:52 - 000059609 _____ C:\Users\Owner\Downloads\Braven.2018.720p.WEB-DL.DD5.1.H264-FGT-[rarbg.to].torrent
2018-02-11 14:44 - 2018-02-11 14:44 - 000000000 ____D C:\Users\Owner\AppData\Local\FreemakeVideoConverter
2018-02-11 14:43 - 2018-02-11 14:44 - 000000000 ____D C:\Users\Owner\Documents\Freemake
2018-02-11 14:42 - 2018-02-11 14:43 - 001013376 _____ (Ellora Assets Corporation ) C:\Users\Owner\Downloads\FreemakeVideoConverterSetup.exe
2018-02-10 23:18 - 2018-02-10 23:29 - 498281579 _____ C:\Users\Owner\Desktop\Hellraiser JudgementWMA2.mp4
2018-02-10 20:36 - 2018-02-10 20:42 - 1151508991 _____ C:\Users\Owner\Desktop\Better.Watch.Out.2017.720p.BluRay.H264.AAC-RARBG.mp4
2018-02-10 20:35 - 2018-02-10 20:35 - 000022814 _____ C:\Users\Owner\Downloads\Better.Watch.Out.2017.720p.BluRay.H264.AAC-RARBG-[rarbg.to].torrent
2018-02-09 23:55 - 2018-02-09 23:55 - 004934536 _____ ( ) C:\Users\Owner\Downloads\crossout_launcher_1.0.3.29.exe
2018-02-04 17:37 - 2018-02-04 17:37 - 000000002 _____ C:\Users\Owner\Downloads\6150f78c-63c1-426e-9ffb-166767f524fa
2018-02-01 21:11 - 2018-02-01 21:11 - 000000002 _____ C:\Users\Owner\Downloads\1e13dadb-f363-4061-bcc5-f1049f0200da
2018-01-31 10:37 - 2018-01-31 10:37 - 000000000 ____D C:\Users\Owner\AppData\Local\RadeonSettings
2018-01-31 10:27 - 2018-01-31 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-01-31 10:26 - 2018-02-10 20:51 - 000003148 _____ C:\windows\System32\Tasks\StartCN
2018-01-31 10:26 - 2018-02-10 20:51 - 000003062 _____ C:\windows\System32\Tasks\StartDVR
2018-01-31 10:26 - 2018-01-31 10:26 - 000000000 ____D C:\Program Files (x86)\AMD
2018-01-31 10:21 - 2018-01-31 10:21 - 025900000 _____ (AMD Inc.) C:\Users\Owner\Downloads\radeon-software-adrenalin-17.12.1-minimalsetup-171211_64bit.exe
2018-01-27 14:36 - 2018-01-27 14:36 - 000003460 _____ C:\windows\System32\Tasks\AdobeGCInvoker-1.0-RANDOM-PC-Owner
2018-01-26 17:00 - 2018-01-26 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renegade X
2018-01-21 16:52 - 2018-01-21 16:52 - 000110144 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-64.dll
2018-01-16 11:30 - 2018-01-16 11:31 - 011205832 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup539.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-12 17:40 - 2017-07-27 17:37 - 000000000 ____D C:\FRST
2018-02-12 17:40 - 2009-07-13 20:34 - 023330816 _____ C:\windows\system32\config\HARDWARE
2018-02-12 17:27 - 2009-07-13 22:45 - 000028944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-12 17:27 - 2009-07-13 22:45 - 000028944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-12 17:25 - 2009-07-13 23:13 - 000752568 _____ C:\windows\system32\PerfStringBackup.INI
2018-02-12 17:25 - 2009-07-13 21:20 - 000000000 ____D C:\windows\inf
2018-02-12 17:20 - 2016-06-12 16:45 - 000000000 ____D C:\Program Files (x86)\Steam
2018-02-12 17:19 - 2009-07-13 23:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-02-12 14:30 - 2016-06-08 12:40 - 000065536 _____ C:\windows\system32\spu_storage.bin
2018-02-12 12:06 - 2017-08-08 21:13 - 000000000 ____D C:\windows\pss
2018-02-12 10:31 - 2016-06-13 13:50 - 000000000 ____D C:\windows\Minidump
2018-02-12 09:40 - 2017-08-22 17:14 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-02-12 09:40 - 2016-12-25 10:25 - 000000000 ____D C:\Users\Owner\Documents\ArmA 2
2018-02-12 09:40 - 2016-09-24 18:32 - 000000000 ____D C:\Users\Owner\Downloads\PopcornTime
2018-02-12 09:40 - 2016-06-17 00:45 - 000000000 ____D C:\Users\Owner\Documents\DayZ
2018-02-12 05:00 - 2017-09-24 07:27 - 000000444 _____ C:\windows\Tasks\Wise Disk Cleaner Schedule Task.job
2018-02-11 23:47 - 2017-08-01 21:27 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-11 19:09 - 2009-07-13 21:20 - 000000000 ____D C:\windows\registration
2018-02-11 19:04 - 2016-06-20 20:15 - 000000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2018-02-11 18:19 - 2017-08-28 20:27 - 000000000 ____D C:\Users\Owner\Downloads\androidfirmware
2018-02-11 18:19 - 2017-03-09 11:32 - 000000000 ____D C:\Users\Owner\Downloads\Intel Components
2018-02-11 18:13 - 2016-12-25 10:36 - 000000000 ____D C:\Users\Owner\Documents\ArmA 2 Other Profiles
2018-02-11 18:09 - 2017-05-31 17:06 - 000000000 ____D C:\Users\Twins
2018-02-11 18:09 - 2016-06-08 09:10 - 000000000 ____D C:\Users\Administrator
2018-02-11 17:47 - 2016-06-08 09:12 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-11 17:11 - 2016-06-08 11:54 - 000000000 ____D C:\Users\Owner
2018-02-11 16:44 - 2009-07-13 21:20 - 000000000 ____D C:\windows\ModemLogs
2018-02-11 15:42 - 2017-08-04 01:09 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Azureus
2018-02-11 15:41 - 2016-06-09 10:30 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Wise Disk Cleaner
2018-02-11 15:31 - 2017-10-24 07:29 - 000004130 _____ C:\windows\System32\Tasks\CCleaner Update
2018-02-10 23:41 - 2016-09-01 02:10 - 000000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2018-02-10 20:42 - 2017-08-04 01:11 - 000000000 ____D C:\Users\Owner\Documents\Vuze Downloads
2018-02-10 18:02 - 2016-04-12 16:02 - 000000892 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2018-02-09 08:41 - 2016-07-01 14:11 - 000000000 ____D C:\Users\Owner\AppData\Roaming\WiseUpdate
2018-02-03 05:27 - 2016-06-17 00:45 - 000000000 ____D C:\Users\Owner\AppData\Local\DayZ
2018-01-31 11:12 - 2017-12-07 09:30 - 000003132 _____ C:\windows\System32\Tasks\{5231E8DD-424B-41D5-BA5E-781B0F07348C}
2018-01-31 11:12 - 2017-12-07 09:30 - 000003122 _____ C:\windows\System32\Tasks\{698F5BD4-16D1-427C-8693-8865FBA61A03}
2018-01-31 10:30 - 2016-06-08 12:35 - 000000000 ____D C:\Users\Owner\AppData\Local\AMD
2018-01-31 10:29 - 2016-09-10 11:51 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\AMD
2018-01-31 10:23 - 2017-06-14 22:42 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-01-31 10:21 - 2017-01-25 01:32 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2018-01-31 10:21 - 2016-06-08 12:28 - 000000000 ____D C:\AMD
2018-01-27 14:31 - 2009-07-13 23:08 - 000032564 _____ C:\windows\Tasks\SCHEDLGU.TXT
2018-01-26 17:00 - 2017-12-25 17:48 - 000000000 ____D C:\Program Files (x86)\Renegade X
2018-01-23 21:26 - 2017-10-29 18:01 - 000000000 ____D C:\Games
2018-01-23 09:04 - 2016-06-09 10:38 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Wargaming.net
2018-01-21 16:53 - 2016-06-08 09:14 - 000000000 ____D C:\ProgramData\Oracle
2018-01-21 16:52 - 2016-06-08 09:19 - 000110144 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2018-01-21 16:52 - 2016-06-08 09:18 - 000000000 ____D C:\Program Files\Java
2018-01-21 16:52 - 2016-06-08 09:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-21 16:52 - 2016-06-08 09:14 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-21 16:51 - 2016-06-08 09:14 - 000097344 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2018-01-20 09:44 - 2009-07-13 21:20 - 000000000 ____D C:\windows\Help

==================== Files in the root of some directories =======

2017-07-22 23:25 - 2016-08-22 15:31 - 000204800 _____ () C:\ProgramData\WS_Log.dll
2016-07-12 14:21 - 2016-07-13 01:27 - 000000096 _____ () C:\Users\Owner\AppData\Roaming\LauncherSettings_live.cfg
2017-04-16 10:07 - 2017-04-16 10:07 - 000004608 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-26 21:44 - 2017-07-26 21:44 - 000140800 _____ () C:\Users\Owner\AppData\Local\installer.dat
2017-05-17 10:32 - 2017-05-17 10:32 - 000125952 _____ () C:\Users\Owner\AppData\Local\REPORT.del
2016-08-17 00:21 - 2017-03-31 19:46 - 000007600 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2018-02-11 15:15 - 2018-02-11 15:15 - 000003072 _____ () C:\Users\Owner\AppData\Local\UNINSTALLVDK.del

Some files in TEMP:
====================
2018-02-12 11:42 - 2017-09-13 09:31 - 001732864 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\windows\system32\drivers\avksvycf.sys -> Access Denied <======= ATTENTION

LastRegBack: 2018-02-12 05:40

==================== End of FRST.txt ============================
 
  • Like
Reactions: JT4866

Broni

Malware Annihilator
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by Owner (12-02-2018 17:41:10)
Running from C:\Users\Owner\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2016-06-08 15:10:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-217011151-2072011241-3863041349-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-217011151-2072011241-3863041349-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-217011151-2072011241-3863041349-1003 - Limited - Enabled)
Owner (S-1-5-21-217011151-2072011241-3863041349-1001 - Administrator - Enabled) => C:\Users\Owner
Twins (S-1-5-21-217011151-2072011241-3863041349-1004 - Limited - Enabled) => C:\Users\Twins

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Immunet (Enabled - Up to date) {05A27767-0425-EB45-C06B-DA28DB7FCD38}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Immunet (Enabled - Up to date) {BEC39683-221F-E4CB-FADB-E15AA0F88785}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.106.2020.110 - Alps Electric)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Audacity 2.2.0 (HKLM-x32\...\Audacity_is1) (Version: 2.2.0 - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
ETDWare PS/2-X64 11.6.2.1_WHQL (HKLM\...\Elantech) (Version: 11.6.2.1 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.140 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.29.5 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Immunet (HKLM-x32\...\Immunet Protect) (Version: 6.0.8.10638 - Cisco Systems, Inc.)
Intel(R) Network Connections 22.0.18.0 (HKLM\...\PROSetDX) (Version: 22.0.18.0 - Intel)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-206529ae-c207-4c62-a835-3565b484b5e2) (Version: - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-55361188-2449-434d-9af1-36977ea8325e) (Version: - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-f056ed40-3803-42ee-932a-c438efd31c0d) (Version: - Epic Games, Inc.)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
paint.net (HKLM\...\{A1D05314-DC32-4668-A97E-51060EC8BCCE}) (Version: 4.0.12 - dotPDN LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6383 - Realtek Semiconductor Corp.)
Renegade X (HKLM-x32\...\{BD64C67A-FA49-497C-8ED2-CCB486A9B765}) (Version: 0.5.6.0 - Totem Arts)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
UnHackMe 9.60 (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{6B8AC866-8C52-4FAE-BCD7-F80713F513F9}) (Version: 3.17.0601 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{3C48AF07-0974-49B7-A3EE-CA620469C219}) (Version: 3.17.0403 - Samsung Electronics Co., Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0) (Version: 1.0.54.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0-2) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)
Windows 7 Codec Pack 4.1.7 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.1.7 - Windows 7 Codec Pack)
Wise Disk Cleaner 9.63 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 9.63 - WiseCleaner.com, Inc.)
World of Tanks (HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version: - Wargaming.net)
YouTube Downloader App 3.00 (HKLM-x32\...\YouTube Downloader App) (Version: 3.00 - Regensoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-217011151-2072011241-3863041349-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-217011151-2072011241-3863041349-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-217011151-2072011241-3863041349-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-217011151-2072011241-3863041349-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-217011151-2072011241-3863041349-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-217011151-2072011241-3863041349-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> [CC]{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> [CC]{BB35DE05-89D6-4D8F-95DE-A27DF8156D91} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-01-12] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0232464D-E3D1-4A55-9098-36C18FAF0B6E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {09C468CE-1224-4AFF-89CC-9B36E0227022} - System32\Tasks\{ABDB8FBC-6C46-447A-BF5C-354A7A14DF15} => C:\windows\system32\pcalua.exe -a C:\Users\Owner\Downloads\sarsfx.exe -d C:\Users\Owner\Downloads
Task: {0F6F7644-D0B8-4249-9068-CAABB4D3BEC6} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-01-12] (Advanced Micro Devices, Inc.)
Task: {116BFA7D-6051-4E77-AC5B-87FB04508075} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {18E37C9D-9828-4AFA-820A-2F7438D2844A} - System32\Tasks\Wise Disk Cleaner Schedule Task => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe [2018-02-07] (WiseCleaner.com)
Task: {2E916682-BEFF-4185-A928-6AA0A312BA12} - \{32359A6E-A4B7-4B2C-AD54-4F9B1308A9FD} -> No File <==== ATTENTION
Task: {34C5200D-0286-44E8-9E23-92EA4FDAC1CC} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-01-12] (Advanced Micro Devices, Inc.)
Task: {34D066C9-6F62-485C-83CD-170C8E9E6E68} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {39D9D9D6-39B4-4F50-9B2B-D9D6AFCC64DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-11] (Google Inc.)
Task: {4298E00C-00AD-4272-B7AD-2EE5A53CA2D8} - \{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} -> No File <==== ATTENTION
Task: {51CBD16D-9120-4F0B-A6E4-39E534A72F2F} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {5C38356B-A3CE-4358-86FD-0F4884BD5140} - System32\Tasks\{698F5BD4-16D1-427C-8693-8865FBA61A03} => C:\windows\system32\pcalua.exe -a C:\Users\Owner\Downloads\T3vis.exe -d C:\Users\Owner\Downloads
Task: {62086F31-6EA8-44E2-9987-7B594A984377} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6880FFCF-30CB-49DC-A950-6F032C153246} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6F2CE8C6-C35E-4544-AF98-FCC9B7169984} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_197_pepper.exe [2016-04-12] (Adobe Systems Incorporated)
Task: {7828FA25-8422-49A8-8097-81076B1408D9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)
Task: {78CA8C13-82C4-4793-AD11-3B7F18A93E06} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7BE8964C-CE96-4E88-A7FF-BF32BBA720BC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7F87A0F6-C755-465C-8845-8B20BCF7BC90} - System32\Tasks\AdobeGCInvoker-1.0-RANDOM-PC-Owner => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {811974BE-EAFB-41A3-B11B-BAB7CBAF315C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {870BA5FD-3B9F-4DFF-87B9-F00E3682E1DF} - System32\Tasks\{31D0CC95-82DF-4E83-A962-E621FA252850} => C:\Users\Owner\Downloads\antimalwaresetup.exe [2018-02-11] (Plumbytes Software)
Task: {8784E7E3-5532-4C9C-A77B-902741564C99} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {BC523779-9B82-45B1-9D85-1785D2430F30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-11] (Google Inc.)
Task: {D9E93E32-7F37-478E-A0DE-5723432268FD} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2018-01-31] (Greatis Software)
Task: {E0348FFE-45BD-4AFD-9321-6AC0BA9BF804} - System32\Tasks\{5231E8DD-424B-41D5-BA5E-781B0F07348C} => C:\windows\system32\pcalua.exe -a C:\Users\Owner\Downloads\trilogyiii.exe -d C:\Users\Owner\Downloads
Task: {F486D5CC-821A-460C-998E-94725BE99952} - System32\Tasks\{4DF36FA8-4EF7-40E7-9609-CFBC9148B473} => C:\windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {FF204E60-7F7D-4257-9983-EEE19B6BBCE5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_197_pepper.exe
Task: C:\windows\Tasks\Wise Disk Cleaner Schedule Task.job => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Populer Downloader.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gmjancgdemcbgpbmfialhipkbgkonmoj

==================== Loaded Modules (Whitelisted) ==============

2018-02-11 17:47 - 2018-02-01 00:13 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\libglesv2.dll
2018-02-11 17:47 - 2018-02-01 00:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\libegl.dll
2018-02-12 17:39 - 2018-02-12 17:39 - 000724480 _____ () C:\Program Files\Immunet\6.0.8\dbh.dll
2018-02-12 17:39 - 2018-02-12 17:39 - 000102800 _____ () C:\Program Files\Immunet\clamav\0.99.3-beta1.49\mspack.dll
2017-07-22 23:09 - 2014-10-31 15:40 - 001498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2017-07-22 23:09 - 2014-05-19 16:19 - 000137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [252]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20271752 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SMR520 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SMR520.SYS => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20271752 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR520 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR520.SYS => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2018-02-12 08:40 - 000008135 ____N C:\windows\system32\Drivers\etc\hosts

0.0.0.0 12finance.com
0.0.0.0 12kotov.ru
0.0.0.0 144.76.201.175
0.0.0.0 195.22.127.157
0.0.0.0 1dnscontrol.com
0.0.0.0 adsrvr.org
0.0.0.0 adsymptotic.com
0.0.0.0 advertising.com
0.0.0.0 akisho.ru
0.0.0.0 alphashoppers.com
0.0.0.0 altocloudmedia.com
0.0.0.0 amtomil.ru
0.0.0.0 appchucklegift.com
0.0.0.0 asedownloadgate.com
0.0.0.0 atwola.com
0.0.0.0 backupcdn.com
0.0.0.0 bestapps4ever161.download
0.0.0.0 bet-booom.ru
0.0.0.0 bfmio.com
0.0.0.0 bluekai.com
0.0.0.0 butcaketforthen.com
0.0.0.0 bywinners.men
0.0.0.0 cdndepot.com
0.0.0.0 cd-sec.com
0.0.0.0 celebritytrends.tv
0.0.0.0 champlaintechnology.com
0.0.0.0 chromesearch.win
0.0.0.0 clapflab.ru
0.0.0.0 click-now-on.me
0.0.0.0 corulu.com

There are 269 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-217011151-2072011241-3863041349-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BD64CEDE-6908-476F-B0C1-EE8D1135E052}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DF766478-3D50-49E3-8A8C-2E3DCD755BC1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5B485A80-3144-405A-9D5D-D03B36D8B3E6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3626CE68-2594-4BEE-9598-0768A5320565}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{F92E03DE-401E-45A2-B365-ABB38F1D7AE4}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{04867DC8-6181-4522-9447-5FF056EFEA3C}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{4C4DE106-BBCE-4889-B931-F72FFF484EBC}C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe
FirewallRules: [UDP Query User{0DCE90E6-EB2C-4F0A-B1FD-06D63AF55C6B}C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe
FirewallRules: [TCP Query User{41055CF2-9CAB-4732-91D4-6E6C900023CE}C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe
FirewallRules: [UDP Query User{E037CA93-148D-42B3-95ED-96C945CA4A0E}C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe
FirewallRules: [{7931FE2C-389B-40A1-A6F5-225F213B7D8C}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [TCP Query User{2E55F808-152E-4374-AAA9-4E1F107C05FA}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{00DE4BA1-C966-4090-8C5A-CE2C5F944D05}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{FB53CD37-7AAB-4883-9851-93B85A20535A}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{7C44A7E7-60C7-43FB-BDD1-10025ECE2308}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{3333D048-5298-4498-A38A-2F6A9FD968C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{C180AB4D-4D93-4D2C-9110-937F1324990D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{6EFC050C-8E6C-4BCA-BA1F-AEC938483B4E}C:\program files (x86)\renegade x\binaries\win32\udk.exe] => (Block) C:\program files (x86)\renegade x\binaries\win32\udk.exe
FirewallRules: [UDP Query User{03FBC209-0242-4CBF-B367-CA3FB258C570}C:\program files (x86)\renegade x\binaries\win32\udk.exe] => (Block) C:\program files (x86)\renegade x\binaries\win32\udk.exe
FirewallRules: [{72C7D87D-74F0-4145-B485-7B463DC22777}] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [{145A0079-DA63-49C7-B284-2C07A6D872A3}] => (Allow) C:\Program Files (x86)\Tried\transgress.exe
FirewallRules: [{09D3B2D2-5A24-4601-9BBE-FBEB028AEC59}] => (Allow) C:\Program Files (x86)\Beside\transgress.exe
FirewallRules: [{49B542C3-CC39-4381-B78C-14A739975971}] => (Allow) C:\Program Files (x86)\bureaucracy\khalaf.exe
FirewallRules: [{E744B0EE-CA5B-4E34-B2BD-44A2B6068E70}] => (Allow) C:\Program Files (x86)\Beside\khalaf.exe
FirewallRules: [{70CBD335-0384-4604-AF80-AD9A50F28A60}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{20EDD108-05EB-4801-90B6-79B647FE4FED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777935}}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA9}}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777934}}] => (Allow) C:\Program Files (x86)\UnHackMe\regruninfo.exe
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA8}}] => (Allow) C:\Program Files (x86)\UnHackMe\regruninfo.exe
FirewallRules: [{6F78FE60-7540-4699-B887-2AB23D0278AD}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{A1A478D8-FE12-4425-9EB8-51A0735C8671}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{AB2043CE-C538-424B-A37D-3DC98307D132}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{7687747B-FCC7-41AA-8F22-D6923AA95BCA}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard with HP QLB
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard with HP QLB
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard Development Company, L.P.
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2018 05:21:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/12/2018 12:09:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/12/2018 11:29:54 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070002
6.1.7601.17514

Error: (02/12/2018 11:29:01 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070002
6.1.7601.17514

Error: (02/12/2018 11:27:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/12/2018 10:32:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/12/2018 10:22:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/12/2018 09:37:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (02/12/2018 05:20:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Wondershare Application Framework Service service to connect.

Error: (02/12/2018 05:19:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetGroup Packet Filter Driver service failed to start due to the following error:
The system cannot find the file specified.

Error: (02/12/2018 02:07:40 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (02/12/2018 02:07:40 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (02/12/2018 02:07:40 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (02/12/2018 02:07:40 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (02/12/2018 02:07:40 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (02/12/2018 02:07:40 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 35%
Total physical RAM: 6075.25 MB
Available physical RAM: 3894.95 MB
Total Virtual: 12148.68 MB
Available Virtual: 9722.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:147.04 GB) (Free:21.44 GB) NTFS
Drive I: () (Removable) (Total:14.9 GB) (Free:0.02 GB) FAT32

\\?\Volume{0fc9d0c4-2d8a-11e6-8a73-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{0fc9d0c6-2d8a-11e6-8a73-806e6f6e6963}\ (Recovery) (Fixed) (Total:1.48 GB) (Free:0.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: A70815D5)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=147 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1.5 GB) - (Type=27)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 73696D20)
No partition Table on disk 1.

==================== End of Addition.txt ============================
 
  • Like
Reactions: JT4866

Broni

Malware Annihilator
You're infected with Smartservice rootkit.
It can't be fixed from within Windows so you must follow these instructions.
Please pay attention to every single step.

NOTE 1. Use another working computer to download Farbar Recovery Scan Tool and save it to USB flash drive.
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.


If you are using Windows 10 If you're having problems accessing System Recovery Options create Windows 10 USB or DVD as described here: http://betanews.com/2015/07/29/how-to-download-windows-10-and-create-your-own-installation-usb-flash-drive-or-dvd/ and boot from it.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. To access Advanced Boot Options start and shut down computer TWICE. On third start you should see Advanced Boot Options.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

Plug the flashdrive into the infected PC.
Important! Do NOT plug flashdrive at any earlier stage because it'll corrupt FRST file.

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note:
    Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
  • Like
Reactions: JT4866

JT4866

TS Member
That's weird. I was never informed of your reply. I had to dig through your recent posts to see that you had replied.

I will be working on this today. Thank you so much for helping me.
 

JT4866

TS Member
Ok so I managed to dig out an old keyboard with the old style connect (instead of usb) and managed to get into it that way. My usb k/b would not work until it was on the password screen. Anyway, I noticed right away that my boot time was instant like it used to be. Also, when I look in the task manager for running processes, I saw none of the rogue exe. running. I will now try to post the logs from the flash drive but may have to attach them (like before).

Two more questions I have though. One, are the other flash drives I had plugged in infected also? I had removed them when I first started working on this but am unsure if any action should be taken before plugging them back in so I won't until I hear from you. Two, what do I do with Panda USB Vaccine on the other pc? If this one is fixed can I just download it onto here from the Major Geeks site or what should I do with it?

Thank you sir.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by SYSTEM on MININT-LSQH8VH (15-02-2018 11:54:14)
Running from G:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool:

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Users\Owner\Documents\GWX_control_panel.exe [4559944 2016-02-11] (UltimateOutsider)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2013-11-23] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [347768 2010-04-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [Immunet Protect] => C:\Program Files\Immunet\6.0.8\iptray.exe [3844288 2018-02-12] (Immunet)
HKU\Owner\...\Policies\system: [LogonHoursAction] 2
HKU\Owner\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Owner\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\Twins\...\Policies\system: [LogonHoursAction] 2
HKU\Twins\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
BootExecute: autocheck autochk * Partizan
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-217011151-2072011241-3863041349-1004\User: Restriction <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"HKLM\System\ControlSet001\Services\erzmnkd" => removed successfully
C:\Windows\System32\drivers\avkvycfi.sys => moved successfully
"HKLM\System\ControlSet001\Services\ybbbee" => removed successfully
C:\Users\Owner\AppData\Local\pciakow\aunricz.exe => moved successfully
C:\Users\Owner\AppData\Local\pciakow\pciakow.exe => moved successfully
C:\Users\Owner\AppData\Local\vdeaixl\wmcgkrd.exe => moved successfully
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7002120 2017-12-20] ()
S2 ImmunetProtect_6.0.8; C:\Program Files\Immunet\6.0.8\sfc.exe [1250880 2018-02-12] (Cisco Systems, Inc.)
S3 scan; C:\Program Files\Immunet\tetra\scan.dll [652568 2018-02-12] (Bitdefender)
S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (DEVGURU Co., LTD.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 20271752; C:\Windows\System32\drivers\20271752.sys [255928 2018-02-11] (Malwarebytes)
S0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2016-06-14] (Arainia Solutions LLC)
S2 ImmunetNetworkMonitorDriver; C:\windows\System32\Drivers\ImmunetNetworkMonitor.sys [119608 2018-02-12] (Cisco Systems, Inc.)
S1 ImmunetProtectDriver; C:\windows\System32\Drivers\immunetprotect.sys [113976 2018-02-12] (Cisco Systems, Inc.)
S1 ImmunetSelfProtectDriver; C:\windows\System32\Drivers\immunetselfprotect.sys [77624 2018-02-12] (Cisco Systems, Inc.)
S3 MxEFLF; C:\Windows\system32\drivers\MxEFLF64.sys [116224 2011-08-15] (Matrox Graphics Inc.)
S3 MxEFUF; C:\Windows\system32\drivers\MxEFUF64.sys [157696 2011-08-15] (Matrox Graphics Inc.)
S0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2018-02-12] (Greatis Software)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [28400 2016-12-18] ()
S3 semav6msr64; C:\windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-02-12] ()
S3 Trufos; C:\windows\System32\Drivers\trufos.sys [442848 2018-02-12] (BitDefender S.R.L.)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 MFE_RR; \??\C:\Users\Owner\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
S2 npf; \??\C:\windows\system32\drivers\npf.sys [X]
S4 SMR520; System32\drivers\SMR520.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-15 08:06 - 2018-02-15 08:06 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2018-02-15 08:04 - 2018-02-15 08:04 - 000294088 _____ C:\Windows\System32\FNTCACHE.DAT
2018-02-15 07:04 - 2018-02-15 07:04 - 000066600 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-13 08:27 - 2018-02-13 08:27 - 011217568 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup540.exe
2018-02-13 08:10 - 2018-02-13 08:13 - 000000000 ____D C:\Users\Owner\AppData\Roaming\TextNow
2018-02-13 08:10 - 2018-02-13 08:10 - 058867008 _____ (TextNow Inc.) C:\Users\Owner\Downloads\TextNow+Setup+1.1.0.exe
2018-02-12 15:41 - 2018-02-12 15:41 - 000034822 _____ C:\Users\Owner\Desktop\Addition.txt
2018-02-12 15:40 - 2018-02-12 15:41 - 000039217 _____ C:\Users\Owner\Desktop\FRST.txt
2018-02-12 15:40 - 2018-02-12 15:40 - 000000000 ____D C:\Users\Owner\Downloads\FRST-OlderVersion
2018-02-12 15:39 - 2018-02-15 09:49 - 000000000 ____D C:\Program Files\Immunet
2018-02-12 15:39 - 2018-02-12 15:39 - 000442848 _____ (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2018-02-12 15:39 - 2018-02-12 15:39 - 000119608 _____ (Cisco Systems, Inc.) C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys
2018-02-12 15:39 - 2018-02-12 15:39 - 000113976 _____ (Cisco Systems, Inc.) C:\Windows\System32\Drivers\immunetprotect.sys
2018-02-12 15:39 - 2018-02-12 15:39 - 000077624 _____ (Cisco Systems, Inc.) C:\Windows\System32\Drivers\immunetselfprotect.sys
2018-02-12 15:39 - 2018-02-12 15:39 - 000071088 _____ (Cisco Systems, Inc.) C:\Windows\System32\Drivers\ImmunetUtilDriver.sys
2018-02-12 15:39 - 2018-02-12 15:39 - 000000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_ImmunetNetworkMonitor_01009.Wdf
2018-02-12 15:38 - 2018-02-12 15:38 - 001123608 _____ (Cisco Systems, Inc.) C:\Users\Owner\Downloads\ImmunetSetup.exe
2018-02-12 15:38 - 2018-02-12 15:38 - 000000000 ____D C:\ProgramData\Immunet
2018-02-12 10:12 - 2018-02-12 10:12 - 007189760 _____ (VS Revo Group ) C:\Users\Owner\Downloads\revosetup.exe
2018-02-12 09:44 - 2018-02-12 09:44 - 000028272 _____ C:\Windows\System32\Drivers\TrueSight.sys
2018-02-12 09:42 - 2018-02-12 10:05 - 000000000 ____D C:\ProgramData\RogueKiller
2018-02-12 09:28 - 2018-02-12 09:28 - 000040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2018-02-12 09:06 - 2018-02-12 09:06 - 026937928 _____ (Adlice Software) C:\Users\Owner\Downloads\RogueKiller_portable64.exe
2018-02-12 08:40 - 2018-02-12 08:40 - 000221662 _____ C:\Users\Owner\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2018-02-12 08:15 - 2018-02-12 15:40 - 002405376 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2018-02-12 06:40 - 2017-09-06 06:30 - 000000826 _____ C:\Windows\System32\Drivers\etc\hosts.old
2018-02-12 06:34 - 2018-02-15 09:48 - 000000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2018-02-12 06:25 - 2018-02-12 06:25 - 000000000 ____D C:\@RestoreQuarantine
2018-02-12 06:10 - 2018-02-13 08:29 - 000003328 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2018-02-12 06:10 - 2018-02-12 09:30 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2018-02-12 06:10 - 2018-02-12 09:28 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2018-02-12 06:10 - 2018-02-12 09:28 - 000000000 ____D C:\Users\Owner\Documents\RegRun2
2018-02-12 06:10 - 2018-02-12 06:10 - 000000002 RSHOT C:\Windows\winstart.bat
2018-02-12 06:10 - 2018-02-12 06:10 - 000000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2018-02-12 06:10 - 2018-02-12 06:10 - 000000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2018-02-12 06:10 - 2018-02-12 06:10 - 000000000 ____D C:\ProgramData\RegRun
2018-02-12 06:10 - 2018-01-31 11:32 - 000014984 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2018-02-12 06:10 - 2015-12-28 09:32 - 000049968 _____ (Greatis Software) C:\Windows\System32\partizan.exe
2018-02-12 06:08 - 2018-02-09 03:07 - 018322776 _____ (Greatis Software, LLC. ) C:\Users\Owner\Downloads\unhackme_setup.exe
2018-02-12 06:05 - 2018-02-12 06:05 - 000784152 _____ (McAfee, Inc.) C:\Users\Owner\Downloads\rootkitremover.exe
2018-02-12 06:01 - 2018-02-12 07:33 - 000000114 ___RH C:\Users\Owner\Downloads\Stinger.opt
2018-02-12 05:58 - 2018-02-12 06:01 - 000000821 _____ C:\Users\Owner\Downloads\Stinger_12022018_075816.html
2018-02-12 05:58 - 2018-02-12 05:58 - 000000000 ____D C:\Program Files\McAfee
2018-02-12 05:57 - 2018-02-12 05:57 - 016121728 _____ (McAfee Inc) C:\Users\Owner\Downloads\stinger64.exe
2018-02-11 21:23 - 2018-02-11 21:23 - 000003441 _____ C:\Users\Owner\Documents\aswMBR.txt
2018-02-11 21:23 - 2018-02-11 21:23 - 000000512 _____ C:\Users\Owner\Documents\MBR.dat
2018-02-11 20:57 - 2018-02-11 20:57 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\20271752.sys
2018-02-11 20:55 - 2018-02-11 20:55 - 000000000 ____D C:\KVRT_Data
2018-02-11 20:50 - 2018-02-13 08:30 - 000002960 _____ C:\Windows\System32\Tasks\{31D0CC95-82DF-4E83-A962-E621FA252850}
2018-02-11 20:40 - 2018-02-11 20:41 - 000013591 _____ C:\Users\Owner\Desktop\MBRCheck_02.11.18_22.40.57.txt
2018-02-11 20:40 - 2018-02-11 20:40 - 000881904 _____ (Plumbytes Software) C:\Users\Owner\Downloads\antimalwaresetup.exe
2018-02-11 20:17 - 2018-02-11 20:17 - 000080384 _____ C:\Users\Owner\Downloads\MBRCheck.exe
2018-02-11 19:47 - 2018-02-11 19:47 - 005200384 _____ (AVAST Software) C:\Users\Owner\Downloads\aswmbr.exe
2018-02-11 19:43 - 2018-02-11 19:43 - 000390776 _____ (BitDefender S.R.L.) C:\Windows\System32\Drivers\TrufosAlt.sys
2018-02-11 19:38 - 2018-02-13 08:30 - 000003124 _____ C:\Windows\System32\Tasks\{ABDB8FBC-6C46-447A-BF5C-354A7A14DF15}
2018-02-11 19:34 - 2018-02-11 19:34 - 001525384 _____ C:\Users\Owner\Downloads\sarsfx.exe
2018-02-11 19:32 - 2018-02-11 19:32 - 011427128 _____ (Bitdefender LLC) C:\Users\Owner\Downloads\BootkitRemoval_x64.exe
2018-02-11 19:19 - 2018-02-11 19:19 - 000000000 ____D C:\Users\Owner\AppData\Local\iSkysoft
2018-02-11 19:19 - 2018-02-11 19:19 - 000000000 ____D C:\ProgramData\iSkysoft
2018-02-11 19:13 - 2018-02-11 19:13 - 000000492 _____ C:\TDSSKiller.3.1.0.16_11.02.2018_21.13.25_log.txt
2018-02-11 18:51 - 2018-02-12 07:29 - 000000000 ____D C:\NPE
2018-02-11 18:50 - 2018-02-12 07:30 - 000000000 ____D C:\Users\Owner\AppData\Local\NPE
2018-02-11 18:50 - 2018-02-11 19:08 - 000016894 _____ C:\Windows\System32\Drivers\SMR520.dat
2018-02-11 18:50 - 2018-02-11 18:50 - 000000000 ____D C:\ProgramData\Norton
2018-02-11 18:45 - 2018-02-11 18:45 - 001137360 _____ (F-Secure Corporation) C:\Users\Owner\Downloads\fsbl.exe
2018-02-11 18:44 - 2018-02-11 18:44 - 014999000 _____ (Trend Micro Inc.) C:\Users\Owner\Downloads\RootkitBusterV5.0-1203x64.exe
2018-02-11 18:42 - 2018-02-11 18:42 - 009494240 _____ (Symantec Corporation) C:\Users\Owner\Downloads\NPE.exe
2018-02-11 17:55 - 2018-02-11 18:54 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-02-11 17:44 - 2018-02-11 17:45 - 000018198 _____ C:\TDSSKiller.3.1.0.16_11.02.2018_19.44.58_log.txt
2018-02-11 16:43 - 2018-02-11 19:47 - 000000000 ____D C:\AdwCleaner
2018-02-11 16:42 - 2018-02-11 20:54 - 000000000 ____D C:\Users\Owner\Desktop\rkill
2018-02-11 16:41 - 2018-02-11 20:55 - 000001942 _____ C:\Users\Owner\Desktop\Rkill.txt
2018-02-11 16:41 - 2018-02-11 16:41 - 008222496 _____ (Malwarebytes) C:\Users\Owner\Downloads\AdwCleaner.exe
2018-02-11 16:41 - 2018-02-11 16:41 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.exe
2018-02-11 16:36 - 2016-03-11 12:53 - 000380928 _____ C:\Users\Owner\Downloads\gmer.exe
2018-02-11 15:57 - 2018-02-11 15:57 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\4423FC0D.sys
2018-02-11 15:56 - 2018-02-11 15:57 - 000013956 _____ C:\TDSSKiller.3.1.0.16_11.02.2018_17.56.02_log.txt
2018-02-11 15:52 - 2018-02-11 15:52 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.10.3.1001.exe
2018-02-11 15:51 - 2018-02-11 15:51 - 004944584 _____ (AO Kaspersky Lab) C:\Users\Owner\Downloads\tdsskiller.exe
2018-02-11 15:47 - 2018-02-11 15:47 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-11 15:47 - 2018-02-11 15:47 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-11 15:33 - 2018-02-11 15:47 - 000000000 ____D C:\Users\Owner\AppData\Local\Deployment
2018-02-11 14:45 - 2018-02-13 20:11 - 000000000 ____D C:\Users\Owner\AppData\Local\wdbplit
2018-02-11 14:26 - 2018-02-11 14:26 - 000192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2018-02-11 14:25 - 2018-02-11 21:10 - 000000000 ____D C:\Users\Owner\Desktop\mbar
2018-02-11 14:25 - 2018-02-11 20:56 - 000192952 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2018-02-11 13:17 - 2018-02-15 11:54 - 000000000 ____D C:\Users\Owner\AppData\Local\vdeaixl
2018-02-11 13:17 - 2018-02-15 11:54 - 000000000 ____D C:\Users\Owner\AppData\Local\pciakow
2018-02-11 13:16 - 2018-02-15 09:48 - 002888704 _____ C:\Windows\System32\scivwrnsvc.exe
2018-02-11 13:16 - 2018-02-11 13:16 - 000000000 ____D C:\Windows\SysWOW64\svdnixc
2018-02-11 13:16 - 2018-02-11 13:16 - 000000000 ____D C:\Windows\System32\svdnixc
2018-02-11 13:15 - 2018-02-11 13:15 - 000003072 _____ C:\Users\Owner\AppData\Local\UNINSTALLVDK.del
2018-02-11 13:15 - 2018-02-11 13:15 - 000000012 _____ C:\Windows\b68209745
2018-02-11 13:15 - 2018-02-11 13:15 - 000000000 ____D C:\Users\Owner\AppData\Roaming\et
2018-02-11 12:57 - 2018-02-11 12:57 - 000009216 _____ C:\Windows\catalyze.exe
2018-02-11 12:44 - 2018-02-11 12:44 - 000000000 ____D C:\Users\Owner\AppData\Local\FreemakeVideoConverter
2018-02-11 12:43 - 2018-02-11 12:44 - 000000000 ____D C:\Users\Owner\Documents\Freemake
2018-02-11 12:42 - 2018-02-11 12:43 - 001013376 _____ (Ellora Assets Corporation ) C:\Users\Owner\Downloads\FreemakeVideoConverterSetup.exe
2018-02-09 21:55 - 2018-02-09 21:55 - 004934536 _____ ( ) C:\Users\Owner\Downloads\crossout_launcher_1.0.3.29.exe
2018-02-04 15:37 - 2018-02-04 15:37 - 000000002 _____ C:\Users\Owner\Downloads\6150f78c-63c1-426e-9ffb-166767f524fa
2018-02-01 19:11 - 2018-02-01 19:11 - 000000002 _____ C:\Users\Owner\Downloads\1e13dadb-f363-4061-bcc5-f1049f0200da
2018-01-31 08:37 - 2018-01-31 08:37 - 000000000 ____D C:\Users\Owner\AppData\Local\RadeonSettings
2018-01-31 08:26 - 2018-02-10 18:51 - 000003148 _____ C:\Windows\System32\Tasks\StartCN
2018-01-31 08:26 - 2018-02-10 18:51 - 000003062 _____ C:\Windows\System32\Tasks\StartDVR
2018-01-31 08:26 - 2018-01-31 08:26 - 000000000 ____D C:\Program Files (x86)\AMD
2018-01-31 08:21 - 2018-01-31 08:21 - 025900000 _____ (AMD Inc.) C:\Users\Owner\Downloads\radeon-software-adrenalin-17.12.1-minimalsetup-171211_64bit.exe
2018-01-27 12:36 - 2018-01-27 12:36 - 000003460 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-RANDOM-PC-Owner
2018-01-21 14:52 - 2018-01-21 14:52 - 000110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2018-01-16 09:30 - 2018-01-16 09:31 - 011205832 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup539.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-15 11:54 - 2017-07-27 15:37 - 000000000 ____D C:\FRST
2018-02-15 10:23 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\Help
2018-02-15 09:49 - 2016-06-08 10:40 - 000065536 _____ C:\Windows\System32\spu_storage.bin
2018-02-15 09:49 - 2009-07-13 18:34 - 023592960 _____ C:\Windows\System32\config\HARDWARE
2018-02-15 09:48 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-15 09:34 - 2009-07-13 21:13 - 000752568 _____ C:\Windows\System32\PerfStringBackup.INI
2018-02-15 09:34 - 2009-07-13 20:45 - 000028944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-15 09:34 - 2009-07-13 20:45 - 000028944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-15 09:34 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2018-02-15 09:21 - 2017-08-08 19:13 - 000000000 ____D C:\Windows\pss
2018-02-15 09:19 - 2016-06-12 14:45 - 000000000 ____D C:\Program Files (x86)\Steam
2018-02-15 03:00 - 2017-09-24 05:27 - 000000444 _____ C:\Windows\Tasks\Wise Disk Cleaner Schedule Task.job
2018-02-14 04:24 - 2016-06-09 08:30 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Wise Disk Cleaner
2018-02-13 08:28 - 2017-10-24 05:29 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-02-13 08:01 - 2016-06-20 18:15 - 000000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2018-02-13 03:00 - 2016-06-13 11:50 - 000000000 ____D C:\Windows\Minidump
2018-02-12 07:40 - 2017-08-22 15:14 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-02-12 07:40 - 2016-12-25 08:25 - 000000000 ____D C:\Users\Owner\Documents\ArmA 2
2018-02-12 07:40 - 2016-09-24 16:32 - 000000000 ____D C:\Users\Owner\Downloads\PopcornTime
2018-02-12 07:40 - 2016-06-16 22:45 - 000000000 ____D C:\Users\Owner\Documents\DayZ
2018-02-11 21:47 - 2017-08-01 19:27 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-11 17:09 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\registration
2018-02-11 16:19 - 2017-08-28 18:27 - 000000000 ____D C:\Users\Owner\Downloads\androidfirmware
2018-02-11 16:19 - 2017-03-09 09:32 - 000000000 ____D C:\Users\Owner\Downloads\Intel Components
2018-02-11 16:13 - 2016-12-25 08:36 - 000000000 ____D C:\Users\Owner\Documents\ArmA 2 Other Profiles
2018-02-11 16:09 - 2017-05-31 15:06 - 000000000 ____D C:\users\Twins
2018-02-11 16:09 - 2016-06-08 07:10 - 000000000 ____D C:\users\Administrator
2018-02-11 15:47 - 2016-06-08 07:12 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-11 15:11 - 2016-06-08 09:54 - 000000000 ____D C:\users\Owner
2018-02-11 14:44 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\ModemLogs
2018-02-11 13:42 - 2017-08-03 23:09 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Azureus
2018-02-10 21:41 - 2016-09-01 00:10 - 000000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2018-02-10 18:42 - 2017-08-03 23:11 - 000000000 ____D C:\Users\Owner\Documents\Vuze Downloads
2018-02-10 16:02 - 2016-04-12 14:02 - 000000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2018-02-09 06:41 - 2016-07-01 12:11 - 000000000 ____D C:\Users\Owner\AppData\Roaming\WiseUpdate
2018-02-03 03:27 - 2016-06-16 22:45 - 000000000 ____D C:\Users\Owner\AppData\Local\DayZ
2018-01-31 09:12 - 2017-12-07 07:30 - 000003132 _____ C:\Windows\System32\Tasks\{5231E8DD-424B-41D5-BA5E-781B0F07348C}
2018-01-31 09:12 - 2017-12-07 07:30 - 000003122 _____ C:\Windows\System32\Tasks\{698F5BD4-16D1-427C-8693-8865FBA61A03}
2018-01-31 08:30 - 2016-06-08 10:35 - 000000000 ____D C:\Users\Owner\AppData\Local\AMD
2018-01-31 08:29 - 2016-09-10 09:51 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\AMD
2018-01-31 08:23 - 2017-06-14 20:42 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-01-31 08:21 - 2017-01-24 23:32 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2018-01-31 08:21 - 2016-06-08 10:28 - 000000000 ____D C:\AMD
2018-01-27 12:31 - 2009-07-13 21:08 - 000032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-01-26 15:00 - 2017-12-25 15:48 - 000000000 ____D C:\Program Files (x86)\Renegade X
2018-01-23 19:26 - 2017-10-29 16:01 - 000000000 ____D C:\Games
2018-01-23 07:04 - 2016-06-09 08:38 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Wargaming.net
2018-01-21 14:53 - 2016-06-08 07:14 - 000000000 ____D C:\ProgramData\Oracle
2018-01-21 14:52 - 2016-06-08 07:19 - 000110144 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2018-01-21 14:52 - 2016-06-08 07:18 - 000000000 ____D C:\Program Files\Java
2018-01-21 14:52 - 2016-06-08 07:14 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-21 14:51 - 2016-06-08 07:14 - 000097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6075.25 MB
Available physical RAM: 5365.07 MB
Total Virtual: 6073.45 MB
Available Virtual: 5354.33 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:147.04 GB) (Free:27.5 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:1.48 GB) (Free:0.31 GB) NTFS
Drive g: (PNY) (Removable) (Total:7.59 GB) (Free:7.59 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: A70815D5)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=147 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1.5 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.6 GB) - (Type=0B)

LastRegBack: 2018-02-12 03:40

==================== End of FRST.txt ============================
 

Attachments

Last edited by a moderator:

Broni

Malware Annihilator
Good job! :)

Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.
once it's done you can plug any flashdrive and scan it with AV program to make sure they're clean.

Next....

Restart computer in normal mode and...

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

JT4866

TS Member
"Good job". Not without those highly detailed instructions! ;) Thank you!
So, first...log by RogueKiller:

RogueKiller V12.12.4.0 (x64) [Feb 12 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 02/15/2018 12:50:32 (Duration : 00:21:33)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{65416821-217D-44BD-9C61-F53398FB1B46} (C:\Program Files\Immunet\tetra\scan.dll) -> Not selected
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{6DFC0DC7-FDC5-44C2-8B80-5977BA8F8ACC} (C:\Program Files\Immunet\tetra\scan.dll) -> Not selected
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{E5AFF088-92F8-41a9-8CAB-E9CDCCE967AC} (C:\Program Files\Immunet\tetra\scan.dll) -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-217011151-2072011241-3863041349-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.accuweather.com/en/us/springfield-il/62701/weather-forecast/328763 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-217011151-2072011241-3863041349-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.accuweather.com/en/us/springfield-il/62701/weather-forecast/328763 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://www.wunderground.com/weather/us/il/springfield/39.785332,-89.6533936] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1600YS-18SHB2 ATA Device +++++
--- User ---
[MBR] af03097aca877910363703335accc5c0
[BSP] 3f434cd9fcebc859aad3eda7b95bd0ec : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 499 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1024000 | Size: 150566 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 309383168 | Size: 1520 MB
User = LL1 ... OK
User = LL2 ... OK
 

JT4866

TS Member
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/15/18
Scan Time: 1:45 PM
Log File: cbd89b36-1288-11e8-bdfb-f4ce462c004a.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3962
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: RANDOM-PC\Owner

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 284749
Threats Detected: 70
Threats Quarantined: 70
Time Elapsed: 8 min, 38 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 6
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-217011151-2072011241-3863041349-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Quarantined, [5023], [425124],1.0.3962
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-217011151-2072011241-3863041349-1001\CONSOLE\TASKENG.EXE, Quarantined, [5023], [425125],1.0.3962
PUP.Optional.Plumbytes, HKLM\SOFTWARE\Plumbytes Software, Quarantined, [7605], [262040],1.0.3962
PUP.Optional.Plumbytes, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{31D0CC95-82DF-4E83-A962-E621FA252850}, Quarantined, [7605], [123575],1.0.3962
PUP.Optional.Plumbytes, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{870BA5FD-3B9F-4DFF-87B9-F00E3682E1DF}, Quarantined, [7605], [123575],1.0.3962
PUP.Optional.Plumbytes, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{870BA5FD-3B9F-4DFF-87B9-F00E3682E1DF}, Quarantined, [7605], [123575],1.0.3962

Registry Value: 3
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-217011151-2072011241-3863041349-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Quarantined, [5023], [425124],1.0.3962
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-217011151-2072011241-3863041349-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Quarantined, [5023], [425126],1.0.3962
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-217011151-2072011241-3863041349-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Quarantined, [5023], [425125],1.0.3962

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 18
PUP.Optional.PlayZone.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnjgmgbacmemmopeianhhabkgajjng\1.0.3_0\ty\images, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnjgmgbacmemmopeianhhabkgajjng\1.0.3_0\_metadata, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnjgmgbacmemmopeianhhabkgajjng\1.0.3_0\images, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnjgmgbacmemmopeianhhabkgajjng\1.0.3_0\ty, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnjgmgbacmemmopeianhhabkgajjng\1.0.3_0, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NFMNJGMGBACMEMMOPEIANHHABKGAJJNG, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miocdidnaandmhoncmppenehgcaiachi, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\_locales\en, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\html\popup, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\_metadata, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\js\popup, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\_locales, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\newtab, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\html, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\css, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\js, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MIOCDIDNAANDMHONCMPPENEHGCAIACHI, Quarantined, [2109], [454579],1.0.3962

File: 43
Generic.Malware/Suspicious, C:\WINDOWS\CATALYZE.EXE, Quarantined, [0], [392686],1.0.3962
PUP.Optional.PlayZone.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NFMNJGMGBACMEMMOPEIANHHABKGAJJNG\1.0.3_0\MANIFEST.JSON, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnjgmgbacmemmopeianhhabkgajjng\1.0.3_0\images\icon128.png, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnjgmgbacmemmopeianhhabkgajjng\1.0.3_0\images\icon16.png, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnjgmgbacmemmopeianhhabkgajjng\1.0.3_0\ty\images\bar.jpg, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnjgmgbacmemmopeianhhabkgajjng\1.0.3_0\ty\images\incognito.png, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnjgmgbacmemmopeianhhabkgajjng\1.0.3_0\ty\ty.css, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnjgmgbacmemmopeianhhabkgajjng\1.0.3_0\ty\ty.html, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnjgmgbacmemmopeianhhabkgajjng\1.0.3_0\_metadata\computed_hashes.json, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnjgmgbacmemmopeianhhabkgajjng\1.0.3_0\_metadata\verified_contents.json, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnjgmgbacmemmopeianhhabkgajjng\1.0.3_0\EULA.txt, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnjgmgbacmemmopeianhhabkgajjng\1.0.3_0\jquery.min.js, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnjgmgbacmemmopeianhhabkgajjng\1.0.3_0\loader.js, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.PlayZone.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnjgmgbacmemmopeianhhabkgajjng\1.0.3_0\privacy.txt, Quarantined, [8271], [478198],1.0.3962
PUP.Optional.Spigot.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miocdidnaandmhoncmppenehgcaiachi\000003.log, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miocdidnaandmhoncmppenehgcaiachi\CURRENT, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miocdidnaandmhoncmppenehgcaiachi\LOCK, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miocdidnaandmhoncmppenehgcaiachi\LOG, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miocdidnaandmhoncmppenehgcaiachi\LOG.old, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miocdidnaandmhoncmppenehgcaiachi\MANIFEST-000001, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MIOCDIDNAANDMHONCMPPENEHGCAIACHI\4.0_0\CHROMERESTORE.JS, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\css\description.css, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\css\popup.css, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\html\popup\description.html, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\html\popup\popup.html, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\js\popup\popup.js, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\js\userNewTab.js, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\newtab\slimmaps__newtab.html, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\_locales\en\messages.json, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\_metadata\verified_contents.json, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\after.js, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\background.js, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\contentscript.js, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\icon.png, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miocdidnaandmhoncmppenehgcaiachi\4.0_0\manifest.json, Quarantined, [2109], [454579],1.0.3962
PUP.Optional.Plumbytes, C:\WINDOWS\SYSTEM32\TASKS\{31D0CC95-82DF-4E83-A962-E621FA252850}, Quarantined, [7605], [123575],1.0.3962
PUP.Optional.Plumbytes, C:\USERS\OWNER\DOWNLOADS\ANTIMALWARESETUP.EXE, Quarantined, [7605], [123575],1.0.3962

Physical Sector: 0
(No malicious items detected)


(end)
 

JT4866

TS Member
# AdwCleaner 7.0.8.0 - Logfile created on Thu Feb 15 20:15:18 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 02-15-2018.2
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.Legacy, scan


***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{65416821-217D-44BD-9C61-F53398FB1B46}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{65416821-217D-44BD-9C61-F53398FB1B46}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{6DFC0DC7-FDC5-44C2-8B80-5977BA8F8ACC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E5AFF088-92F8-41a9-8CAB-E9CDCCE967AC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{39A37965-0A96-43A3-870E-821FE5C84B0B}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1986 B] - [2018/2/12 0:46:37]
C:/AdwCleaner/AdwCleaner[C1].txt - [1647 B] - [2018/2/12 1:42:16]
C:/AdwCleaner/AdwCleaner[S0].txt - [2014 B] - [2018/2/12 0:46:26]
C:/AdwCleaner/AdwCleaner[S1].txt - [1538 B] - [2018/2/12 1:41:40]
C:/AdwCleaner/AdwCleaner[S2].txt - [1220 B] - [2018/2/12 3:47:30]


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########
 

Broni

Malware Annihilator
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 

JT4866

TS Member
Hi Broni...sorry about the interruption in our session yesterday. Got called in despite being off. I don't know why they bother giving me a day off, they can't seem to do it without me. :)

Anyway...Combofix ran fine and here is the log:

ComboFix 18-02-16.01 - Owner 02/16/2018 10:09:50.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6075.4882 [GMT -6:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\programdata\WS_Log.dll
c:\users\Owner\AppData\Local\REPORT.del
c:\users\Owner\AppData\Local\UNINSTALLVDK.del
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2018-01-16 to 2018-02-16 )))))))))))))))))))))))))))))))
.
.
2018-02-13 16:10 . 2018-02-13 16:13 -------- d-----w- c:\users\Owner\AppData\Roaming\TextNow
2018-02-12 23:39 . 2018-02-15 23:54 -------- d-----w- c:\program files\Immunet
2018-02-12 23:38 . 2018-02-15 17:56 -------- d-----w- c:\programdata\Immunet
2018-02-12 17:44 . 2018-02-15 18:50 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2018-02-12 17:42 . 2018-02-12 18:05 -------- d-----w- c:\programdata\RogueKiller
2018-02-12 14:25 . 2018-02-12 14:25 -------- d-----w- C:\@RestoreQuarantine
2018-02-12 14:10 . 2018-02-12 14:10 -------- d-----w- c:\programdata\RegRun
2018-02-12 14:10 . 2018-02-12 14:10 2 --shatr- c:\windows\winstart.bat
2018-02-12 14:10 . 2018-02-15 23:56 -------- d-----w- c:\program files (x86)\UnHackMe
2018-02-12 13:58 . 2018-02-12 13:58 -------- d-----w- c:\program files\McAfee
2018-02-12 04:57 . 2018-02-12 04:57 255928 ----a-w- c:\windows\system32\drivers\20271752.sys
2018-02-12 04:55 . 2018-02-12 04:55 -------- d-----w- C:\KVRT_Data
2018-02-12 03:43 . 2018-02-12 03:43 390776 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2018-02-12 03:19 . 2018-02-12 03:19 -------- d-----w- c:\programdata\iSkysoft
2018-02-12 03:19 . 2018-02-12 03:19 -------- d-----w- c:\users\Owner\AppData\Local\iSkysoft
2018-02-12 02:51 . 2018-02-12 15:29 -------- d-----w- C:\NPE
2018-02-12 02:50 . 2018-02-12 15:30 -------- d-----w- c:\users\Owner\AppData\Local\NPE
2018-02-12 02:50 . 2018-02-12 02:50 -------- d-----w- c:\programdata\Norton
2018-02-12 01:55 . 2018-02-12 02:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2018-02-12 00:43 . 2018-02-15 20:20 -------- d-----w- C:\AdwCleaner
2018-02-11 23:57 . 2018-02-11 23:57 255928 ----a-w- c:\windows\system32\drivers\4423FC0D.sys
2018-02-11 23:33 . 2018-02-11 23:47 -------- d-----w- c:\users\Owner\AppData\Local\Deployment
2018-02-11 22:45 . 2018-02-14 04:11 -------- d-----w- c:\users\Owner\AppData\Local\wdbplit
2018-02-11 21:17 . 2018-02-15 19:54 -------- d-----w- c:\users\Owner\AppData\Local\vdeaixl
2018-02-11 21:17 . 2018-02-15 19:54 -------- d-----w- c:\users\Owner\AppData\Local\pciakow
2018-02-11 21:16 . 2018-02-15 17:48 2888704 ----a-w- c:\windows\system32\scivwrnsvc.exe
2018-02-11 21:16 . 2018-02-11 21:16 -------- d-----w- c:\windows\SysWow64\svdnixc
2018-02-11 21:16 . 2018-02-11 21:16 -------- d-----w- c:\windows\system32\svdnixc
2018-02-11 21:15 . 2018-02-11 21:15 -------- d-----w- c:\users\Owner\AppData\Roaming\et
2018-02-11 20:44 . 2018-02-11 20:44 -------- d-----w- c:\users\Owner\AppData\Local\FreemakeVideoConverter
2018-01-31 16:37 . 2018-01-31 16:37 -------- d-----w- c:\users\Owner\AppData\Local\RadeonSettings
2018-01-31 16:26 . 2018-01-31 16:26 -------- d-----w- c:\program files (x86)\AMD
2018-01-21 22:52 . 2018-01-21 22:52 110144 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll
2018-01-21 22:52 . 2018-01-21 22:52 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-02-16 16:14 . 2016-06-08 18:40 65536 ----a-w- c:\windows\system32\spu_storage.bin
2018-01-21 22:52 . 2016-06-08 15:19 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2018-01-21 22:51 . 2016-06-08 15:14 97344 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2018-01-12 22:59 . 2018-01-12 22:59 126848 ----a-w- c:\windows\SysWow64\amdihk32.dll
2018-01-12 22:59 . 2018-01-12 22:59 155688 ----a-w- c:\windows\system32\amdihk64.dll
2018-01-12 21:59 . 2018-01-12 21:59 9936 ----a-w- c:\windows\system32\detoured.dll
2018-01-12 21:59 . 2018-01-12 21:59 9936 ----a-w- c:\windows\SysWow64\detoured.dll
2018-01-12 21:59 . 2018-01-12 21:59 161344 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2018-01-12 21:59 . 2017-06-12 21:14 196400 ----a-w- c:\windows\system32\atiuxp64.dll
2018-01-12 21:59 . 2018-01-12 21:59 9574032 ----a-w- c:\windows\SysWow64\atiumdag.dll
2018-01-12 21:59 . 2017-06-12 21:13 15993520 ----a-w- c:\windows\system32\atidxx64.dll
2018-01-12 21:59 . 2018-01-12 21:59 11771056 ----a-w- c:\windows\system32\atiumd64.dll
2018-01-12 21:59 . 2018-01-12 21:59 143864 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2018-01-12 21:59 . 2018-01-12 21:59 13196040 ----a-w- c:\windows\SysWow64\atidxx32.dll
2018-01-12 21:59 . 2018-01-12 21:59 173216 ----a-w- c:\windows\system32\atiu9p64.dll
2018-01-12 21:59 . 2017-06-12 21:13 1961272 ----a-w- c:\windows\system32\aticfx64.dll
2018-01-12 21:59 . 2018-01-12 21:59 1555488 ----a-w- c:\windows\SysWow64\aticfx32.dll
2018-01-12 21:59 . 2018-01-12 21:59 449416 ----a-w- c:\windows\system32\GameManager64.dll
2018-01-12 21:59 . 2018-01-12 21:59 36232 ----a-w- c:\windows\system32\RapidFireServer64.dll
2018-01-12 21:59 . 2018-01-12 21:59 357256 ----a-w- c:\windows\SysWow64\GameManager32.dll
2018-01-12 21:59 . 2018-01-12 21:59 33160 ----a-w- c:\windows\SysWow64\RapidFireServer.dll
2018-01-12 21:59 . 2018-01-12 21:59 547208 ----a-w- c:\windows\system32\Rapidfire64.dll
2018-01-12 21:59 . 2018-01-12 21:59 470920 ----a-w- c:\windows\system32\dgtrayicon.exe
2018-01-12 21:59 . 2018-01-12 21:59 461192 ----a-w- c:\windows\SysWow64\Rapidfire.dll
2018-01-12 21:59 . 2018-01-12 21:59 342920 ----a-w- c:\windows\system32\clinfo.exe
2018-01-12 21:59 . 2018-01-12 21:59 163720 ----a-w- c:\windows\system32\OpenCL.dll
2018-01-12 21:59 . 2018-01-12 21:59 149896 ----a-w- c:\windows\system32\mantleaxl64.dll
2018-01-12 21:59 . 2018-01-12 21:59 139656 ----a-w- c:\windows\SysWow64\OpenCL.dll
2018-01-12 21:59 . 2018-01-12 21:59 126344 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2018-01-12 21:58 . 2018-01-12 21:58 170888 ----a-w- c:\windows\system32\mantle64.dll
2018-01-12 21:58 . 2018-01-12 21:58 475016 ----a-w- c:\windows\system32\atitmm64.dll
2018-01-12 21:58 . 2018-01-12 21:58 141704 ----a-w- c:\windows\SysWow64\mantle32.dll
2018-01-12 21:58 . 2018-01-12 21:58 536968 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2018-01-12 21:58 . 2018-01-12 21:58 349064 ----a-w- c:\windows\system32\ATIODE.exe
2018-01-12 21:58 . 2018-01-12 21:58 115592 ----a-w- c:\windows\system32\atimuixx.dll
2018-01-12 21:58 . 2018-01-12 21:58 67464 ----a-w- c:\windows\system32\ATIODCLI.exe
2018-01-12 21:58 . 2018-01-12 21:58 197000 ----a-w- c:\windows\SysWow64\atigktxx.dll
2018-01-12 21:58 . 2018-01-12 21:58 124808 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2018-01-12 21:58 . 2018-01-12 21:58 124808 ----a-w- c:\windows\system32\atiglpxx.dll
2018-01-12 21:58 . 2017-07-20 23:39 224136 ----a-w- c:\windows\system32\atig6txx.dll
2018-01-12 21:58 . 2017-07-20 23:39 144776 ----a-w- c:\windows\system32\atig6pxx.dll
2018-01-12 21:58 . 2018-01-12 21:58 472456 ----a-w- c:\windows\system32\atiesrxx.exe
2018-01-12 21:58 . 2018-01-12 21:58 700296 ----a-w- c:\windows\system32\atieclxx.exe
2018-01-12 21:58 . 2018-01-12 21:58 405384 ----a-w- c:\windows\system32\atieah64.exe
2018-01-12 21:58 . 2018-01-12 21:58 325512 ----a-w- c:\windows\SysWow64\atieah32.exe
2018-01-12 21:58 . 2018-01-12 21:58 458632 ----a-w- c:\windows\system32\atidemgy.dll
2018-01-12 21:58 . 2018-01-12 21:58 78728 ----a-w- c:\windows\system32\aticalrt64.dll
2018-01-12 21:58 . 2018-01-12 21:58 11825664 ----a-w- c:\windows\SysWow64\atiumdva.dll
2018-01-12 21:58 . 2018-01-12 21:58 68488 ----a-w- c:\windows\SysWow64\aticalrt.dll
2018-01-12 21:58 . 2018-01-12 21:58 65593736 ----a-w- c:\windows\system32\amdocl64.dll
2018-01-12 21:58 . 2018-01-12 21:58 15728520 ----a-w- c:\windows\system32\aticaldd64.dll
2018-01-12 21:58 . 2018-01-12 21:58 15434120 ----a-w- c:\windows\system32\amdmantle64.dll
2018-01-12 21:58 . 2018-01-12 21:58 12359728 ----a-w- c:\windows\system32\atiumd6a.dll
2018-01-12 21:58 . 2018-01-12 21:58 92328 ----a-w- c:\windows\SysWow64\atimpc32.dll
2018-01-12 21:58 . 2018-01-12 21:58 92328 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2018-01-12 21:58 . 2018-01-12 21:58 111440 ----a-w- c:\windows\system32\atimpc64.dll
2018-01-12 21:58 . 2018-01-12 21:58 111440 ----a-w- c:\windows\system32\amdpcom64.dll
2018-01-12 21:58 . 2018-01-12 21:58 14318984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2018-01-12 21:58 . 2018-01-12 21:58 72072 ----a-w- c:\windows\system32\aticalcl64.dll
2018-01-12 21:58 . 2018-01-12 21:58 175288 ----a-w- c:\windows\system32\amdhcp64.dll
2018-01-12 21:58 . 2018-01-12 21:58 12924808 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2018-01-12 21:58 . 2018-01-12 21:58 866184 ----a-w- c:\windows\system32\amdlvr64.dll
2018-01-12 21:58 . 2018-01-12 21:58 65416 ----a-w- c:\windows\SysWow64\aticalcl.dll
2018-01-12 21:58 . 2018-01-12 21:58 153640 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2018-01-12 21:58 . 2018-01-12 21:58 694152 ----a-w- c:\windows\SysWow64\amdlvr32.dll
2018-01-12 21:58 . 2018-01-12 21:58 1055624 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2018-01-12 21:58 . 2018-01-12 21:58 1055624 ----a-w- c:\windows\SysWow64\atiadlxx.dll
2018-01-12 21:58 . 2017-07-20 23:38 1462664 ----a-w- c:\windows\system32\atiadlxx.dll
2018-01-12 21:58 . 2018-01-12 21:58 120680 ----a-w- c:\windows\system32\amdave64.dll
2018-01-12 21:58 . 2018-01-12 21:58 31553416 ----a-w- c:\windows\system32\amdocl12cl64.dll
2018-01-12 21:58 . 2018-01-12 21:58 105736 ----a-w- c:\windows\SysWow64\amdave32.dll
2018-01-12 21:57 . 2018-01-12 21:57 1232264 ----a-w- c:\windows\system32\coinst_17.50.dll
2018-01-12 21:57 . 2018-01-12 21:57 148360 ----a-w- c:\windows\system32\atisamu64.dll
2018-01-12 21:57 . 2018-01-12 21:57 25145224 ----a-w- c:\windows\SysWow64\amdocl12cl.dll
2018-01-12 21:57 . 2018-01-12 21:57 124296 ----a-w- c:\windows\SysWow64\atisamu32.dll
2018-01-12 21:57 . 2018-01-12 21:57 436616 ----a-w- c:\windows\system32\amdgfxinfo64.dll
2018-01-12 21:57 . 2018-01-12 21:57 352136 ----a-w- c:\windows\SysWow64\amdgfxinfo32.dll
2018-01-12 21:57 . 2018-01-12 21:57 305544 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2018-01-12 21:57 . 2018-01-12 21:57 41694600 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2018-01-12 21:57 . 2018-01-12 21:57 51029384 ----a-w- c:\windows\SysWow64\amdocl.dll
2018-01-12 21:57 . 2018-01-12 21:57 60296 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2018-01-12 21:57 . 2018-01-12 21:57 2933128 ----a-w- c:\windows\system32\amfrt64.dll
2018-01-12 21:57 . 2018-01-12 21:57 2541448 ----a-w- c:\windows\SysWow64\amfrt32.dll
2018-01-12 21:57 . 2018-01-12 21:57 16034696 ----a-w- c:\windows\system32\amdvlk64.dll
2018-01-12 21:57 . 2018-01-12 21:57 13607304 ----a-w- c:\windows\SysWow64\amdvlk32.dll
2018-01-12 21:56 . 2018-01-12 21:56 157064 ----a-w- c:\windows\system32\amduve64.dll
2018-01-12 21:56 . 2018-01-12 21:56 135048 ----a-w- c:\windows\SysWow64\amduve32.dll
2018-01-12 21:56 . 2018-01-12 21:56 139144 ----a-w- c:\windows\system32\amdmmcl6.dll
2018-01-12 21:56 . 2018-01-12 21:56 117128 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2018-01-12 21:56 . 2018-01-12 21:56 543624 ----a-w- c:\windows\system32\amdmcl64.dll
2018-01-12 21:56 . 2018-01-12 21:56 29506440 ----a-w- c:\windows\SysWow64\atioglxx.dll
2018-01-12 21:56 . 2018-01-12 21:56 373640 ----a-w- c:\windows\SysWow64\amdmcl32.dll
2018-01-12 21:56 . 2017-07-20 23:37 35677064 ----a-w- c:\windows\system32\atio6axx.dll
2017-11-28 01:05 . 2017-06-12 21:13 15951808 ----a-w- c:\windows\system32\SET3D18.tmp
2017-11-28 01:05 . 2017-06-12 21:13 1931920 ----a-w- c:\windows\system32\SET8A21.tmp
2017-11-28 01:05 . 2017-06-12 21:14 195888 ----a-w- c:\windows\system32\SET88F4.tmp
2017-11-28 01:04 . 2017-07-20 23:39 223112 ----a-w- c:\windows\system32\SET8925.tmp
2017-11-28 01:04 . 2017-07-20 23:39 144776 ----a-w- c:\windows\system32\SETCD33.tmp
2017-11-28 01:01 . 2017-07-20 23:37 35220872 ----a-w- c:\windows\system32\SET89A.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2017-12-20 587288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SMR520]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys;c:\windows\SYSNATIVE\drivers\ETD.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MFE_RR;MFE_RR;c:\users\Owner\AppData\Local\Temp\mfe_rr.sys;c:\users\Owner\AppData\Local\Temp\mfe_rr.sys [x]
R3 MxEFLF;Matrox Extio Lower Function Filter;c:\windows\system32\drivers\MxEFLF64.sys;c:\windows\SYSNATIVE\drivers\MxEFLF64.sys [x]
R3 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF64.sys;c:\windows\SYSNATIVE\drivers\MxEFUF64.sys [x]
R3 PNPMEM;Microsoft Memory Module Driver;c:\windows\system32\DRIVERS\pnpmem.sys;c:\windows\SYSNATIVE\DRIVERS\pnpmem.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 semav6msr64;semav6msr64;c:\windows\system32\drivers\semav6msr64.sys;c:\windows\SYSNATIVE\drivers\semav6msr64.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 vmci;vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 20271752;20271752;c:\windows\system32\drivers\20271752.sys;c:\windows\SYSNATIVE\drivers\20271752.sys [x]
R4 SMR520;Symantec SMR Utility Service 5.2.0;c:\windows\system32\drivers\SMR520.SYS;c:\windows\SYSNATIVE\drivers\SMR520.SYS [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 GizmoDrv;Gizmo Device Driver; [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x]
S2 WsAppService;Wondershare Application Framework Service;c:\program files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe;c:\program files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 e1kexpress;Intel(R) Network Connections Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
.
.
 

JT4866

TS Member
It's giving me the spam warning again, no matter how I try to break the report down it still says it spammy. : \

Attached file:
 

Attachments

Broni

Malware Annihilator
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

Broni

Malware Annihilator
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by Owner (administrator) on RANDOM-PC (16-02-2018 20:31:51)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & Twins & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Immunet\6.0.8\sfc.exe
(Immunet) C:\Program Files\Immunet\6.0.8\iptray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Users\Owner\Documents\GWX_control_panel.exe [4559944 2016-02-11] (UltimateOutsider)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2013-11-23] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [347768 2010-04-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [Immunet Protect] => C:\Program Files\Immunet\6.0.8\iptray.exe [3844288 2018-02-16] (Immunet)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-217011151-2072011241-3863041349-1004\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{503FDFFA-D982-4EFB-B7A2-850941419CBC}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{503FDFFA-D982-4EFB-B7A2-850941419CBC}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-01-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-21] (Oracle Corporation)
Handler: WSISVCUchrome - No CLSID Value

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-04-12] ()
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-04-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-11] (Google Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.wunderground.com/weather/us/il/springfield/39.785332%2C-89.6533936"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2018-02-16]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-08]
CHR Extension: (DuckDuckGo) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2018-02-07]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-08]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-26]
CHR Extension: (Dark YouTube Theme - Black YouTube & FB Skin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\djhcepodfooinnfhfccmoeabagbjchhg [2017-11-24]
CHR Extension: (VideoCast (VLC/Chromecast)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclhodkofgoighinmongpkpncdpalejb [2016-06-09]
CHR Extension: (Chrome Populer Downloader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmjancgdemcbgpbmfialhipkbgkonmoj [2017-10-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-04-09]
CHR Extension: (Google Hangouts) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2018-02-13]
CHR Extension: (Tubi TV - Free Movies) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdahblbohmnbbldhjedicpckkjbmoad [2018-01-16]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-08]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-217011151-2072011241-3863041349-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7002120 2017-12-20] ()
R2 ImmunetProtect_6.0.8; C:\Program Files\Immunet\6.0.8\sfc.exe [1250880 2018-02-16] (Cisco Systems, Inc.)
S2 Intel(R) PROSet Monitoring Service; C:\windows\system32\IProsetMonitor.exe [505856 2017-02-10] (Intel Corporation) [File not signed]
S3 scan; C:\Program Files\Immunet\tetra\scan.dll [652568 2018-02-16] (Bitdefender)
S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 20271752; C:\windows\System32\drivers\20271752.sys [255928 2018-02-11] (Malwarebytes)
R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [31872 2012-02-02] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 dg_ssudbus; C:\windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2016-06-14] (Arainia Solutions LLC)
R2 ImmunetNetworkMonitorDriver; C:\windows\System32\Drivers\ImmunetNetworkMonitor.sys [119608 2018-02-16] (Cisco Systems, Inc.)
R1 ImmunetProtectDriver; C:\windows\System32\Drivers\immunetprotect.sys [113976 2018-02-16] (Cisco Systems, Inc.)
R1 ImmunetSelfProtectDriver; C:\windows\System32\Drivers\immunetselfprotect.sys [77624 2018-02-16] (Cisco Systems, Inc.)
S3 MxEFLF; C:\windows\system32\drivers\MxEFLF64.sys [116224 2011-08-16] (Matrox Graphics Inc.)
S3 MxEFUF; C:\windows\system32\drivers\MxEFUF64.sys [157696 2011-08-16] (Matrox Graphics Inc.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [28400 2016-12-18] () [File not signed]
S3 semav6msr64; C:\windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 ssudmdm; C:\windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 Trufos; C:\windows\System32\Drivers\trufos.sys [442848 2018-02-16] (BitDefender S.R.L.)
R3 t_mouse.sys; C:\windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MFE_RR; \??\C:\Users\Owner\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
U0 Partizan; system32\drivers\Partizan.sys [X]
S4 SMR520; System32\drivers\SMR520.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-16 20:31 - 2018-02-16 20:32 - 000012716 _____ C:\Users\Owner\Downloads\FRST.txt
2018-02-16 19:12 - 2018-02-16 19:12 - 000442848 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys
2018-02-16 19:12 - 2018-02-16 19:12 - 000119608 _____ (Cisco Systems, Inc.) C:\windows\system32\Drivers\ImmunetNetworkMonitor.sys
2018-02-16 19:12 - 2018-02-16 19:12 - 000113976 _____ (Cisco Systems, Inc.) C:\windows\system32\Drivers\immunetprotect.sys
2018-02-16 19:12 - 2018-02-16 19:12 - 000077624 _____ (Cisco Systems, Inc.) C:\windows\system32\Drivers\immunetselfprotect.sys
2018-02-16 19:12 - 2018-02-16 19:12 - 000071088 _____ (Cisco Systems, Inc.) C:\windows\system32\Drivers\ImmunetUtilDriver.sys
2018-02-16 19:12 - 2018-02-16 19:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immunet
2018-02-16 12:52 - 2018-02-16 12:53 - 004244120 _____ (Wargaming.net ) C:\Users\Owner\Downloads\WoT_internet_install_ct_bjes5ikau0ia.exe
2018-02-16 10:35 - 2018-02-16 10:35 - 000025244 _____ C:\Users\Owner\Desktop\ComboFix.txt
2018-02-16 10:08 - 2018-02-16 10:19 - 000000000 ____D C:\Qoobox
2018-02-16 10:08 - 2011-06-26 00:45 - 000256000 _____ C:\windows\PEV.exe
2018-02-16 10:08 - 2010-11-07 11:20 - 000208896 _____ C:\windows\MBR.exe
2018-02-16 10:08 - 2009-04-19 22:56 - 000060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2018-02-16 10:08 - 2000-08-30 18:00 - 000518144 _____ (SteelWerX) C:\windows\SWREG.exe
2018-02-16 10:08 - 2000-08-30 18:00 - 000406528 _____ (SteelWerX) C:\windows\SWSC.exe
2018-02-16 10:08 - 2000-08-30 18:00 - 000098816 _____ C:\windows\sed.exe
2018-02-16 10:08 - 2000-08-30 18:00 - 000080412 _____ C:\windows\grep.exe
2018-02-16 10:08 - 2000-08-30 18:00 - 000068096 _____ C:\windows\zip.exe
2018-02-16 10:07 - 2018-02-16 10:17 - 000000000 ____D C:\windows\erdnt
2018-02-15 17:46 - 2018-02-15 17:46 - 005660720 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2018-02-15 14:09 - 2018-02-15 14:09 - 008222496 _____ (Malwarebytes) C:\Users\Owner\Downloads\AdwCleaner.exe
2018-02-15 14:02 - 2018-02-15 14:02 - 000013950 _____ C:\Users\Owner\Desktop\MWB.txt
2018-02-15 13:48 - 2018-02-15 13:49 - 000002498 _____ C:\Users\Owner\Desktop\Rogue Killer.txt
2018-02-15 13:42 - 2018-02-15 13:43 - 067292528 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3932.exe
2018-02-15 12:47 - 2018-02-15 12:48 - 036393136 _____ (Adlice Software ) C:\Users\Owner\Downloads\RogueKiller_setup_ref3.exe
2018-02-13 10:10 - 2018-02-13 10:13 - 000000000 ____D C:\Users\Owner\AppData\Roaming\TextNow
2018-02-13 10:10 - 2018-02-13 10:10 - 058867008 _____ (TextNow Inc.) C:\Users\Owner\Downloads\TextNow+Setup+1.1.0.exe
2018-02-13 10:10 - 2018-02-13 10:10 - 000002326 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextNow.lnk
2018-02-12 17:40 - 2018-02-12 17:40 - 000000000 ____D C:\Users\Owner\Downloads\FRST-OlderVersion
2018-02-12 17:39 - 2018-02-16 20:32 - 000000000 ____D C:\Program Files\Immunet
2018-02-12 17:39 - 2018-02-12 17:39 - 000000000 ____H C:\windows\system32\Drivers\Msft_Kernel_ImmunetNetworkMonitor_01009.Wdf
2018-02-12 17:38 - 2018-02-15 11:56 - 000000000 ____D C:\ProgramData\Immunet
2018-02-12 17:38 - 2018-02-12 17:38 - 001123608 _____ (Cisco Systems, Inc.) C:\Users\Owner\Downloads\ImmunetSetup.exe
2018-02-12 12:12 - 2018-02-12 12:12 - 007189760 _____ (VS Revo Group ) C:\Users\Owner\Downloads\revosetup.exe
2018-02-12 11:44 - 2018-02-15 12:50 - 000028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2018-02-12 11:42 - 2018-02-12 12:05 - 000000000 ____D C:\ProgramData\RogueKiller
2018-02-12 11:06 - 2018-02-12 11:06 - 026937928 _____ (Adlice Software) C:\Users\Owner\Downloads\RogueKiller_portable64.exe
2018-02-12 10:15 - 2018-02-12 17:40 - 002405376 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2018-02-12 08:40 - 2017-09-06 08:30 - 000000826 _____ C:\windows\system32\Drivers\etc\hosts.old
2018-02-12 08:34 - 2018-02-15 14:21 - 000000250 _____ C:\windows\SysWOW64\PARTIZAN.TXT
2018-02-12 08:25 - 2018-02-12 08:25 - 000000000 ____D C:\@RestoreQuarantine
2018-02-12 08:10 - 2018-02-15 17:56 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2018-02-12 08:10 - 2018-02-12 11:28 - 000000000 ____D C:\Users\Owner\Documents\RegRun2
2018-02-12 08:10 - 2018-02-12 08:10 - 000000002 RSHOT C:\windows\winstart.bat
2018-02-12 08:10 - 2018-02-12 08:10 - 000000002 RSHOT C:\windows\SysWOW64\CONFIG.NT
2018-02-12 08:10 - 2018-02-12 08:10 - 000000002 RSHOT C:\windows\SysWOW64\AUTOEXEC.NT
2018-02-12 08:10 - 2018-02-12 08:10 - 000000000 ____D C:\ProgramData\RegRun
2018-02-12 08:08 - 2018-02-09 05:07 - 018322776 _____ (Greatis Software, LLC. ) C:\Users\Owner\Downloads\unhackme_setup.exe
2018-02-12 08:05 - 2018-02-12 08:05 - 000784152 _____ (McAfee, Inc.) C:\Users\Owner\Downloads\rootkitremover.exe
2018-02-12 08:01 - 2018-02-12 09:33 - 000000114 ___RH C:\Users\Owner\Downloads\Stinger.opt
2018-02-12 07:58 - 2018-02-12 08:01 - 000000821 _____ C:\Users\Owner\Downloads\Stinger_12022018_075816.html
2018-02-12 07:58 - 2018-02-12 07:58 - 000000000 ____D C:\Program Files\McAfee
2018-02-12 07:57 - 2018-02-12 07:57 - 016121728 _____ (McAfee Inc) C:\Users\Owner\Downloads\stinger64.exe
2018-02-11 23:23 - 2018-02-11 23:23 - 000003441 _____ C:\Users\Owner\Documents\aswMBR.txt
2018-02-11 23:23 - 2018-02-11 23:23 - 000000512 _____ C:\Users\Owner\Documents\MBR.dat
2018-02-11 22:57 - 2018-02-11 22:57 - 000255928 _____ (Malwarebytes) C:\windows\system32\Drivers\20271752.sys
2018-02-11 22:55 - 2018-02-11 22:55 - 000000000 ____D C:\KVRT_Data
2018-02-11 22:17 - 2018-02-11 22:17 - 000080384 _____ C:\Users\Owner\Downloads\MBRCheck.exe
2018-02-11 21:47 - 2018-02-11 21:47 - 005200384 _____ (AVAST Software) C:\Users\Owner\Downloads\aswmbr.exe
2018-02-11 21:43 - 2018-02-11 21:43 - 000390776 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\TrufosAlt.sys
2018-02-11 21:34 - 2018-02-11 21:34 - 001525384 _____ C:\Users\Owner\Downloads\sarsfx.exe
2018-02-11 21:32 - 2018-02-11 21:32 - 011427128 _____ (Bitdefender LLC) C:\Users\Owner\Downloads\BootkitRemoval_x64.exe
2018-02-11 21:19 - 2018-02-11 21:19 - 000000000 ____D C:\Users\Owner\AppData\Local\iSkysoft
2018-02-11 21:19 - 2018-02-11 21:19 - 000000000 ____D C:\ProgramData\iSkysoft
2018-02-11 20:51 - 2018-02-12 09:29 - 000000000 ____D C:\NPE
2018-02-11 20:50 - 2018-02-12 09:30 - 000000000 ____D C:\Users\Owner\AppData\Local\NPE
2018-02-11 20:50 - 2018-02-11 21:08 - 000016894 _____ C:\windows\system32\Drivers\SMR520.dat
2018-02-11 20:50 - 2018-02-11 20:50 - 000000000 ____D C:\ProgramData\Norton
2018-02-11 20:45 - 2018-02-11 20:45 - 001137360 _____ (F-Secure Corporation) C:\Users\Owner\Downloads\fsbl.exe
2018-02-11 20:44 - 2018-02-11 20:44 - 014999000 _____ (Trend Micro Inc.) C:\Users\Owner\Downloads\RootkitBusterV5.0-1203x64.exe
2018-02-11 20:42 - 2018-02-11 20:42 - 009494240 _____ (Symantec Corporation) C:\Users\Owner\Downloads\NPE.exe
2018-02-11 19:55 - 2018-02-11 20:54 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-02-11 18:43 - 2018-02-15 14:20 - 000000000 ____D C:\AdwCleaner
2018-02-11 18:36 - 2016-03-11 14:53 - 000380928 _____ C:\Users\Owner\Downloads\gmer.exe
2018-02-11 17:57 - 2018-02-11 17:57 - 000255928 _____ (Malwarebytes) C:\windows\system32\Drivers\4423FC0D.sys
2018-02-11 17:52 - 2018-02-11 17:52 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.10.3.1001.exe
2018-02-11 17:51 - 2018-02-11 17:51 - 004944584 _____ (AO Kaspersky Lab) C:\Users\Owner\Downloads\tdsskiller.exe
2018-02-11 17:47 - 2018-02-11 17:47 - 000003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-11 17:47 - 2018-02-11 17:47 - 000003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-11 17:47 - 2018-02-11 17:47 - 000002263 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-11 17:33 - 2018-02-11 17:47 - 000000000 ____D C:\Users\Owner\AppData\Local\Deployment
2018-02-11 16:45 - 2018-02-13 22:11 - 000000000 ____D C:\Users\Owner\AppData\Local\wdbplit
2018-02-11 15:17 - 2018-02-15 13:54 - 000000000 ____D C:\Users\Owner\AppData\Local\vdeaixl
2018-02-11 15:17 - 2018-02-15 13:54 - 000000000 ____D C:\Users\Owner\AppData\Local\pciakow
2018-02-11 15:16 - 2018-02-15 11:48 - 002888704 _____ C:\windows\system32\scivwrnsvc.exe
2018-02-11 15:16 - 2018-02-11 15:16 - 000000000 ____D C:\windows\SysWOW64\svdnixc
2018-02-11 15:16 - 2018-02-11 15:16 - 000000000 ____D C:\windows\system32\svdnixc
2018-02-11 15:15 - 2018-02-11 15:15 - 000000012 _____ C:\windows\b68209745
2018-02-11 15:15 - 2018-02-11 15:15 - 000000000 ____D C:\Users\Owner\AppData\Roaming\et
2018-02-11 14:44 - 2018-02-11 14:44 - 000000000 ____D C:\Users\Owner\AppData\Local\FreemakeVideoConverter
2018-02-11 14:43 - 2018-02-11 14:44 - 000000000 ____D C:\Users\Owner\Documents\Freemake
2018-02-11 14:42 - 2018-02-11 14:43 - 001013376 _____ (Ellora Assets Corporation ) C:\Users\Owner\Downloads\FreemakeVideoConverterSetup.exe
2018-02-09 23:55 - 2018-02-09 23:55 - 004934536 _____ ( ) C:\Users\Owner\Downloads\crossout_launcher_1.0.3.29.exe
2018-02-04 17:37 - 2018-02-04 17:37 - 000000002 _____ C:\Users\Owner\Downloads\6150f78c-63c1-426e-9ffb-166767f524fa
2018-02-01 21:11 - 2018-02-01 21:11 - 000000002 _____ C:\Users\Owner\Downloads\1e13dadb-f363-4061-bcc5-f1049f0200da
2018-01-31 10:37 - 2018-01-31 10:37 - 000000000 ____D C:\Users\Owner\AppData\Local\RadeonSettings
2018-01-31 10:27 - 2018-01-31 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-01-31 10:26 - 2018-02-10 20:51 - 000003148 _____ C:\windows\System32\Tasks\StartCN
2018-01-31 10:26 - 2018-02-10 20:51 - 000003062 _____ C:\windows\System32\Tasks\StartDVR
2018-01-31 10:26 - 2018-01-31 10:26 - 000000000 ____D C:\Program Files (x86)\AMD
2018-01-27 14:36 - 2018-01-27 14:36 - 000003460 _____ C:\windows\System32\Tasks\AdobeGCInvoker-1.0-RANDOM-PC-Owner
2018-01-21 16:52 - 2018-01-21 16:52 - 000110144 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-64.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-16 20:31 - 2017-07-27 17:37 - 000000000 ____D C:\FRST
2018-02-16 20:02 - 2016-04-12 16:02 - 000000892 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2018-02-16 19:10 - 2016-06-09 10:30 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Wise Disk Cleaner
2018-02-16 14:41 - 2009-07-13 21:20 - 000000000 ____D C:\windows\inf
2018-02-16 14:40 - 2017-10-29 18:01 - 000000000 ____D C:\Games
2018-02-16 10:53 - 2017-12-25 17:48 - 000000000 ____D C:\Program Files (x86)\Renegade X
2018-02-16 10:25 - 2009-07-13 22:45 - 000028944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-16 10:25 - 2009-07-13 22:45 - 000028944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-16 10:19 - 2009-07-13 23:13 - 000752568 _____ C:\windows\system32\PerfStringBackup.INI
2018-02-16 10:15 - 2009-07-13 23:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-02-16 10:15 - 2009-07-13 20:34 - 000000215 _____ C:\windows\system.ini
2018-02-16 10:14 - 2016-06-08 12:40 - 000065536 _____ C:\windows\system32\spu_storage.bin
2018-02-16 10:14 - 2009-07-13 20:34 - 078905344 _____ C:\windows\system32\config\software.bak
2018-02-16 10:14 - 2009-07-13 20:34 - 023855104 _____ C:\windows\system32\config\SYSTEM.bak
2018-02-16 10:14 - 2009-07-13 20:34 - 001572864 _____ C:\windows\system32\config\default.bak
2018-02-16 10:14 - 2009-07-13 20:34 - 000262144 _____ C:\windows\system32\config\security.bak
2018-02-16 10:14 - 2009-07-13 20:34 - 000262144 _____ C:\windows\system32\config\sam.bak
2018-02-16 10:12 - 2017-07-27 10:04 - 000000000 ____D C:\ProgramData\TEMP
2018-02-16 05:00 - 2017-09-24 07:27 - 000000444 _____ C:\windows\Tasks\Wise Disk Cleaner Schedule Task.job
2018-02-15 17:55 - 2017-08-01 21:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-15 12:23 - 2009-07-13 21:20 - 000000000 ____D C:\windows\Help
2018-02-15 11:49 - 2009-07-13 20:34 - 023592960 _____ C:\windows\system32\config\HARDWARE
2018-02-15 11:21 - 2017-08-08 21:13 - 000000000 ____D C:\windows\pss
2018-02-15 11:19 - 2016-06-12 16:45 - 000000000 ____D C:\Program Files (x86)\Steam
2018-02-13 10:28 - 2017-10-24 07:29 - 000003870 _____ C:\windows\System32\Tasks\CCleaner Update
2018-02-13 10:01 - 2016-06-20 20:15 - 000000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2018-02-13 05:00 - 2016-06-13 13:50 - 000000000 ____D C:\windows\Minidump
2018-02-12 09:40 - 2017-08-22 17:14 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-02-12 09:40 - 2016-12-25 10:25 - 000000000 ____D C:\Users\Owner\Documents\ArmA 2
2018-02-12 09:40 - 2016-06-17 00:45 - 000000000 ____D C:\Users\Owner\Documents\DayZ
2018-02-11 23:47 - 2017-08-01 21:27 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-11 19:09 - 2009-07-13 21:20 - 000000000 ____D C:\windows\registration
2018-02-11 18:19 - 2017-08-28 20:27 - 000000000 ____D C:\Users\Owner\Downloads\androidfirmware
2018-02-11 18:19 - 2017-03-09 11:32 - 000000000 ____D C:\Users\Owner\Downloads\Intel Components
2018-02-11 18:13 - 2016-12-25 10:36 - 000000000 ____D C:\Users\Owner\Documents\ArmA 2 Other Profiles
2018-02-11 18:09 - 2017-05-31 17:06 - 000000000 ____D C:\Users\Twins
2018-02-11 18:09 - 2016-06-08 09:10 - 000000000 ____D C:\Users\Administrator
2018-02-11 17:47 - 2016-06-08 09:12 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-11 17:11 - 2016-06-08 11:54 - 000000000 ____D C:\Users\Owner
2018-02-11 16:44 - 2009-07-13 21:20 - 000000000 ____D C:\windows\ModemLogs
2018-02-11 15:42 - 2017-08-04 01:09 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Azureus
2018-02-10 23:41 - 2016-09-01 02:10 - 000000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2018-02-10 20:42 - 2017-08-04 01:11 - 000000000 ____D C:\Users\Owner\Documents\Vuze Downloads
2018-02-09 08:41 - 2016-07-01 14:11 - 000000000 ____D C:\Users\Owner\AppData\Roaming\WiseUpdate
2018-02-03 05:27 - 2016-06-17 00:45 - 000000000 ____D C:\Users\Owner\AppData\Local\DayZ
2018-01-31 10:30 - 2016-06-08 12:35 - 000000000 ____D C:\Users\Owner\AppData\Local\AMD
2018-01-31 10:29 - 2016-09-10 11:51 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\AMD
2018-01-31 10:23 - 2017-06-14 22:42 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-01-31 10:21 - 2017-01-25 01:32 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2018-01-31 10:21 - 2016-06-08 12:28 - 000000000 ____D C:\AMD
2018-01-27 14:31 - 2009-07-13 23:08 - 000032564 _____ C:\windows\Tasks\SCHEDLGU.TXT
2018-01-23 09:04 - 2016-06-09 10:38 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Wargaming.net
2018-01-21 16:53 - 2016-06-08 09:14 - 000000000 ____D C:\ProgramData\Oracle
2018-01-21 16:52 - 2016-06-08 09:19 - 000110144 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2018-01-21 16:52 - 2016-06-08 09:18 - 000000000 ____D C:\Program Files\Java
2018-01-21 16:52 - 2016-06-08 09:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-21 16:52 - 2016-06-08 09:14 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-21 16:51 - 2016-06-08 09:14 - 000097344 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll

==================== Files in the root of some directories =======

2016-07-12 14:21 - 2016-07-13 01:27 - 000000096 _____ () C:\Users\Owner\AppData\Roaming\LauncherSettings_live.cfg
2017-04-16 10:07 - 2017-04-16 10:07 - 000004608 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-26 21:44 - 2017-07-26 21:44 - 000140800 _____ () C:\Users\Owner\AppData\Local\installer.dat
2016-08-17 00:21 - 2017-03-31 19:46 - 000007600 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-16 16:10

==================== End of FRST.txt ============================
 

Broni

Malware Annihilator
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by Owner (16-02-2018 20:32:37)
Running from C:\Users\Owner\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2016-06-08 15:10:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-217011151-2072011241-3863041349-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-217011151-2072011241-3863041349-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-217011151-2072011241-3863041349-1003 - Limited - Enabled)
Owner (S-1-5-21-217011151-2072011241-3863041349-1001 - Administrator - Enabled) => C:\Users\Owner
Twins (S-1-5-21-217011151-2072011241-3863041349-1004 - Limited - Enabled) => C:\Users\Twins

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Immunet (Enabled - Up to date) {05A27767-0425-EB45-C06B-DA28DB7FCD38}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Immunet (Enabled - Up to date) {BEC39683-221F-E4CB-FADB-E15AA0F88785}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.106.2020.110 - Alps Electric)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Audacity 2.2.0 (HKLM-x32\...\Audacity_is1) (Version: 2.2.0 - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
ETDWare PS/2-X64 11.6.2.1_WHQL (HKLM\...\Elantech) (Version: 11.6.2.1 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.140 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.29.5 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Immunet (HKLM-x32\...\Immunet Protect) (Version: 6.0.8.10638 - Cisco Systems, Inc.)
Intel(R) Network Connections 22.0.18.0 (HKLM\...\PROSetDX) (Version: 22.0.18.0 - Intel)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
paint.net (HKLM\...\{A1D05314-DC32-4668-A97E-51060EC8BCCE}) (Version: 4.0.12 - dotPDN LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6383 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TextNow 1.1.0 (only current user) (HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\7ec1a1d9-f9b8-5575-8e2f-f5258b79a4d7) (Version: 1.1.0 - TextNow Inc.)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{6B8AC866-8C52-4FAE-BCD7-F80713F513F9}) (Version: 3.17.0601 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{3C48AF07-0974-49B7-A3EE-CA620469C219}) (Version: 3.17.0403 - Samsung Electronics Co., Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0) (Version: 1.0.54.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0-2) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Windows 7 Codec Pack 4.1.7 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.1.7 - Windows 7 Codec Pack)
Wise Disk Cleaner 9.63 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 9.63 - WiseCleaner.com, Inc.)
World of Tanks (HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version: - Wargaming.net)
YouTube Downloader App 3.00 (HKLM-x32\...\YouTube Downloader App) (Version: 3.00 - Regensoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-217011151-2072011241-3863041349-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-217011151-2072011241-3863041349-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-217011151-2072011241-3863041349-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-217011151-2072011241-3863041349-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-217011151-2072011241-3863041349-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-217011151-2072011241-3863041349-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> [CC]{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> [CC]{BB35DE05-89D6-4D8F-95DE-A27DF8156D91} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-01-12] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0232464D-E3D1-4A55-9098-36C18FAF0B6E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0F6F7644-D0B8-4249-9068-CAABB4D3BEC6} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-01-12] (Advanced Micro Devices, Inc.)
Task: {116BFA7D-6051-4E77-AC5B-87FB04508075} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {18E37C9D-9828-4AFA-820A-2F7438D2844A} - System32\Tasks\Wise Disk Cleaner Schedule Task => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe [2018-02-07] (WiseCleaner.com)
Task: {2E916682-BEFF-4185-A928-6AA0A312BA12} - \{32359A6E-A4B7-4B2C-AD54-4F9B1308A9FD} -> No File <==== ATTENTION
Task: {34C5200D-0286-44E8-9E23-92EA4FDAC1CC} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-01-12] (Advanced Micro Devices, Inc.)
Task: {34D066C9-6F62-485C-83CD-170C8E9E6E68} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {381B6D0B-D413-4123-B0C4-6EF240B1C3C4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {39D9D9D6-39B4-4F50-9B2B-D9D6AFCC64DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-11] (Google Inc.)
Task: {4298E00C-00AD-4272-B7AD-2EE5A53CA2D8} - \{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} -> No File <==== ATTENTION
Task: {51CBD16D-9120-4F0B-A6E4-39E534A72F2F} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {62086F31-6EA8-44E2-9987-7B594A984377} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6880FFCF-30CB-49DC-A950-6F032C153246} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6F2CE8C6-C35E-4544-AF98-FCC9B7169984} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_197_pepper.exe [2016-04-12] (Adobe Systems Incorporated)
Task: {7828FA25-8422-49A8-8097-81076B1408D9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {78CA8C13-82C4-4793-AD11-3B7F18A93E06} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7BE8964C-CE96-4E88-A7FF-BF32BBA720BC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7F87A0F6-C755-465C-8845-8B20BCF7BC90} - System32\Tasks\AdobeGCInvoker-1.0-RANDOM-PC-Owner => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {8784E7E3-5532-4C9C-A77B-902741564C99} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {BC523779-9B82-45B1-9D85-1785D2430F30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-11] (Google Inc.)
Task: {FF204E60-7F7D-4257-9983-EEE19B6BBCE5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_197_pepper.exe
Task: C:\windows\Tasks\Wise Disk Cleaner Schedule Task.job => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Populer Downloader.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gmjancgdemcbgpbmfialhipkbgkonmoj

==================== Loaded Modules (Whitelisted) ==============

2018-02-16 19:12 - 2018-02-16 19:12 - 000724480 _____ () C:\Program Files\Immunet\6.0.8\dbh.dll
2018-02-12 17:39 - 2018-02-16 19:12 - 000102800 _____ () C:\Program Files\Immunet\clamav\0.99.3-beta1.49\mspack.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [252]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SMR520 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR520 => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2018-02-16 10:15 - 000000027 _____ C:\windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-217011151-2072011241-3863041349-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackTrayMenu.lnk => C:\windows\pss\CodecPackTrayMenu.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Verizon Wireless Software Utility Application for Android – Samsung.lnk => C:\windows\pss\Verizon Wireless Software Utility Application for Android – Samsung.lnk.Startup
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BD64CEDE-6908-476F-B0C1-EE8D1135E052}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DF766478-3D50-49E3-8A8C-2E3DCD755BC1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5B485A80-3144-405A-9D5D-D03B36D8B3E6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3626CE68-2594-4BEE-9598-0768A5320565}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{F92E03DE-401E-45A2-B365-ABB38F1D7AE4}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{04867DC8-6181-4522-9447-5FF056EFEA3C}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{4C4DE106-BBCE-4889-B931-F72FFF484EBC}C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe
FirewallRules: [UDP Query User{0DCE90E6-EB2C-4F0A-B1FD-06D63AF55C6B}C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe
FirewallRules: [TCP Query User{41055CF2-9CAB-4732-91D4-6E6C900023CE}C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe
FirewallRules: [UDP Query User{E037CA93-148D-42B3-95ED-96C945CA4A0E}C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe
FirewallRules: [{7931FE2C-389B-40A1-A6F5-225F213B7D8C}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [TCP Query User{2E55F808-152E-4374-AAA9-4E1F107C05FA}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{00DE4BA1-C966-4090-8C5A-CE2C5F944D05}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{3333D048-5298-4498-A38A-2F6A9FD968C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{C180AB4D-4D93-4D2C-9110-937F1324990D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{72C7D87D-74F0-4145-B485-7B463DC22777}] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [{70CBD335-0384-4604-AF80-AD9A50F28A60}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{20EDD108-05EB-4801-90B6-79B647FE4FED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard with HP QLB
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard with HP QLB
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard Development Company, L.P.
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2018 11:03:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (02/16/2018 11:03:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (02/16/2018 11:03:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (02/16/2018 11:03:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (02/16/2018 10:53:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (02/16/2018 10:53:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (02/16/2018 10:52:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (02/16/2018 10:52:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (02/16/2018 11:06:38 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/16/2018 10:37:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Genuine Software Integrity Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/16/2018 10:37:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/16/2018 10:37:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet Monitoring Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/16/2018 10:20:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wondershare Application Framework Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/16/2018 10:14:10 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/16/2018 10:14:02 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/16/2018 10:13:36 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


CodeIntegrity:
===================================

Date: 2018-02-16 10:13:36.447
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-16 10:13:36.417
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 27%
Total physical RAM: 6075.25 MB
Available physical RAM: 4386.47 MB
Total Virtual: 12148.68 MB
Available Virtual: 10116.96 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:147.04 GB) (Free:38.33 GB) NTFS

\\?\Volume{0fc9d0c4-2d8a-11e6-8a73-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{0fc9d0c6-2d8a-11e6-8a73-806e6f6e6963}\ (Recovery) (Fixed) (Total:1.48 GB) (Free:0.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: A70815D5)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=147 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1.5 GB) - (Type=27)

==================== End of Addition.txt ============================