Hi Julio!
Here are three trojans that Kaspersky could not disinfect (below). I should have been more careful!
FRST output warns about a file I can't delete.
There were 3 warnings in Addition.txt located in the next thread. Can you help? Thanks a bunch!
Kaspersky warnings:
06.03.2018 06.25.55 Detected object (process memory) cannot be disinfected c:\windows\syswow64\cmd.exe Process memory: c:\windows\syswow64\cmd.exe Object name: PDM:Trojan.Win32.Pushel.a Object type: Other malware Time: 3/6/2018 6:25 AM
06.03.2018 06.25.55 Detected object (process memory) cannot be disinfected c:\users\mirby\appdata\local\bohaf\hekitan.exe Process memory: c:\users\mirby\appdata\local\bohaf\hekitan.exe Time: 3/6/2018 6:25 AM (I deleted hekitan.exe but still got the warning)
06.03.2018 06.25.29 Detected object (file) not processed pscmd:\276da89c56fab8df1e10ac0db2c8c2fefc4ef9f102eca1b9748e06e00552ae49//amsi_script_utf8 File: pscmd:\276da89c56fab8df1e10ac0db2c8c2fefc4ef9f102eca1b9748e06e00552ae49//amsi_script_utf8 Object name: HEUR:Trojan.PowerShell.Generic Object type: Trojan program Time: 3/6/2018
And here are the requested FRST.txt file contents.
The Addition.txt file contents are in the next thread due to size constraints.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by mirby (administrator) on HP3 (07-03-2018 09:39:42)
Running from C:\Users\mirby\Desktop
Loaded Profiles: mirby (Available Profiles: mirby)
Platform: Windows 10 Pro Version 1709 16299.248 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
=== Processes (Whitelisted) ====
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe
(HP) C:\Windows\System32\HP3DDGService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dassault Systemes) C:\Program Files (x86)\Dassault Systemes\B21\intel_a\code\bin\CATSysDemon.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe
(Intel Corporation) C:\MSC.Software\MSC_Nastran\20160\msc20160\actran\win64\Actran_16.1.b.92885\mpi\intelmpi\bin\smpd.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(MDL Forum, mod by Ratiborus) C:\ProgramData\KMSAuto\bin\KMSSS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
(Acresso Software Inc.) C:\SIMULIA\SIMULIA\License\lmgrd.exe
(Flexera Software LLC.) C:\Program Files\Siemens\PLMLicenseServer\lmgrd.exe
(Acresso Software Inc.) C:\SIMULIA\SIMULIA\License\lmgrd.exe
(Flexera Software LLC.) C:\Program Files\Siemens\PLMLicenseServer\lmgrd.exe
(Dassault Systemes SIMULIA Corp) C:\SIMULIA\SIMULIA\License\ABAQUSLM.exe
(Siemens PLM Software Inc.) C:\Program Files\Siemens\PLMLicenseServer\ugslmd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(iolo technologies, LLC) C:\Program Files (x86)\Phoenix360\System Mechanic\ioloGovernor64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxEM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1781f8bae8fdf5c0\aesm_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\mirby\AppData\Local\Google\Update\GoogleUpdate.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avpui.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\Cloudscan\MHCloudSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\QuickSearch.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\x64\x64ProcessAssistSvc.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\MemfilesService.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(SplashData, Inc) C:\Program Files (x86)\SplashData\SplashID Safe\SplashID Safe.exe
Failed to access process -> NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
== Registry (Whitelisted) ==
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8801024 2016-09-06] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-02-26] (Dropbox, Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
HKLM-x32\...\Run: [MalTray] => C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe [980976 2018-02-01] (Glarysoft Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646680 2017-12-19] (Oracle Corporation)
HKU\S-1-5-21-1210401764-526646618-19501893-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2018-02-01] (Glarysoft Ltd)
HKU\S-1-5-21-1210401764-526646618-19501893-1001\...\Run: [Google Update] => C:\Users\mirby\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-21-1210401764-526646618-19501893-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-1210401764-526646618-19501893-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41100328 2018-01-29] ()
HKU\S-1-5-21-1210401764-526646618-19501893-1001\...\Run: [Spotify Web Helper] => C:\Users\mirby\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-06] (Spotify Ltd)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
BootExecute: autocheck autochk *
== Internet (All) ==
DELETED
== Services (All) ==
DELETED
== NetSvcs (Whitelisted) =
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
== Files in the root of some directories
2018-02-07 01:11 - 2018-03-06 01:12 - 000000297 _____ () C:\Users\mirby\AppData\Roaming\WB.CFG
2018-02-15 10:59 - 2018-02-15 16:14 - 000425511 _____ () C:\Users\mirby\AppData\Local\ars.cache
2018-02-15 16:19 - 2018-02-15 16:19 - 002202368 _____ () C:\Users\mirby\AppData\Local\census.cache
2018-02-14 13:11 - 2018-02-14 13:11 - 000000036 _____ () C:\Users\mirby\AppData\Local\housecall.guid.cache
2017-04-06 12:04 - 2018-02-24 20:01 - 000007610 _____ () C:\Users\mirby\AppData\Local\Resmon.ResmonCfg
2018-02-14 14:17 - 2018-02-15 14:53 - 000000010 _____ () C:\Users\mirby\AppData\Local\sponge.last.runtime.cache
2017-04-24 10:31 - 2017-12-14 08:30 - 000000000 _____ () C:\Users\mirby\AppData\Local\Temptable.xml
Files to move or delete:
==
C:\Windows\Tasks\{204209D5-5A18-2ADD-020A-18FC0FC3265A}.job
== Bamital & volsnap ====
DELETED
LastRegBack: 2018-02-27 12:37
== End of FRST.txt ===
Here are three trojans that Kaspersky could not disinfect (below). I should have been more careful!
FRST output warns about a file I can't delete.
There were 3 warnings in Addition.txt located in the next thread. Can you help? Thanks a bunch!
Kaspersky warnings:
06.03.2018 06.25.55 Detected object (process memory) cannot be disinfected c:\windows\syswow64\cmd.exe Process memory: c:\windows\syswow64\cmd.exe Object name: PDM:Trojan.Win32.Pushel.a Object type: Other malware Time: 3/6/2018 6:25 AM
06.03.2018 06.25.55 Detected object (process memory) cannot be disinfected c:\users\mirby\appdata\local\bohaf\hekitan.exe Process memory: c:\users\mirby\appdata\local\bohaf\hekitan.exe Time: 3/6/2018 6:25 AM (I deleted hekitan.exe but still got the warning)
06.03.2018 06.25.29 Detected object (file) not processed pscmd:\276da89c56fab8df1e10ac0db2c8c2fefc4ef9f102eca1b9748e06e00552ae49//amsi_script_utf8 File: pscmd:\276da89c56fab8df1e10ac0db2c8c2fefc4ef9f102eca1b9748e06e00552ae49//amsi_script_utf8 Object name: HEUR:Trojan.PowerShell.Generic Object type: Trojan program Time: 3/6/2018
And here are the requested FRST.txt file contents.
The Addition.txt file contents are in the next thread due to size constraints.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by mirby (administrator) on HP3 (07-03-2018 09:39:42)
Running from C:\Users\mirby\Desktop
Loaded Profiles: mirby (Available Profiles: mirby)
Platform: Windows 10 Pro Version 1709 16299.248 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
=== Processes (Whitelisted) ====
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe
(HP) C:\Windows\System32\HP3DDGService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dassault Systemes) C:\Program Files (x86)\Dassault Systemes\B21\intel_a\code\bin\CATSysDemon.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe
(Intel Corporation) C:\MSC.Software\MSC_Nastran\20160\msc20160\actran\win64\Actran_16.1.b.92885\mpi\intelmpi\bin\smpd.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(MDL Forum, mod by Ratiborus) C:\ProgramData\KMSAuto\bin\KMSSS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
(Acresso Software Inc.) C:\SIMULIA\SIMULIA\License\lmgrd.exe
(Flexera Software LLC.) C:\Program Files\Siemens\PLMLicenseServer\lmgrd.exe
(Acresso Software Inc.) C:\SIMULIA\SIMULIA\License\lmgrd.exe
(Flexera Software LLC.) C:\Program Files\Siemens\PLMLicenseServer\lmgrd.exe
(Dassault Systemes SIMULIA Corp) C:\SIMULIA\SIMULIA\License\ABAQUSLM.exe
(Siemens PLM Software Inc.) C:\Program Files\Siemens\PLMLicenseServer\ugslmd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(iolo technologies, LLC) C:\Program Files (x86)\Phoenix360\System Mechanic\ioloGovernor64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxEM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1781f8bae8fdf5c0\aesm_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\mirby\AppData\Local\Google\Update\GoogleUpdate.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avpui.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\Cloudscan\MHCloudSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\QuickSearch.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\x64\x64ProcessAssistSvc.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\MemfilesService.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(SplashData, Inc) C:\Program Files (x86)\SplashData\SplashID Safe\SplashID Safe.exe
Failed to access process -> NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
== Registry (Whitelisted) ==
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8801024 2016-09-06] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-02-26] (Dropbox, Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
HKLM-x32\...\Run: [MalTray] => C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe [980976 2018-02-01] (Glarysoft Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646680 2017-12-19] (Oracle Corporation)
HKU\S-1-5-21-1210401764-526646618-19501893-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2018-02-01] (Glarysoft Ltd)
HKU\S-1-5-21-1210401764-526646618-19501893-1001\...\Run: [Google Update] => C:\Users\mirby\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-21-1210401764-526646618-19501893-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-1210401764-526646618-19501893-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41100328 2018-01-29] ()
HKU\S-1-5-21-1210401764-526646618-19501893-1001\...\Run: [Spotify Web Helper] => C:\Users\mirby\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-06] (Spotify Ltd)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
BootExecute: autocheck autochk *
== Internet (All) ==
DELETED
== Services (All) ==
DELETED
== NetSvcs (Whitelisted) =
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
== Files in the root of some directories
2018-02-07 01:11 - 2018-03-06 01:12 - 000000297 _____ () C:\Users\mirby\AppData\Roaming\WB.CFG
2018-02-15 10:59 - 2018-02-15 16:14 - 000425511 _____ () C:\Users\mirby\AppData\Local\ars.cache
2018-02-15 16:19 - 2018-02-15 16:19 - 002202368 _____ () C:\Users\mirby\AppData\Local\census.cache
2018-02-14 13:11 - 2018-02-14 13:11 - 000000036 _____ () C:\Users\mirby\AppData\Local\housecall.guid.cache
2017-04-06 12:04 - 2018-02-24 20:01 - 000007610 _____ () C:\Users\mirby\AppData\Local\Resmon.ResmonCfg
2018-02-14 14:17 - 2018-02-15 14:53 - 000000010 _____ () C:\Users\mirby\AppData\Local\sponge.last.runtime.cache
2017-04-24 10:31 - 2017-12-14 08:30 - 000000000 _____ () C:\Users\mirby\AppData\Local\Temptable.xml
Files to move or delete:
==
C:\Windows\Tasks\{204209D5-5A18-2ADD-020A-18FC0FC3265A}.job
== Bamital & volsnap ====
DELETED
LastRegBack: 2018-02-27 12:37
== End of FRST.txt ===