Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.09.2018 03 Ran by pc666 (03-09-2018 23:41:16) Running from C:\Users\pc666\Downloads Windows 10 Home Version 1803 17134.254 (X64) (2018-07-24 15:30:51) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-854904512-2378485669-3065290004-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-854904512-2378485669-3065290004-503 - Limited - Disabled) Guest (S-1-5-21-854904512-2378485669-3065290004-501 - Limited - Disabled) me333 (S-1-5-21-854904512-2378485669-3065290004-1002 - Limited - Enabled) => C:\Users\me333 pc666 (S-1-5-21-854904512-2378485669-3065290004-1001 - Administrator - Enabled) => C:\Users\pc666 WDAGUtilityAccount (S-1-5-21-854904512-2378485669-3065290004-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrylic Wi-Fi Professional v4.0 (HKU\S-1-5-21-854904512-2378485669-3065290004-1001\...\{FBD2EDDA-2B1B-49A2-9147-99CBCC5F10E5}_is1) (Version: 4.0 - Tarlogic Research S.L.) Apple Application Support (32-bit) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brave (HKU\S-1-5-21-854904512-2378485669-3065290004-1001\...\Brave) (Version: 0.23.105 - Brave Software) CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform) Click Install if prompted (HKLM-x32\...\{40830C8E-936E-4E08-AE37-240FF3343927}) (Version: 1.0.6.0 - ExpressVpn) Hidden Debian-Installer loader (HKLM-x32\...\Debian-Installer Loader) (Version: 0.8.4 +kernels - The Debian Project) EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies) ExpressVPN (HKLM-x32\...\{5DC0F67F-922B-482F-A141-5AA248915DF7}) (Version: 6.7.0.4772 - ExpressVPN) Hidden ExpressVPN (HKLM-x32\...\{a9ea11c1-b4be-4fa4-aa3c-61e8b0d12ae7}) (Version: 6.7.0.4772 - ExpressVPN) GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.10 - The GnuPG Project) Gpg4win (3.1.3) (HKLM-x32\...\Gpg4win) (Version: 3.1.3 - The Gpg4win Project) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation) IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1.2.1 - IObit) iTunes (HKLM\...\{AA3C449E-F61D-4214-A6E0-603560D607DE}) (Version: 12.8.0.150 - Apple Inc.) Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.5059.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-854904512-2378485669-3065290004-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MiniTool Partition Wizard Free 10.2.3 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) Mozilla Firefox 61.0.2 (x64 en-GB) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-GB)) (Version: 61.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1 - Mozilla) Nmap 7.70 (HKLM-x32\...\Nmap) (Version: 7.70 - Nmap Project) Npcap 0.99-r2 (HKLM-x32\...\NpcapInst) (Version: 0.99-r2 - Nmap Project) Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5059.1000 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5059.1000 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5059.1000 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7989 - Realtek Semiconductor Corp.) Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.14393.11242 - Realtek Semiconductor Corp.) Split Tunneling Driver (HKLM-x32\...\{F078B0B5-2F41-42C2-9162-B8C628D5E6FE}) (Version: 1.0.0.0 - ExpressVpn) Hidden Spotify (HKU\S-1-5-21-854904512-2378485669-3065290004-1001\...\Spotify) (Version: 1.0.88.353.g15c26ea1 - Spotify AB) TunesKit Spotify Converter 1.3.0.170 (HKLM-x32\...\TunesKit Spotify Converter_is1) (Version: - TunesKit, Inc.) Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) Wireshark 2.6.3 64-bit (HKLM-x32\...\Wireshark) (Version: 2.6.3 - The Wireshark developer community, hxxps://www.wireshark.org) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-08-31] (g10 Code GmbH) ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2018-05-17] (IObit) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-08-31] (g10 Code GmbH) ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2018-05-17] (IObit) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\igfxDTCM.dll [2018-03-21] (Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2018-05-17] (IObit) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {345E0E54-D8EB-41A0-80A6-EA08FE986C11} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-25] (Piriform Ltd) Task: {41B66E08-4D47-464F-B5D0-E8133B78B240} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-22] (Microsoft Corporation) Task: {50777AEB-40E8-4A4D-A98A-49EA1EA3A5ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-22] (Microsoft Corporation) Task: {61314B10-6997-4FE6-B3B9-4FBFB1647D32} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.) Task: {7DBAEE94-D987-402E-BF2E-CB2D6926950B} - System32\Tasks\S-1-5-21-854904512-2378485669-3065290004-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-12] (Microsoft Corporation) Task: {8DAE925D-72F7-4A54-949D-20A3CF252195} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation) Task: {90BD8516-ECD4-4001-AA57-342296FED224} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-22] (Microsoft Corporation) Task: {9B49DF0C-D743-4C56-8E82-1D8251DBEA74} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-25] (Piriform Ltd) Task: {AC5A3376-5412-45C2-B621-5B51B277D71E} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] () Task: {B7F3D5C8-294B-4693-BB7A-AC5B44631331} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation) Task: {C3DF2C53-F55D-4F1D-AEDE-3F7064C4DC62} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-22] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-04-12 07:34 - 2018-04-12 07:34 - 000491744 ____N () C:\Windows\System32\InputHost.dll 2018-07-28 00:19 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2018-07-03 12:11 - 2018-07-03 12:11 - 000339168 _____ () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe 2018-05-15 18:59 - 2018-05-15 18:59 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2018-06-23 06:56 - 2018-06-23 06:56 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2018-07-03 12:12 - 2018-07-03 12:12 - 008749184 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe 2018-08-29 03:44 - 2018-08-29 03:44 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2018-04-12 07:34 - 2018-04-12 07:34 - 000472064 ____N () C:\Windows\ShellExperiences\TileControl.dll 2018-04-12 07:34 - 2018-04-12 07:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2018-09-01 04:31 - 2018-08-09 12:23 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-07-25 00:36 - 2018-07-25 00:37 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2018-07-25 00:36 - 2018-07-25 00:37 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2018-07-25 00:36 - 2018-07-25 00:37 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2018-07-25 00:36 - 2018-07-25 00:37 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll 2018-07-25 00:36 - 2018-07-25 00:37 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll 2018-08-30 20:30 - 2018-08-30 20:30 - 035124224 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe 2018-08-30 20:30 - 2018-08-30 20:30 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\SharedUI.dll 2018-08-30 20:30 - 2018-08-30 20:30 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntCommon.dll 2018-04-12 17:22 - 2018-04-12 17:22 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-08-30 20:30 - 2018-08-30 20:30 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntPlat.dll 2018-04-04 18:03 - 2018-04-04 18:03 - 000173760 _____ () C:\WINDOWS\system32\IntelWifiIhv04.dll 2018-08-30 13:04 - 2018-08-30 13:04 - 004825408 _____ () C:\Users\pc666\AppData\Local\Brave\app-0.23.105\libglesv2.dll 2018-08-30 13:04 - 2018-08-30 13:04 - 000111936 _____ () C:\Users\pc666\AppData\Local\Brave\app-0.23.105\libegl.dll 2018-07-03 12:11 - 2018-07-03 12:11 - 000225792 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\liblzo2-2.dll 2018-07-03 12:11 - 2018-07-03 12:11 - 000096776 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\libpkcs11-helper-1.dll 2018-09-03 23:26 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-09-03 23:26 - 2018-08-06 14:20 - 002769768 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-07-03 12:12 - 2018-07-03 12:12 - 007483072 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\libxvclient.dll 2018-07-03 12:12 - 2018-07-03 12:12 - 000014976 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.NetworkUtils.dll 2018-07-03 12:11 - 2018-07-03 12:11 - 000303104 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.SplitTunnel.dll 2018-07-03 12:12 - 2018-07-03 12:12 - 000444032 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.FilterManager.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-07-25 15:18 - 2018-07-25 15:16 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-854904512-2378485669-3065290004-1001\Control Panel\Desktop\\Wallpaper -> c:\users\pc666\pictures\saved pictures\20170911_155351154_ios.jpg DNS Servers: 10.147.0.1 - 114.108.195.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "iTunesHelper" HKU\S-1-5-21-854904512-2378485669-3065290004-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-854904512-2378485669-3065290004-1001\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-854904512-2378485669-3065290004-1001\...\StartupApproved\Run: => "uTorrent" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe FirewallRules: [{7E075B8C-804E-4586-A2FB-198F18D7D117}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{0F789AB6-4FF9-440F-B5EE-EEF50B804101}C:\users\pc666\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pc666\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{BC11B03A-7236-41B6-B47E-81FAB14142B4}C:\users\pc666\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pc666\appdata\roaming\spotify\spotify.exe FirewallRules: [{D28ACA9D-B1C1-45A2-A204-3BFC85FFC160}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{41AFDB15-062A-47F8-8A2C-886D815EA8B0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{9914495B-7BF3-4BF1-9436-001498D5BF18}] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe FirewallRules: [{60CD02A5-4AA1-464E-B98A-0C1D9D6E6804}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{183B8D53-D8EE-474D-B7BF-D1F2FBF23E13}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{8DA07E8B-4CD8-466A-8816-06845133B789}] => (Allow) C:\Program Files\Acrylic Wi-Fi Professional\Acrylic.exe FirewallRules: [{2C137A06-5031-4710-8174-5386B3FE5904}] => (Allow) C:\Program Files\Acrylic Wi-Fi Professional\Acrylic.exe ==================== Restore Points ========================= 03-09-2018 22:48:33 today ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/03/2018 11:01:17 PM) (Source: nssm) (EventID: 1018) (User: ) Description: Failed to read registry value AppDirectory: The operation completed successfully. Error: (09/03/2018 10:15:50 PM) (Source: nssm) (EventID: 1018) (User: ) Description: Failed to read registry value AppDirectory: The operation completed successfully. Error: (09/03/2018 10:01:44 PM) (Source: System BIOS Update) (EventID: 0) (User: ) Description: Event-ID 0 Error: (09/03/2018 09:16:35 PM) (Source: System BIOS Update) (EventID: 0) (User: ) Description: Event-ID 0 Error: (09/03/2018 08:24:07 PM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-854904512-2378485669-3065290004-1001}/">. Error: (09/03/2018 08:10:25 PM) (Source: nssm) (EventID: 1018) (User: ) Description: Failed to read registry value AppDirectory: The operation completed successfully. Error: (09/03/2018 07:42:20 PM) (Source: nssm) (EventID: 1018) (User: ) Description: Failed to read registry value AppDirectory: The operation completed successfully. Error: (09/03/2018 01:20:21 PM) (Source: nssm) (EventID: 1018) (User: ) Description: Failed to read registry value AppDirectory: The operation completed successfully. System errors: ============= Error: (09/03/2018 11:03:14 PM) (Source: DCOM) (EventID: 10016) (User: 7090FRT) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user 7090FRT\pc666 SID (S-1-5-21-854904512-2378485669-3065290004-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/03/2018 11:03:11 PM) (Source: DCOM) (EventID: 10016) (User: 7090FRT) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user 7090FRT\pc666 SID (S-1-5-21-854904512-2378485669-3065290004-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/03/2018 11:03:11 PM) (Source: DCOM) (EventID: 10016) (User: 7090FRT) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user 7090FRT\pc666 SID (S-1-5-21-854904512-2378485669-3065290004-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/03/2018 11:01:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/03/2018 11:01:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/03/2018 11:01:32 PM) (Source: ISH) (EventID: 3) (User: ) Description: Intel(R) ISH Interface driver has failed to perform handshake with the Firmware. Error: (09/03/2018 11:01:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Media Player Network Sharing Service service terminated with the following error: An attempt was made to reference a token that does not exist. Error: (09/03/2018 11:01:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The cphs service terminated with the following error: Unspecified error Windows Defender: =================================== Date: 2018-09-01 15:13:08.236 Description: Controlled Folder Access blocked C:\Windows\System32\wbem\WmiPrvSE.exe from making changes to memory. Detection time: 2018-09-01T07:13:08.234Z Path: \Device\Harddisk0\DR0 Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe Signature Version: 1.275.540.0 Engine Version: 1.1.15200.1 Product Version: 4.18.1807.18075 Date: 2018-09-01 02:10:54.742 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {84FDE5A8-6725-406B-AECF-5B4B07B9258A} Scan Type: Antimalware Scan Parameters: Full Scan Date: 2018-09-01 01:58:05.570 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Aircrack&threatid=2147642662&enterprise=0 Name: HackTool:Win32/Aircrack ID: 2147642662 Severity: High Category: Tool Path: file:_C:\Users\pc666\Downloads\Aircrack ng 0.9.3 Windows\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\airodump-ng.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\explorer.exe Signature Version: AV: 1.275.508.0, AS: 1.275.508.0, NIS: 1.275.508.0 Engine Version: AM: 1.1.15200.1, NIS: 1.1.15200.1 Date: 2018-09-01 01:55:51.619 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tilken.A!cl&threatid=2147722739&enterprise=0 Name: Trojan:Win32/Tilken.A!cl ID: 2147722739 Severity: Severe Category: Trojan Path: file:_C:\Users\pc666\Downloads\Aircrack ng 0.9.3 Windows\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\airdecap-ng.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Downloads and attachments Process Name: C:\Windows\explorer.exe Signature Version: AV: 1.275.508.0, AS: 1.275.508.0, NIS: 1.275.508.0 Engine Version: AM: 1.1.15200.1, NIS: 1.1.15200.1 Date: 2018-09-01 01:55:51.124 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tilken.A!cl&threatid=2147722739&enterprise=0 Name: Trojan:Win32/Tilken.A!cl ID: 2147722739 Severity: Severe Category: Trojan Path: file:_C:\Users\pc666\Downloads\Aircrack ng 0.9.3 Windows\aircrack-ng-0.9.3-win\aircrack-ng-0.9.3-win\bin\airdecap-ng.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Signature Version: AV: 1.275.508.0, AS: 1.275.508.0, NIS: 1.275.508.0 Engine Version: AM: 1.1.15200.1, NIS: 1.1.15200.1 Date: 2018-09-03 05:59:02.558 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.275.617.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15200.1 Error code: 0x80240438 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2018-09-01 11:04:22.748 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.275.511.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15200.1 Error code: 0x80240438 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2018-09-01 10:42:54.478 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.275.511.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15200.1 Error code: 0x80240438 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2018-09-01 01:58:46.796 Description: Windows Defender Antivirus has encountered an error trying to restore an item from quarantine. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tilken.A!cl&threatid=2147722739&enterprise=0 Name: Trojan:Win32/Tilken.A!cl ID: 2147722739 Severity: Severe Category: Trojan Error Code: 0x80508014 Error description: The quarantined item cannot be restored. Signature Version: AV: 1.275.508.0, AS: 1.275.508.0 Engine Version: 1.1.15200.1 Date: 2018-09-01 01:56:46.965 Description: Windows Defender Antivirus has encountered an error trying to restore an item from quarantine. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tilken.A!cl&threatid=2147722739&enterprise=0 Name: Trojan:Win32/Tilken.A!cl ID: 2147722739 Severity: Severe Category: Trojan Error Code: 0x80508014 Error description: The quarantined item cannot be restored. Signature Version: AV: 1.275.508.0, AS: 1.275.508.0 Engine Version: 1.1.15200.1 CodeIntegrity: =================================== Date: 2018-09-02 17:48:21.085 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. Date: 2018-09-02 17:48:21.083 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. Date: 2018-08-30 19:53:52.660 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-08-30 19:53:52.659 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-08-30 19:53:31.436 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-08-30 19:53:31.434 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-08-30 19:51:41.173 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-08-30 19:51:41.170 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz Percentage of memory in use: 45% Total physical RAM: 8023.89 MB Available physical RAM: 4359.92 MB Total Virtual: 16215.89 MB Available Virtual: 12301.93 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:237.35 GB) (Free:148.19 GB) NTFS \\?\Volume{94e2db41-b3a5-4a72-a141-48d3a4dc1f3c}\ () (Fixed) (Total:0.48 GB) (Free:0.08 GB) NTFS \\?\Volume{09879e95-5d99-4968-9ca4-c31df4a246da}\ (WINRETOOLS) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS \\?\Volume{40a47bd4-b576-4338-b3ff-208f279f422e}\ (ESP) (Fixed) (Total:0.19 GB) (Free:0.15 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================