Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

virus/rootkit removal


  • Please log in to reply

#1
Clayton_879664

Clayton_879664

    New Member

  • Member
  • Pip
  • 3 posts

hey i think my pc may have a rootkit or virus . getting popus for example " microsoft help and support " and when i try to close . keeps coming back .

 

then my pc wills start acting weird . example - try to click on icons or anything and keeps flashing . 

 

if any1 could plz help me fix this would be much appreciated .


  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hello Clayton_879664 and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    Please run FRST logs for me to look over.


    Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click on the file and select run as administrator (if you don't have this option just double click the file to run it). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from (this should be your desktop).
  • Please copy (CTRL + C) and paste (CTRL + V) the FRST.txt log back here.
  • The first time the tool is run it generates another log Addition.txt - also located in the same directory as FRST.exe.
  • Please also paste that along with the FRST.txt into your reply.
    Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

  • 0

#3
Clayton_879664

Clayton_879664

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.02.2018
Ran by TONYD86 (administrator) on TONYD (20-02-2018 05:06:41)
Running from C:\Users\TONYD86\Downloads
Loaded Profiles: TONYD86 (Available Profiles: TONYD86)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIGE.EXE
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files (x86)\Wondershare\Video Converter Ultimate\WSVCUUpdateHelper.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleFirefoxHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Hide My IP) C:\Program Files (x86)\Hide My IP 6\HideMyIpSrv.exe
(BitTorrent Inc.) C:\Users\TONYD86\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\TONYD86\AppData\Roaming\uTorrent\updates\3.5.1_44321\utorrentie.exe
(BitTorrent Inc.) C:\Users\TONYD86\AppData\Roaming\uTorrent\updates\3.5.1_44321\utorrentie.exe
() C:\Program Files (x86)\Hide My IP 6\hshare.exe
() C:\Program Files (x86)\Hide My IP 6\hideipsh.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\Everything\Everything.exe
() C:\Program Files\Everything\Everything.exe
(www.moofdev.net) H:\DESKTOP-FOLDERS-TO-KEEP-1\RATIOMASTER\RM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-06-29] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare)
HKLM-x32\...\Run: [WSVCUUpdateHelper.exe] => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\WSVCUUpdateHelper.exe [15360 2017-09-14] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456328 2017-06-07] (Power Software Ltd)
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-02] (Piriform Ltd)
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIGE.EXE [283232 2014-12-04] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\Run: [HideMyIPSh] => C:\Program Files (x86)\Hide My IP 6\HideMyIP.exe [353832 2017-02-24] (HideMyIP)
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\Policies\system: [NoDispScrSavPage] 0
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\Policies\system: [NoFileSysPage] 0
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\Policies\system: [NoVirtMemPage] 0
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\Policies\system: [NoDevMgrPage] 0
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\Policies\system: [NoConfigPage] 0
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\Policies\Explorer: [NoAddPrinter] 0
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\Policies\Explorer: [NoSetTaskbar] 0
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-4156690452-2115927796-3742551240-1001] => http=telstracadfa9:80;https=telstracadfa9:80;ftp=telstracadfa9:80
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\HMIPCore.dll [364032 2016-04-18] (Hide My IP)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\HMIPCore.dll [364032 2016-04-18] (Hide My IP)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\HMIPCore.dll [364032 2016-04-18] (Hide My IP)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\HMIPCore.dll [364032 2016-04-18] (Hide My IP)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\HMIPCore.dll [364032 2016-04-18] (Hide My IP)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\HMIPCore64.dll [475136 2016-04-18] (Hide My IP)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\HMIPCore64.dll [475136 2016-04-18] (Hide My IP)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\HMIPCore64.dll [475136 2016-04-18] (Hide My IP)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\HMIPCore64.dll [475136 2016-04-18] (Hide My IP)
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\HMIPCore64.dll [475136 2016-04-18] (Hide My IP)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{B1C975A3-BA5A-4FDE-B17B-56B7D56DEE51}: [DhcpNameServer] 10.0.0.138
 
Internet Explorer:
==================
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: bm3frcb4.default
FF ProfilePath: C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default [2018-02-20]
FF Homepage: Mozilla\Firefox\Profiles\bm3frcb4.default -> hxxps://www.qwant.com/?client=ext-firefox-hp
FF Extension: (Google Docs Viewer) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (GitHub Extensions) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (DeeperWeb for Google) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (DivHTTP) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (search_avptube) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (Enhancer for YouTube™) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2018-02-18]
FF Extension: (Firebug) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (Sourcegraph for GitHub) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2018-02-18]
FF Extension: (__MSG_extName__) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2018-01-03]
FF Extension: (Google Code Wiki Viewer) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (URL analyzing with VirusTotal™) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03]
FF Extension: (Panel View for Google™ Translate) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-11-19]
FF Extension: (IP Address and Domain Information) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03]
FF Extension: (YouTube HTML5-Video) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (Just Disable Stuff) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (GitHub Repo Widget) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (HTML5 Player for YouTube™) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (PDF Mage) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03]
FF Extension: (YouTube™ Flash® Player) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03]
FF Extension: (Selected text to PDF) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-11-19]
FF Extension: (copy-code) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (Flash Control) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (Reddit Enhancement Suite) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2018-01-23]
FF Extension: (JavaScript Deobfuscator) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (JSONView) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (M3Uripiton) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (Magnetz) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (PHP Developer Toolbar) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected]_dev_bar.org.xpi [2017-10-03] [Legacy]
FF Extension: (Qwant for Firefox) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-12-09]
FF Extension: (S3.Translator) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-12-27]
FF Extension: (Save as PDF) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-11-11]
FF Extension: (Saved Password Editor) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-11-01] [Legacy]
FF Extension: (SimilarPages) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (Smplayer context menu) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (Tiny JavaScript Debugger) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-11-07] [Legacy]
FF Extension: (Google Translator for Firefox) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-12-13]
FF Extension: (Vlc context menu) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (VLC Youtube Shortcut) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\[email protected] [2017-10-03] [Legacy]
FF Extension: (PDF Download) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2017-10-03] [Legacy]
FF Extension: (JavaScript on-off applet) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\{54e46280-0211-11e3-b778-0800200c9a66}.xpi [2017-10-03] [Legacy]
FF Extension: (FoxySpider) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\{75df891f-e299-4725-b14f-7d52f086dea2}.xpi [2017-10-03] [Legacy]
FF Extension: (GitHub Extension Installer) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\{86054B0A-BD85-42F9-8E58-8794EC6F6EA1}.xpi [2017-10-03] [Legacy]
FF Extension: (Password Exporter) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2017-10-03] [Legacy]
FF Extension: (Web Developer) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-11-21]
FF Extension: (Force PDF Download) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\{d7f46ca0-899d-11da-a72b-0800200c9a65}.xpi [2017-10-03] [Legacy]
FF Extension: (Greasemonkey) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-01-23]
FF Extension: (QuickJava) - C:\Users\TONYD86\AppData\Roaming\Mozilla\Firefox\Profiles\bm3frcb4.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2017-10-03] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\TONYD86\AppData\Local\Google\Chrome\User Data\Default [2018-02-20]
CHR Extension: (Slides) - C:\Users\TONYD86\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-09]
CHR Extension: (Docs) - C:\Users\TONYD86\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-09]
CHR Extension: (Google Drive) - C:\Users\TONYD86\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-09]
CHR Extension: (YouTube) - C:\Users\TONYD86\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-09]
CHR Extension: (Export History/Bookmarks to JSON/CSV*/XLS*) - C:\Users\TONYD86\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcoegfodcnjofhjfbhegcgjgapeichlf [2018-01-23]
CHR Extension: (Sheets) - C:\Users\TONYD86\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-09]
CHR Extension: (Google Docs Offline) - C:\Users\TONYD86\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TONYD86\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-09]
CHR Extension: (Gmail) - C:\Users\TONYD86\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-09]
CHR Extension: (Chrome Media Router) - C:\Users\TONYD86\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-09]
CHR Profile: C:\Users\TONYD86\AppData\Local\Google\Chrome\User Data\System Profile [2018-02-13]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-08-16] (BlueStack Systems, Inc.)
R2 HideMyIpSRV; C:\Program Files (x86)\Hide My IP 6\HideMyIpSRV.exe [3964416 2016-04-18] (Hide My IP) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-10-01] (SurfRight B.V.)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe [889016 2017-10-01] (Enigma Software Group USA, LLC.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-08-09] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-08-09] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe [89088 2017-09-14] (Wondershare) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
S3 CisUtMonitor; C:\WINDOWS\System32\DRIVERS\CisUtMonitor.sys [54192 2017-01-13] (CrystalIdea Software)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2017-10-01] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [22704 2017-10-01] ()
R1 MpKslfa6e04f9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1B85E06D-2FDA-4813-B420-0E5390866D4B}\MpKslfa6e04f9.sys [58120 2018-02-20] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-08-09] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-08-09] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-08-09] (Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S1 faywbqkn; \??\C:\WINDOWS\system32\drivers\faywbqkn.sys [X]
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-20 05:06 - 2018-02-20 05:07 - 000024662 _____ C:\Users\TONYD86\Downloads\FRST.txt
2018-02-20 05:05 - 2018-02-20 05:06 - 002403840 _____ (Farbar) C:\Users\TONYD86\Downloads\FRST64.exe
2018-02-20 04:49 - 2018-02-20 04:49 - 000096733 _____ C:\Users\TONYD86\Downloads\Vilda.Kata.och.Villiga.SWEDiSH.XXX.DVDRip.x264-HANGPUNG.torrent
2018-02-14 20:09 - 2018-02-14 20:09 - 001004315 _____ C:\Users\TONYD86\Downloads\PCHUNTER SYS DETAILS.txt
2018-02-14 19:43 - 2018-02-14 19:43 - 005908597 _____ C:\Users\TONYD86\Downloads\PCHunter_free.zip
2018-02-14 19:26 - 2018-02-14 19:27 - 000035537 _____ C:\Users\TONYD86\Downloads\Ferry_Corsten-Blueprint_(Remixed)_(Extended_Versions)-FLASHOVERCD05R-WEB-2018-TranceTraffic.torrent
2018-02-14 19:26 - 2018-02-14 19:26 - 000042705 _____ C:\Users\TONYD86\Downloads\Recoverworld_Trance_Sessions-(ZzZz_Pack_2)-TT.torrent
2018-02-14 19:24 - 2018-02-14 19:24 - 000009342 _____ C:\Users\TONYD86\Downloads\Kyau_and_Albert_-_Anjunabeats_Worldwide_563-SAT-02-04-2018-TALiON.torrent
2018-02-14 19:23 - 2018-02-14 19:23 - 000016728 _____ C:\Users\TONYD86\Downloads\Paul_Oakenfold_-_Planet_Perfecto_379-SAT-02-07-2018-TALiON.torrent
2018-02-14 19:23 - 2018-02-14 19:23 - 000009252 _____ C:\Users\TONYD86\Downloads\Sander_van_Doorn_-_Identity_428__Incl_D.O.D._Guestmix-SAT-02-06-2018-TALiON.torrent
2018-02-14 19:23 - 2018-02-14 19:23 - 000009162 _____ C:\Users\TONYD86\Downloads\David_Guetta_-_DJ_Mix-CABLE-02-04-2018-TALiON.torrent
2018-02-14 19:23 - 2018-02-14 19:23 - 000009162 _____ C:\Users\TONYD86\Downloads\David_Guetta_-_DJ_Mix-CABLE-02-04-2018-TALiON(1).torrent
2018-02-14 19:22 - 2018-02-14 19:22 - 000008216 _____ C:\Users\TONYD86\Downloads\Alison_Spong_-_HeavensGate_601-SAT-02-06-2018-TALiON.torrent
2018-02-14 19:22 - 2018-02-14 19:22 - 000007836 _____ C:\Users\TONYD86\Downloads\Richard_Lowe_-_HeavensGate_601-SAT-02-06-2018-TALiON.torrent
2018-02-14 19:20 - 2018-02-14 19:20 - 000018978 _____ C:\Users\TONYD86\Downloads\Markus_Schulz_-_Global_DJ_Broadcast_World_Tour_(Bucharest)-SAT-02-08-2018-TALiON.torrent
2018-02-14 19:20 - 2018-02-14 19:20 - 000017958 _____ C:\Users\TONYD86\Downloads\Armin_van_Buuren_-_A_State_of_Trance_850_Part3-SAT-02-08-2018-TALiON.torrent
2018-02-14 19:20 - 2018-02-14 19:20 - 000017948 _____ C:\Users\TONYD86\Downloads\Aly_and_Fila_-_Future_Sound_Of_Egypt_534-SAT-02-08-2018-TALiON.torrent
2018-02-14 19:20 - 2018-02-14 19:20 - 000008977 _____ C:\Users\TONYD86\Downloads\Ferry_Corsten_-_Corstens_Countdown_554-SAT-02-08-2018-TALiON.torrent
2018-02-14 19:19 - 2018-02-14 19:19 - 000018629 _____ C:\Users\TONYD86\Downloads\Above_and_Beyond_-_Group_Therapy_269__Incl_Shane_54_Guestmix-SAT-02-09-2018-TALiON.torrent
2018-02-14 19:19 - 2018-02-14 19:19 - 000018034 _____ C:\Users\TONYD86\Downloads\Tiesto_-_Club_Life_567__Incl_SWACQ_and_We_Are_Loud_Guestmixes-SAT-02-10-2018-TALiON.torrent
2018-02-14 19:18 - 2018-02-14 19:19 - 000009362 _____ C:\Users\TONYD86\Downloads\David_Guetta_-_DJ_Mix-CABLE-02-11-2018-TALiON.torrent
2018-02-14 19:18 - 2018-02-14 19:18 - 000009127 _____ C:\Users\TONYD86\Downloads\Andrew_Rayel_-_Find_Your_Harmony_092-SAT-02-11-2018-TALiON.torrent
2018-02-14 19:18 - 2018-02-14 19:18 - 000004281 _____ C:\Users\TONYD86\Downloads\Showtek_-_Dance_Department_(Radio538)-CABLE-02-10-2018-TALiON.torrent
2018-02-14 19:17 - 2018-02-14 19:18 - 000009632 _____ C:\Users\TONYD86\Downloads\Ruben_de_Ronde_-_The_Sound_of_Holland_357-SAT-02-11-2018-TALiON.torrent
2018-02-14 19:17 - 2018-02-14 19:17 - 000009577 _____ C:\Users\TONYD86\Downloads\Cosmic_Gate_-_Wake_Your_Mind_Radio_201-SAT-02-11-2018-TALiON.torrent
2018-02-14 19:16 - 2018-02-14 19:16 - 000018079 _____ C:\Users\TONYD86\Downloads\Denzo_-_Global_Trancelations-DAB-02-04-2018-TALiON.torrent
2018-02-14 19:16 - 2018-02-14 19:16 - 000017244 _____ C:\Users\TONYD86\Downloads\Paul_van_Dyk_-_Vonyc_Sessions_588__Incl_Shane_Kinsella_Guestmix-SAT-02-11-2018-TALiON.torrent
2018-02-14 19:16 - 2018-02-14 19:16 - 000015277 _____ C:\Users\TONYD86\Downloads\Denzo_-_Global_Trancelations-DAB-02-11-2018-TALiON.torrent
2018-02-14 19:16 - 2018-02-14 19:16 - 000009402 _____ C:\Users\TONYD86\Downloads\VE3_-_Andromeda-DAB-02-06-2018-TALiON.torrent
2018-02-14 18:17 - 2018-02-14 18:17 - 000464491 _____ C:\Users\TONYD86\Downloads\RootRepeal.zip
2018-02-14 18:08 - 2018-02-14 18:09 - 040221304 _____ (Microsoft Corporation) C:\Users\TONYD86\Downloads\Windows-KB890830-x64-V5.57.exe
2018-02-14 18:02 - 2018-02-14 18:03 - 000002190 _____ C:\Users\TONYD86\Desktop\Rkill.txt
2018-02-14 18:02 - 2018-02-14 18:02 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\TONYD86\Downloads\rkill.exe
2018-02-14 12:48 - 2018-01-21 22:09 - 000145080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-02-14 12:48 - 2018-01-21 17:13 - 001994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-02-14 12:48 - 2018-01-21 17:13 - 001569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-02-14 12:48 - 2018-01-21 17:13 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-02-14 12:48 - 2018-01-21 17:13 - 000654336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-02-14 12:48 - 2018-01-21 17:13 - 000604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-02-14 12:48 - 2018-01-21 17:13 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2018-02-14 12:48 - 2018-01-21 17:13 - 000378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-02-14 12:48 - 2018-01-21 17:13 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-02-14 12:48 - 2018-01-21 17:13 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-02-14 12:47 - 2018-02-10 19:44 - 025740288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-02-14 12:47 - 2018-02-10 18:19 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-02-14 12:47 - 2018-02-10 18:16 - 000577536 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-02-14 12:47 - 2018-02-10 18:16 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-02-14 12:47 - 2018-02-10 18:09 - 005782016 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-02-14 12:47 - 2018-02-10 18:06 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-02-14 12:47 - 2018-02-10 18:06 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-02-14 12:47 - 2018-02-10 17:48 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-02-14 12:47 - 2018-02-10 17:47 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-02-14 12:47 - 2018-02-10 17:46 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-02-14 12:47 - 2018-02-10 17:41 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-02-14 12:47 - 2018-02-10 17:36 - 015283712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-02-14 12:47 - 2018-02-10 17:36 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-02-14 12:47 - 2018-02-10 17:34 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-02-14 12:47 - 2018-02-10 17:32 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-02-14 12:47 - 2018-02-10 17:27 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-02-14 12:47 - 2018-02-10 17:20 - 020274176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-02-14 12:47 - 2018-02-10 17:14 - 001546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-02-14 12:47 - 2018-02-10 17:02 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-02-14 12:47 - 2018-02-10 16:57 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-02-14 12:47 - 2018-02-10 16:56 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2018-02-14 12:47 - 2018-02-10 16:54 - 002294272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-02-14 12:47 - 2018-02-10 16:49 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-02-14 12:47 - 2018-02-10 16:49 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-02-14 12:47 - 2018-02-10 16:35 - 004498944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-02-14 12:47 - 2018-02-10 16:35 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-02-14 12:47 - 2018-02-10 16:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-02-14 12:47 - 2018-02-10 16:35 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-02-14 12:47 - 2018-02-10 16:33 - 013680640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-02-14 12:47 - 2018-02-10 16:32 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-02-14 12:47 - 2018-02-10 16:29 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-02-14 12:47 - 2018-02-10 16:27 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-02-14 12:47 - 2018-02-10 16:27 - 000694784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-02-14 12:47 - 2018-02-10 16:14 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-02-14 12:47 - 2018-02-10 16:10 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-02-14 12:47 - 2018-02-10 16:08 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-02-14 12:47 - 2018-02-03 17:04 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-02-14 12:47 - 2018-02-03 17:03 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-02-14 12:47 - 2018-02-03 10:53 - 007408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-02-14 12:47 - 2018-02-02 05:51 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-02-14 12:47 - 2018-01-21 22:54 - 000419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-02-14 12:47 - 2018-01-13 12:18 - 002452824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-02-14 12:47 - 2018-01-13 08:42 - 000376664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-02-14 12:47 - 2018-01-13 05:31 - 004690944 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-02-14 12:47 - 2018-01-13 04:35 - 003553280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-02-14 12:47 - 2018-01-12 05:19 - 000032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-02-14 12:47 - 2018-01-12 04:56 - 000504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-02-14 12:47 - 2018-01-12 04:07 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-02-14 12:47 - 2018-01-09 17:21 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-02-14 12:47 - 2018-01-09 17:18 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-02-14 12:47 - 2017-12-15 23:23 - 000276312 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-02-14 12:47 - 2017-12-06 03:56 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2018-02-14 12:47 - 2017-12-06 03:52 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-02-14 12:47 - 2017-12-06 03:45 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-02-14 12:47 - 2017-12-06 03:42 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-02-14 12:47 - 2017-12-06 03:32 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-02-14 12:47 - 2017-12-06 03:10 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2018-02-14 12:47 - 2017-12-06 03:02 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
2018-02-14 12:47 - 2017-12-06 02:58 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptnet.dll
2018-02-14 12:47 - 2017-12-06 02:24 - 000165376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-02-14 12:47 - 2017-12-02 14:04 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-02-14 12:47 - 2017-11-25 08:58 - 002608640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2018-02-14 12:47 - 2017-11-25 08:56 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2018-02-14 12:47 - 2017-11-25 08:46 - 002170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2018-02-14 12:47 - 2017-11-25 08:44 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2018-02-14 12:46 - 2018-02-14 12:53 - 000000329 _____ C:\Users\TONYD86\Desktop\88.txt
2018-02-13 20:03 - 2018-02-20 03:53 - 000000000 ____D C:\Users\TONYD86\AppData\LocalLow\uTorrent
2018-02-13 19:03 - 2018-02-13 19:03 - 000231390 _____ C:\Users\TONYD86\Downloads\RootkitRevealer (1).zip
2018-02-13 07:25 - 2018-02-13 07:25 - 000039478 _____ C:\Users\TONYD86\Documents\cc_20180213_072515.reg
2018-02-10 19:30 - 2017-10-04 19:21 - 000029352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2018-02-10 19:30 - 2017-10-04 19:21 - 000019088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2018-02-10 19:30 - 2017-10-04 14:45 - 000030888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2018-02-10 19:30 - 2017-10-04 14:45 - 000019088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2018-02-08 19:16 - 2018-02-08 19:21 - 000000000 ____D C:\Users\TONYD86\Documents\VA-Nothing_But._Total_Trance_Selections_Vol_01-(NBTTS001)-WEB-2018-iHR
2018-02-06 08:56 - 2017-12-11 11:59 - 001712714 _____ C:\Users\TONYD86\Localizable.strings
2018-02-06 03:55 - 2018-02-06 03:55 - 000005800 _____ C:\Users\TONYD86\Documents\christopher.kimballs.milk.street.television.s01e05.mexico.every.single.day.720p.hdtv.x264-w4f.nfo
2018-01-31 23:12 - 2018-02-20 03:35 - 000000000 ___RD C:\Users\TONYD86\iCloudDrive
2018-01-31 23:12 - 2018-01-31 23:12 - 000000000 ____D C:\Users\TONYD86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2018-01-30 22:05 - 2018-01-30 22:06 - 005660504 _____ (Rapoo Inc. ) C:\Users\TONYD86\Downloads\Rapoo_Pair_Setup_V4.0.1_20161221_Release.exe
2018-01-30 16:15 - 2018-01-30 16:15 - 000904701 _____ C:\Users\TONYD86\Downloads\chrome_history.json
2018-01-30 10:29 - 2018-01-30 21:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Master Audio
2018-01-30 10:29 - 2018-01-30 21:52 - 000000000 ____D C:\Program Files (x86)\Master Audio
2018-01-30 06:36 - 2018-01-30 06:36 - 000385142 _____ C:\Users\TONYD86\Downloads\newznab.pdf
2018-01-28 11:16 - 2018-01-28 11:16 - 001579201 _____ C:\Users\TONYD86\Downloads\1312165588.pdf
2018-01-27 16:42 - 2018-02-13 07:24 - 000000000 ____D C:\Users\TONYD86\AppData\Local\CrashDumps
2018-01-24 16:38 - 2018-01-24 16:53 - 000000000 ____D C:\Program Files\Easeware
2018-01-24 16:38 - 2018-01-24 16:52 - 000000000 ____D C:\Users\TONYD86\AppData\Roaming\Easeware
2018-01-23 20:32 - 2018-01-30 21:52 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-23 20:32 - 2018-01-30 21:52 - 000000000 ____D C:\Program Files\RogueKiller
2018-01-23 19:40 - 2018-01-23 19:40 - 000149765 _____ C:\Users\TONYD86\Downloads\chrome_bookmarks.json
2018-01-23 15:54 - 2018-01-30 21:52 - 000000000 ____D C:\Users\TONYD86\Downloads\Windows.Firewall.Control.v5.0.2.0.Incl.Keygen.Happy.16th.Birthday.TEAM-PH
2018-01-23 08:18 - 2018-01-23 08:23 - 000000000 ____D C:\Users\TONYD86\Documents\Spider_Loc-The_Lost_Tapes-WEB-2018-ENRAGED
2018-01-23 07:29 - 2018-01-23 09:09 - 000000000 ____D C:\Program Files (x86)\TeraByte Drive Image Backup and Restore Suite
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-20 05:06 - 2017-10-03 17:53 - 000000000 ____D C:\FRST
2018-02-20 05:06 - 2017-10-01 19:34 - 000000000 ____D C:\Users\TONYD86\AppData\Roaming\uTorrent
2018-02-20 04:47 - 2017-11-07 02:42 - 000002704 _____ C:\WINDOWS\SysWOW64\HideMyIpSRVOff.ini
2018-02-20 04:47 - 2017-11-07 02:42 - 000002704 _____ C:\WINDOWS\system32\HideMyIpSRVOff.ini
2018-02-20 04:41 - 2017-10-01 18:21 - 000000000 ____D C:\Users\TONYD86\AppData\Roaming\Everything
2018-02-20 03:53 - 2017-10-01 18:29 - 000000000 ____D C:\Users\TONYD86\AppData\LocalLow\Mozilla
2018-02-20 03:48 - 2017-10-01 20:12 - 000000000 ____D C:\Users\TONYD86\AppData\Roaming\mIRC
2018-02-20 03:41 - 2014-11-21 18:38 - 000865068 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-20 03:41 - 2013-08-23 00:36 - 000000000 ____D C:\WINDOWS\Inf
2018-02-20 03:35 - 2017-10-01 19:45 - 000003260 _____ C:\WINDOWS\System32\Tasks\RegHunterStartup
2018-02-20 03:33 - 2017-10-03 16:12 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-20 03:33 - 2013-08-23 01:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-19 23:16 - 2017-09-29 08:24 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4156690452-2115927796-3742551240-1001
2018-02-19 21:46 - 2013-08-23 02:36 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-02-17 16:47 - 2013-08-23 02:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-17 16:47 - 2013-08-23 02:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-14 23:16 - 2017-10-01 20:38 - 000000000 ____D C:\Users\TONYD86\AppData\Local\Everything
2018-02-14 22:53 - 2017-10-24 05:26 - 000000000 ____D C:\Users\TONYD86\AppData\Roaming\vlc
2018-02-14 18:09 - 2017-10-11 10:45 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-14 18:09 - 2017-10-03 16:13 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-14 18:04 - 2017-10-03 16:00 - 000003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-14 18:04 - 2017-10-03 16:00 - 000003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-14 18:04 - 2017-09-29 08:50 - 000000000 ____D C:\Users\TONYD86\AppData\Local\Google
2018-02-14 17:03 - 2017-09-29 08:19 - 000000000 ____D C:\Users\TONYD86
2018-02-14 17:02 - 2017-10-03 17:45 - 000005882 _____ C:\native log.txt
2018-02-14 16:51 - 2017-10-03 17:43 - 000000000 ___HD C:\XV68o2sY9kmJsgHD
2018-02-14 16:45 - 2013-08-23 00:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-02-14 14:20 - 2013-08-23 02:36 - 000000000 ____D C:\WINDOWS\rescache
2018-02-14 13:03 - 2013-08-23 01:44 - 000488096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-02-14 13:01 - 2017-10-03 16:15 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-02-14 13:00 - 2017-10-03 16:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-14 13:00 - 2013-08-23 02:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-14 12:55 - 2013-08-23 02:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-02-14 12:54 - 2017-09-29 09:55 - 000000000 ____D C:\Users\TONYD86\AppData\Local\ElevatedDiagnostics
2018-02-13 21:04 - 2017-12-26 14:39 - 000000000 ____D C:\Users\TONYD86\Desktop\New folder
2018-02-13 20:39 - 2017-12-19 14:30 - 000000000 ____D C:\Users\TONYD86\AppData\Roaming\Kodi
2018-02-13 09:43 - 2018-01-09 14:08 - 000000000 ____D C:\Users\TONYD86\AppData\Roaming\MPC-HC
2018-02-13 09:32 - 2018-01-10 15:43 - 000000000 __HDC C:\ProgramData\{EA23ADCE-599F-4AFF-B2D8-4C6684236429}
2018-02-13 09:31 - 2018-01-10 15:42 - 000000000 ____D C:\Users\TONYD86\AppData\Local\IIIQF
2018-02-10 17:18 - 2017-10-01 18:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-10 17:18 - 2017-10-01 18:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-08 19:15 - 2017-10-01 18:28 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-08 16:40 - 2017-11-19 16:28 - 000000000 ____D C:\ProgramData\EPSON
2018-02-06 07:38 - 2017-08-09 18:21 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-06 07:38 - 2017-08-09 18:21 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-31 23:12 - 2018-01-03 15:42 - 000000000 ____D C:\Users\TONYD86\Documents\Outlook Files
2018-01-30 21:52 - 2017-11-21 03:03 - 000000000 ____D C:\Users\TONYD86\Downloads\MIXED-APPS-2017-
2018-01-30 21:52 - 2017-10-10 04:52 - 000000000 ____D C:\Users\TONYD86\Documents\Wondershare MediaServer
2018-01-30 21:52 - 2017-10-01 19:31 - 000000000 ____D C:\Users\TONYD86\AppData\Roaming\Winamp
2018-01-30 21:52 - 2017-09-29 08:19 - 000000000 ____D C:\Users\TONYD86\AppData\Local\VirtualStore
2018-01-30 21:52 - 2013-08-23 02:36 - 000000000 ____D C:\WINDOWS\registration
2018-01-30 21:51 - 2017-10-01 18:28 - 000000000 ____D C:\Users\TONYD86\AppData\Local\Mozilla
2018-01-24 05:58 - 2017-10-03 16:09 - 000548000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-23 21:06 - 2013-08-23 02:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-01-23 20:27 - 2017-10-01 20:22 - 000001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-01-23 20:27 - 2017-10-01 20:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-01-23 19:28 - 2017-10-01 19:58 - 000000000 ____D C:\Users\TONYD86\AppData\Roaming\Notepad++
2018-01-23 15:38 - 2018-01-16 02:59 - 000000000 ____D C:\Users\TONYD86\Documents\VA-A_State_Of_Trance_Top_20-January_2018-SELECTED_BY_ARMIN_VAN_BUUREN-(ARDI3940)-WEB-2018-ENSLAVE
 
==================== Files in the root of some directories =======
 
2017-11-01 15:29 - 2017-11-01 15:29 - 000011050 _____ () C:\Program Files (x86)\installation_status.json
2017-11-01 15:29 - 2017-11-01 15:29 - 000001002 _____ () C:\Program Files (x86)\installer_prefs.json
2017-11-01 15:29 - 2017-01-10 12:41 - 000000317 _____ () C:\Program Files (x86)\launcher.visualelementsmanifest.xml
2017-11-01 15:29 - 2017-11-01 15:29 - 000000057 _____ () C:\Program Files (x86)\pref_default_overrides
2017-11-01 15:29 - 2017-01-10 12:41 - 000003072 _____ () C:\Program Files (x86)\Resources.pri
2017-11-01 15:29 - 2017-11-01 15:29 - 000001000 _____ () C:\Program Files (x86)\server_tracking_data
2017-09-29 10:48 - 2017-09-29 10:52 - 000007595 _____ () C:\Users\TONYD86\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
2018-02-14 13:13 - 2018-02-14 13:45 - 000000000 _____ () C:\Users\TONYD86\AppData\Local\Temp\parctmp.dll
2017-10-18 20:12 - 2018-02-06 15:58 - 039681864 _____ (ConeXware, Inc.                                             ) C:\Users\TONYD86\AppData\Local\Temp\powarc170104.exe
2018-02-13 19:03 - 2018-02-13 19:03 - 000584576 _____ (Sysinternals - www.sysinternals.com) C:\Users\TONYD86\AppData\Local\Temp\UCLHMFB.exe
2018-02-13 19:03 - 2018-02-13 19:03 - 000347008 _____ (Sysinternals - www.sysinternals.com) C:\Users\TONYD86\AppData\Local\Temp\YXPS.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-17 16:47
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.2018
Ran by TONYD86 (20-02-2018 05:07:22)
Running from C:\Users\TONYD86\Downloads
Windows 8.1 Pro (Update) (X64) (2017-09-28 21:19:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4156690452-2115927796-3742551240-500 - Administrator - Disabled)
Guest (S-1-5-21-4156690452-2115927796-3742551240-501 - Limited - Disabled)
TONYD86 (S-1-5-21-4156690452-2115927796-3742551240-1001 - Administrator - Enabled) => C:\Users\TONYD86
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\uTorrent) (Version: 3.5.1.44321 - BitTorrent Inc.)
AnyMP4 iPhone Transfer Pro 8.2.66 (HKLM-x32\...\{74482386-E0A6-429e-BE36-DC0E7BB7A804}_is1) (Version: 8.2.66 - AnyMP4 Studio)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Ashampoo Burning Studio 18 (HKLM-x32\...\{91B33C97-AF35-C3DC-976E-8A253D817482}_is1) (Version: 18.0.4 - Ashampoo GmbH & Co. KG)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.36.1601 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
EPSON XP-100 Series Printer Uninstall (HKLM\...\EPSON XP-100 Series) (Version:  - SEIKO EPSON Corporation)
Epubor Ultimate (HKLM-x32\...\Epubor Ultimate) (Version: 3.0.10.103 - Epubor Inc.)
Everything 1.4.1.877 (x64) (HKLM\...\Everything) (Version: 1.4.1.877 (x64) - David Carpenter)
FlashFXP 5 (HKLM-x32\...\FlashFXP 5) (Version: 5.4.0.3935 - OpenSight Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HD Video Converter Factory Pro 13.4 (HKLM-x32\...\HD Video Converter Factory Pro) (Version: 13.4 - WonderFox Soft, Inc.)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Hide My IP 6 (HKLM-x32\...\HIDEMYIP_is1) (Version:  - My Privacy Tools, Inc)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.292 - SurfRight B.V.)
iCloud (HKLM\...\{99868C9C-C141-4DDE-A2C7-9DDF00F68F17}) (Version: 7.2.0.67 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
K-Lite Codec Pack 13.5.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.5.0 - KLCP)
Kodi (HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\Kodi) (Version:  - XBMC-Foundation)
MediaInfo 0.7.99 (HKLM\...\MediaInfo) (Version: 0.7.99 - MediaArea.net)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.49 - mIRC Co. Ltd.)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PowerArchiver 2016 (HKLM-x32\...\{B06EB3F5-3AED-4C19-A181-6D0E2C0F3A97}) (Version: 16.10.24 - ConeXware, Inc.) Hidden
PowerArchiver 2016 (HKLM-x32\...\PowerArchiver 2016 16.10.24) (Version: 16.10.24 - ConeXware, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.9 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
RegHunter (HKLM-x32\...\RegHunter) (Version: 2.3.3.2065 - Enigma Software Group, LLC)
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.28.5.4848 - Enigma Software Group, LLC)
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.5.3 - CrystalIDEA Software, Inc.)
Update for Skype for Business 2016 (KB3213548) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{1C894A72-A611-4A19-B106-0218E3CAC377}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3213548) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{1C894A72-A611-4A19-B106-0218E3CAC377}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare Video Converter Ultimate(Build 10.0.11.128) (HKLM-x32\...\Video Converter Ultimate_is1) (Version: 10.0.11.128 - Wondershare Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-08-29] ()
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-12-08] (Apple Inc.)
ContextMenuHandlers1-x32: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
ContextMenuHandlers1-x32: [PowerArchiver64] -> {d03d3e78-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\PowerArchiver\PASHLEXT64.DLL [2016-04-11] (ConeXware, Inc.)
ContextMenuHandlers1-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-07] (Power Software Ltd)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-07] (Power Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2014-07-03] (NVIDIA Corporation)
ContextMenuHandlers6-x32: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
ContextMenuHandlers6-x32: [PowerArchiver64] -> {d03d3e78-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\PowerArchiver\PASHLEXT64.DLL [2016-04-11] (ConeXware, Inc.)
ContextMenuHandlers6-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-07] (Power Software Ltd)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0EE770A0-35CB-4272-8DB2-E925B213B6ED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {1638EEC8-02D6-41E1-8C58-D211A510AB02} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2017-10-01] (Enigma Software Group USA, LLC.)
Task: {1FD64721-1F85-4342-A2F9-5D6996B2BBEB} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-09-01] ()
Task: {39845482-9180-4019-995C-FD4A9A2DF436} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-03] (Google Inc.)
Task: {3D39A722-6E1B-4620-9A27-5B45AB10D8F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-03] (Google Inc.)
Task: {6EDD653F-F571-49D7-A90D-A1556A506A22} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {9A562C35-B8C1-44E1-8DF7-4CCA4A3F5EC2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-02] (Piriform Ltd)
Task: {9E7D236E-65FE-49F6-B87A-033CEDA76D89} - System32\Tasks\RunUninstallTool_SkipUac => C:\Program Files\Uninstall Tool\UninstallTool.exe [2017-12-25] (CrystalIDEA Software)
Task: {C707EF56-6857-4E60-A403-535A54E74CF9} - System32\Tasks\RegHunterStartup => C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe [2017-10-31] (Enigma Software Group USA, LLC.)
Task: {D6A4F64E-CF16-4C65-A119-103124952706} - \Microsoft\Windows\Registry\ESG_sch_task_copy_tmp_name -> No File <==== ATTENTION
Task: {ED73531C-3AFB-4598-883E-708F689B867D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {ED7F17D3-8EF7-44AC-B61D-6831B56EDB38} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {F7984A7A-34B6-40D4-9CAC-26F4EDDE18E6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-02] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-12-13 18:46 - 2012-09-18 15:27 - 000192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2017-12-13 18:46 - 2012-09-18 15:27 - 000065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-10-03 16:11 - 2014-07-03 05:55 - 000116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-08-29 11:43 - 2017-08-29 11:43 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-11-28 20:45 - 2017-11-28 20:45 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll
2017-10-10 04:51 - 2017-09-14 17:03 - 000015360 _____ () C:\Program Files (x86)\Wondershare\Video Converter Ultimate\WSVCUUpdateHelper.exe
2018-01-09 21:00 - 2018-01-03 20:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-09 21:00 - 2018-01-03 20:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2017-11-07 02:42 - 2016-06-20 22:50 - 000320328 _____ () C:\Program Files (x86)\Hide My IP 6\hshare.exe
2017-11-07 02:42 - 2016-06-02 19:24 - 002174528 _____ () C:\Program Files (x86)\Hide My IP 6\hideipsh.exe
2017-10-01 18:21 - 2017-06-07 12:42 - 002197608 _____ () C:\Program Files\Everything\Everything.exe
2017-12-08 01:49 - 2017-12-08 01:49 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-12-08 01:49 - 2017-12-08 01:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-10 04:52 - 2017-03-23 09:49 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-10-10 04:52 - 2016-07-21 10:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HideMyIpSRV => ""="service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-23 00:25 - 2018-01-23 07:52 - 000000966 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 license.piriform.com   
0.0.0.0 superantispyware.com
0.0.0.0 license.superantispyware.com                                    
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4156690452-2115927796-3742551240-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "WindowsDefender"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{188F9180-0207-47DA-AFBE-BFB10FD64611}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{58B9A75C-404F-4E46-9E26-C86D537BB812}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A923BA7F-141B-4942-B74D-AEC965222D03}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{E13FD9D9-40F1-4172-BE0A-F44CC46BC1DC}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{55BFA107-E0F9-4620-A0E1-6900E6FB6C59}] => (Allow) C:\Users\TONYD86\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9951D965-9788-4DDD-90C5-5013B63E4D88}] => (Allow) C:\Users\TONYD86\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C3F8A1A5-3F75-4F26-9CB5-478CFAD52CEE}] => (Allow) C:\Users\TONYD86\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E76ABBF8-AAA1-4671-9DE1-842C4ECF8D5E}] => (Allow) C:\Users\TONYD86\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D24A0069-CEEF-4642-B4A4-F702E7E03D83}] => (Allow) C:\Users\TONYD86\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9BD2E727-97ED-49C8-973B-2DB4CE13972B}] => (Allow) C:\Users\TONYD86\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{6C608B47-2980-417B-A9D0-D19323517C1F}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{DD846085-DAA7-4784-AB16-AAB7D7078745}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{1E2C8045-C692-4A5B-8A9B-FE3C2AC3610D}C:\program files (x86)\greedytorrent\gtor.exe] => (Allow) C:\program files (x86)\greedytorrent\gtor.exe
FirewallRules: [UDP Query User{3E6C1561-CE3F-41C4-9F6A-131EA1C7B2AE}C:\program files (x86)\greedytorrent\gtor.exe] => (Allow) C:\program files (x86)\greedytorrent\gtor.exe
FirewallRules: [TCP Query User{B7A2680C-8321-457C-9345-B2E63EFC39D5}C:\program files (x86)\wondershare\video converter ultimate\downloadres\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\downloadres\urlreqservice.exe
FirewallRules: [UDP Query User{DEEBA3A6-E707-4EC5-BFCA-F62BDEBFED89}C:\program files (x86)\wondershare\video converter ultimate\downloadres\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\downloadres\urlreqservice.exe
FirewallRules: [TCP Query User{85E04B87-17D0-49C2-A2B2-02555B68A441}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{B0D31682-EC03-498A-A2B5-AC0CA54E8FC4}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{AEB2CA1C-9F8C-4480-BF8A-00B2DEABA169}] => (Allow) C:\Program Files (x86)\Hide My IP 6\HideMyIP.exe
FirewallRules: [{F3030909-0547-496F-9F80-188E6B81B073}] => (Allow) C:\Program Files (x86)\Hide My IP 6\HideMyIpSrv.exe
FirewallRules: [{B7BAC49C-7486-41E5-B6AC-D6DEBE43A871}] => (Allow) C:\Program Files (x86)\Hide My IP 6\hideipsh.exe
FirewallRules: [{8F8C3CB3-7969-4CBD-AE1C-496CBA4581FE}] => (Allow) LPort=58172
FirewallRules: [{B0C67C2D-7712-4B57-AC6F-661B4F393D6F}] => (Allow) C:\Program Files (x86)\Hide My IP 6\HideMyIP.exe
FirewallRules: [{7D6A059A-BBF3-49B2-AC2C-CE9D497A1BB2}] => (Allow) C:\Program Files (x86)\Hide My IP 6\HideMyIpSrv.exe
FirewallRules: [{21C93FBE-FEB8-4BE3-9706-3EE6FF0A67C2}] => (Allow) C:\Program Files (x86)\Hide My IP 6\hideipsh.exe
FirewallRules: [{F8C6B30F-9450-4DDA-9F5A-7D929A781347}] => (Allow) LPort=58172
FirewallRules: [TCP Query User{102DBDB5-615D-4404-BC32-2F5B29EB8146}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{623AB589-BCF6-407D-B4BA-6C9B32EEA502}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{83CF2D3A-7B77-4800-8849-044F6FAEFB08}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{0732FA55-037B-41DB-887C-1CB91BCEB2D4}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{2AA2318A-3100-4D3E-9199-63383BABD462}C:\program files (x86)\kodi\kodi.exe] => (Block) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{EC428951-B836-489F-9863-9FBD656BBEE7}C:\program files (x86)\kodi\kodi.exe] => (Block) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{D424D67A-DE53-486E-997A-2370AB245C45}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
FirewallRules: [{5269B56F-F269-45EF-AC64-4EEB141E475C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{5AEEB5B7-7A50-41EE-84F9-2BFE11533C37}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{14EA40EF-502D-4A0B-B5F6-86D3E683934A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
30-01-2018 21:50:42 Restore Operation
07-02-2018 14:39:41 Windows Update
10-02-2018 19:29:29 Windows Update
14-02-2018 12:57:37 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/15/2018 07:30:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RegHunter.exe, version: 1.3.16.13, time stamp: 0x59e604c1
Faulting module name: Updater.dll, version: 1.3.16.13, time stamp: 0x59e6037c
Exception code: 0xc0000417
Fault offset: 0x00000000000130b0
Faulting process id: 0x1008
Faulting application start time: 0x01d3a6371efafb17
Faulting application path: C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe
Faulting module path: C:\Program Files\Enigma Software Group\RegHunter\Updater.dll
Report Id: 7e5248da-122a-11e8-82ed-6c626d0d9c12
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/14/2018 08:15:13 PM) (Source: BugSplat) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (02/14/2018 12:57:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/14/2018 12:57:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl9caddc49.
 
System Error:
The system cannot find the file specified.
.
 
Error: (02/13/2018 08:38:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: kodi.exe, version: 17.6.0.0, time stamp: 0x5a0b3297
Faulting module name: ucrtbase.DLL, version: 10.0.10586.1171, time stamp: 0x59ae5046
Exception code: 0xc0000409
Fault offset: 0x000846eb
Faulting process id: 0xa68
Faulting application start time: 0x01d3a4ae683a2281
Faulting application path: C:\Program Files (x86)\Kodi\kodi.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ucrtbase.DLL
Report Id: b61ba4f4-10a1-11e8-82e6-6c626d0d9c12
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/13/2018 07:03:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x18c8
Faulting application start time: 0x01d3a4a1301f5458
Faulting application path: C:\Users\TONYD86\AppData\Local\Temp\_PA298\RootkitRevealer.exe
Faulting module path: C:\Users\TONYD86\AppData\Local\Temp\_PA298\RootkitRevealer.exe
Report Id: 6dd7a5d2-1094-11e8-82e6-6c626d0d9c12
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/13/2018 07:03:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x1e40
Faulting application start time: 0x01d3a4a11e74a90a
Faulting application path: C:\Users\TONYD86\AppData\Local\Temp\_PA905\RootkitRevealer.exe
Faulting module path: C:\Users\TONYD86\AppData\Local\Temp\_PA905\RootkitRevealer.exe
Report Id: 5ce9a0c7-1094-11e8-82e6-6c626d0d9c12
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/13/2018 07:34:47 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
 
System errors:
=============
Error: (02/20/2018 04:17:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/20/2018 04:13:57 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/20/2018 04:13:49 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/20/2018 04:08:52 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/20/2018 04:08:35 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/20/2018 04:06:42 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/20/2018 04:06:27 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/20/2018 04:01:56 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
 
Windows Defender:
===================================
Date: 2018-02-20 04:10:10.451
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Severity: Severe
Category: Trojan
Path: file:_D:\APPZ-LATEST-2017----------------\JAN-APPZ-2018-1--------\JAN-23RD-APPZ-2018-----\NCH.Express.Burn.Plus.v6.21.incl.Keygen-LAXiTY\keygen.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Everything\Everything.exe
Signature Version: AV: 1.261.1345.0, AS: 1.261.1345.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0
 
CodeIntegrity:
===================================
 
Date: 2018-02-20 05:06:11.245
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\HMIPCore64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-02-20 05:06:11.014
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\HMIPCore64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-02-15 19:44:06.404
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-02-14 13:37:28.571
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-02-13 07:02:44.188
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-02-10 19:29:28.828
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-02-08 16:50:23.105
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-02-07 15:32:54.243
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\HMIPCore64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 28%
Total physical RAM: 24567.11 MB
Available physical RAM: 17616.54 MB
Total Virtual: 28151.11 MB
Available Virtual: 22479.9 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.57 GB) (Free:94.97 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (NEW 8TB) (Fixed) (Total:7451.91 GB) (Free:1238.51 GB) NTFS
Drive e: (TONYS_DATA) (Fixed) (Total:1863.01 GB) (Free:21.61 GB) NTFS
Drive f: (NEW 4TB STORAGE) (Fixed) (Total:3725.9 GB) (Free:1006.37 GB) NTFS
Drive g: (Tony 3 8TB) (Fixed) (Total:7451.91 GB) (Free:4998.73 GB) NTFS
Drive h: (Tony 1 8TB) (Fixed) (Total:7451.91 GB) (Free:1411.65 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================

  • 0

#4
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi
  • Download CKScanner from here
  • Important - Save it to your desktop.
  • Select CKScanner.exe (Right click and "Run as administrator").
  • Give permission if necessary, and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please run the program once only.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

  • 0

#5
Clayton_879664

Clayton_879664

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\ashampoo\ashampoo burning studio 18\themes\movieeditor_musiceffect\firework_whistles_and_small_explosions_crackle.ashaudio
c:\program files (x86)\ashampoo\ashampoo burning studio 18\themes\movieeditor_musiceffect\firework_whistles_and_small_explosions_crackle.xml
c:\program files (x86)\wondershare\video converter ultimate\downloadres\youtube_dl\extractor\cracked.py
c:\program files (x86)\wondershare\video converter ultimate\downloadres\youtube_dl\extractor\crackle.py
c:\program files (x86)\wondershare\video converter ultimate\downloadres\youtube_dl\extractor\crackle.pyc
c:\program files (x86)\wondershare\video converter ultimate\downloadres\youtube_dl\ws_extractor\crackle.py
c:\program files (x86)\wondershare\video converter ultimate\downloadres\youtube_dl\ws_extractor\crackle.pyc
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\adobe_acrobat_pro_dc_v2015_multi-xforce\crack-windows-dc\install.txt
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\anymp4 iphone transfer pro 8.2.66 + patch - crackingpatching.com\crackingpatching.com.url
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\anymp4 iphone transfer pro 8.2.66 + patch - crackingpatching.com\how to install.txt
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\anymp4 iphone transfer pro 8.2.66 + patch - crackingpatching.com\iphone-transfer-pro.exe
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ashampoo burning studio 18.0.4.15 + crack [cracksnow]\ashampoo_burning_studio_18_18.0.4_sm.exe
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ashampoo burning studio 18.0.4.15 + crack [cracksnow]\downloaded from cracksnow.com.txt
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ashampoo burning studio 18.0.4.15 + crack [cracksnow]\visit cracksnow.com.url
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ashampoo burning studio 18.0.4.15 + crack [cracksnow]\watch cool stuff cracksnow.url
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ashampoo burning studio 18.0.4.15 + crack [cracksnow]\crack\ash_inet2.dll
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ashampoo burning studio 18.0.4.15 + crack [cracksnow]\crack\downloaded from cracksnow.com.txt
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ashampoo burning studio 18.0.4.15 + crack [cracksnow]\crack\visit cracksnow.com.url
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ashampoo burning studio 18.0.4.15 + crack [cracksnow]\crack\watch cool stuff cracksnow.url
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ashampoo burning studio 18.0.4.15 final + crack\read me.txt
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ashampoo burning studio 18.0.4.15 final + crack\softhound.com.txt
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ashampoo burning studio 18.0.4.15 final + crack\softhound.com.url
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ashampoo burning studio 18.0.4.15 final + crack\setup\ashampoo_burning_studio_18_18.0.4_sm.exe
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ashampoo.burning.studio.business.v15.0.4.incl.keygen.and.patch-amped\amped.nfo
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ashampoo.burning.studio.business.v15.0.4.incl.keygen.and.patch-amped\ashampoo_burning_studio_business_15.0.4_sm.exe
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ashampoo.burning.studio.business.v15.0.4.incl.keygen.and.patch-amped\file_id.diz
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ez cd audio converter ultimate 6.2.3.1 (x64) + crack [cracksnow]\downloaded from cracksnow.com.txt
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ez cd audio converter ultimate 6.2.3.1 (x64) + crack [cracksnow]\torrent_downloaded_from_demonoid_-_www.demonoid.pw_ .txt
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ez cd audio converter ultimate 6.2.3.1 (x64) + crack [cracksnow]\visit cracksnow.com.url
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ez cd audio converter ultimate 6.2.3.1 (x64) + crack [cracksnow]\watch more awesome content.url
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\ez cd audio converter ultimate 6.2.3.1 (x64) + crack [cracksnow]\crack\snd.nfo
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\mirc.v7.48-rg\crack\regme.reg
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\utorrent pro 6.4.10 build 43086 incl crack + portable\install.notes.txt
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\utorrent pro 6.4.10 build 43086 incl crack + portable\torrent downloaded from ahashare.com.txt
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\wondershare video converter ultimate 10.0.7.97 final + crack [www.tech-tools.me]\thumbs.db
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\wondershare video converter ultimate 10.0.7.97 final + crack [www.tech-tools.me]\www.tech-tools.me - www.thumperdc.com.txt
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\wondershare video converter ultimate 10.0.7.97 final + crack [www.tech-tools.me]\_readme.txt
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\wondershare video converter ultimate 10.0.7.97 final + crack [www.tech-tools.me]\wondershare video converter ultimate 10.0.7.97 final + crack [www.tech-tools.me]\patch-uret.zip
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\wondershare video converter ultimate 10.0.7.97 final + crack [www.tech-tools.me]\wondershare video converter ultimate 10.0.7.97 final + crack [www.tech-tools.me]\video-converter-ultimate_full495.exe
c:\users\tonyd86\desktop\latest-setup-files-apps-2017\wondershare video converter ultimate 10.0.7.97 final + crack [www.tech-tools.me]\wondershare video converter ultimate 10.0.7.97 final + crack [www.tech-tools.me]\_readme.txt
c:\users\tonyd86\downloads\windows.firewall.control.v5.0.2.0.incl.keygen.happy.16th.birthday.team-ph\p-[bleep].nfo
c:\users\tonyd86\downloads\windows.firewall.control.v5.0.2.0.incl.keygen.happy.16th.birthday.team-ph\wfc5setup.exe
c:\users\tonyd86\downloads\windows.firewall.control.v5.0.2.0.incl.keygen.happy.16th.birthday.team-ph\phell\p-[bleep].nfo
c:\windows\prefetch\keygen.exe-62bcf4c4.pf
scanner sequence 3.ZZ.11.HGNANZ
 ----- EOF ----- 

  • 0

#6
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
One or more of the issues may be a result of downloading cracked/pirated/illegal software. Participating in the use of such software is a security risk. We do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread malware. I strongly recommend you refrain from participating in this activity; your computer will be re-exposed to malware otherwise. Simply visiting a cracked software site often result in exposure to malware. In some instances malware may cause so much damage to your system that removal is not possible and the only option is to reformat your hard drive and reinstall your Operating System.

I am prepared to continue providing assistance as long as you agree to remove all cracked software immediately. Please tell me how you want to proceed.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP