I've been searching the internet, tried almost everything I knew, but can't seem to make those 2 processes leave my PC. Tried RogueKiller, AdwCleaner and MalwareBytes scan (all the files are below)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018 Ran by Home (administrator) on DESKTOP-58EIPAQ (09-03-2018 12:53:22) Running from C:\Users\Home\Downloads Loaded Profiles: Home (Available Profiles: Home) Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Windows\[email protected] (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe () C:\Program Files (x86)\Constraining\radiological.exe () C:\Program Files (x86)\Compote\radiological.exe () C:\Users\Home\AppData\Local\radiological.exe () C:\Program Files (x86)\Compote\radiological.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Program Files (x86)\Compote\radiological.exe () C:\Program Files (x86)\Constraining\radiological.exe (f.lux Software LLC) C:\Users\Home\AppData\Local\FluxSoftware\Flux\flux.exe () C:\Program Files (x86)\Compote\radiological.exe () C:\Program Files (x86)\Constraining\radiological.exe () C:\Program Files (x86)\Compote\radiological.exe () C:\Program Files (x86)\Constraining\radiological.exe () C:\Program Files (x86)\Compote\radiological.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe () C:\Program Files (x86)\Constraining\radiological.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\Home\AppData\Local\radiological.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\Constraining\radiological.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated) HKLM\...\Run: [fasano] => C:\Program Files (x86)\Compote\radiological.exe [135680 2018-03-08] () HKLM\...\Run: [fasanofasano] => C:\Program Files (x86)\Constraining\radiological.exe [135680 2018-03-08] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2018-02-22] (Adobe Systems Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [mateo] => C:\Program Files (x86)\Compote\radiological.exe [135680 2018-03-08] () HKLM-x32\...\Run: [mateomateo] => C:\Program Files (x86)\Constraining\radiological.exe [135680 2018-03-08] () HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\Run: [f.lux] => C:\Users\Home\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC) HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\Run: [kingdon] => C:\Program Files (x86)\Compote\radiological.exe [135680 2018-03-08] () HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\Run: [kingdonkingdon] => C:\Program Files (x86)\Constraining\radiological.exe [135680 2018-03-08] () HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\Run: [upham] => C:\Program Files (x86)\Compote\radiological.exe [135680 2018-03-08] () HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\Run: [uphamupham] => C:\Program Files (x86)\Constraining\radiological.exe [135680 2018-03-08] () Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\occasioned.lnk [2018-03-08] ShortcutTarget: occasioned.lnk -> C:\Program Files (x86)\Compote\radiological.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\Parameters: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{790ab520-1a42-4f49-baae-6b397b4bb545}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{a8332d69-df7d-4620-9972-248d8901991c}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== SearchScopes: HKLM-x32 -> DefaultScope value is missing BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-08] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-01-16] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-01-16] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-16] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-16] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-16] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-16] (Microsoft Corporation) FireFox: ======== FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-02-02] FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-01-16] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-16] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-21] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-21] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2018-02-22] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www2.stm.info/Emplois/ut/VPST/HTMLPosteVoir.htm","hxxp://www.google.com/" CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} CHR DefaultSearchKeyword: Default -> google.com_ CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default [2018-03-09] CHR Extension: (Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-21] CHR Extension: (Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-21] CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-21] CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-21] CHR Extension: (Session Buddy) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-30] CHR Extension: (Adobe Acrobat) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-01-14] CHR Extension: (Google Calendar) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-12-21] CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-03-08] CHR Extension: (Sheets) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-21] CHR Extension: (Google Docs Offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-21] CHR Extension: (AdBlock) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-02-17] CHR Extension: (AirDroid) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd [2017-12-21] CHR Extension: (SoundCloud) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2017-12-21] CHR Extension: (Google Play) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2017-12-21] CHR Extension: (Google Maps) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-12-21] CHR Extension: (OneDrive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2017-12-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-21] CHR Extension: (Outlook.com) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2017-12-21] CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-21] CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-17] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-12-21] () R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761576 2018-02-02] (Microsoft Corporation) R2 KMS-R@1n; C:\Windows\[email protected] [26112 2017-12-21] () [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-13] (Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-27] (Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2016-04-18] (Advanced Micro Devices) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] () R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-03-09] () R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-08] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-09] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-09] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-09] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-09] (Malwarebytes) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek ) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-01-27] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2018-01-27] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-27] (Microsoft Corporation) S1 fwyrsjek; \??\C:\WINDOWS\system32\drivers\fwyrsjek.sys [X] S1 nhxjtsgi; \??\C:\WINDOWS\system32\drivers\nhxjtsgi.sys [X] S1 oxycgxdk; \??\C:\WINDOWS\system32\drivers\oxycgxdk.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-09 12:53 - 2018-03-09 12:54 - 000018547 _____ C:\Users\Home\Downloads\FRST.txt 2018-03-09 12:53 - 2018-03-09 12:53 - 000000000 ____D C:\FRST 2018-03-09 12:52 - 2018-03-09 12:52 - 002403328 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe 2018-03-09 12:45 - 2018-03-09 12:45 - 000000000 ___HD C:\OneDriveTemp 2018-03-09 12:44 - 2018-03-09 12:44 - 000045960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2018-03-09 12:42 - 2018-03-09 12:42 - 000001060 _____ C:\WINDOWS\system32\.crusader 2018-03-09 12:34 - 2018-03-09 12:41 - 538766883 _____ C:\Users\Home\Downloads\Unconfirmed 430820.crdownload 2018-03-09 12:33 - 2018-03-09 12:43 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2018-03-09 12:32 - 2018-03-09 12:42 - 000000000 ____D C:\ProgramData\HitmanPro 2018-03-09 12:32 - 2018-03-09 12:32 - 011605440 _____ (SurfRight B.V.) C:\Users\Home\Downloads\HitmanPro_x64.exe 2018-03-09 12:30 - 2018-03-09 12:30 - 000117368 _____ C:\Users\Home\Desktop\RK.txt 2018-03-09 12:30 - 2018-03-09 12:30 - 000001556 _____ C:\Users\Home\Desktop\AdwCleaner[S3].txt 2018-03-08 19:17 - 2018-03-09 09:13 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2018-03-08 19:12 - 2018-03-08 20:30 - 000000000 ____D C:\ProgramData\RogueKiller 2018-03-08 19:12 - 2018-03-08 19:12 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2018-03-08 19:12 - 2018-03-08 19:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2018-03-08 19:12 - 2018-03-08 19:12 - 000000000 ____D C:\Program Files\RogueKiller 2018-03-08 19:11 - 2018-03-08 19:12 - 036467456 _____ (Adlice Software ) C:\Users\Home\Downloads\setup.exe 2018-03-08 18:52 - 2018-03-08 18:52 - 000000000 ____D C:\Users\Home\AppData\LocalLow\uTorrent 2018-03-08 18:41 - 2018-03-09 12:44 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-03-08 18:41 - 2018-03-09 12:44 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2018-03-08 18:41 - 2018-03-09 12:44 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2018-03-08 18:41 - 2018-03-08 18:41 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2018-03-08 18:41 - 2018-03-08 18:41 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-03-08 18:41 - 2018-03-08 18:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-03-08 18:41 - 2018-03-08 18:41 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-03-08 18:41 - 2018-03-08 18:41 - 000000000 ____D C:\Program Files\Malwarebytes 2018-03-08 18:41 - 2018-01-18 08:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2018-03-08 18:37 - 2018-03-08 18:38 - 069323904 _____ (Malwarebytes ) C:\Users\Home\Downloads\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4256.exe 2018-03-08 18:29 - 2018-03-08 18:29 - 000000000 ____D C:\Users\Home\AppData\Roaming\Macromedia 2018-03-08 18:28 - 2018-03-08 18:54 - 000000000 ____D C:\Program Files (x86)\Compote 2018-03-08 18:28 - 2018-03-08 18:42 - 000000000 ____D C:\Program Files (x86)\marsteller 2018-03-08 18:28 - 2018-03-08 18:31 - 000000000 ___HD C:\Program Files (x86)\sones 2018-03-08 18:28 - 2018-03-08 18:31 - 000000000 ____D C:\Program Files (x86)\kiang 2018-03-08 18:28 - 2018-03-08 18:29 - 000000000 ___HD C:\Program Files (x86)\Constraining 2018-03-08 18:28 - 2018-03-08 18:28 - 000004060 _____ C:\WINDOWS\System32\Tasks\objectiveness offensives manila 2018-03-08 18:28 - 2018-03-08 18:28 - 000003974 _____ C:\WINDOWS\System32\Tasks\gaobjectiveness offensives manilaobjectiveness offensives manila 2018-03-08 18:28 - 2018-03-08 18:28 - 000003952 _____ C:\WINDOWS\System32\Tasks\wendy_loves 2018-03-08 18:28 - 2018-03-08 18:28 - 000003912 _____ C:\WINDOWS\System32\Tasks\orbits 2018-03-08 18:28 - 2018-03-08 18:28 - 000003906 _____ C:\WINDOWS\System32\Tasks\bund 2018-03-08 18:28 - 2018-03-08 18:28 - 000003832 _____ C:\WINDOWS\System32\Tasks\gawendy_loveswendy_loves 2018-03-08 18:28 - 2018-03-08 18:28 - 000003780 _____ C:\WINDOWS\System32\Tasks\gaorbitsorbits 2018-03-08 18:28 - 2018-03-08 18:28 - 000003768 _____ C:\WINDOWS\System32\Tasks\gabundbund 2018-03-08 18:28 - 2018-03-08 18:28 - 000000012 _____ C:\WINDOWS\b67948964 2018-03-08 18:25 - 2018-03-08 18:25 - 000003584 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-58EIPAQ-Home 2018-03-08 18:25 - 2018-03-08 18:25 - 000003072 _____ C:\Users\Home\AppData\Local\removeHN.exe 2018-03-08 18:19 - 2018-03-08 18:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2018-03-08 18:13 - 2018-03-09 12:43 - 000000000 ____D C:\Users\Home\Downloads\Sony Vegas Pro 16.0 Build 459 (x64) +Crack 2018-03-08 18:10 - 2018-03-09 12:24 - 000000000 ____D C:\AdwCleaner 2018-03-08 18:10 - 2018-03-08 18:10 - 008222496 _____ (Malwarebytes) C:\Users\Home\Downloads\adwcleaner_7.0.8.0.exe 2018-03-08 16:31 - 2018-03-08 16:31 - 000135680 _____ C:\WINDOWS\calisthenics.exe 2018-03-08 16:31 - 2018-03-08 16:31 - 000135680 _____ C:\Users\Home\AppData\Local\radiological.exe 2018-02-17 20:01 - 2018-02-17 20:01 - 000021600 _____ C:\WINDOWS\System32\Tasks\1aklSEtcIJxU 2018-02-17 20:01 - 2018-02-17 20:01 - 000000000 ____D C:\Users\Home\AppData\Roaming\Mozilla 2018-02-17 20:00 - 2018-02-17 20:00 - 000140800 _____ C:\Users\Home\AppData\Local\installer.dat 2018-02-17 19:56 - 2018-02-17 19:57 - 000000000 ____D C:\Users\Home\Downloads\Sony Vegas Pro 15.1 Build 375+ Ativador ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-09 12:49 - 2018-01-13 19:07 - 000000000 ____D C:\Users\Home\AppData\Roaming\uTorrent 2018-03-09 12:45 - 2017-12-21 17:53 - 000000000 ___RD C:\Users\Home\OneDrive - USherbrooke 2018-03-09 12:43 - 2017-12-22 00:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-03-09 12:42 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-03-09 12:19 - 2017-12-21 23:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-03-09 09:18 - 2017-12-21 00:34 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-03-09 09:18 - 2017-12-21 00:34 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-03-09 09:16 - 2017-12-22 00:03 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{47D15841-BB75-435B-98E2-E81C1E092B60} 2018-03-08 21:50 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-03-08 20:13 - 2015-10-30 02:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2018-03-08 19:54 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-03-08 19:33 - 2018-01-14 19:50 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk 2018-03-08 19:33 - 2018-01-14 19:50 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk 2018-03-08 19:21 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-03-08 19:21 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-03-08 19:11 - 2017-12-21 01:04 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-03-08 19:08 - 2017-12-21 01:04 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2018-03-08 19:08 - 2017-12-21 01:03 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-03-08 18:44 - 2018-01-14 19:51 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2018-03-08 18:33 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-03-08 18:31 - 2017-12-21 17:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-03-08 18:25 - 2017-12-22 00:02 - 000911002 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-03-08 18:06 - 2017-12-21 09:56 - 000000000 ____D C:\Users\Home\AppData\Local\AMD 2018-02-17 19:14 - 2017-12-22 00:03 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-160618937-1657218905-2856114932-1001 2018-02-17 19:14 - 2017-12-21 00:08 - 000002360 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk ==================== Files in the root of some directories ======= 2018-02-17 20:00 - 2018-02-17 20:00 - 000140800 _____ () C:\Users\Home\AppData\Local\installer.dat 2018-03-08 16:31 - 2018-03-08 16:31 - 000135680 _____ () C:\Users\Home\AppData\Local\radiological.exe 2018-03-08 18:25 - 2018-03-08 18:25 - 000003072 _____ () C:\Users\Home\AppData\Local\removeHN.exe 2017-12-21 00:16 - 2017-12-21 10:11 - 000007608 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2018-03-08 19:12 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\Users\Home\AppData\Local\Temp\dllnt_dump.dll 2018-03-07 08:28 - 2018-03-07 08:28 - 008773272 _____ () C:\Users\Home\AppData\Local\Temp\setup.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-03-08 21:38 ==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018 Ran by Home (09-03-2018 12:54:42) Running from C:\Users\Home\Downloads Windows 10 Pro Version 1709 16299.192 (X64) (2017-12-22 05:05:49) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-160618937-1657218905-2856114932-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-160618937-1657218905-2856114932-503 - Limited - Disabled) Guest (S-1-5-21-160618937-1657218905-2856114932-501 - Limited - Disabled) Home (S-1-5-21-160618937-1657218905-2856114932-1001 - Administrator - Enabled) => C:\Users\Home WDAGUtilityAccount (S-1-5-21-160618937-1657218905-2856114932-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.) Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Epic Games Launcher (HKLM-x32\...\{8F89B0CF-8144-43EE-AB9F-B7F8F23D85FB}) (Version: 1.1.135.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden f.lux (HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\Flux) (Version: - f.lux Software LLC) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8431.2215 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2215 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2215 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2215 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden RogueKiller version 12.12.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.7.0 - Adlice Software) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation) UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation) WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) WinRAR Universal Crack (HKLM-x32\...\WinRAR Universal Crack) (Version: 5.50 - Crackingpatching.com Team) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0DFBB4A9-30BB-4B98-9D89-2CD6A791CC7E} - System32\Tasks\bund => C:\Program Files (x86)\marsteller\marsteller.exe Task: {0EAD7AC9-D450-4D10-98F8-B86B11F8F531} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-58EIPAQ-Home => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated) Task: {2EEB2F68-1E2F-42E9-9A6B-A7774B579F0C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-16] () Task: {63B7A40A-F0DA-49E1-937D-2D773257574B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-03-08] (Microsoft Corporation) Task: {694227FE-0128-46BB-87EE-45D1821C9FF7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-08] (Microsoft Corporation) Task: {742DA817-8111-4D66-97B6-D670A25754E5} - System32\Tasks\gaobjectiveness offensives manilaobjectiveness offensives manila => C:\Users\Home\AppData\Local\radiological.exe [2018-03-08] () Task: {8724F048-E981-49A9-B34C-A217911FDCE5} - System32\Tasks\objectiveness offensives manila => C:\Users\Home\AppData\Local\radiological.exe [2018-03-08] () Task: {8960486C-35D3-4318-9C72-4C944720786E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.) Task: {952BED6C-F364-48BC-A93E-1E58BD0DDBD3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {9C4DF1EE-D56D-4B11-8404-3768E8484FD2} - System32\Tasks\gaorbitsorbits => C:\Program Files (x86)\Compote\radiological.exe [2018-03-08] () Task: {9FC4CFD0-A419-4EA3-826F-A77FF0A0FA19} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate] Task: {A0EA0716-C00E-47A3-9A84-4F5E6DA9C225} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-02] (Microsoft Corporation) Task: {A5A2E7FA-9CDE-492C-9B63-CA34E6C1A309} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {ACED9765-508F-46EB-B867-24914C481E59} - System32\Tasks\orbits => C:\Program Files (x86)\Compote\radiological.exe [2018-03-08] () Task: {CCB26768-EA76-4AAE-B37B-358CAB4508A8} - System32\Tasks\gabundbund => C:\Program Files (x86)\marsteller\marsteller.exe Task: {D14FD2E6-53CC-4C84-921D-7398854A0BA7} - System32\Tasks\gawendy_loveswendy_loves => C:\Program Files (x86)\Constraining\radiological.exe [2018-03-08] () Task: {D8D588AF-0126-4850-95E9-D04BB1EAE521} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-16] () Task: {DF6A7271-7CBD-4488-A751-F9D098951354} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-03-08] (Microsoft Corporation) Task: {F26069E8-00A1-4750-A55D-DA9EC550863A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-21] (Google Inc.) Task: {F91ED805-D5C6-4F24-9FBF-5287A2471316} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-02] (Microsoft Corporation) Task: {FCAC131E-0028-4C49-A1D3-EFADF35C1A52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-21] (Google Inc.) Task: {FDF4A51A-6A83-42F2-88FF-0A4745D31F32} - System32\Tasks\wendy_loves => C:\Program Files (x86)\Constraining\radiological.exe [2018-03-08] () Task: {FECBFF9E-FC56-4436-9EDD-68E2A9511791} - System32\Tasks\1aklSEtcIJxU => 1aklsetcijxu.exe <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-12-21 00:03 - 2017-12-21 00:03 - 000026112 _____ () C:\Windows\[email protected] 2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2018-01-05 00:13 - 2018-01-05 00:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2018-03-08 18:41 - 2018-03-01 10:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-03-08 18:41 - 2018-02-05 14:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-03-08 16:31 - 2018-03-08 16:31 - 000135680 _____ () C:\Program Files (x86)\Constraining\radiological.exe 2018-03-08 16:31 - 2018-03-08 16:31 - 000135680 _____ () C:\Program Files (x86)\Compote\radiological.exe 2017-12-21 18:11 - 2018-01-16 15:31 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2017-12-13 20:38 - 2017-12-13 20:38 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-12-13 20:38 - 2017-12-13 20:38 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-03-08 16:31 - 2018-03-08 16:31 - 000135680 _____ () C:\Users\Home\AppData\Local\radiological.exe 2018-03-08 19:12 - 2018-03-08 19:13 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2018-03-08 19:12 - 2018-03-08 19:13 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2018-03-08 19:12 - 2018-03-08 19:13 - 021824000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2018-03-08 19:12 - 2018-03-08 19:13 - 002529792 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\skypert.dll 2018-01-22 03:15 - 2018-01-22 03:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll 2018-01-22 03:15 - 2018-01-22 03:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2015-11-04 16:43 - 2015-11-04 16:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2018-03-09 09:18 - 2018-02-21 22:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll 2018-03-09 09:18 - 2018-02-21 22:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\sharepoint.com -> hxxps://usherbrooke-files.sharepoint.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 02:24 - 2018-03-08 18:29 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-160618937-1657218905-2856114932-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "fasanofasano" HKLM\...\StartupApproved\Run: => "fasano" HKLM\...\StartupApproved\Run32: => "PlaysTV" HKLM\...\StartupApproved\Run32: => "Raptr" HKLM\...\StartupApproved\Run32: => "mateomateo" HKLM\...\StartupApproved\Run32: => "mateo" HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\StartupApproved\StartupFolder: => "occasioned.lnk" HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\StartupApproved\Run: => "deryda" HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\StartupApproved\Run: => "uphamupham" HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\StartupApproved\Run: => "upham" HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\StartupApproved\Run: => "kingdonkingdon" HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\StartupApproved\Run: => "kingdon" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{785A9925-48F0-4CD6-B492-AAC444A4DF99}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{D2452073-24AE-4BA1-AC7C-A01B9E930305}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{3BAB550D-362A-4514-A5D8-A9538DEDBB48}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{9E5A6587-02BE-444B-9C18-D8E11F66A8A0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{E960D01F-00A6-4A75-939B-D01EE80D9207}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{12F0D198-9100-48AF-8566-5FB27CECB0B9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{8F920735-89BD-4E53-893B-204050789F26}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E6430763-DA9D-4C40-861D-69F8A58A2B4E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{EFBBE88D-89A7-4350-B36A-1295A94BEC0C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe FirewallRules: [TCP Query User{EAEFB202-D810-4910-BE7D-6001C479923C}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [UDP Query User{941AE539-97ED-46D1-9C80-886E8CFEADDF}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [TCP Query User{75E874CB-B7F5-4F01-8039-D0103304F17F}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [UDP Query User{C9D654BC-D695-4F8A-B7C2-6130D68E5CE5}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [TCP Query User{FC2C4FF8-D375-42AB-A775-BC1E1F2432AD}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [UDP Query User{537CB136-28E2-4554-AE13-BD8E9541EA8B}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [{79F9E882-571F-48A9-90D8-80852548FCB9}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{1E518770-C1F3-4D7C-ACC2-15F0FD809C65}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{C1A0BE14-4B30-4FEB-B55A-19001BA837FA}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{462E752E-7573-491A-BF73-0CDFAD43C75F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{E0A018A5-6888-419B-8F97-8A1B36D1CB5F}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{C90969B2-241E-47A7-B6AD-1A5A34E45F8B}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{637B9657-CB10-4BC1-AC73-25FC79147F91}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{E2FA8763-66CF-4888-A6A3-7E7693A01503}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{ECAE79E6-7E4D-4531-B6C5-8FC6A26E5040}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [{DE6659F1-7982-4C49-B397-3811750CA6A0}] => (Allow) C:\Program Files (x86)\Compote\radiological.exe FirewallRules: [{3790C9D5-B19A-4574-9436-6AD646FAAF67}] => (Allow) C:\Program Files (x86)\Constraining\radiological.exe FirewallRules: [{BC2D29A3-4641-4E87-A807-0D7B0C61691B}] => (Allow) C:\Program Files (x86)\kiang\durango.exe FirewallRules: [{75290EAA-BB7B-4C77-8567-B52C8EC4C2AF}] => (Allow) C:\Program Files (x86)\Constraining\durango.exe FirewallRules: [{381D6670-3589-471C-80C4-998C5B69BC67}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{56D59A5A-14B2-4762-8006-0898ED382D2C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{0DD03261-C21D-49FE-ABD1-CB58356B8ED9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{127DFCA5-ED71-4240-A54F-12B45BC9471A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{0A291923-6E0F-4AC2-8E51-64707E133284}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{40A03BDB-1205-46A8-AC98-9A3A4DFECB16}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{79B6F6A1-7AA5-46DF-87A5-0C517A0CC3DC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{77A18D02-23C8-4565-AAE9-6C532E07F8ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{5FA72AE9-107F-4872-BD89-00BB27F39B75}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe FirewallRules: [{009103FD-59DF-456E-9B17-AF9F7070FBDB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe FirewallRules: [{E6B9987D-A009-4AA8-827A-827EDCBBDDEE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 08-03-2018 18:58:24 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/09/2018 12:42:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: taskmgr.exe, version: 10.0.16299.15, time stamp: 0x635d4324 Faulting module name: taskmgr.exe, version: 10.0.16299.15, time stamp: 0x635d4324 Exception code: 0xc0000409 Fault offset: 0x00000000000147d9 Faulting process id: 0x19c0 Faulting application start time: 0x01d3b7cd4732ee8a Faulting application path: C:\WINDOWS\system32\taskmgr.exe Faulting module path: C:\WINDOWS\system32\taskmgr.exe Report Id: 3d45ed89-b9a9-4d9d-adf3-c9b9696cae6c Faulting package full name: Faulting package-relative application ID: Error: (03/09/2018 11:17:48 AM) (Source: Microsoft Security Client) (EventID: 3002) (User: ) Description: Event-ID 3002 Error: (03/09/2018 11:17:46 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (03/09/2018 11:17:46 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (03/09/2018 11:17:19 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (03/09/2018 11:17:19 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (03/08/2018 09:34:47 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: ) Description: Event-ID 3002 Error: (03/08/2018 09:34:45 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 System errors: ============= Error: (03/09/2018 12:49:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Delivery Optimization service hung on starting. Error: (03/09/2018 12:47:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-58EIPAQ) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-58EIPAQ\Home SID (S-1-5-21-160618937-1657218905-2856114932-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/09/2018 12:44:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/09/2018 12:44:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/09/2018 12:44:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/09/2018 12:44:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/09/2018 12:43:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HitmanPro38CrusaderBoot service terminated with the following service-specific error: The operation completed successfully. Error: (03/09/2018 12:41:57 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-58EIPAQ) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-58EIPAQ\Home SID (S-1-5-21-160618937-1657218905-2856114932-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Windows Defender: =================================== Date: 2018-03-08 18:39:23.418 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanSpy:Win32/SocStealer!rfn&threatid=2147724296&enterprise=0 Name: TrojanSpy:Win32/SocStealer!rfn ID: 2147724296 Severity: Severe Category: Trojan Monitoring Software Path: file:_c:\users\home\appdata\local\adservice\adservice.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Signature Version: AV: 1.263.346.0, AS: 1.263.346.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.14600.4, NIS: 0.0.0.0 Date: 2018-03-08 18:38:41.847 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanSpy:Win32/SocStealer!rfn&threatid=2147724296&enterprise=0 Name: TrojanSpy:Win32/SocStealer!rfn ID: 2147724296 Severity: Severe Category: Trojan Monitoring Software Path: file:_c:\users\home\appdata\local\adservice\adservice.dll;service:_HNService Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Signature Version: AV: 1.263.346.0, AS: 1.263.346.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.14600.4, NIS: 0.0.0.0 Date: 2018-03-08 18:31:39.703 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0 Name: Trojan:Win32/Fuery.A!cl ID: 2147718513 Severity: Severe Category: Trojan Path: file:_C:\Program Files (x86)\kiang\durango.exe;file:_C:\Users\Home\AppData\Local\durango.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\System32\svchost.exe Signature Version: AV: 1.263.346.0, AS: 1.263.346.0, NIS: 118.2.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0 Date: 2018-03-08 18:31:22.525 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0 Name: Trojan:Win32/Fuery.A!cl ID: 2147718513 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\Home\AppData\Local\Temp\nsvFAA6.tmp\78824877.exe;file:_C:\Program Files (x86)\Constraining\durango.exe;file:_C:\Program Files (x86)\kiang\durango.exe;file:_C:\Program Files (x86)\sones\insight.exe;file:_C:\Users\Home\AppData\Local\durango.exe;file:_C:\Users\Home\AppData\Local\Temp\nsh7F08.tmp\77646.exe;file:_C:\Users\Home\AppData\Local\Temp\nsvFAA6.tmp\78824877.exe->(nsis-1-128407.exe);file:_C:\Users\Home\AppData\Local\Temp\nsvFAA6.tmp\78824877.exe->(nsis-1-77646.exe);file:_C:\Users\Home\AppData\Local\Temp\nsvFAA6.tmp\78824877.exe->(nsis-1-insight.exe);file:_C:\Users\Home\AppData\Local\Temp\nsvFAA6.tmp\78824877.exe->(nsis-1-NMcybernetic.exe);file:_C:\Users\Home\AppData\Local\Temp\nsvFAA6.tmp\78824877.exe->(nsis-1-þ?\kiang\kiang.exe);file:_C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\occasionedoccasioned.lnk;file:_C:\WINDOWS\System32\Tasks\coexists_luth;file:_C:\WINDOWS\System32\Tasks\gacoexists_luthcoexists_luth;file:_C:\WINDOWS\System32\Tasks\gatrusses Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\System32\svchost.exe Signature Version: AV: 1.263.346.0, AS: 1.263.346.0, NIS: 118.2.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0 Date: 2018-03-08 18:30:51.479 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0 Name: Trojan:Win32/Fuerboos.C!cl ID: 2147723654 Severity: Severe Category: Trojan Path: file:_C:\Users\Home\AppData\Local\Temp\414562\ic-0.93552263447d9.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Users\Home\AppData\Local\Temp\nsu1793.tmp\cpSetup.exe Signature Version: AV: 1.261.1314.0, AS: 1.261.1314.0, NIS: 118.2.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0 Date: 2018-03-08 18:31:33.105 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.263.346.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14600.4 Error code: 0x80070645 Error description: This action is only valid for products that are currently installed. Date: 2018-03-08 18:31:33.104 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 118.2.0.0 Update Source: Microsoft Malware Protection Center Signature Type: Network Inspection System Update Type: Full Current Engine Version: Previous Engine Version: 2.1.14202.0 Error code: 0x80070645 Error description: This action is only valid for products that are currently installed. Date: 2018-01-27 17:06:14.806 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.261.77.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14500.5 Error code: 0x800704e8 Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. Date: 2018-01-27 17:06:14.805 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.261.77.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14500.5 Error code: 0x800704e8 Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. Date: 2018-01-27 17:06:14.805 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.261.77.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14500.5 Error code: 0x800704e8 Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. CodeIntegrity: =================================== Date: 2018-03-09 12:50:21.335 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-03-09 12:50:21.332 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-03-09 12:49:16.562 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-03-09 12:49:16.559 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-03-09 12:47:57.177 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-03-09 12:47:57.174 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-03-09 12:46:51.586 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-03-09 12:46:51.583 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X4 640 Processor Percentage of memory in use: 39% Total physical RAM: 8191.18 MB Available physical RAM: 4934.98 MB Total Virtual: 9471.18 MB Available Virtual: 5662.32 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:464.84 GB) (Free:312.2 GB) NTFS \\?\Volume{26121d70-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS \\?\Volume{26121d70-0000-0000-0000-f03b74000000}\ () (Fixed) (Total:0.82 GB) (Free:0.44 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 26121D70) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=464.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=843 MB) - (Type=27) ==================== End of Addition.txt ============================