Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Process : Radiological.exe and jZOR? [Solved]


  • This topic is locked This topic is locked

#1
gr4v1ty

gr4v1ty

    New Member

  • Member
  • Pip
  • 1 posts

I've been searching the internet, tried almost everything I knew, but can't seem to make those 2 processes leave my PC. Tried RogueKiller, AdwCleaner and MalwareBytes scan (all the files are below)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by Home (administrator) on DESKTOP-58EIPAQ (09-03-2018 12:53:22)
Running from C:\Users\Home\Downloads
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\[email protected]
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files (x86)\Constraining\radiological.exe
() C:\Program Files (x86)\Compote\radiological.exe
() C:\Users\Home\AppData\Local\radiological.exe
() C:\Program Files (x86)\Compote\radiological.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Compote\radiological.exe
() C:\Program Files (x86)\Constraining\radiological.exe
(f.lux Software LLC) C:\Users\Home\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files (x86)\Compote\radiological.exe
() C:\Program Files (x86)\Constraining\radiological.exe
() C:\Program Files (x86)\Compote\radiological.exe
() C:\Program Files (x86)\Constraining\radiological.exe
() C:\Program Files (x86)\Compote\radiological.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
() C:\Program Files (x86)\Constraining\radiological.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Home\AppData\Local\radiological.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Constraining\radiological.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [fasano] => C:\Program Files (x86)\Compote\radiological.exe [135680 2018-03-08] ()
HKLM\...\Run: [fasanofasano] => C:\Program Files (x86)\Constraining\radiological.exe [135680 2018-03-08] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2018-02-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [mateo] => C:\Program Files (x86)\Compote\radiological.exe [135680 2018-03-08] ()
HKLM-x32\...\Run: [mateomateo] => C:\Program Files (x86)\Constraining\radiological.exe [135680 2018-03-08] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\Run: [f.lux] => C:\Users\Home\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\Run: [kingdon] => C:\Program Files (x86)\Compote\radiological.exe [135680 2018-03-08] ()
HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\Run: [kingdonkingdon] => C:\Program Files (x86)\Constraining\radiological.exe [135680 2018-03-08] ()
HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\Run: [upham] => C:\Program Files (x86)\Compote\radiological.exe [135680 2018-03-08] ()
HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\Run: [uphamupham] => C:\Program Files (x86)\Constraining\radiological.exe [135680 2018-03-08] ()
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\occasioned.lnk [2018-03-08]
ShortcutTarget: occasioned.lnk -> C:\Program Files (x86)\Compote\radiological.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{790ab520-1a42-4f49-baae-6b397b4bb545}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a8332d69-df7d-4620-9972-248d8901991c}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-08] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-01-16] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-01-16] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-16] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-16] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-02-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-01-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-21] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www2.stm.info/Emplois/ut/VPST/HTMLPosteVoir.htm","hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
CHR DefaultSearchKeyword: Default -> google.com_
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default [2018-03-09]
CHR Extension: (Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-21]
CHR Extension: (Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-21]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-21]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-21]
CHR Extension: (Session Buddy) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-01-14]
CHR Extension: (Google Calendar) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-12-21]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-03-08]
CHR Extension: (Sheets) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-21]
CHR Extension: (Google Docs Offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-21]
CHR Extension: (AdBlock) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-02-17]
CHR Extension: (AirDroid) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd [2017-12-21]
CHR Extension: (SoundCloud) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2017-12-21]
CHR Extension: (Google Play) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2017-12-21]
CHR Extension: (Google Maps) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-12-21]
CHR Extension: (OneDrive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2017-12-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-21]
CHR Extension: (Outlook.com) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2017-12-21]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-21]
CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-12-21] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761576 2018-02-02] (Microsoft Corporation)
R2 [email protected]; C:\Windows\[email protected] [26112 2017-12-21] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-13] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-27] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2016-04-18] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-03-09] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-08] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-09] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-09] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-09] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-09] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-01-27] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2018-01-27] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-27] (Microsoft Corporation)
S1 fwyrsjek; \??\C:\WINDOWS\system32\drivers\fwyrsjek.sys [X]
S1 nhxjtsgi; \??\C:\WINDOWS\system32\drivers\nhxjtsgi.sys [X]
S1 oxycgxdk; \??\C:\WINDOWS\system32\drivers\oxycgxdk.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-09 12:53 - 2018-03-09 12:54 - 000018547 _____ C:\Users\Home\Downloads\FRST.txt
2018-03-09 12:53 - 2018-03-09 12:53 - 000000000 ____D C:\FRST
2018-03-09 12:52 - 2018-03-09 12:52 - 002403328 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe
2018-03-09 12:45 - 2018-03-09 12:45 - 000000000 ___HD C:\OneDriveTemp
2018-03-09 12:44 - 2018-03-09 12:44 - 000045960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-09 12:42 - 2018-03-09 12:42 - 000001060 _____ C:\WINDOWS\system32\.crusader
2018-03-09 12:34 - 2018-03-09 12:41 - 538766883 _____ C:\Users\Home\Downloads\Unconfirmed 430820.crdownload
2018-03-09 12:33 - 2018-03-09 12:43 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-03-09 12:32 - 2018-03-09 12:42 - 000000000 ____D C:\ProgramData\HitmanPro
2018-03-09 12:32 - 2018-03-09 12:32 - 011605440 _____ (SurfRight B.V.) C:\Users\Home\Downloads\HitmanPro_x64.exe
2018-03-09 12:30 - 2018-03-09 12:30 - 000117368 _____ C:\Users\Home\Desktop\RK.txt
2018-03-09 12:30 - 2018-03-09 12:30 - 000001556 _____ C:\Users\Home\Desktop\AdwCleaner[S3].txt
2018-03-08 19:17 - 2018-03-09 09:13 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-03-08 19:12 - 2018-03-08 20:30 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-08 19:12 - 2018-03-08 19:12 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-03-08 19:12 - 2018-03-08 19:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-03-08 19:12 - 2018-03-08 19:12 - 000000000 ____D C:\Program Files\RogueKiller
2018-03-08 19:11 - 2018-03-08 19:12 - 036467456 _____ (Adlice Software ) C:\Users\Home\Downloads\setup.exe
2018-03-08 18:52 - 2018-03-08 18:52 - 000000000 ____D C:\Users\Home\AppData\LocalLow\uTorrent
2018-03-08 18:41 - 2018-03-09 12:44 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-08 18:41 - 2018-03-09 12:44 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-08 18:41 - 2018-03-09 12:44 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-08 18:41 - 2018-03-08 18:41 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-08 18:41 - 2018-03-08 18:41 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-08 18:41 - 2018-03-08 18:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-08 18:41 - 2018-03-08 18:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-08 18:41 - 2018-03-08 18:41 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-08 18:41 - 2018-01-18 08:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-08 18:37 - 2018-03-08 18:38 - 069323904 _____ (Malwarebytes ) C:\Users\Home\Downloads\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4256.exe
2018-03-08 18:29 - 2018-03-08 18:29 - 000000000 ____D C:\Users\Home\AppData\Roaming\Macromedia
2018-03-08 18:28 - 2018-03-08 18:54 - 000000000 ____D C:\Program Files (x86)\Compote
2018-03-08 18:28 - 2018-03-08 18:42 - 000000000 ____D C:\Program Files (x86)\marsteller
2018-03-08 18:28 - 2018-03-08 18:31 - 000000000 ___HD C:\Program Files (x86)\sones
2018-03-08 18:28 - 2018-03-08 18:31 - 000000000 ____D C:\Program Files (x86)\kiang
2018-03-08 18:28 - 2018-03-08 18:29 - 000000000 ___HD C:\Program Files (x86)\Constraining
2018-03-08 18:28 - 2018-03-08 18:28 - 000004060 _____ C:\WINDOWS\System32\Tasks\objectiveness offensives manila
2018-03-08 18:28 - 2018-03-08 18:28 - 000003974 _____ C:\WINDOWS\System32\Tasks\gaobjectiveness offensives manilaobjectiveness offensives manila
2018-03-08 18:28 - 2018-03-08 18:28 - 000003952 _____ C:\WINDOWS\System32\Tasks\wendy_loves
2018-03-08 18:28 - 2018-03-08 18:28 - 000003912 _____ C:\WINDOWS\System32\Tasks\orbits
2018-03-08 18:28 - 2018-03-08 18:28 - 000003906 _____ C:\WINDOWS\System32\Tasks\bund
2018-03-08 18:28 - 2018-03-08 18:28 - 000003832 _____ C:\WINDOWS\System32\Tasks\gawendy_loveswendy_loves
2018-03-08 18:28 - 2018-03-08 18:28 - 000003780 _____ C:\WINDOWS\System32\Tasks\gaorbitsorbits
2018-03-08 18:28 - 2018-03-08 18:28 - 000003768 _____ C:\WINDOWS\System32\Tasks\gabundbund
2018-03-08 18:28 - 2018-03-08 18:28 - 000000012 _____ C:\WINDOWS\b67948964
2018-03-08 18:25 - 2018-03-08 18:25 - 000003584 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-58EIPAQ-Home
2018-03-08 18:25 - 2018-03-08 18:25 - 000003072 _____ C:\Users\Home\AppData\Local\removeHN.exe
2018-03-08 18:19 - 2018-03-08 18:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-03-08 18:13 - 2018-03-09 12:43 - 000000000 ____D C:\Users\Home\Downloads\Sony Vegas Pro 16.0 Build 459 (x64) +Crack
2018-03-08 18:10 - 2018-03-09 12:24 - 000000000 ____D C:\AdwCleaner
2018-03-08 18:10 - 2018-03-08 18:10 - 008222496 _____ (Malwarebytes) C:\Users\Home\Downloads\adwcleaner_7.0.8.0.exe
2018-03-08 16:31 - 2018-03-08 16:31 - 000135680 _____ C:\WINDOWS\calisthenics.exe
2018-03-08 16:31 - 2018-03-08 16:31 - 000135680 _____ C:\Users\Home\AppData\Local\radiological.exe
2018-02-17 20:01 - 2018-02-17 20:01 - 000021600 _____ C:\WINDOWS\System32\Tasks\1aklSEtcIJxU
2018-02-17 20:01 - 2018-02-17 20:01 - 000000000 ____D C:\Users\Home\AppData\Roaming\Mozilla
2018-02-17 20:00 - 2018-02-17 20:00 - 000140800 _____ C:\Users\Home\AppData\Local\installer.dat
2018-02-17 19:56 - 2018-02-17 19:57 - 000000000 ____D C:\Users\Home\Downloads\Sony Vegas Pro 15.1 Build 375+ Ativador

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-09 12:49 - 2018-01-13 19:07 - 000000000 ____D C:\Users\Home\AppData\Roaming\uTorrent
2018-03-09 12:45 - 2017-12-21 17:53 - 000000000 ___RD C:\Users\Home\OneDrive - USherbrooke
2018-03-09 12:43 - 2017-12-22 00:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-09 12:42 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-09 12:19 - 2017-12-21 23:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-09 09:18 - 2017-12-21 00:34 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-09 09:18 - 2017-12-21 00:34 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-09 09:16 - 2017-12-22 00:03 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{47D15841-BB75-435B-98E2-E81C1E092B60}
2018-03-08 21:50 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-08 20:13 - 2015-10-30 02:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-03-08 19:54 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-08 19:33 - 2018-01-14 19:50 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2018-03-08 19:33 - 2018-01-14 19:50 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2018-03-08 19:21 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-08 19:21 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-08 19:11 - 2017-12-21 01:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-08 19:08 - 2017-12-21 01:04 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-08 19:08 - 2017-12-21 01:03 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-08 18:44 - 2018-01-14 19:51 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-03-08 18:33 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-08 18:31 - 2017-12-21 17:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-08 18:25 - 2017-12-22 00:02 - 000911002 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-08 18:06 - 2017-12-21 09:56 - 000000000 ____D C:\Users\Home\AppData\Local\AMD
2018-02-17 19:14 - 2017-12-22 00:03 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-160618937-1657218905-2856114932-1001
2018-02-17 19:14 - 2017-12-21 00:08 - 000002360 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== Files in the root of some directories =======

2018-02-17 20:00 - 2018-02-17 20:00 - 000140800 _____ () C:\Users\Home\AppData\Local\installer.dat
2018-03-08 16:31 - 2018-03-08 16:31 - 000135680 _____ () C:\Users\Home\AppData\Local\radiological.exe
2018-03-08 18:25 - 2018-03-08 18:25 - 000003072 _____ () C:\Users\Home\AppData\Local\removeHN.exe
2017-12-21 00:16 - 2017-12-21 10:11 - 000007608 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-03-08 19:12 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\Users\Home\AppData\Local\Temp\dllnt_dump.dll
2018-03-07 08:28 - 2018-03-07 08:28 - 008773272 _____ () C:\Users\Home\AppData\Local\Temp\setup.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-08 21:38

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Home (09-03-2018 12:54:42)
Running from C:\Users\Home\Downloads
Windows 10 Pro Version 1709 16299.192 (X64) (2017-12-22 05:05:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-160618937-1657218905-2856114932-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-160618937-1657218905-2856114932-503 - Limited - Disabled)
Guest (S-1-5-21-160618937-1657218905-2856114932-501 - Limited - Disabled)
Home (S-1-5-21-160618937-1657218905-2856114932-1001 - Administrator - Enabled) => C:\Users\Home
WDAGUtilityAccount (S-1-5-21-160618937-1657218905-2856114932-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Epic Games Launcher (HKLM-x32\...\{8F89B0CF-8144-43EE-AB9F-B7F8F23D85FB}) (Version: 1.1.135.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\Flux) (Version:  - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8431.2215 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2215 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2215 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2215 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
RogueKiller version 12.12.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.7.0 - Adlice Software)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinRAR Universal Crack (HKLM-x32\...\WinRAR Universal Crack) (Version: 5.50 - Crackingpatching.com Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DFBB4A9-30BB-4B98-9D89-2CD6A791CC7E} - System32\Tasks\bund => C:\Program Files (x86)\marsteller\marsteller.exe
Task: {0EAD7AC9-D450-4D10-98F8-B86B11F8F531} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-58EIPAQ-Home => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {2EEB2F68-1E2F-42E9-9A6B-A7774B579F0C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-16] ()
Task: {63B7A40A-F0DA-49E1-937D-2D773257574B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-03-08] (Microsoft Corporation)
Task: {694227FE-0128-46BB-87EE-45D1821C9FF7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-08] (Microsoft Corporation)
Task: {742DA817-8111-4D66-97B6-D670A25754E5} - System32\Tasks\gaobjectiveness offensives manilaobjectiveness offensives manila => C:\Users\Home\AppData\Local\radiological.exe [2018-03-08] ()
Task: {8724F048-E981-49A9-B34C-A217911FDCE5} - System32\Tasks\objectiveness offensives manila => C:\Users\Home\AppData\Local\radiological.exe [2018-03-08] ()
Task: {8960486C-35D3-4318-9C72-4C944720786E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {952BED6C-F364-48BC-A93E-1E58BD0DDBD3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {9C4DF1EE-D56D-4B11-8404-3768E8484FD2} - System32\Tasks\gaorbitsorbits => C:\Program Files (x86)\Compote\radiological.exe [2018-03-08] ()
Task: {9FC4CFD0-A419-4EA3-826F-A77FF0A0FA19} - System32\Tasks\[email protected]\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {A0EA0716-C00E-47A3-9A84-4F5E6DA9C225} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-02] (Microsoft Corporation)
Task: {A5A2E7FA-9CDE-492C-9B63-CA34E6C1A309} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {ACED9765-508F-46EB-B867-24914C481E59} - System32\Tasks\orbits => C:\Program Files (x86)\Compote\radiological.exe [2018-03-08] ()
Task: {CCB26768-EA76-4AAE-B37B-358CAB4508A8} - System32\Tasks\gabundbund => C:\Program Files (x86)\marsteller\marsteller.exe
Task: {D14FD2E6-53CC-4C84-921D-7398854A0BA7} - System32\Tasks\gawendy_loveswendy_loves => C:\Program Files (x86)\Constraining\radiological.exe [2018-03-08] ()
Task: {D8D588AF-0126-4850-95E9-D04BB1EAE521} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-16] ()
Task: {DF6A7271-7CBD-4488-A751-F9D098951354} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-03-08] (Microsoft Corporation)
Task: {F26069E8-00A1-4750-A55D-DA9EC550863A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-21] (Google Inc.)
Task: {F91ED805-D5C6-4F24-9FBF-5287A2471316} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-02] (Microsoft Corporation)
Task: {FCAC131E-0028-4C49-A1D3-EFADF35C1A52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-21] (Google Inc.)
Task: {FDF4A51A-6A83-42F2-88FF-0A4745D31F32} - System32\Tasks\wendy_loves => C:\Program Files (x86)\Constraining\radiological.exe [2018-03-08] ()
Task: {FECBFF9E-FC56-4436-9EDD-68E2A9511791} - System32\Tasks\1aklSEtcIJxU => 1aklsetcijxu.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-21 00:03 - 2017-12-21 00:03 - 000026112 _____ () C:\Windows\[email protected]
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 00:13 - 2018-01-05 00:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-03-08 18:41 - 2018-03-01 10:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-03-08 18:41 - 2018-02-05 14:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-08 16:31 - 2018-03-08 16:31 - 000135680 _____ () C:\Program Files (x86)\Constraining\radiological.exe
2018-03-08 16:31 - 2018-03-08 16:31 - 000135680 _____ () C:\Program Files (x86)\Compote\radiological.exe
2017-12-21 18:11 - 2018-01-16 15:31 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-12-13 20:38 - 2017-12-13 20:38 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 20:38 - 2017-12-13 20:38 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-08 16:31 - 2018-03-08 16:31 - 000135680 _____ () C:\Users\Home\AppData\Local\radiological.exe
2018-03-08 19:12 - 2018-03-08 19:13 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-08 19:12 - 2018-03-08 19:13 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-08 19:12 - 2018-03-08 19:13 - 021824000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-08 19:12 - 2018-03-08 19:13 - 002529792 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-22 03:15 - 2018-01-22 03:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-01-22 03:15 - 2018-01-22 03:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2015-11-04 16:43 - 2015-11-04 16:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2018-03-09 09:18 - 2018-02-21 22:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-03-09 09:18 - 2018-02-21 22:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\sharepoint.com -> hxxps://usherbrooke-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2018-03-08 18:29 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-160618937-1657218905-2856114932-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "fasanofasano"
HKLM\...\StartupApproved\Run: => "fasano"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "mateomateo"
HKLM\...\StartupApproved\Run32: => "mateo"
HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\StartupApproved\StartupFolder: => "occasioned.lnk"
HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\StartupApproved\Run: => "deryda"
HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\StartupApproved\Run: => "uphamupham"
HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\StartupApproved\Run: => "upham"
HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\StartupApproved\Run: => "kingdonkingdon"
HKU\S-1-5-21-160618937-1657218905-2856114932-1001\...\StartupApproved\Run: => "kingdon"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{785A9925-48F0-4CD6-B492-AAC444A4DF99}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{D2452073-24AE-4BA1-AC7C-A01B9E930305}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3BAB550D-362A-4514-A5D8-A9538DEDBB48}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{9E5A6587-02BE-444B-9C18-D8E11F66A8A0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E960D01F-00A6-4A75-939B-D01EE80D9207}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{12F0D198-9100-48AF-8566-5FB27CECB0B9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8F920735-89BD-4E53-893B-204050789F26}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E6430763-DA9D-4C40-861D-69F8A58A2B4E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EFBBE88D-89A7-4350-B36A-1295A94BEC0C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [TCP Query User{EAEFB202-D810-4910-BE7D-6001C479923C}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{941AE539-97ED-46D1-9C80-886E8CFEADDF}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{75E874CB-B7F5-4F01-8039-D0103304F17F}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{C9D654BC-D695-4F8A-B7C2-6130D68E5CE5}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{FC2C4FF8-D375-42AB-A775-BC1E1F2432AD}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{537CB136-28E2-4554-AE13-BD8E9541EA8B}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{79F9E882-571F-48A9-90D8-80852548FCB9}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{1E518770-C1F3-4D7C-ACC2-15F0FD809C65}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{C1A0BE14-4B30-4FEB-B55A-19001BA837FA}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{462E752E-7573-491A-BF73-0CDFAD43C75F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{E0A018A5-6888-419B-8F97-8A1B36D1CB5F}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{C90969B2-241E-47A7-B6AD-1A5A34E45F8B}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{637B9657-CB10-4BC1-AC73-25FC79147F91}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{E2FA8763-66CF-4888-A6A3-7E7693A01503}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{ECAE79E6-7E4D-4531-B6C5-8FC6A26E5040}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{DE6659F1-7982-4C49-B397-3811750CA6A0}] => (Allow) C:\Program Files (x86)\Compote\radiological.exe
FirewallRules: [{3790C9D5-B19A-4574-9436-6AD646FAAF67}] => (Allow) C:\Program Files (x86)\Constraining\radiological.exe
FirewallRules: [{BC2D29A3-4641-4E87-A807-0D7B0C61691B}] => (Allow) C:\Program Files (x86)\kiang\durango.exe
FirewallRules: [{75290EAA-BB7B-4C77-8567-B52C8EC4C2AF}] => (Allow) C:\Program Files (x86)\Constraining\durango.exe
FirewallRules: [{381D6670-3589-471C-80C4-998C5B69BC67}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{56D59A5A-14B2-4762-8006-0898ED382D2C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{0DD03261-C21D-49FE-ABD1-CB58356B8ED9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{127DFCA5-ED71-4240-A54F-12B45BC9471A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{0A291923-6E0F-4AC2-8E51-64707E133284}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{40A03BDB-1205-46A8-AC98-9A3A4DFECB16}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{79B6F6A1-7AA5-46DF-87A5-0C517A0CC3DC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{77A18D02-23C8-4565-AAE9-6C532E07F8ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5FA72AE9-107F-4872-BD89-00BB27F39B75}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{009103FD-59DF-456E-9B17-AF9F7070FBDB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{E6B9987D-A009-4AA8-827A-827EDCBBDDEE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-03-2018 18:58:24 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2018 12:42:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskmgr.exe, version: 10.0.16299.15, time stamp: 0x635d4324
Faulting module name: taskmgr.exe, version: 10.0.16299.15, time stamp: 0x635d4324
Exception code: 0xc0000409
Fault offset: 0x00000000000147d9
Faulting process id: 0x19c0
Faulting application start time: 0x01d3b7cd4732ee8a
Faulting application path: C:\WINDOWS\system32\taskmgr.exe
Faulting module path: C:\WINDOWS\system32\taskmgr.exe
Report Id: 3d45ed89-b9a9-4d9d-adf3-c9b9696cae6c
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/09/2018 11:17:48 AM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (03/09/2018 11:17:46 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/09/2018 11:17:46 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/09/2018 11:17:19 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/09/2018 11:17:19 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/08/2018 09:34:47 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (03/08/2018 09:34:45 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000


System errors:
=============
Error: (03/09/2018 12:49:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (03/09/2018 12:47:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-58EIPAQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-58EIPAQ\Home SID (S-1-5-21-160618937-1657218905-2856114932-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/09/2018 12:44:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/09/2018 12:44:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/09/2018 12:44:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/09/2018 12:44:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/09/2018 12:43:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro38CrusaderBoot service terminated with the following service-specific error: 
The operation completed successfully.

Error: (03/09/2018 12:41:57 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-58EIPAQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-58EIPAQ\Home SID (S-1-5-21-160618937-1657218905-2856114932-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-03-08 18:39:23.418
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanSpy:Win32/SocStealer!rfn&threatid=2147724296&enterprise=0
Name: TrojanSpy:Win32/SocStealer!rfn
ID: 2147724296
Severity: Severe
Category: Trojan Monitoring Software
Path: file:_c:\users\home\appdata\local\adservice\adservice.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.346.0, AS: 1.263.346.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 0.0.0.0

Date: 2018-03-08 18:38:41.847
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanSpy:Win32/SocStealer!rfn&threatid=2147724296&enterprise=0
Name: TrojanSpy:Win32/SocStealer!rfn
ID: 2147724296
Severity: Severe
Category: Trojan Monitoring Software
Path: file:_c:\users\home\appdata\local\adservice\adservice.dll;service:_HNService
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.346.0, AS: 1.263.346.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 0.0.0.0

Date: 2018-03-08 18:31:39.703
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
Name: Trojan:Win32/Fuery.A!cl
ID: 2147718513
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\kiang\durango.exe;file:_C:\Users\Home\AppData\Local\durango.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.263.346.0, AS: 1.263.346.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-08 18:31:22.525
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
Name: Trojan:Win32/Fuery.A!cl
ID: 2147718513
Severity: Severe
Category: Trojan
Path: containerfile:_C:\Users\Home\AppData\Local\Temp\nsvFAA6.tmp\78824877.exe;file:_C:\Program Files (x86)\Constraining\durango.exe;file:_C:\Program Files (x86)\kiang\durango.exe;file:_C:\Program Files (x86)\sones\insight.exe;file:_C:\Users\Home\AppData\Local\durango.exe;file:_C:\Users\Home\AppData\Local\Temp\nsh7F08.tmp\77646.exe;file:_C:\Users\Home\AppData\Local\Temp\nsvFAA6.tmp\78824877.exe->(nsis-1-128407.exe);file:_C:\Users\Home\AppData\Local\Temp\nsvFAA6.tmp\78824877.exe->(nsis-1-77646.exe);file:_C:\Users\Home\AppData\Local\Temp\nsvFAA6.tmp\78824877.exe->(nsis-1-insight.exe);file:_C:\Users\Home\AppData\Local\Temp\nsvFAA6.tmp\78824877.exe->(nsis-1-NMcybernetic.exe);file:_C:\Users\Home\AppData\Local\Temp\nsvFAA6.tmp\78824877.exe->(nsis-1-þ?\kiang\kiang.exe);file:_C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\occasionedoccasioned.lnk;file:_C:\WINDOWS\System32\Tasks\coexists_luth;file:_C:\WINDOWS\System32\Tasks\gacoexists_luthcoexists_luth;file:_C:\WINDOWS\System32\Tasks\gatrusses
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.263.346.0, AS: 1.263.346.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-08 18:30:51.479
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Name: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Home\AppData\Local\Temp\414562\ic-0.93552263447d9.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\Home\AppData\Local\Temp\nsu1793.tmp\cpSetup.exe
Signature Version: AV: 1.261.1314.0, AS: 1.261.1314.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-08 18:31:33.105
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.346.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed. 

Date: 2018-03-08 18:31:33.104
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.14202.0
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed. 

Date: 2018-01-27 17:06:14.806
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.77.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 

Date: 2018-01-27 17:06:14.805
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.77.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 

Date: 2018-01-27 17:06:14.805
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.77.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 

CodeIntegrity:
===================================

Date: 2018-03-09 12:50:21.335
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-09 12:50:21.332
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-09 12:49:16.562
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-09 12:49:16.559
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-09 12:47:57.177
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-09 12:47:57.174
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-09 12:46:51.586
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-09 12:46:51.583
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X4 640 Processor
Percentage of memory in use: 39%
Total physical RAM: 8191.18 MB
Available physical RAM: 4934.98 MB
Total Virtual: 9471.18 MB
Available Virtual: 5662.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.84 GB) (Free:312.2 GB) NTFS

\\?\Volume{26121d70-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{26121d70-0000-0000-0000-f03b74000000}\ () (Fixed) (Total:0.82 GB) (Free:0.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 26121D70)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=843 MB) - (Type=27)

==================== End of Addition.txt ============================

Attached Thumbnails

  • 1.PNG

Attached Files


  • 0

Advertisements


#2
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,101 posts
Hi gr4v1ty,

Welcome to GeeksToGo! :)

The only way that I can see to get rid of those files is to uninstall the $800 cracked/pirated software that you installed on March 8th @ approximately 16:31 (4:31 your time).

Bigger problem yet is the following:

RK report:
[PUP.HackTool|VT.Detected] [email protected](2928) -- C:\Windows\[email protected][-] -> Found
[PUP.HackTool|VT.Detected] (SVC) [email protected] -- C:\Windows\[email protected][-] -> Found

FRST report:
C:\Windows\[email protected]

It appears your Windows OS is a pirated version. Forum policy is as follows:
 

The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.


I could ask you to uninstall the illegal software while I help you sort your problem out, but, then again you would have to uninstall Windows itself which wouldn't leave much of anything for me to help you sort out.

To honor the reputable status of this forum, I will have to close this topic due to the inability to help in any way possible.

Donna :)
  • 0

#3
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,101 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP