Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

well i rly did it this time, 10 viruses, 56 malware!?!?! [

Started by darkmj16 , Feb 10 2019 09:37 PM

  • This topic is locked This topic is locked

#1
darkmj16
Posted 10 February 2019 - 09:37 PM

darkmj16

    Member

  • Member
  • PipPipPip
  • 194 posts

FFS i can not tell you how many fing times i had to re type this message but when i would try to post it the stupid word w/e would block it bc of some forbidden act... :rage:

 

ok so dell inspiron 17r 5737. and ya heres the service tag. its intel i5 bs.4L28H22 

 

so i had some funny wit stuff here bc ya... stupid forbidden crap site. trying to make a custume win7 boot disc i downloaded rt7lite. it gave me a very nice surprise, that avast or mbam didnt even see being downloaded, or installed. smh.

 

it all started when the action center flag said "turn your windows update on" 

wth, ok. "error can not complete request at this time" 

---it was at this time i knew i had got bent---

in order, avast updated, run deep scan, 10 viruses. removed.

turned boot scan on. attempted to install special boot defitions, failed.

restarted, boot scan, 10 results. removed.

started mbam, update, deep scan 39 results. removed

restarted.

mbam deep scan, 56!!! results (tf) removed.

avast deep scan, the same 10 results again.

 

decided to check task manager... so many double/triple processes running. almost all extra/unknown processes are access denined while in elavated task manager. processes normally at 65-70 now at ~140. and the computer, everything is hanging/crashing. i suspect bc of so many processes that wont/ant close.

 

and now onto some light reading, btw -.- farbar crashed and hung up so many times.

 

ok i cant post frst results. i cant seem to do much of a dam thing in chrome.

  • 0

Advertisements

#2
darkmj16
Posted 10 February 2019 - 09:53 PM

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
ok i know wrong way to post the frst results but dang some one needs to see these.
 
also idk if its me or the site but i keep getting not secure warnings. even if i put http or https in front of the address.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2019 01
Ran by User (administrator) on USER-PC (10-02-2019 21:56:23)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\tisarmlsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\non-os\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\non-os\Avast\aswidsagent.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\LAClient\laclient.exe
(Wargaming.net) C:\non-os\World_of_Tanks\WargamingGameUpdater.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(AVAST Software) C:\non-os\Avast\AvastUI.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2018-09-07] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Policies\Explorer: [NoTaskGrouping] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [World of Tanks] => C:\non-os\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispScrSavPage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoToolbarsOnTaskbar] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [TaskbarLockAll] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoThemesTab] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-08] (Google LLC -> Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{096D4EA8-B3B7-4B42-B91A-2D6753E86104}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8A85C905-A85F-4151-BAFC-F388992A3B15}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{A3E44CE9-87D0-4413-A0C7-3C41D31D1BAE}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{C0C5A3B0-8751-4A61-ADB0-CA4752ACE43F}: [DhcpNameServer] 172.16.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
URLSearchHook: [S-1-5-21-1894722739-3979997351-3746568665-1000] ATTENTION => Default URLSearchHook is missing
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2018-09-07] (Logitech Inc -> Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2019-01-01] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2018-09-07] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2019-01-01] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2018-09-25] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2019-01-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2019-01-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-563448c1
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-02-10]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-13]
CHR Extension: (uBlock Origin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-01-26]
CHR Extension: (iCloud Bookmarks) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2018-12-31]
CHR Extension: (Chrome Remote Desktop) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-04]
CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2018-02-13]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2019-01-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-13]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-08]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-12-26]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\sdzvlh <==== ATTENTION (Rootkit!)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\non-os\Avast\aswidsagent.exe [6758976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\non-os\Avast\AvastSvc.exe [357304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc -> Google Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [531040 2018-05-16] (Intel Corporation -> Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-06-28] (Intel Corporation - pGFX -> Intel Corporation)
S3 MBAMService; C:\non-os\mbam\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257064 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-12-15] (Microsoft Windows -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [225680 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196072 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320696 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57960 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [167304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112312 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87944 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034432 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474456 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216784 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [379952 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [99272 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-10-20] (Techporch Incorporated -> Dell Computer Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2019-02-10] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [40448 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [210376 2014-07-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3486288 2018-09-26] (Intel Corporation -> Intel Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-11] (Intel Corporation -> )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45096 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2018-02-13] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 ruxaeh; system32\drivers\xadhkn.sys [X]
S1 svhgbu; \??\C:\Users\User\AppData\Local\Temp\wmkopsgu.sys [X] <==== ATTENTION
S4 zpxlteou; System32\drivers\dtbagxiu.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-10 21:56 - 2019-02-10 21:57 - 000019771 _____ C:\Users\User\Desktop\FRST.txt
2019-02-10 21:55 - 2019-02-10 21:56 - 000000000 ____D C:\Users\User\Desktop\FRST-OlderVersion
2019-02-10 19:25 - 2019-02-10 19:25 - 000148816 ____N C:\Windows\system32\Drivers\cwdbehlo.sys
2019-02-10 16:34 - 2019-02-10 20:47 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-10 12:06 - 2019-02-08 05:22 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-02-10 07:11 - 2019-02-10 09:07 - 000000000 ____D C:\Users\User\AppData\Local\aucvxph
2019-02-10 06:25 - 2019-02-10 06:25 - 000000001 _____ C:\jl14v5cyhl7j16s
2019-02-10 06:11 - 2019-02-10 09:05 - 000000000 ____D C:\Users\User\AppData\Local\atchlod
2019-02-10 06:11 - 2019-02-10 06:11 - 000000000 ____D C:\Users\User\AppData\Roaming\c
2019-02-10 06:11 - 2019-02-10 06:11 - 000000000 ____D C:\Users\User\AppData\Local\nvhtsum
2019-02-10 06:10 - 2019-02-10 21:04 - 002930176 _____ (TOSHIBA CORPORATION) C:\Windows\system32\tisarmlsvc.exe
2019-02-10 06:10 - 2019-02-10 07:14 - 000000000 ____D C:\Windows\system32\sbdzcpg
2019-02-10 06:10 - 2019-02-10 06:10 - 000000000 ____D C:\Windows\SysWOW64\sbdzcpg
2019-02-10 06:09 - 2019-02-10 09:44 - 000000000 ____D C:\Program Files (x86)\twos
2019-02-10 06:09 - 2019-02-10 09:42 - 000000000 ____D C:\Program Files (x86)\Alarms
2019-02-10 06:09 - 2019-02-10 09:22 - 000000000 ____D C:\Program Files (x86)\Ate
2019-02-10 06:09 - 2019-02-10 07:49 - 000000000 ___HD C:\Program Files (x86)\Datas
2019-02-10 06:09 - 2019-02-10 06:31 - 000000000 ___HD C:\Program Files (x86)\regally
2019-02-10 06:09 - 2019-02-10 06:09 - 000004018 _____ C:\Windows\System32\Tasks\frowns
2019-02-10 06:09 - 2019-02-10 06:09 - 000003850 _____ C:\Windows\System32\Tasks\frownsfrowns
2019-02-10 06:09 - 2019-02-10 06:09 - 000000012 _____ C:\Windows\b16830528
2019-02-10 06:09 - 2019-02-10 06:09 - 000000000 ____D C:\Users\User\AppData\Roaming\et
2019-02-10 06:09 - 2019-02-10 06:09 - 000000000 ____D C:\Program Files (x86)\dispute
2019-02-09 23:32 - 2019-02-09 23:37 - 147980350 _____ (Aslain ) C:\Users\User\Desktop\Aslains_WoT_Modpack_Installer_v.1.4.0.0_06.exe
2019-02-08 23:23 - 2019-02-10 06:07 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockers Team
2019-02-08 22:55 - 2019-02-08 22:55 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2019-02-08 20:21 - 2019-02-08 20:21 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-02-08 20:21 - 2019-02-08 20:21 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-02-08 20:21 - 2019-02-08 20:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-02-08 20:21 - 2019-02-08 20:21 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-02-08 05:23 - 2019-02-08 05:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-02-08 02:34 - 2018-02-12 19:25 - 3991994368 ____R C:\Users\User\Desktop\WINDOWS 7.ISO
2019-02-08 01:00 - 2019-02-10 06:06 - 000000000 ____D C:\Users\User\AppData\Roaming\Tools
2019-02-08 00:43 - 2019-02-08 00:43 - 000000207 _____ C:\Windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2019-02-08 00:43 - 2019-02-08 00:43 - 000000000 ____D C:\RegBackup
2019-02-06 18:11 - 2019-02-06 18:11 - 000027750 _____ C:\Users\User\Desktop\9-Tundra-mod1.rar
2019-01-27 16:22 - 2019-01-27 16:22 - 000001596 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-01-27 16:22 - 2019-01-27 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-01-27 16:22 - 2019-01-27 16:22 - 000000000 ____D C:\Program Files\iPod
2019-01-27 16:03 - 2019-01-27 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-01-16 19:58 - 2019-01-16 19:58 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-01-14 10:20 - 2019-02-08 05:21 - 000225680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-01-14 10:20 - 2019-02-08 05:21 - 000225680 _____ (AVAST Software) C:\Windows\system32\Drivers\asw29e12adc2b8c9717.tmp

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-10 21:56 - 2018-12-26 21:18 - 000000000 ____D C:\FRST
2019-02-10 21:55 - 2018-10-12 19:53 - 002434048 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2019-02-10 21:39 - 2009-07-13 21:34 - 019922944 _____ C:\Windows\system32\config\HARDWARE
2019-02-10 21:14 - 2018-12-13 21:42 - 000004124 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-02-10 21:13 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-10 21:13 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-10 21:06 - 2018-12-31 16:39 - 000000000 ___RD C:\Users\User\iCloudDrive
2019-02-10 21:06 - 2018-08-24 20:18 - 000000000 ____D C:\Users\Public\Logi
2019-02-10 21:05 - 2018-02-12 23:46 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2019-02-10 21:05 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-10 16:33 - 2018-02-13 20:36 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-09 18:51 - 2009-07-14 00:08 - 000032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-02-09 03:23 - 2018-07-04 11:27 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2019-02-08 23:24 - 2018-02-13 17:27 - 000000000 ____D C:\non-os
2019-02-08 22:57 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2019-02-08 22:15 - 2018-02-13 17:29 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2019-02-08 20:32 - 2009-07-14 00:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-08 20:32 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-02-08 20:31 - 2018-02-13 18:29 - 000000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2019-02-08 05:22 - 2019-01-06 06:20 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-02-08 05:22 - 2019-01-06 06:20 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\asw443d9d2111d838da.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 001034432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 001034432 _____ (AVAST Software) C:\Windows\system32\Drivers\asw0ec810e572db70e0.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000474456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000474456 _____ (AVAST Software) C:\Windows\system32\Drivers\asw61d83fe3e44b787b.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000379952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000379952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc2c8c8d7b6d1a30e.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000216784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000216784 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6de9c98fa93beed4.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf2de3e954f522b31.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000167304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000167304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4431cfb910cf5a66.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000112312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000112312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb7aab75563928aff.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000087944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000087944 _____ (AVAST Software) C:\Windows\system32\Drivers\asw69b0a75190eb61f4.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswd62f0572c9633b75.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000320696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-02-08 05:21 - 2019-01-06 06:20 - 000320696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw82f59f0e603928a1.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000196072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe8b6ba5a388d5e98.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000196072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-02-08 05:21 - 2019-01-06 06:20 - 000057960 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe628b91de3e0e70e.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000057960 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-02-08 05:00 - 2018-02-13 18:16 - 000000000 ____D C:\Users\User\Incomplete
2019-02-02 19:53 - 2009-07-13 21:34 - 086769664 _____ C:\Windows\system32\config\software.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 020447232 _____ C:\Windows\system32\config\system.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 001572864 _____ C:\Windows\system32\config\default.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 000028672 _____ C:\Windows\system32\config\sam.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 000024576 _____ C:\Windows\system32\config\security.rcbak
2019-02-02 19:52 - 2009-07-13 21:34 - 046661632 _____ C:\Windows\system32\config\components.rcbak
2019-02-02 18:26 - 2018-12-09 13:36 - 000000000 ____D C:\Program Files\Bonjour
2019-02-02 00:07 - 2018-02-13 18:20 - 000000000 ____D C:\Program Files\pia_manager
2019-01-20 06:40 - 2018-02-13 18:15 - 000000000 ____D C:\Users\User\AppData\Roaming\MP3Rocket
2019-01-17 06:03 - 2018-06-26 19:24 - 000000000 ____D C:\Users\User\AppData\Local\Apple Computer

==================== Files in the root of some directories =======

2018-10-10 02:18 - 2018-10-10 02:18 - 000000002 _____ () C:\Users\User\AppData\Roaming\20181010031823.dat
2018-12-01 16:39 - 2018-12-01 16:39 - 000000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\cwdbehlo.sys -> Access Denied <======= ATTENTION

LastRegBack: 2019-02-02 01:38

==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.02.2019 01
Ran by User (10-02-2019 21:58:12)
Running from C:\Users\User\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-02-13 04:35:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1894722739-3979997351-3746568665-500 - Administrator - Disabled)
Guest (S-1-5-21-1894722739-3979997351-3746568665-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1894722739-3979997351-3746568665-1002 - Limited - Enabled)
User (S-1-5-21-1894722739-3979997351-3746568665-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\uTorrent) (Version: 3.5.5.44954 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Aslain's WoT Modpack version 1.4.0.0.03 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.4.0.0.03 - Aslain)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.2.2364 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{F51A03C4-2DD0-43B0-900F-EAD1C45DC542}) (Version: 71.0.3578.15 - Google Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.96 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.16.1063 - Intel Corporation)
Intel® USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.4.43 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.0.1427.2) (HKLM\...\{302600C1-6BDF-4FD1-1406-148929CC1385}) (Version: 17.1.1406.0472 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 14.5.3 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.3 - KLCP)
LatencyMon 6.70 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.114 - Logitech)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.3 PRO - MP3 Rocket Inc)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39039 - Realtek Semiconductor Corp.)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Windows 7 Manager (HKLM\...\{21F090D4-3CBD-4AAC-9E7C-76CF4EA574F4}) (Version: 5.1.4 - Yamicsoft)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1894722739-3979997351-3746568665-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0174FE8C-A0CF-46B3-B938-7630C1ECC3EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0C21FBD4-0AFD-412C-842E-8ED3417942F5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {D31E9446-6468-4DBE-A05F-9CEC7E7AA889} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {E6F32968-0213-4D6D-898C-CC243D51FCE1} - System32\Tasks\Avast Emergency Update => C:\non-os\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {FC0C2614-BF7C-49BB-9E41-AD87A771CE42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) ==============

2019-02-08 05:22 - 2019-02-08 05:22 - 000654216 _____ () C:\non-os\Avast\streamback.dll
2019-02-08 05:22 - 2019-02-08 05:22 - 000321928 _____ () C:\non-os\Avast\serialization.dll
2019-02-10 15:46 - 2019-02-10 15:46 - 006861968 _____ () C:\non-os\Avast\defs\19021004\algo64.dll
2019-02-08 05:22 - 2019-02-08 05:22 - 000556936 _____ () C:\non-os\Avast\gui_cache.dll
2019-02-08 05:22 - 2019-02-08 05:22 - 002024840 _____ () C:\non-os\Avast\shepherdsync.dll
2019-01-15 01:27 - 2019-01-15 01:27 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-06-28 04:04 - 2016-06-28 04:04 - 000382072 _____ () C:\Windows\system32\igfxTray.exe
2018-08-29 14:57 - 2018-08-29 14:57 - 000077824 _____ () C:\Program Files\Common Files\Logishrd\LAClient\zlib.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000144896 _____ () C:\Program Files\Common Files\Logishrd\LAClient\libssh2.dll
2019-01-06 06:19 - 2019-01-06 06:19 - 093695912 _____ () C:\non-os\Avast\libcef.dll
2019-02-08 17:50 - 2019-02-05 21:00 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\libglesv2.dll
2019-02-08 17:50 - 2019-02-05 21:00 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\libegl.dll
2019-01-15 01:28 - 2019-01-15 01:28 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:49 - 2017-12-08 01:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2019-01-15 01:28 - 2019-01-15 01:28 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-07-17 12:30 - 2017-07-17 12:30 - 000863744 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2019-02-10 21:02 - 000000460 _____ C:\Windows\system32\drivers\etc\hosts

162.222.193.86 aoaomo.tremorhub.com
188.95.50.62 bobomo.tremorhub.com
162.222.193.86 www.howcast.com
162.222.193.86 howcast.com
162.222.193.86 www.ustream.tv
162.222.193.86 ustream.tv
162.222.193.86 www.livestream.com
162.222.193.86 livestream.com
162.222.193.86 www.dailymotion.com
162.222.193.86 dailymotion.com
192.192.3.8 virustotal.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: DDVCollectorSvcApi => 2
MSCONFIG\Services: DDVDataCollector => 2
MSCONFIG\Services: DDVRulesProcessor => 2
MSCONFIG\Services: Dell Hardware Support => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\non-os\CCleaner\CCleaner64.exe" /MONITOR

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CE33B4CE-020E-45B5-A5C5-9B05883F30BB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{98D344CF-C049-4005-B576-52078AE43075}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C2CFF724-A9CD-47D8-9C0F-91E4144B60E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D4054BF6-D262-4B9B-9902-E2D629658853}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2F1DBDC1-CC6D-401A-8058-FAA8C19DBD34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5DC388C2-4198-4BA3-A8DA-64E6CFAEB85E}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{1A30BD90-CC0E-49FC-9C52-8472F6994B56}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6B390909-5C3D-4B70-95E6-C57245E61CE7}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe (Google Inc -> Google Inc.)
FirewallRules: [{5CC1D8DE-53FE-4676-9806-98AA78CBA5B3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{1082144C-4AB0-4097-AE33-497ACC3AED5E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F340EBE-F9EC-4CA5-B371-E454FB6B967B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9C88F9AE-E3A6-4EB7-B6EE-EBC115CED021}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{607B9A66-5F97-4728-B6ED-C161DA13D4C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C3D68476-B03F-47F9-A9CA-0B4BCF92753E}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{82E842A6-D6A4-4C05-89D3-CFF3AB645040}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{C627DD23-1741-49C5-9D0B-90860D6BF701}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [UDP Query User{0586A64D-566E-4700-B9D3-464B39902344}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [{D4704BBE-0CFE-4BB8-A9B6-4390C2A3BB81}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [{E86DC197-210B-4146-AA71-9DAFEE56F332}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [{6EB8FEA4-E0CE-4CBC-8C51-DE2A359AB171}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{EB38BA06-F044-45F0-8E05-8CF207CAC57E}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{2A48BF9C-EBD8-4416-8027-3DF2FA1EBE47}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{47AA7DF3-D911-4A4E-88CD-B801E7250B30}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{93D8C5FC-A6D1-4325-AE0D-E94D1ADA586E}] => (Allow) C:\non-os\avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{65EF0972-7182-4D16-8A1F-AD6D5C90ABFB}] => (Allow) C:\non-os\avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{B3B26794-6F84-4ECA-A1D3-68D9C96E0ECF}] => (Allow) C:\non-os\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D94D36F-A5AA-4B29-B7C2-B92CB0FE7530}] => (Allow) C:\non-os\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{033E27C5-B27E-4B3D-9070-7E5B6FB5C3A5}] => (Allow) C:\non-os\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{05814641-6082-4D68-8CF5-A497FD6980DF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{8A0C28B5-3C45-4142-8F98-0EBF96AB8B89}] => (Allow) C:\Program Files (x86)\Alarms\Agri.exe No File
FirewallRules: [{3C8396DA-4CAF-4C39-9A0D-906FFA3439D0}] => (Allow) C:\Program Files (x86)\Datas\Agri.exe No File
FirewallRules: [{E7DD1628-5D1B-4FFE-A98A-4C46F0A9D1EC}] => (Allow) C:\Program Files (x86)\twos\Nauseum.exe No File
FirewallRules: [{75639549-03F4-48AD-B4A3-8309F5389A0F}] => (Allow) C:\Program Files (x86)\Datas\Nauseum.exe No File

==================== Restore Points =========================

08-02-2019 20:12:59 Windows Modules Installer
08-02-2019 20:13:56 Windows Modules Installer
08-02-2019 20:14:34 Windows Modules Installer
08-02-2019 20:15:29 Windows Modules Installer
08-02-2019 20:16:03 Windows Modules Installer
08-02-2019 20:16:44 Windows Modules Installer
08-02-2019 20:17:16 Windows Modules Installer
08-02-2019 20:17:46 Windows Modules Installer
08-02-2019 20:18:20 Windows Modules Installer
08-02-2019 20:19:02 Windows Modules Installer
08-02-2019 20:20:26 Windows Modules Installer
08-02-2019 23:22:53 Installed RT 7 Lite x64
10-02-2019 06:07:04 Removed RT 7 Lite x64

==================== Faulty Device Manager Devices =============

Name: svhgbu
Description: svhgbu
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: svhgbu
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2019 09:05:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/10/2019 07:29:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/10/2019 06:51:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/10/2019 11:22:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/10/2019 12:16:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(08:f6:9c:20:b2:0f@fe80::af6:9cff:fe20:b20f._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/10/2019 12:16:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(90:fd:61:a3:f6:8b@fe80::92fd:61ff:fea3:f68b._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/10/2019 12:14:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (02/10/2019 12:14:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23


System errors:
=============
Error: (02/10/2019 09:34:14 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (02/10/2019 09:34:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/10/2019 09:14:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (02/10/2019 09:14:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (02/10/2019 09:14:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (02/10/2019 09:14:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (02/10/2019 09:14:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (02/10/2019 09:14:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


CodeIntegrity:
===================================

Date: 2018-12-02 02:59:06.459
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-02 02:59:06.225
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-02 02:59:00.999
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-02 02:59:00.656
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-02 02:58:58.269
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-02 02:58:58.035
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-02 02:58:55.867
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-02 02:58:55.571
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 42%
Total physical RAM: 8080.36 MB
Available physical RAM: 4678.11 MB
Total Virtual: 20198.5 MB
Available Virtual: 16721.51 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:931.02 GB) (Free:802.13 GB) NTFS

\\?\Volume{9ff80743-108f-11e8-9196-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 198DF528)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


  • 0

#3
iMacg3
Posted 10 February 2019 - 11:14 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Welcome to the Geeks To Go malware removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:

  • Do not run any fixes or tools on your system unless I request that you do so.
  • Please read all instructions completely before you complete them.
  • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
  • If you have pirated or illegal software on your computer, remove it now. It is one is the leading causes of malware infecting a computer.
  • If you have questions about anything, please ask.

--------------------

 

Please give me some time to go over your logs and I'll get back to you as soon as possible.


  • 0

#4
iMacg3
Posted 11 February 2019 - 09:44 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

--------------------------------

Before we can remove the infection yet, we'll have to make sure the Recovery Environment is enabled.

Press the Windows Key + R. This will open the Run box.
Type CMD and press Ctrl + Shift + Enter.
Command Prompt will now open. In the command prompt, copy and paste the following:

bcdedit /set recoveryenabled Yes

and press Enter on your keyboard. Please let me know if the command completed successfully.

Thanks.
  • 0

#5
darkmj16
Posted 11 February 2019 - 05:29 PM

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts

i went ahead and uninstalled utorrent. dont even remember the last time i used it lol. since i have apple music to download music now i no longer need it. rt7lite i got from a website, well it looked offical anyways. their main site is down. failed me google.

 

and about that cmd... not good.

 

"the boot configuration data store could not be opened.

access is denied."

 

thats what i got. i assume the crtl+shift+enter was to run it as admin? and this is the only account on the computer, and its an admin account.

 

 

EDIT:

 

went back. typed cmd into the run box, right clicked run as admin. pasted cmd and it completed successfully.


Edited by darkmj16, 11 February 2019 - 05:31 PM.

  • 0

#6
iMacg3
Posted 11 February 2019 - 05:54 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

We'll use the Recovery Environment to remove this infection.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
Preparing the USB Flash Drive
  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive;
Boot in the Recovery Environment
  • Plug your USB Flash Drive in the infected computer;
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer;
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears;
    • Use the arrow keys to select Repair your computer, and press on Enter;
    • Select your keyboard layout (US, French, etc.) and click on Next;
    • Click on Command Prompt to open the command prompt;
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums;
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums;
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
Once in the command prompt
  • In the command prompt, type notepad and press on Enter;
  • Notepad will open. Click on the File menu and select Open;
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad;
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter;
  • Note: Replace the letter e with the drive letter of your USB Flash Drive;
  • FRST will open;
  • Click on Yes to accept the disclaimer;
  • Click on the Scan button and wait for the scan to complete;
  • A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply;
Thanks.
  • 0

#7
darkmj16
Posted 11 February 2019 - 09:48 PM

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts

all right. was able to get into recovery no problem. heres the log. umm im seeing a drive :X on the log and while in recovery... 35mb. i have no drive x... only 1 hdd and only 1 usb was plugged in.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2019 01
Ran by SYSTEM on MININT-OKJQM36 (11-02-2019 22:26:16)
Running from f:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2018-09-07] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Policies\Explorer: [NoTaskGrouping] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\User\...\Run: [World of Tanks] => C:\non-os\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\User\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\User\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\User\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\User\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\User\...\Policies\system: [NoDispScrSavPage] 0
HKU\User\...\Policies\system: [NoDispAppearancePage] 0
HKU\User\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\User\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\User\...\Policies\Explorer: [NoToolbarsOnTaskbar] 1
HKU\User\...\Policies\Explorer: [TaskbarLockAll] 1
HKU\User\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKU\User\...\Policies\Explorer: [NoThemesTab] 1
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 aswbIDSAgent; C:\non-os\Avast\aswidsagent.exe [6758976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 avast! Antivirus; C:\non-os\Avast\AvastSvc.exe [357304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc -> Google Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [531040 2018-05-16] (Intel Corporation -> Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-06-28] (Intel Corporation - pGFX -> Intel Corporation)
S3 MBAMService; C:\non-os\mbam\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257064 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-12-15] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [225680 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196072 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320696 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57960 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [167304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112312 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87944 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034432 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474456 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216784 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [379952 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.)
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [99272 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-10-20] (Techporch Incorporated -> Dell Computer Corporation)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2019-02-10] (Malwarebytes Corporation -> Malwarebytes)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [40448 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [210376 2014-07-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3486288 2018-09-26] (Intel Corporation -> Intel Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S0 sdzvlh; C:\Windows\System32\drivers\cwdruybe.sys [148816 2019-02-11] (Handan City Congtai District LiKang  Daily Goods Department -> )
S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-10] (Intel Corporation -> )
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45096 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
S1 svhgbu; \??\C:\Users\User\AppData\Local\Temp\wmkopsgu.sys [X] <==== ATTENTION
S4 zpxlteou; System32\drivers\dtbagxiu.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-11 19:19 - 2019-02-11 19:19 - 000148816 ____N C:\Windows\System32\Drivers\cwdruybe.sys
2019-02-11 19:09 - 2019-02-11 19:14 - 148360037 _____ (Aslain ) C:\Users\User\Desktop\Aslains_WoT_Modpack_Installer_v.1.4.0.1_00.exe
2019-02-10 18:58 - 2019-02-10 18:58 - 000031758 _____ C:\Users\User\Desktop\Addition.txt
2019-02-10 18:56 - 2019-02-10 18:58 - 000032389 _____ C:\Users\User\Desktop\FRST.txt
2019-02-10 13:34 - 2019-02-10 17:47 - 000261032 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2019-02-10 09:06 - 2019-02-08 02:22 - 000362888 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2019-02-10 04:11 - 2019-02-10 06:07 - 000000000 ____D C:\Users\User\AppData\Local\aucvxph
2019-02-10 03:25 - 2019-02-10 03:25 - 000000001 _____ C:\jl14v5cyhl7j16s
2019-02-10 03:11 - 2019-02-10 06:05 - 000000000 ____D C:\Users\User\AppData\Local\atchlod
2019-02-10 03:11 - 2019-02-10 03:11 - 000000000 ____D C:\Users\User\AppData\Roaming\c
2019-02-10 03:11 - 2019-02-10 03:11 - 000000000 ____D C:\Users\User\AppData\Local\nvhtsum
2019-02-10 03:10 - 2019-02-11 15:02 - 002930176 _____ C:\Windows\System32\tisarmlsvc.exe
2019-02-10 03:10 - 2019-02-10 04:14 - 000000000 ____D C:\Windows\System32\sbdzcpg
2019-02-10 03:10 - 2019-02-10 03:10 - 000000000 ____D C:\Windows\SysWOW64\sbdzcpg
2019-02-10 03:09 - 2019-02-10 06:44 - 000000000 ____D C:\Program Files (x86)\twos
2019-02-10 03:09 - 2019-02-10 06:42 - 000000000 ____D C:\Program Files (x86)\Alarms
2019-02-10 03:09 - 2019-02-10 06:22 - 000000000 ____D C:\Program Files (x86)\Ate
2019-02-10 03:09 - 2019-02-10 04:49 - 000000000 ___HD C:\Program Files (x86)\Datas
2019-02-10 03:09 - 2019-02-10 03:31 - 000000000 ___HD C:\Program Files (x86)\regally
2019-02-10 03:09 - 2019-02-10 03:09 - 000004018 _____ C:\Windows\System32\Tasks\frowns
2019-02-10 03:09 - 2019-02-10 03:09 - 000003850 _____ C:\Windows\System32\Tasks\frownsfrowns
2019-02-10 03:09 - 2019-02-10 03:09 - 000000012 _____ C:\Windows\b16830528
2019-02-10 03:09 - 2019-02-10 03:09 - 000000000 ____D C:\Users\User\AppData\Roaming\et
2019-02-10 03:09 - 2019-02-10 03:09 - 000000000 ____D C:\Program Files (x86)\dispute
2019-02-09 20:32 - 2019-02-09 20:37 - 147980350 _____ (Aslain ) C:\Users\User\Desktop\Aslains_WoT_Modpack_Installer_v.1.4.0.0_06.exe
2019-02-08 19:55 - 2019-02-08 19:55 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2019-02-08 17:21 - 2019-02-08 17:21 - 001472512 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000154856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2019-02-08 17:21 - 2019-02-08 17:21 - 000135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000095464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2019-02-08 17:21 - 2019-02-08 17:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2019-02-08 17:21 - 2019-02-08 17:21 - 000028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-02-07 23:34 - 2018-02-12 16:25 - 3991994368 ____R C:\Users\User\Desktop\WINDOWS 7.ISO
2019-02-07 22:00 - 2019-02-10 03:06 - 000000000 ____D C:\Users\User\AppData\Roaming\Tools
2019-02-07 21:43 - 2019-02-07 21:43 - 000000207 _____ C:\Windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2019-02-07 21:43 - 2019-02-07 21:43 - 000000000 ____D C:\RegBackup
2019-02-06 15:11 - 2019-02-06 15:11 - 000027750 _____ C:\Users\User\Desktop\9-Tundra-mod1.rar
2019-01-27 13:22 - 2019-01-27 13:22 - 000001596 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-01-27 13:22 - 2019-01-27 13:22 - 000000000 ____D C:\Program Files\iPod
2019-01-16 16:58 - 2019-01-16 16:58 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-01-14 07:20 - 2019-02-08 02:21 - 000225680 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsdriver.sys
2019-01-14 07:20 - 2019-02-08 02:21 - 000225680 _____ (AVAST Software) C:\Windows\System32\Drivers\asw29e12adc2b8c9717.tmp
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-11 22:26 - 2018-12-26 18:18 - 000000000 ____D C:\FRST
2019-02-11 19:19 - 2009-07-13 18:34 - 019922944 _____ C:\Windows\System32\config\HARDWARE
2019-02-11 18:36 - 2009-07-13 21:13 - 000783606 _____ C:\Windows\System32\PerfStringBackup.INI
2019-02-11 18:36 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2019-02-11 15:20 - 2018-02-13 15:29 - 000000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2019-02-11 15:11 - 2018-12-31 13:39 - 000000000 ___RD C:\Users\User\iCloudDrive
2019-02-11 15:11 - 2018-02-12 20:46 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2019-02-11 15:11 - 2009-07-13 20:45 - 000026576 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-11 15:11 - 2009-07-13 20:45 - 000026576 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-11 15:03 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-10 18:55 - 2018-10-12 16:53 - 002434048 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2019-02-10 18:14 - 2018-12-13 18:42 - 000004124 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-02-10 18:06 - 2018-08-24 17:18 - 000000000 ____D C:\Users\Public\Logi
2019-02-10 13:33 - 2018-02-13 17:36 - 000152688 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbae64.sys
2019-02-09 15:51 - 2009-07-13 21:08 - 000032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-02-09 00:23 - 2018-07-04 08:27 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2019-02-08 20:24 - 2018-02-13 14:27 - 000000000 ____D C:\non-os
2019-02-08 19:57 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\NDF
2019-02-08 19:15 - 2018-02-13 14:29 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2019-02-08 02:22 - 2019-01-06 03:20 - 000037104 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArDisk.sys
2019-02-08 02:22 - 2019-01-06 03:20 - 000037104 _____ (AVAST Software) C:\Windows\System32\Drivers\asw443d9d2111d838da.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 001034432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 001034432 _____ (AVAST Software) C:\Windows\System32\Drivers\asw0ec810e572db70e0.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000474456 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000474456 _____ (AVAST Software) C:\Windows\System32\Drivers\asw61d83fe3e44b787b.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000379952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000379952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswc2c8c8d7b6d1a30e.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000216784 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000216784 _____ (AVAST Software) C:\Windows\System32\Drivers\asw6de9c98fa93beed4.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000205400 _____ (AVAST Software) C:\Windows\System32\Drivers\aswf2de3e954f522b31.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000205400 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArPot.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000167304 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000167304 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4431cfb910cf5a66.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000112312 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000112312 _____ (AVAST Software) C:\Windows\System32\Drivers\aswb7aab75563928aff.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000087944 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000087944 _____ (AVAST Software) C:\Windows\System32\Drivers\asw69b0a75190eb61f4.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000042288 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000042288 _____ (AVAST Software) C:\Windows\System32\Drivers\aswd62f0572c9633b75.tmp
2019-02-08 02:21 - 2019-01-06 03:20 - 000320696 _____ (AVAST Software) C:\Windows\System32\Drivers\aswblog.sys
2019-02-08 02:21 - 2019-01-06 03:20 - 000320696 _____ (AVAST Software) C:\Windows\System32\Drivers\asw82f59f0e603928a1.tmp
2019-02-08 02:21 - 2019-01-06 03:20 - 000196072 _____ (AVAST Software) C:\Windows\System32\Drivers\aswe8b6ba5a388d5e98.tmp
2019-02-08 02:21 - 2019-01-06 03:20 - 000196072 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsh.sys
2019-02-08 02:21 - 2019-01-06 03:20 - 000057960 _____ (AVAST Software) C:\Windows\System32\Drivers\aswe628b91de3e0e70e.tmp
2019-02-08 02:21 - 2019-01-06 03:20 - 000057960 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbuniv.sys
2019-02-08 02:00 - 2018-02-13 15:16 - 000000000 ____D C:\Users\User\Incomplete
2019-02-02 16:53 - 2009-07-13 18:34 - 086769664 _____ C:\Windows\System32\config\software.rcbak
2019-02-02 16:53 - 2009-07-13 18:34 - 020447232 _____ C:\Windows\System32\config\system.rcbak
2019-02-02 16:53 - 2009-07-13 18:34 - 001572864 _____ C:\Windows\System32\config\default.rcbak
2019-02-02 16:53 - 2009-07-13 18:34 - 000028672 _____ C:\Windows\System32\config\sam.rcbak
2019-02-02 16:53 - 2009-07-13 18:34 - 000024576 _____ C:\Windows\System32\config\security.rcbak
2019-02-02 16:52 - 2009-07-13 18:34 - 046661632 _____ C:\Windows\System32\config\components.rcbak
2019-02-02 15:26 - 2018-12-09 10:36 - 000000000 ____D C:\Program Files\Bonjour
2019-02-01 21:07 - 2018-02-13 15:20 - 000000000 ____D C:\Program Files\pia_manager
2019-01-20 03:40 - 2018-02-13 15:15 - 000000000 ____D C:\Users\User\AppData\Roaming\MP3Rocket
2019-01-17 03:03 - 2018-06-26 16:24 - 000000000 ____D C:\Users\User\AppData\Local\Apple Computer
 
==================== KnownDLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2018-03-22 17:35] - [2017-12-31 17:50] - 000455680 _____ (Microsoft Corporation) 11D6A262B617130F7C16E308C12E0D41
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2018-11-13 16:48] - [2018-11-10 17:25] - 000516608 _____ (Microsoft Corporation) C4AF5F835F7F88235FBBB5E5A8380988
 
C:\Windows\System32\dnsapi.dll
[2018-07-10 16:02] - [2018-06-08 08:19] - 000357888 _____ (Microsoft Corporation) 9B86DF86D1EFF32893BC3FB49BFAA993
 
C:\Windows\SysWOW64\dnsapi.dll
[2018-07-10 16:02] - [2018-06-08 07:54] - 000269824 _____ (Microsoft Corporation) 4A35D7B172AFF9C6B362D7297568836A
 
C:\Windows\System32\dllhost.exe => MD5 is legit
C:\Windows\SysWOW64\dllhost.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
Restore point date: 2019-02-11 19:10
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 8080.36 MB
Available physical RAM: 7177.01 MB
Total Virtual: 8078.56 MB
Available Virtual: 7151.79 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:931.02 GB) (Free:808.02 GB) NTFS
Drive f: (Windows 7) (Removable) (Total:7.26 GB) (Free:7.2 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS ==>[system with boot components (obtained from drive)]
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 198DF528)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=07 NTFS)
 
LastRegBack: 2019-02-01 22:38
 
==================== End of FRST.txt ============================

  • 0

#8
iMacg3
Posted 12 February 2019 - 09:43 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Download the attached fixlist.txt and save it to the USB flash drive, along with FRST64.exe.

Attached File  fixlist.txt   2.86KB   174 downloads

Boot to the Recovery Environment as you did earlier.

Once in the command prompt
  • In the command prompt, type notepad and press on Enter;
  • Notepad will open. Click on the File menu and select Open;
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad;
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter;
  • Note: Replace the letter e with the drive letter of your USB Flash Drive;
  • FRST will open;
  • Click on Yes to accept the disclaimer;
  • Click on the Fix button and wait for the scan to complete;
  • A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply;
Thanks.
  • 0

#9
darkmj16
Posted 12 February 2019 - 09:35 PM

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts

ok 1st off i cant even download the file. i cant save it on my phone and email it to me. i cant do anything freaking thing with that link except veiw it on my phone.

 

2nd after finally decideing to type the whole thing out (i feel for you guys if you type the whole thing before sending it out) i accidently forgot to save it as fixit. BUT THEN when i try to edit the name it said access denined i need premission from user/ps. which i f*********&*&******* was log onto! i really really hate ppl who made viruses and malware. i hope they die by a 1000 needles to the eye.

 

but i got into recovery, changed the file name, ran the fix (all with no problems) so heres the log.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.02.2019 01
Ran by SYSTEM (12-02-2019 22:24:23) Run:1
Running from f:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
Start
 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
URLSearchHook: [S-1-5-21-1894722739-3979997351-3746568665-1000] ATTENTION => Default URLSearchHook is missing
 
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
 
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
R3 ruxaeh; system32\drivers\xadhkn.sys [X]
S1 svhgbu; \??\C:\Users\User\AppData\Local\Temp\wmkopsgu.sys [X] <==== ATTENTION
S4 zpxlteou; System32\drivers\dtbagxiu.sys [X]
 
Unlock: HKLM\SYSTEM\ControlSet001\Services\sdzvlh
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\sdzvlh
 
2019-02-10 19:25 - 2019-02-10 19:25 - 000148816 ____N C:\Windows\system32\Drivers\cwdbehlo.sys
2019-02-10 07:11 - 2019-02-10 09:07 - 000000000 ____D C:\Users\User\AppData\Local\aucvxph
2019-02-10 06:25 - 2019-02-10 06:25 - 000000001 _____ C:\jl14v5cyhl7j16s
2019-02-10 06:11 - 2019-02-10 09:05 - 000000000 ____D C:\Users\User\AppData\Local\atchlod
2019-02-10 06:11 - 2019-02-10 06:11 - 000000000 ____D C:\Users\User\AppData\Roaming\c
2019-02-10 06:11 - 2019-02-10 06:11 - 000000000 ____D C:\Users\User\AppData\Local\nvhtsum
2019-02-10 06:10 - 2019-02-10 21:04 - 002930176 _____ (TOSHIBA CORPORATION) C:\Windows\system32\tisarmlsvc.exe
2019-02-10 06:10 - 2019-02-10 07:14 - 000000000 ____D C:\Windows\system32\sbdzcpg
2019-02-10 06:10 - 2019-02-10 06:10 - 000000000 ____D C:\Windows\SysWOW64\sbdzcpg
2019-02-10 06:09 - 2019-02-10 09:44 - 000000000 ____D C:\Program Files (x86)\twos
2019-02-10 06:09 - 2019-02-10 09:42 - 000000000 ____D C:\Program Files (x86)\Alarms
2019-02-10 06:09 - 2019-02-10 09:22 - 000000000 ____D C:\Program Files (x86)\Ate
2019-02-10 06:09 - 2019-02-10 07:49 - 000000000 ___HD C:\Program Files (x86)\Datas
2019-02-10 06:09 - 2019-02-10 06:31 - 000000000 ___HD C:\Program Files (x86)\regally
2019-02-10 06:09 - 2019-02-10 06:09 - 000004018 _____ C:\Windows\System32\Tasks\frowns
2019-02-10 06:09 - 2019-02-10 06:09 - 000003850 _____ C:\Windows\System32\Tasks\frownsfrowns
2019-02-10 06:09 - 2019-02-10 06:09 - 000000012 _____ C:\Windows\b16830528
2019-02-10 06:09 - 2019-02-10 06:09 - 000000000 ____D C:\Users\User\AppData\Roaming\et
2019-02-10 06:09 - 2019-02-10 06:09 - 000000000 ____D C:\Program Files (x86)\dispute
 
FirewallRules: [{8A0C28B5-3C45-4142-8F98-0EBF96AB8B89}] => (Allow) C:\Program Files (x86)\Alarms\Agri.exe No File
FirewallRules: [{3C8396DA-4CAF-4C39-9A0D-906FFA3439D0}] => (Allow) C:\Program Files (x86)\Datas\Agri.exe No File
FirewallRules: [{E7DD1628-5D1B-4FFE-A98A-4C46F0A9D1EC}] => (Allow) C:\Program Files (x86)\twos\Nauseum.exe No File
FirewallRules: [{75639549-03F4-48AD-B4A3-8309F5389A0F}] => (Allow) C:\Program Files (x86)\Datas\Nauseum.exe No File
 
Folder: C:\Users\User\AppData\Roaming\Tools
 
Reboot:
 
End
*****************
 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = => Error: The entry should be fixed outside recovery mode.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = => Error: The entry should be fixed outside recovery mode.
URLSearchHook: [S-1-5-21-1894722739-3979997351-3746568665-1000] ATTENTION => Default URLSearchHook is missing => Error: The entry should be fixed outside recovery mode.
FF Plugin: @microsoft.com/GENUINE -> disabled [No File] => Error: The entry should be fixed outside recovery mode.
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] => Error: The entry should be fixed outside recovery mode.
HKLM\System\ControlSet001\Services\windowsmanagementservice => removed successfully
windowsmanagementservice => service removed successfully
ruxaeh => service not found.
HKLM\System\ControlSet001\Services\svhgbu => removed successfully
svhgbu => service removed successfully
HKLM\System\ControlSet001\Services\zpxlteou => removed successfully
zpxlteou => service removed successfully
"HKLM\SYSTEM\ControlSet001\Services\sdzvlh" => was unlocked
"HKLM\SYSTEM\CurrentControlSet\Services\sdzvlh" => not found
"C:\Windows\system32\Drivers\cwdbehlo.sys" => not found
C:\Users\User\AppData\Local\aucvxph => moved successfully
C:\jl14v5cyhl7j16s => moved successfully
C:\Users\User\AppData\Local\atchlod => moved successfully
C:\Users\User\AppData\Roaming\c => moved successfully
C:\Users\User\AppData\Local\nvhtsum => moved successfully
C:\Windows\system32\tisarmlsvc.exe => moved successfully
C:\Windows\system32\sbdzcpg => moved successfully
C:\Windows\SysWOW64\sbdzcpg => moved successfully
C:\Program Files (x86)\twos => moved successfully
C:\Program Files (x86)\Alarms => moved successfully
C:\Program Files (x86)\Ate => moved successfully
C:\Program Files (x86)\Datas => moved successfully
C:\Program Files (x86)\regally => moved successfully
C:\Windows\System32\Tasks\frowns => moved successfully
C:\Windows\System32\Tasks\frownsfrowns => moved successfully
C:\Windows\b16830528 => moved successfully
C:\Users\User\AppData\Roaming\et => moved successfully
C:\Program Files (x86)\dispute => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8A0C28B5-3C45-4142-8F98-0EBF96AB8B89}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3C8396DA-4CAF-4C39-9A0D-906FFA3439D0}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E7DD1628-5D1B-4FFE-A98A-4C46F0A9D1EC}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75639549-03F4-48AD-B4A3-8309F5389A0F}" => not found
 
========================= Folder: C:\Users\User\AppData\Roaming\Tools ========================
 
 
====== End of Folder: ======
 
Reboot: => Error: This directive works only outside recovery mode.
 
==== End of Fixlog 22:24:29 ====

  • 0

#10
iMacg3
Posted 12 February 2019 - 09:42 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Please boot to Normal Mode and launch FRST. Then click Scan.

When the scan is complete two files will open in Notepad (FRST.txt and Addition.txt)
Copy/paste the contents of the two files into your next reply.

Thanks.
  • 0

Advertisements

#11
darkmj16
Posted 12 February 2019 - 10:02 PM

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts

ok. heres incomplete logs. the tool 5 times in a row would hang when scanning restore points. open task mgr and see its working set is over 1 mil k.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2019 01
Ran by User (administrator) on USER-PC (12-02-2019 22:56:23)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\non-os\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AVAST Software) C:\non-os\Avast\aswidsagent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\non-os\Avast\AvastUI.exe
(Wargaming.net) C:\non-os\World_of_Tanks\WargamingGameUpdater.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\LAClient\laclient.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Wargaming.net) C:\non-os\World_of_Tanks\WoTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2018-09-07] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7827256 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Policies\Explorer: [NoTaskGrouping] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [World of Tanks] => C:\non-os\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispScrSavPage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoToolbarsOnTaskbar] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [TaskbarLockAll] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoThemesTab] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> regsvr32.exe /s /n /i:U shell32.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-08] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> regsvr32.exe /s /n /i:U shell32.dll
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{096D4EA8-B3B7-4B42-B91A-2D6753E86104}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8A85C905-A85F-4151-BAFC-F388992A3B15}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{A3E44CE9-87D0-4413-A0C7-3C41D31D1BAE}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{C0C5A3B0-8751-4A61-ADB0-CA4752ACE43F}: [DhcpNameServer] 172.16.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
URLSearchHook: [S-1-5-21-1894722739-3979997351-3746568665-1000] ATTENTION => Default URLSearchHook is missing
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2018-09-07] (Logitech Inc -> Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2019-01-01] ()
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2018-09-07] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2019-01-01] ()
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2018-09-25] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2019-01-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2019-01-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-563448c1
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-02-12]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-13]
CHR Extension: (uBlock Origin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-01-26]
CHR Extension: (iCloud Bookmarks) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2018-12-31]
CHR Extension: (Chrome Remote Desktop) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-04]
CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2018-02-13]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2019-01-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-13]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-08]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-12-26]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\sdzvlh <==== ATTENTION (Rootkit!)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
U3 aswbIDSAgent; C:\non-os\Avast\aswidsagent.exe [6758976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\non-os\Avast\AvastSvc.exe [357304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc -> Google Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [531040 2018-05-16] (Intel Corporation -> Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-06-28] (Intel Corporation - pGFX -> Intel Corporation)
S3 MBAMService; C:\non-os\mbam\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257064 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-12-15] (Microsoft Windows -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [225680 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196072 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320696 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57960 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [167304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112312 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87944 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034432 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474456 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216784 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [379952 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [99272 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-10-20] (Techporch Incorporated -> Dell Computer Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2019-02-10] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [40448 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [210376 2014-07-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3486288 2018-09-26] (Intel Corporation -> Intel Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-11] (Intel Corporation -> )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45096 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2018-02-13] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 bfilos; system32\drivers\ilorvy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-12 22:56 - 2019-02-12 22:56 - 000019007 _____ C:\Users\User\Desktop\FRST.txt
2019-02-12 22:18 - 2019-02-12 22:18 - 000148816 ____N C:\Windows\system32\Drivers\cwdpswzc.sys
2019-02-12 21:54 - 2019-02-12 22:00 - 148758813 _____ (Aslain ) C:\Users\User\Desktop\Aslains_WoT_Modpack_Installer_v.1.4.0.1_02.exe
2019-02-12 00:42 - 2019-02-12 00:42 - 000082015 _____ C:\Users\User\Desktop\mobo rebate.pdf
2019-02-12 00:41 - 2019-02-12 00:41 - 000141660 _____ C:\Users\User\Desktop\cpu h20 cooler rebate.pdf
2019-02-12 00:41 - 2019-02-12 00:41 - 000112276 _____ C:\Users\User\Desktop\vid card rebate.pdf
2019-02-12 00:40 - 2019-02-12 00:40 - 000023096 _____ C:\Users\User\Desktop\power supply rebate.pdf
2019-02-10 16:34 - 2019-02-10 20:47 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-10 12:06 - 2019-02-08 05:22 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-02-08 23:23 - 2019-02-10 06:07 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockers Team
2019-02-08 22:55 - 2019-02-08 22:55 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2019-02-08 20:21 - 2019-02-08 20:21 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-02-08 20:21 - 2019-02-08 20:21 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-02-08 20:21 - 2019-02-08 20:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-02-08 20:21 - 2019-02-08 20:21 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-02-08 05:23 - 2019-02-08 05:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-02-08 01:00 - 2019-02-10 06:06 - 000000000 ____D C:\Users\User\AppData\Roaming\Tools
2019-02-08 00:43 - 2019-02-08 00:43 - 000000207 _____ C:\Windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2019-02-08 00:43 - 2019-02-08 00:43 - 000000000 ____D C:\RegBackup
2019-02-06 18:11 - 2019-02-06 18:11 - 000027750 _____ C:\Users\User\Desktop\9-Tundra-mod1.rar
2019-01-27 16:22 - 2019-01-27 16:22 - 000001596 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-01-27 16:22 - 2019-01-27 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-01-27 16:22 - 2019-01-27 16:22 - 000000000 ____D C:\Program Files\iPod
2019-01-27 16:03 - 2019-01-27 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-01-16 19:58 - 2019-01-16 19:58 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-01-14 10:20 - 2019-02-08 05:21 - 000225680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-01-14 10:20 - 2019-02-08 05:21 - 000225680 _____ (AVAST Software) C:\Windows\system32\Drivers\asw29e12adc2b8c9717.tmp
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-12 22:49 - 2009-07-13 21:34 - 020185088 _____ C:\Windows\system32\config\HARDWARE
2019-02-12 22:44 - 2018-12-26 21:18 - 000000000 ____D C:\FRST
2019-02-12 22:43 - 2018-10-12 19:53 - 002433536 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2019-02-12 22:27 - 2018-12-31 16:39 - 000000000 ___RD C:\Users\User\iCloudDrive
2019-02-12 22:26 - 2018-08-24 20:18 - 000000000 ____D C:\Users\Public\Logi
2019-02-12 22:26 - 2018-02-12 23:46 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2019-02-12 22:25 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-12 21:58 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-12 21:58 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-11 21:36 - 2009-07-14 00:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-11 21:36 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-02-10 21:14 - 2018-12-13 21:42 - 000004124 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-02-10 16:33 - 2018-02-13 20:36 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-09 18:51 - 2009-07-14 00:08 - 000032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-02-09 03:23 - 2018-07-04 11:27 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2019-02-08 23:24 - 2018-02-13 17:27 - 000000000 ____D C:\non-os
2019-02-08 22:57 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2019-02-08 22:15 - 2018-02-13 17:29 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2019-02-08 05:22 - 2019-01-06 06:20 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-02-08 05:22 - 2019-01-06 06:20 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\asw443d9d2111d838da.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 001034432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 001034432 _____ (AVAST Software) C:\Windows\system32\Drivers\asw0ec810e572db70e0.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000474456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000474456 _____ (AVAST Software) C:\Windows\system32\Drivers\asw61d83fe3e44b787b.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000379952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000379952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc2c8c8d7b6d1a30e.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000216784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000216784 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6de9c98fa93beed4.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf2de3e954f522b31.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000167304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000167304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4431cfb910cf5a66.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000112312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000112312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb7aab75563928aff.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000087944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000087944 _____ (AVAST Software) C:\Windows\system32\Drivers\asw69b0a75190eb61f4.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswd62f0572c9633b75.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000320696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-02-08 05:21 - 2019-01-06 06:20 - 000320696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw82f59f0e603928a1.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000196072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe8b6ba5a388d5e98.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000196072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-02-08 05:21 - 2019-01-06 06:20 - 000057960 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe628b91de3e0e70e.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000057960 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-02-08 05:00 - 2018-02-13 18:16 - 000000000 ____D C:\Users\User\Incomplete
2019-02-02 19:53 - 2009-07-13 21:34 - 086769664 _____ C:\Windows\system32\config\software.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 020447232 _____ C:\Windows\system32\config\system.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 001572864 _____ C:\Windows\system32\config\default.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 000028672 _____ C:\Windows\system32\config\sam.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 000024576 _____ C:\Windows\system32\config\security.rcbak
2019-02-02 19:52 - 2009-07-13 21:34 - 046661632 _____ C:\Windows\system32\config\components.rcbak
2019-02-02 18:26 - 2018-12-09 13:36 - 000000000 ____D C:\Program Files\Bonjour
2019-02-02 00:07 - 2018-02-13 18:20 - 000000000 ____D C:\Program Files\pia_manager
2019-01-20 06:40 - 2018-02-13 18:15 - 000000000 ____D C:\Users\User\AppData\Roaming\MP3Rocket
2019-01-17 06:03 - 2018-06-26 19:24 - 000000000 ____D C:\Users\User\AppData\Local\Apple Computer
 
==================== Files in the root of some directories =======
 
2018-12-01 16:39 - 2018-12-01 16:39 - 000000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\cwdpswzc.sys -> Access Denied <======= ATTENTION
 
 
 
this is how frst.txt currently looks
 
and this is how addition.txt currently looks
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.02.2019 01
Ran by User (12-02-2019 22:56:58)
Running from C:\Users\User\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-02-13 04:35:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1894722739-3979997351-3746568665-500 - Administrator - Disabled)
Guest (S-1-5-21-1894722739-3979997351-3746568665-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1894722739-3979997351-3746568665-1002 - Limited - Enabled)
User (S-1-5-21-1894722739-3979997351-3746568665-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Aslain's WoT Modpack version 1.4.0.0.03 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.4.0.0.03 - Aslain)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.2.2364 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{F51A03C4-2DD0-43B0-900F-EAD1C45DC542}) (Version: 71.0.3578.15 - Google Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.96 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.16.1063 - Intel Corporation)
Intel® USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.4.43 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.0.1427.2) (HKLM\...\{302600C1-6BDF-4FD1-1406-148929CC1385}) (Version: 17.1.1406.0472 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 14.5.3 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.3 - KLCP)
LatencyMon 6.70 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.114 - Logitech)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.3 PRO - MP3 Rocket Inc)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39039 - Realtek Semiconductor Corp.)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Windows 7 Manager (HKLM\...\{21F090D4-3CBD-4AAC-9E7C-76CF4EA574F4}) (Version: 5.1.4 - Yamicsoft)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1894722739-3979997351-3746568665-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0174FE8C-A0CF-46B3-B938-7630C1ECC3EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0C21FBD4-0AFD-412C-842E-8ED3417942F5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {D31E9446-6468-4DBE-A05F-9CEC7E7AA889} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {E6F32968-0213-4D6D-898C-CC243D51FCE1} - System32\Tasks\Avast Emergency Update => C:\non-os\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {FC0C2614-BF7C-49BB-9E41-AD87A771CE42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
 
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7eafae96818e1883\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pjkljhegncpnkpknbcohdijeoejaedia
 
==================== Loaded Modules (Whitelisted) ==============
 
2019-02-08 05:22 - 2019-02-08 05:22 - 000654216 _____ () C:\non-os\Avast\streamback.dll
2019-02-08 05:22 - 2019-02-08 05:22 - 000321928 _____ () C:\non-os\Avast\serialization.dll
2019-02-12 21:53 - 2019-02-12 21:53 - 006865040 _____ () C:\non-os\Avast\defs\19021204\algo64.dll
2019-02-08 05:22 - 2019-02-08 05:22 - 000556936 _____ () C:\non-os\Avast\gui_cache.dll
2019-02-08 05:22 - 2019-02-08 05:22 - 002024840 _____ () C:\non-os\Avast\shepherdsync.dll
2019-01-15 01:27 - 2019-01-15 01:27 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-06-28 04:04 - 2016-06-28 04:04 - 000382072 _____ () C:\Windows\system32\igfxTray.exe
2019-01-06 06:19 - 2019-01-06 06:19 - 093695912 _____ () C:\non-os\Avast\libcef.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000077824 _____ () C:\Program Files\Common Files\Logishrd\LAClient\zlib.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000144896 _____ () C:\Program Files\Common Files\Logishrd\LAClient\libssh2.dll
2019-01-15 01:28 - 2019-01-15 01:28 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:49 - 2017-12-08 01:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2019-01-15 01:28 - 2019-01-15 01:28 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-07-17 12:30 - 2017-07-17 12:30 - 000863744 _____ () C:\Windows\mod_frst.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2019-02-10 21:02 - 000000460 _____ C:\Windows\system32\drivers\etc\hosts
 
162.222.193.86       aoaomo.tremorhub.com
188.95.50.62       bobomo.tremorhub.com
162.222.193.86       www.howcast.com
162.222.193.86       howcast.com
162.222.193.86       www.ustream.tv
162.222.193.86       ustream.tv
162.222.193.86       www.livestream.com
162.222.193.86       livestream.com
162.222.193.86       www.dailymotion.com
162.222.193.86       dailymotion.com
192.192.3.8       virustotal.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\Services: DDVCollectorSvcApi => 2
MSCONFIG\Services: DDVDataCollector => 2
MSCONFIG\Services: DDVRulesProcessor => 2
MSCONFIG\Services: Dell Hardware Support => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\non-os\CCleaner\CCleaner64.exe" /MONITOR
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CE33B4CE-020E-45B5-A5C5-9B05883F30BB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{98D344CF-C049-4005-B576-52078AE43075}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C2CFF724-A9CD-47D8-9C0F-91E4144B60E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D4054BF6-D262-4B9B-9902-E2D629658853}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2F1DBDC1-CC6D-401A-8058-FAA8C19DBD34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5DC388C2-4198-4BA3-A8DA-64E6CFAEB85E}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{1A30BD90-CC0E-49FC-9C52-8472F6994B56}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{6B390909-5C3D-4B70-95E6-C57245E61CE7}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe (Google Inc -> Google Inc.)
FirewallRules: [{5CC1D8DE-53FE-4676-9806-98AA78CBA5B3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{1082144C-4AB0-4097-AE33-497ACC3AED5E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F340EBE-F9EC-4CA5-B371-E454FB6B967B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9C88F9AE-E3A6-4EB7-B6EE-EBC115CED021}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{607B9A66-5F97-4728-B6ED-C161DA13D4C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C3D68476-B03F-47F9-A9CA-0B4BCF92753E}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{82E842A6-D6A4-4C05-89D3-CFF3AB645040}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{C627DD23-1741-49C5-9D0B-90860D6BF701}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [UDP Query User{0586A64D-566E-4700-B9D3-464B39902344}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [{D4704BBE-0CFE-4BB8-A9B6-4390C2A3BB81}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [{E86DC197-210B-4146-AA71-9DAFEE56F332}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [{6EB8FEA4-E0CE-4CBC-8C51-DE2A359AB171}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{EB38BA06-F044-45F0-8E05-8CF207CAC57E}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{2A48BF9C-EBD8-4416-8027-3DF2FA1EBE47}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{47AA7DF3-D911-4A4E-88CD-B801E7250B30}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{93D8C5FC-A6D1-4325-AE0D-E94D1ADA586E}] => (Allow) C:\non-os\avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{65EF0972-7182-4D16-8A1F-AD6D5C90ABFB}] => (Allow) C:\non-os\avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{B3B26794-6F84-4ECA-A1D3-68D9C96E0ECF}] => (Allow) C:\non-os\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D94D36F-A5AA-4B29-B7C2-B92CB0FE7530}] => (Allow) C:\non-os\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{033E27C5-B27E-4B3D-9070-7E5B6FB5C3A5}] => (Allow) C:\non-os\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{05814641-6082-4D68-8CF5-A497FD6980DF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{8A0C28B5-3C45-4142-8F98-0EBF96AB8B89}] => (Allow) C:\Program Files (x86)\Alarms\Agri.exe No File
FirewallRules: [{3C8396DA-4CAF-4C39-9A0D-906FFA3439D0}] => (Allow) C:\Program Files (x86)\Datas\Agri.exe No File
FirewallRules: [{E7DD1628-5D1B-4FFE-A98A-4C46F0A9D1EC}] => (Allow) C:\Program Files (x86)\twos\Nauseum.exe No File
FirewallRules: [{75639549-03F4-48AD-B4A3-8309F5389A0F}] => (Allow) C:\Program Files (x86)\Datas\Nauseum.exe No File
 
==================== Restore Points =========================
 

  • 0

#12
darkmj16
Posted 12 February 2019 - 10:12 PM

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts

reading tho these, im concerned. theres a good amount of files created/modified that i DIN NOT do. such as any drivers, reg back ups


  • 0

#13
iMacg3
Posted 12 February 2019 - 10:19 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Even if the tool appears to get stuck, allow it to keep running. Make sure all other open programs are closed.

If the problem persists try running the tool in safe mode:

Reboot the computer. When you see the BIOS screen (manufacturer logo) press the F8 key. Then use the arrow keys to select Safe Mode with networking and press Enter.
The computer will reboot into Safe Mode with networking.

Run the tool from this mode and post the FRST.TXT and Addition.txt logs. Restart the computer to boot into Normal Mode.


Please note that your computer still has some remnants of the infection left. Try to limit your use of the computer until it is clean.

Thanks.
  • 0

#14
darkmj16
Posted 12 February 2019 - 10:41 PM

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts

work has been killing me lol. ive barely been on it. thats why at first i wasnt responding as fast.

 

but booted into safe mode, ran tool. no problem. in normal mode the tool was running 10+mins stuck on restore points, even the green bar was frozen on it.

 

note: after rebooting from safe mode the system did a check disk scan, didnt really give me a choice on it. seems like itd be an interesting read if theres a log for it. something about 2 EA files processed then another 48 something or another. then it started to delete a bunch of stuff, then recover orphon files, then something about security. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2019 01
Ran by User (administrator) on USER-PC (12-02-2019 23:23:11)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2018-09-07] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7827256 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Policies\Explorer: [NoTaskGrouping] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [World of Tanks] => C:\non-os\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispScrSavPage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoToolbarsOnTaskbar] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [TaskbarLockAll] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoThemesTab] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> regsvr32.exe /s /n /i:U shell32.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-08] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> regsvr32.exe /s /n /i:U shell32.dll
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{096D4EA8-B3B7-4B42-B91A-2D6753E86104}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8A85C905-A85F-4151-BAFC-F388992A3B15}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{A3E44CE9-87D0-4413-A0C7-3C41D31D1BAE}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{C0C5A3B0-8751-4A61-ADB0-CA4752ACE43F}: [DhcpNameServer] 172.16.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
URLSearchHook: [S-1-5-21-1894722739-3979997351-3746568665-1000] ATTENTION => Default URLSearchHook is missing
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2018-09-07] (Logitech Inc -> Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2019-01-01] ()
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2018-09-07] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2019-01-01] ()
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2018-09-25] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2019-01-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2019-01-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-563448c1
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-02-12]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-13]
CHR Extension: (uBlock Origin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-01-26]
CHR Extension: (iCloud Bookmarks) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2018-12-31]
CHR Extension: (Chrome Remote Desktop) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-04]
CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2018-02-13]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2019-01-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-13]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-08]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-12-26]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\sdzvlh <==== ATTENTION (Rootkit!)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 aswbIDSAgent; C:\non-os\Avast\aswidsagent.exe [6758976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 avast! Antivirus; C:\non-os\Avast\AvastSvc.exe [357304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc -> Google Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [531040 2018-05-16] (Intel Corporation -> Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-06-28] (Intel Corporation - pGFX -> Intel Corporation)
S3 MBAMService; C:\non-os\mbam\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257064 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-12-15] (Microsoft Windows -> Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [225680 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196072 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320696 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57960 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [167304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112312 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87944 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034432 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474456 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216784 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [379952 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [99272 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-10-20] (Techporch Incorporated -> Dell Computer Corporation)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2019-02-10] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [40448 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [210376 2014-07-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3486288 2018-09-26] (Intel Corporation -> Intel Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-11] (Intel Corporation -> )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45096 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2018-02-13] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 fimpsv; system32\drivers\lpsvyc.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-12 22:56 - 2019-02-12 23:25 - 000016548 _____ C:\Users\User\Desktop\FRST.txt
2019-02-12 22:18 - 2019-02-12 22:18 - 000148816 ____N C:\Windows\system32\Drivers\cwdpswzc.sys
2019-02-12 21:54 - 2019-02-12 22:00 - 148758813 _____ (Aslain ) C:\Users\User\Desktop\Aslains_WoT_Modpack_Installer_v.1.4.0.1_02.exe
2019-02-12 00:42 - 2019-02-12 00:42 - 000082015 _____ C:\Users\User\Desktop\mobo rebate.pdf
2019-02-12 00:41 - 2019-02-12 00:41 - 000141660 _____ C:\Users\User\Desktop\cpu h20 cooler rebate.pdf
2019-02-12 00:41 - 2019-02-12 00:41 - 000112276 _____ C:\Users\User\Desktop\vid card rebate.pdf
2019-02-12 00:40 - 2019-02-12 00:40 - 000023096 _____ C:\Users\User\Desktop\power supply rebate.pdf
2019-02-10 16:34 - 2019-02-10 20:47 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-10 12:06 - 2019-02-08 05:22 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-02-08 23:23 - 2019-02-10 06:07 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockers Team
2019-02-08 22:55 - 2019-02-08 22:55 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2019-02-08 20:21 - 2019-02-08 20:21 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-02-08 20:21 - 2019-02-08 20:21 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-02-08 20:21 - 2019-02-08 20:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-02-08 20:21 - 2019-02-08 20:21 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-02-08 05:23 - 2019-02-08 05:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-02-08 01:00 - 2019-02-10 06:06 - 000000000 ____D C:\Users\User\AppData\Roaming\Tools
2019-02-08 00:43 - 2019-02-08 00:43 - 000000207 _____ C:\Windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2019-02-08 00:43 - 2019-02-08 00:43 - 000000000 ____D C:\RegBackup
2019-02-06 18:11 - 2019-02-06 18:11 - 000027750 _____ C:\Users\User\Desktop\9-Tundra-mod1.rar
2019-01-27 16:22 - 2019-01-27 16:22 - 000001596 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-01-27 16:22 - 2019-01-27 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-01-27 16:22 - 2019-01-27 16:22 - 000000000 ____D C:\Program Files\iPod
2019-01-27 16:03 - 2019-01-27 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-01-16 19:58 - 2019-01-16 19:58 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-01-14 10:20 - 2019-02-08 05:21 - 000225680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-01-14 10:20 - 2019-02-08 05:21 - 000225680 _____ (AVAST Software) C:\Windows\system32\Drivers\asw29e12adc2b8c9717.tmp
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-12 23:22 - 2018-11-03 21:52 - 000910342 _____ C:\Windows\ntbtlog.txt
2019-02-12 23:22 - 2009-07-13 21:34 - 019877888 _____ C:\Windows\system32\config\HARDWARE
2019-02-12 22:44 - 2018-12-26 21:18 - 000000000 ____D C:\FRST
2019-02-12 22:43 - 2018-10-12 19:53 - 002433536 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2019-02-12 22:27 - 2018-12-31 16:39 - 000000000 ___RD C:\Users\User\iCloudDrive
2019-02-12 22:26 - 2018-08-24 20:18 - 000000000 ____D C:\Users\Public\Logi
2019-02-12 22:26 - 2018-02-12 23:46 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2019-02-12 22:25 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-12 21:58 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-12 21:58 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-11 21:36 - 2009-07-14 00:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-11 21:36 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-02-10 21:14 - 2018-12-13 21:42 - 000004124 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-02-10 16:33 - 2018-02-13 20:36 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-09 18:51 - 2009-07-14 00:08 - 000032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-02-09 03:23 - 2018-07-04 11:27 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2019-02-08 23:24 - 2018-02-13 17:27 - 000000000 ____D C:\non-os
2019-02-08 22:57 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2019-02-08 22:15 - 2018-02-13 17:29 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2019-02-08 05:22 - 2019-01-06 06:20 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-02-08 05:22 - 2019-01-06 06:20 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\asw443d9d2111d838da.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 001034432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 001034432 _____ (AVAST Software) C:\Windows\system32\Drivers\asw0ec810e572db70e0.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000474456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000474456 _____ (AVAST Software) C:\Windows\system32\Drivers\asw61d83fe3e44b787b.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000379952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000379952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc2c8c8d7b6d1a30e.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000216784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000216784 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6de9c98fa93beed4.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf2de3e954f522b31.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000167304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000167304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4431cfb910cf5a66.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000112312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000112312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb7aab75563928aff.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000087944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000087944 _____ (AVAST Software) C:\Windows\system32\Drivers\asw69b0a75190eb61f4.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswd62f0572c9633b75.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000320696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-02-08 05:21 - 2019-01-06 06:20 - 000320696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw82f59f0e603928a1.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000196072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe8b6ba5a388d5e98.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000196072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-02-08 05:21 - 2019-01-06 06:20 - 000057960 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe628b91de3e0e70e.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000057960 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-02-08 05:00 - 2018-02-13 18:16 - 000000000 ____D C:\Users\User\Incomplete
2019-02-02 19:53 - 2009-07-13 21:34 - 086769664 _____ C:\Windows\system32\config\software.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 020447232 _____ C:\Windows\system32\config\system.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 001572864 _____ C:\Windows\system32\config\default.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 000028672 _____ C:\Windows\system32\config\sam.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 000024576 _____ C:\Windows\system32\config\security.rcbak
2019-02-02 19:52 - 2009-07-13 21:34 - 046661632 _____ C:\Windows\system32\config\components.rcbak
2019-02-02 18:26 - 2018-12-09 13:36 - 000000000 ____D C:\Program Files\Bonjour
2019-02-02 00:07 - 2018-02-13 18:20 - 000000000 ____D C:\Program Files\pia_manager
2019-01-20 06:40 - 2018-02-13 18:15 - 000000000 ____D C:\Users\User\AppData\Roaming\MP3Rocket
2019-01-17 06:03 - 2018-06-26 19:24 - 000000000 ____D C:\Users\User\AppData\Local\Apple Computer
 
==================== Files in the root of some directories =======
 
2018-12-01 16:39 - 2018-12-01 16:39 - 000000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\cwdpswzc.sys -> Access Denied <======= ATTENTION
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.02.2019 01
Ran by User (12-02-2019 23:25:29)
Running from C:\Users\User\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-02-13 04:35:34)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1894722739-3979997351-3746568665-500 - Administrator - Disabled)
Guest (S-1-5-21-1894722739-3979997351-3746568665-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1894722739-3979997351-3746568665-1002 - Limited - Enabled)
User (S-1-5-21-1894722739-3979997351-3746568665-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Aslain's WoT Modpack version 1.4.0.0.03 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.4.0.0.03 - Aslain)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.2.2364 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{F51A03C4-2DD0-43B0-900F-EAD1C45DC542}) (Version: 71.0.3578.15 - Google Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.96 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.16.1063 - Intel Corporation)
Intel® USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.4.43 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.0.1427.2) (HKLM\...\{302600C1-6BDF-4FD1-1406-148929CC1385}) (Version: 17.1.1406.0472 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 14.5.3 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.3 - KLCP)
LatencyMon 6.70 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.114 - Logitech)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.3 PRO - MP3 Rocket Inc)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39039 - Realtek Semiconductor Corp.)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Windows 7 Manager (HKLM\...\{21F090D4-3CBD-4AAC-9E7C-76CF4EA574F4}) (Version: 5.1.4 - Yamicsoft)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1894722739-3979997351-3746568665-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0174FE8C-A0CF-46B3-B938-7630C1ECC3EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0C21FBD4-0AFD-412C-842E-8ED3417942F5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {D31E9446-6468-4DBE-A05F-9CEC7E7AA889} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {E6F32968-0213-4D6D-898C-CC243D51FCE1} - System32\Tasks\Avast Emergency Update => C:\non-os\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {FC0C2614-BF7C-49BB-9E41-AD87A771CE42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
 
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7eafae96818e1883\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pjkljhegncpnkpknbcohdijeoejaedia
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2019-02-10 21:02 - 000000460 _____ C:\Windows\system32\drivers\etc\hosts
 
162.222.193.86       aoaomo.tremorhub.com
188.95.50.62       bobomo.tremorhub.com
162.222.193.86       www.howcast.com
162.222.193.86       howcast.com
162.222.193.86       www.ustream.tv
162.222.193.86       ustream.tv
162.222.193.86       www.livestream.com
162.222.193.86       livestream.com
162.222.193.86       www.dailymotion.com
162.222.193.86       dailymotion.com
192.192.3.8       virustotal.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\Services: DDVCollectorSvcApi => 2
MSCONFIG\Services: DDVDataCollector => 2
MSCONFIG\Services: DDVRulesProcessor => 2
MSCONFIG\Services: Dell Hardware Support => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\non-os\CCleaner\CCleaner64.exe" /MONITOR
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CE33B4CE-020E-45B5-A5C5-9B05883F30BB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{98D344CF-C049-4005-B576-52078AE43075}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C2CFF724-A9CD-47D8-9C0F-91E4144B60E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D4054BF6-D262-4B9B-9902-E2D629658853}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2F1DBDC1-CC6D-401A-8058-FAA8C19DBD34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5DC388C2-4198-4BA3-A8DA-64E6CFAEB85E}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{1A30BD90-CC0E-49FC-9C52-8472F6994B56}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{6B390909-5C3D-4B70-95E6-C57245E61CE7}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe (Google Inc -> Google Inc.)
FirewallRules: [{5CC1D8DE-53FE-4676-9806-98AA78CBA5B3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{1082144C-4AB0-4097-AE33-497ACC3AED5E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F340EBE-F9EC-4CA5-B371-E454FB6B967B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9C88F9AE-E3A6-4EB7-B6EE-EBC115CED021}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{607B9A66-5F97-4728-B6ED-C161DA13D4C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C3D68476-B03F-47F9-A9CA-0B4BCF92753E}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{82E842A6-D6A4-4C05-89D3-CFF3AB645040}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{C627DD23-1741-49C5-9D0B-90860D6BF701}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [UDP Query User{0586A64D-566E-4700-B9D3-464B39902344}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [{D4704BBE-0CFE-4BB8-A9B6-4390C2A3BB81}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [{E86DC197-210B-4146-AA71-9DAFEE56F332}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [{6EB8FEA4-E0CE-4CBC-8C51-DE2A359AB171}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{EB38BA06-F044-45F0-8E05-8CF207CAC57E}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{2A48BF9C-EBD8-4416-8027-3DF2FA1EBE47}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{47AA7DF3-D911-4A4E-88CD-B801E7250B30}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{93D8C5FC-A6D1-4325-AE0D-E94D1ADA586E}] => (Allow) C:\non-os\avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{65EF0972-7182-4D16-8A1F-AD6D5C90ABFB}] => (Allow) C:\non-os\avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{B3B26794-6F84-4ECA-A1D3-68D9C96E0ECF}] => (Allow) C:\non-os\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D94D36F-A5AA-4B29-B7C2-B92CB0FE7530}] => (Allow) C:\non-os\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{033E27C5-B27E-4B3D-9070-7E5B6FB5C3A5}] => (Allow) C:\non-os\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{05814641-6082-4D68-8CF5-A497FD6980DF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{8A0C28B5-3C45-4142-8F98-0EBF96AB8B89}] => (Allow) C:\Program Files (x86)\Alarms\Agri.exe No File
FirewallRules: [{3C8396DA-4CAF-4C39-9A0D-906FFA3439D0}] => (Allow) C:\Program Files (x86)\Datas\Agri.exe No File
FirewallRules: [{E7DD1628-5D1B-4FFE-A98A-4C46F0A9D1EC}] => (Allow) C:\Program Files (x86)\twos\Nauseum.exe No File
FirewallRules: [{75639549-03F4-48AD-B4A3-8309F5389A0F}] => (Allow) C:\Program Files (x86)\Datas\Nauseum.exe No File
 
==================== Restore Points =========================
 
10-02-2019 06:07:04 Removed RT 7 Lite x64
 
==================== Faulty Device Manager Devices =============
 

  • 0

#15
iMacg3
Posted 13 February 2019 - 10:34 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

We'll take a look at the Chkdsk log once the machine is clean.
Please do this from Normal Mode or Safe Mode with Networking.

Highlight the contents of the below code box and press Ctrl + C:
Start::

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

URLSearchHook: [S-1-5-21-1894722739-3979997351-3746568665-1000] ATTENTION => Default URLSearchHook is missing

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

Unlock: HKLM\SYSTEM\CurrentControlSet\Services\sdzvlh
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\sdzvlh

S3 fimpsv; system32\drivers\lpsvyc.sys [X]
C:\windows\system32\drivers\lpsvyc.sys

Unlock: C:\Windows\system32\Drivers\cwdpswzc.sys
C:\Windows\system32\Drivers\cwdpswzc.sys

FirewallRules: [{8A0C28B5-3C45-4142-8F98-0EBF96AB8B89}] => (Allow) C:\Program Files (x86)\Alarms\Agri.exe No File
FirewallRules: [{3C8396DA-4CAF-4C39-9A0D-906FFA3439D0}] => (Allow) C:\Program Files (x86)\Datas\Agri.exe No File
FirewallRules: [{E7DD1628-5D1B-4FFE-A98A-4C46F0A9D1EC}] => (Allow) C:\Program Files (x86)\twos\Nauseum.exe No File
FirewallRules: [{75639549-03F4-48AD-B4A3-8309F5389A0F}] => (Allow) C:\Program Files (x86)\Datas\Nauseum.exe No File
HOSTS:

End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
Please copy and paste the contents of the fixlog into your next reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP