Ran by Cord Bishop (administrator) on DESKTOP-6SV4VTR (10-07-2018 22:38:37)
Running from C:\Users\Cord Bishop\Desktop
Loaded Profiles: Cord Bishop (Available Profiles: defaultuser0 & Cord Bishop)
Platform: Windows 10 Pro Version 1709 16299.371 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(TOSHIBA CORPORATION) C:\Windows\System32\comaibhsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(HP) C:\Windows\System32\HP3DDGService.exe
(Optimal Software s.r.o.) C:\Program Files (x86)\PC Speed Up\PCSUService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Optimal Software s.r.o.) C:\Program Files (x86)\PC Speed Up\SpeedCheckerService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TODO: <Company name>) C:\ProgramData\Quoteex\Quoteex.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Users\Cord Bishop\AppData\Local\exavwtc\exavwtc.exe
() C:\Program Files (x86)\hesitations\basters.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Movband) C:\Program Files (x86)\Movband\Movband Sync\MOVband.Sync.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Optimal Software s.r.o.) C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files (x86)\sank\ligament.exe
() C:\Users\Cord Bishop\AppData\Local\Meant.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.51\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.51\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.51\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.51\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.51\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.51\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.51\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.51\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.51\opera.exe
() C:\Users\Cord Bishop\AppData\Local\exavwtc\cgcxzik.exe
() C:\Users\Cord Bishop\AppData\Local\exavwtc\cgcxzik.exe
() C:\Users\Cord Bishop\AppData\Local\exavwtc\cgcxzik.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files (x86)\Jacobson\ligament.exe
() C:\Program Files (x86)\Jacobson\Meant.exe
() C:\Users\Cord Bishop\AppData\Local\exavwtc\cgcxzik.exe
() C:\Users\Cord Bishop\AppData\Local\exavwtc\cgcxzik.exe
() C:\Program Files (x86)\Rotatory\Meant.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [dogfish] => c:\program files (x86)\rotatory\meant.exe [64512 2018-04-30] ()
HKLM\...\Run: [RTHDVCPL] => c:\program files\realtek\audio\hda\rtkngui64.exe [7546072 2014-03-10] (Realtek Semiconductor)
HKLM\...\Run: [dogfishembrace] => c:\program files (x86)\sank\ligament.exe [64512 2018-04-30] ()
HKLM\...\Run: [dogfishdogfish] => c:\program files (x86)\jacobson\meant.exe [64512 2018-04-30] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [cmsc] => "c:\program files (x86)\cmcm\Clean Master\cmtray.exe" -autorun
HKLM-x32\...\Run: [teardrop] => C:\Program Files (x86)\Rotatory\Meant.exe [64512 2018-04-30] ()
HKLM-x32\...\Run: [teardroptechnet] => C:\Program Files (x86)\sank\ligament.exe [64512 2018-04-30] ()
HKLM-x32\...\Run: [teardropteardrop] => C:\Program Files (x86)\Jacobson\Meant.exe [64512 2018-04-30] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [Chromium] => "c:\users\cord bishop\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [taonoa] => rundll32.exe "c:\users\cord bishop\appdata\local\taonoa.dll",taonoa <==== ATTENTION
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [Steam] => c:\program files (x86)\steam\steam.exe [3201312 2018-06-08] (Valve Corporation)
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [technet] => c:\program files (x86)\rotatory\meant.exe [64512 2018-04-30] ()
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [embrace] => c:\program files (x86)\rotatory\meant.exe [64512 2018-04-30] ()
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [embracedogfish] => c:\program files (x86)\sank\ligament.exe [64512 2018-04-30] ()
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [embraceembrace] => c:\program files (x86)\jacobson\meant.exe [64512 2018-04-30] ()
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [technetteardrop] => c:\program files (x86)\sank\ligament.exe [64512 2018-04-30] ()
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [technettechnet] => c:\program files (x86)\jacobson\meant.exe [64512 2018-04-30] ()
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [PCSpeedUp] => c:\program files (x86)\pc speed up\pcsunotifier.exe [354976 2017-02-09] (Optimal Software s.r.o.) <==== ATTENTION
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [bea] => C:\Program Files (x86)\Rotatory\Meant.exe [64512 2018-04-30] ()
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [basters] => C:\Program Files (x86)\hesitations\basters.exe [49934 2018-04-30] ()
AppInit_DLLs: C:\ProgramData\Quoteex\Indigostring.dll => C:\ProgramData\Quoteex\Indigostring.dll [342528 2018-04-30] ()
AppInit_DLLs-x32: C:\ProgramData\Quoteex\Daltdox.dll => C:\ProgramData\Quoteex\Daltdox.dll [460800 2018-07-10] ()
Startup: C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\galant.lnk [2018-04-30]
ShortcutTarget: galant.lnk -> C:\Program Files (x86)\Rotatory\Meant.exe ()
Startup: C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\galantgalant.lnk [2018-04-30]
ShortcutTarget: galantgalant.lnk -> C:\Program Files (x86)\sank\ligament.exe ()
Startup: C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Movband Sync.lnk [2017-08-23]
ShortcutTarget: Movband Sync.lnk -> C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Installer\{83CE0588-DD6F-4C0D-8C55-58DF0AF99DB2}\_FA72FA1DDC52D24D86F6BF.exe ()
Startup: C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-01-17]
ShortcutTarget: Twitch.lnk -> C:\Users\Cord Bishop\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-3054831734-3423443630-68311492-1001] => 127.0.0.1:8090
Winsock: Catalog9-x64 01 C:\Windows\system32\EasyRedirect64.dll [547544 2016-07-01] (EasyTech)
Winsock: Catalog9-x64 02 C:\Windows\system32\EasyRedirect64.dll [547544 2016-07-01] (EasyTech)
Winsock: Catalog9-x64 03 C:\Windows\system32\EasyRedirect64.dll [547544 2016-07-01] (EasyTech)
Winsock: Catalog9-x64 04 C:\Windows\system32\EasyRedirect64.dll [547544 2016-07-01] (EasyTech)
Winsock: Catalog9-x64 05 C:\Windows\system32\EasyRedirect64.dll [547544 2016-07-01] (EasyTech)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5efbf95f-94de-4daa-a5c5-1861b30efce2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{816bce3e-fc9e-4a09-ae4a-ee56fba31cf2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{efc56e40-b91f-4b6e-93b7-19ac0190ce67}: [DhcpNameServer] 8.8.8.8
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hsp ... 2B10%2BPro
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... gc9kg,,&q={searchTerms}
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... zGiLAbkDA,,
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search? ... 0%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search? ... 0%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... gc9kg,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search? ... 0%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3054831734-3423443630-68311492-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... gc9kg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3054831734-3423443630-68311492-1001 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-3054831734-3423443630-68311492-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... gc9kg,,&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-08] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-30] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-24] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-08] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-08] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-08] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-08] (Microsoft Corporation)
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-04-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
Chrome:
=======
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... cHGf-fn2A,,
CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... wVwMw,,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Profile: C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default [2018-07-10]
CHR Extension: (Slides) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (BetterTTV) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-20]
CHR Extension: (Docs) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-25]
CHR Extension: (YouTube) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-25]
CHR Extension: (Sheets) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-26]
CHR Extension: (AdBlock) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-04-30]
CHR Extension: (Bazz Search) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh [2018-04-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-30]
CHR Extension: (Gmail) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-25]
CHR Extension: (Chrome Media Router) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-10]
CHR HKLM\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3054831734-3423443630-68311492-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3054831734-3423443630-68311492-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3054831734-3423443630-68311492-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
HKLM\SYSTEM\CurrentControlSet\Services\alcehoxz <==== ATTENTION (Rootkit!)
R2 93bcb992e1192aa897fb453d43b84c8b; C:\WINDOWS\mabjadjvduiptqch.dll [1077248 2018-04-30] () [File not signed]
S2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2018-04-30] () [File not signed] <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-06-20] (Microsoft Corporation)
S2 f5c7ea05b9581bddda4e485b8ea95efc; C:\Program Files\f5c7ea05b9581bddda4e485b8ea95efc\b180290e19a7df0fcf43fa77ce84061d.exe [1332256 2018-07-07] ()
R2 hp3ddgsrv; C:\WINDOWS\system32\HP3DDGService.exe [130072 2017-10-03] (HP)
R2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [445600 2017-02-09] (Optimal Software s.r.o.) <==== ATTENTION
R2 Quoteex; C:\ProgramData\\Quoteex\\Quoteex.exe [2136576 2018-04-30] (TODO: <Company name>) [File not signed] <==== ATTENTION
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SCService; C:\Program Files (x86)\PC Speed Up\SpeedCheckerService.exe [81608 2017-11-30] (Optimal Software s.r.o.) <==== ATTENTION
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2018-01-28] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2016-12-27] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-19] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-19] (Microsoft Corporation)
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [53760 2017-12-18] (HP)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmdag.sys [38774688 2017-10-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [549792 2017-10-13] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices, Inc. )
S3 Andbus; C:\WINDOWS\System32\drivers\lgandbus64.sys [19456 2014-04-14] (LG Electronics Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 dd6f3570e40d4efa5e0f6eb7916ee152; C:\WINDOWS\System32\drivers\dd6f3570e40d4efa5e0f6eb7916ee152.sys [331120 2018-04-30] ()
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 DSI_SiUSBXp_3_1; C:\WINDOWS\system32\drivers\DSI_SiUSBXp_3_1.sys [16384 2007-09-06] (Silicon Laboratories)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [39936 2017-12-18] (HP)
S3 ksapi64; C:\WINDOWS\system32\drivers\ksapi64.sys [89776 2017-12-24] (Kingsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
S3 ssaebus; C:\WINDOWS\System32\drivers\ssaebus.sys [136264 2014-04-14] (MCCI Corporation)
S3 ssaeunic; C:\WINDOWS\System32\drivers\ssaeunic.sys [178760 2014-04-14] (MCCI Corporation)
S3 ssbcbus; C:\WINDOWS\System32\drivers\ssbcbus.sys [108032 1999-12-31] (MCCI)
S3 sscdserd; C:\WINDOWS\System32\drivers\sscdserd.sys [158024 2016-03-16] (MCCI Corporation)
S3 ssceserd; C:\WINDOWS\System32\drivers\ssceserd.sys [158024 2016-03-16] (MCCI Corporation)
S3 ssecbus; C:\WINDOWS\System32\drivers\ssecbus.sys [113664 1999-12-31] (MCCI Corporation)
S3 ssecmgmt; C:\WINDOWS\System32\drivers\ssecmgmt.sys [132096 1999-12-31] (MCCI Corporation)
S3 ssecobex; C:\WINDOWS\System32\drivers\ssecobex.sys [127488 1999-12-31] (MCCI Corporation)
S3 ssecunic; C:\WINDOWS\System32\drivers\ssecunic.sys [145408 1999-12-31] (MCCI Corporation)
S3 ssm_bus; C:\WINDOWS\System32\drivers\ssm_bus.sys [136192 1999-12-31] (MCCI Corporation)
S3 ssm_mdm; C:\WINDOWS\System32\drivers\ssm_mdm.sys [172032 1999-12-31] (MCCI Corporation)
S3 sssdbus; C:\WINDOWS\System32\drivers\sssdbus.sys [129352 1999-12-31] (MCCI Corporation)
S3 sssdmgmt; C:\WINDOWS\System32\drivers\sssdmgmt.sys [142664 1999-12-31] (MCCI Corporation)
S3 sssdobex; C:\WINDOWS\System32\drivers\sssdobex.sys [138056 1999-12-31] (MCCI Corporation)
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2016-03-16] (DEVGURU Co., LTD.(http://www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2016-03-16] (DEVGURU Co., LTD.(http://www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-04-25] (QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2015-05-28] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2016-03-16] (DEVGURU Co., LTD.(http://www.devguru.co.kr))
S3 ss_bserd; C:\WINDOWS\System32\drivers\ss_bserd.sys [128000 1999-12-31] (MCCI Corporation)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2015-05-28] (DEVGURU Co., LTD.)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-06-15] (Anchorfree Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-01-19] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2018-01-19] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-19] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [30392 2017-04-25] (HP)
R3 mptwzc; system32\drivers\twzcgj.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-10 22:38 - 2018-07-10 22:40 - 000028672 _____ C:\Users\Cord Bishop\Desktop\FRST.txt
2018-07-10 22:38 - 2018-07-10 22:38 - 000000000 ____D C:\FRST
2018-07-10 22:37 - 2018-07-10 22:37 - 002412544 _____ (Farbar) C:\Users\Cord Bishop\Desktop\FRST64.exe
2018-07-10 22:26 - 2018-07-10 22:26 - 000001723 _____ C:\Users\Cord Bishop\Desktop\image1 - Shortcut.lnk
2018-07-10 22:20 - 2018-07-10 22:22 - 000084157 _____ C:\Users\Cord Bishop\Downloads\image1.jpeg
2018-07-10 17:35 - 2018-07-10 22:38 - 000000000 ____D C:\Users\Cord Bishop\AppData\Local\seenhpb
2018-07-10 17:35 - 2018-07-10 17:35 - 000000000 ____D C:\Users\Cord Bishop\AppData\Local\svdhmrn
2018-07-10 17:33 - 2018-07-10 17:33 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-07-10 17:31 - 2018-07-10 19:55 - 000651732 _____ C:\WINDOWS\Minidump\071018-47406-01.dmp
2018-07-10 17:26 - 2018-07-10 17:26 - 000000000 _____ C:\WINDOWS\Minidump\071018-48000-01.dmp
2018-07-10 17:20 - 2018-07-10 17:20 - 000000000 _____ C:\WINDOWS\Minidump\071018-47890-01.dmp
2018-07-10 17:15 - 2018-07-10 17:15 - 000000000 _____ C:\WINDOWS\Minidump\071018-53859-01.dmp
2018-07-10 17:10 - 2018-07-10 17:10 - 000000000 _____ C:\WINDOWS\Minidump\071018-45343-01.dmp
2018-07-10 17:05 - 2018-07-10 17:31 - 3186380977 _____ C:\WINDOWS\MEMORY.DMP
2018-07-10 17:05 - 2018-07-10 17:05 - 000000000 _____ C:\WINDOWS\Minidump\071018-57343-01.dmp
2018-07-09 00:09 - 2018-05-04 05:37 - 000278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Notifier.exe
2018-07-08 22:50 - 2018-07-08 22:51 - 011092800 _____ C:\Users\Cord Bishop\Downloads\569129f4-5926-4f85-91d2-f6ccb09054a4.tmp
2018-07-08 22:33 - 2018-07-08 22:33 - 000000000 ____D C:\Users\Cord Bishop\Documents\TotalAV
2018-07-08 22:32 - 2018-07-08 22:32 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-07-08 22:27 - 2018-07-08 22:53 - 000000000 ____D C:\Program Files (x86)\TotalAV
2018-07-08 22:27 - 2018-07-08 22:28 - 000000000 ____D C:\Users\Cord Bishop\AppData\Roaming\TotalAV
2018-07-08 22:27 - 2018-07-08 22:27 - 011093688 _____ C:\Users\Cord Bishop\Downloads\TotalAV_Setup.exe
2018-07-08 22:27 - 2018-07-08 22:27 - 000001085 _____ C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
2018-07-08 22:27 - 2018-07-08 22:27 - 000001060 _____ C:\Users\Cord Bishop\Desktop\TotalAV.lnk
2018-07-08 22:12 - 2018-07-08 22:12 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-08 22:12 - 2018-07-08 22:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-08 21:53 - 2018-06-08 14:09 - 000130808 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2018-07-08 21:44 - 2018-07-08 21:44 - 000000000 ___HD C:\OneDriveTemp
2018-07-07 19:21 - 2018-07-07 19:21 - 001791488 _____ C:\WINDOWS\9942737ecb4a96d204f38d601f8ef7a3.exe
2018-07-07 19:21 - 2018-07-07 19:21 - 000213152 _____ C:\WINDOWS\system32\Drivers\7b7b5e23dea64ca508e4192df0f50d77.sys
2018-07-07 19:21 - 2018-07-07 19:21 - 000111057 _____ C:\WINDOWS\uninstaller.dat
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-10 22:42 - 2018-05-01 10:34 - 000000000 ____D C:\Users\Cord Bishop\AppData\Local\exavwtc
2018-07-10 22:39 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-10 22:36 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-07-10 22:32 - 2018-04-30 14:51 - 000000000 ____D C:\ProgramData\Quoteex
2018-07-10 22:31 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-10 22:08 - 2018-01-28 19:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-10 20:01 - 2017-05-25 23:33 - 000000000 ____D C:\Program Files (x86)\Steam
2018-07-10 20:00 - 2017-05-25 23:29 - 000002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-10 20:00 - 2017-05-25 23:29 - 000002272 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-10 19:55 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-10 19:55 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-07-10 19:48 - 2018-01-29 00:40 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1517200800
2018-07-10 19:48 - 2018-01-29 00:40 - 000001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-07-10 19:48 - 2018-01-29 00:37 - 000000000 ____D C:\Program Files\Opera
2018-07-10 19:36 - 2018-01-28 20:08 - 000004176 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{690B9376-94A3-4528-AFA6-FD648C19A30B}
2018-07-10 19:35 - 2018-04-30 14:55 - 000000000 ____D C:\Program Files (x86)\PC Speed Up
2018-07-10 17:41 - 2018-01-28 20:03 - 001216064 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-10 17:40 - 2018-01-17 18:21 - 000000000 ____D C:\Users\Cord Bishop\AppData\Roaming\Twitch
2018-07-10 17:37 - 2017-05-25 23:25 - 000000000 __RDL C:\Users\Cord Bishop\OneDrive
2018-07-10 17:32 - 2018-01-28 20:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-10 17:31 - 2018-05-01 09:08 - 000000000 ____D C:\WINDOWS\Minidump
2018-07-10 17:31 - 2017-08-24 07:53 - 000000000 ____D C:\ProgramData\Validity
2018-07-10 17:30 - 2018-04-30 23:05 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\comaibhsvc.exe
2018-07-10 17:25 - 2017-09-29 04:45 - 019398656 _____ C:\WINDOWS\system32\config\HARDWARE
2018-07-09 01:09 - 2018-05-15 20:29 - 000000000 ____D C:\Users\Cord Bishop\AppData\Local\lmhiptv
2018-07-09 00:52 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-09 00:43 - 2017-05-25 23:42 - 000000000 ____D C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-07-09 00:06 - 2018-01-29 00:44 - 000000000 ____D C:\Users\Cord Bishop\Downloads\The Social Network (2010) [1080]
2018-07-09 00:06 - 2017-05-30 23:07 - 000000000 ____D C:\Users\Cord Bishop\Downloads\Harry Potter and the Order of the Phoenix (2007) [1080p]
2018-07-09 00:01 - 2018-04-30 14:47 - 000000000 ____D C:\Program Files\f5c7ea05b9581bddda4e485b8ea95efc
2018-07-08 23:57 - 2018-01-12 01:57 - 000000000 ____D C:\Users\Cord Bishop\AppData\Roaming\Pacahef
2018-07-08 22:15 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-08 22:12 - 2017-05-28 12:45 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-07-08 22:12 - 2017-05-28 12:45 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-08 22:12 - 2017-05-28 12:45 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-08 22:12 - 2017-05-28 12:45 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-08 22:12 - 2017-05-28 12:45 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-08 22:12 - 2017-05-28 12:45 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-08 22:12 - 2017-05-28 12:45 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-08 22:08 - 2017-05-28 12:37 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-08 21:44 - 2018-01-28 20:08 - 000003386 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3054831734-3423443630-68311492-1001
2018-07-08 21:44 - 2017-05-25 23:25 - 000002381 _____ C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-08 21:41 - 2018-01-28 20:08 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-08 21:41 - 2018-01-28 20:08 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-07-08 21:40 - 2018-04-30 14:52 - 000015606 _____ C:\WINDOWS\SysWOW64\findit.xml
2018-07-08 21:40 - 2018-04-30 14:50 - 000929792 _____ C:\Users\Cord Bishop\AppData\Local\sham.db
==================== Files in the root of some directories =======
2018-04-13 06:45 - 2018-04-13 06:45 - 004279968 _____ (NeoSoft Tools ) C:\Users\Cord Bishop\AppData\Roaming\ctask.exe
2018-01-15 20:44 - 2018-01-25 02:38 - 000000194 _____ () C:\Users\Cord Bishop\AppData\Roaming\WB.CFG
2018-04-30 14:51 - 2018-04-30 14:51 - 007605760 _____ () C:\Users\Cord Bishop\AppData\Local\agent.dat
2018-01-16 06:56 - 2018-01-18 11:57 - 000000052 _____ () C:\Users\Cord Bishop\AppData\Local\AhUBiVCjWD
2018-04-30 14:51 - 2018-04-30 14:51 - 000070896 _____ () C:\Users\Cord Bishop\AppData\Local\Config.xml
2018-04-30 14:46 - 2018-04-30 14:46 - 000194048 _____ () C:\Users\Cord Bishop\AppData\Local\fdloix.dll
2018-04-30 14:51 - 2018-04-30 14:50 - 002136576 _____ (TODO: <Company name>) C:\Users\Cord Bishop\AppData\Local\Goodsololex.exe
2018-04-30 14:51 - 2018-04-30 14:51 - 001985574 _____ () C:\Users\Cord Bishop\AppData\Local\Goodsololex.tst
2018-04-30 14:50 - 2018-04-30 14:50 - 000016416 _____ () C:\Users\Cord Bishop\AppData\Local\InstallationConfiguration.xml
2018-04-30 14:50 - 2018-04-30 14:50 - 000140800 _____ () C:\Users\Cord Bishop\AppData\Local\installer.dat
2018-04-30 14:02 - 2018-04-30 14:02 - 000064512 _____ () C:\Users\Cord Bishop\AppData\Local\ligament.exe
2018-04-30 14:51 - 2018-04-30 14:51 - 000018432 _____ () C:\Users\Cord Bishop\AppData\Local\Main.dat
2018-04-30 14:51 - 2018-04-30 14:51 - 000005568 _____ () C:\Users\Cord Bishop\AppData\Local\md.xml
2018-04-30 14:02 - 2018-04-30 14:02 - 000064512 _____ () C:\Users\Cord Bishop\AppData\Local\Meant.exe
2018-01-25 02:38 - 2018-01-25 02:38 - 000000052 _____ () C:\Users\Cord Bishop\AppData\Local\mrw13579bg
2018-04-30 14:51 - 2018-04-30 14:51 - 000126464 _____ () C:\Users\Cord Bishop\AppData\Local\noah.dat
2018-04-30 14:50 - 2018-04-30 14:50 - 002136576 _____ (TODO: <Company name>) C:\Users\Cord Bishop\AppData\Local\Runity.exe
2018-04-30 14:51 - 2018-04-30 14:51 - 000278509 _____ () C:\Users\Cord Bishop\AppData\Local\Runity.tst
2018-04-30 14:46 - 2018-04-30 14:46 - 000003072 _____ () C:\Users\Cord Bishop\AppData\Local\setupInRAMQueue.exe
2018-04-30 14:50 - 2018-07-08 21:40 - 000929792 _____ () C:\Users\Cord Bishop\AppData\Local\sham.db
2018-04-30 14:51 - 2018-04-30 14:51 - 001895383 _____ () C:\Users\Cord Bishop\AppData\Local\StrongNamstrong.bin
2018-04-30 14:46 - 2018-04-30 14:46 - 000043520 _____ () C:\Users\Cord Bishop\AppData\Local\taonoa.dll
2018-04-30 14:52 - 2018-04-30 14:52 - 000032038 _____ () C:\Users\Cord Bishop\AppData\Local\uninstall_temp.ico
Files to move or delete:
====================
c:\program files (x86)\pc speed up\pcsunotifier.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\racnlxzd.sys -> Access Denied <======= ATTENTION
LastRegBack: 2018-04-30 22:51
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Cord Bishop (10-07-2018 22:42:54)
Running from C:\Users\Cord Bishop\Desktop
Windows 10 Pro Version 1709 16299.371 (X64) (2018-01-29 00:11:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3054831734-3423443630-68311492-500 - Administrator - Disabled)
Cord Bishop (S-1-5-21-3054831734-3423443630-68311492-1001 - Administrator - Enabled) => C:\Users\Cord Bishop
DefaultAccount (S-1-5-21-3054831734-3423443630-68311492-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3054831734-3423443630-68311492-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3054831734-3423443630-68311492-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3054831734-3423443630-68311492-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Total AV (Disabled - Up to date) {AC3490DF-B2AE-610F-9290-A5E6E0CD5323}
AS: Total AV (Disabled - Up to date) {1755713B-9494-6E81-A820-9E949B4A199E}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\uTorrent) (Version: 3.5.3.44396 - BitTorrent Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Chromium (HKU\.DEFAULT\...\Chromium) (Version: 58.0.3012.0 - Chromium)
FL Studio 12.1.2 (HKLM\...\FL Studio 12.1.2_is1) (Version: - )
FL Studio ASIO (HKLM\...\FL Studio ASIO) (Version: - Image-Line)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10228.20080 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movband Sync (HKLM-x32\...\{83CE0588-DD6F-4C0D-8C55-58DF0AF99DB2}) (Version: 3.0.50 - Movband)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
Opera Stable 54.0.2952.51 (HKLM-x32\...\Opera 54.0.2952.51) (Version: 54.0.2952.51 - Opera Software)
PC Speed Up (HKLM\...\PCSU-SL_is1) (Version: 3.9.16.0 - Optimal Software s.r.o.) <==== ATTENTION
Pokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version: - "Pokemon Showdown")
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
s5m (HKLM-x32\...\s5m) (Version: 2.0.2 - s5m) <==== ATTENTION
SafeFinder (HKLM-x32\...\{8FEDDDBC-E3AF-4C58-8526-DE9E97A99CDF}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION
Secured Yahoo Powered (HKLM-x32\...\{65388DF8-35B8-5C78-8438-2CF854B8FF78}) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TotalAV (HKLM-x32\...\TotalAV) (Version: 4.6.19 - TotalAV)
Twitch (HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [cm_64bit] -> {69E19770-EA24-49e2-B997-405EDBEF4C05} => -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [cm_64bit] -> {69E19770-EA24-49e2-B997-405EDBEF4C05} => -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers4: [cm_64bit] -> {69E19770-EA24-49e2-B997-405EDBEF4C05} => -> No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-09-22] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0BC03137-6620-4CD0-ABAE-6519ADC64862} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {0D492301-E9D0-4F90-AD59-0C9135EA5366} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {10F9B77B-586F-490C-BF20-2128D7532A33} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {1FC222DD-57A6-45CB-9749-3BE3AB4FA353} - System32\Tasks\tspotbellypotbelly => C:\Program Files (x86)\spiritedness\spiritedness.exe [2018-04-30] ()
Task: {20B1A8AC-4D97-476E-B0E5-241572F35C48} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-08] (Microsoft Corporation)
Task: {26402DAB-6A20-4475-A304-BAE26FB042D6} - System32\Tasks\tssteinhauser_kokisteinhauser_koki => C:\Program Files (x86)\Jacobson\Meant.exe [2018-04-30] ()
Task: {2A0B6E9B-7753-474C-AA9C-63BF02E74D9A} - System32\Tasks\tscitric hazilycitric hazily => C:\Program Files (x86)\Jacobson\ligament.exe [2018-04-30] ()
Task: {3ABCD8F5-393E-4A81-8797-D810FF2C5713} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-25] (Google Inc.)
Task: {3E878121-0CE0-4A9A-BE69-E28BF90F0AEF} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {43637C63-DF9A-46C7-93CB-763921E6E314} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-08] (Microsoft Corporation)
Task: {481C648C-9CDC-4AB0-99E0-F1C0C4AEE5CE} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe [2017-02-09] (Optimal Software s.r.o.) <==== ATTENTION
Task: {4BF03DC7-4B3D-4F0D-B6F4-36416ECF1365} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-08] (Microsoft Corporation)
Task: {4C807A7B-A43C-4538-AE74-AFBB767ABC66} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-25] (Google Inc.)
Task: {543A5E25-33DB-46C3-B76C-ECDEFCD0E334} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-20] (Microsoft Corporation)
Task: {5D918C9F-5F8A-470E-803C-2CADFED22E7A} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {68D6FC43-24BC-464A-92B9-DE084969B256} - System32\Tasks\tswarthogswarthogs => C:\Program Files (x86)\Rotatory\Meant.exe [2018-04-30] ()
Task: {6A0E20DF-3D41-4407-B752-6177B0A2729A} - System32\Tasks\steinhauser_koki => C:\Program Files (x86)\Jacobson\Meant.exe [2018-04-30] ()
Task: {6C06A8C7-7721-4955-BF69-5441236887DF} - System32\Tasks\fellas-shutter => C:\Program Files (x86)\sank\ligament.exe [2018-04-30] ()
Task: {7324A2FB-A4E4-4662-9854-C14159965F75} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-08] (Microsoft Corporation)
Task: {82AAE92B-2304-430A-9642-DD2BEAF21F88} - System32\Tasks\citric hazily => C:\Program Files (x86)\Jacobson\ligament.exe [2018-04-30] ()
Task: {8D294D69-800C-41F4-9359-5193275EBB66} - System32\Tasks\warthogs => C:\Program Files (x86)\Rotatory\Meant.exe [2018-04-30] ()
Task: {96723512-CA6F-40B2-88E6-ACD887A446CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {971CCC83-11FF-48C4-8BE6-42B0B1CA17D2} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-09-22] (Advanced Micro Devices, Inc.)
Task: {9E5B17D3-BCD4-4E69-83B7-543C88F46C30} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-20] (Microsoft Corporation)
Task: {9F8CD420-C2CD-41F6-9B7C-F75F0E30F193} - System32\Tasks\hydrates pronunciations bloomer => C:\Users\Cord Bishop\AppData\Local\Meant.exe [2018-04-30] ()
Task: {ACBC670B-8413-434F-AE1C-DF085BA07141} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {AD39FD9F-47CF-4634-900F-62DCD0F7A567} - System32\Tasks\potbelly => C:\Program Files (x86)\spiritedness\spiritedness.exe [2018-04-30] ()
Task: {AE4A8AB1-405C-4F6E-A692-C41DB2B25E71} - System32\Tasks\tsfellas-shutterfellas-shutter => C:\Program Files (x86)\sank\ligament.exe [2018-04-30] ()
Task: {AF384C93-C58E-48D2-BCC2-B494B4EE0BA5} - System32\Tasks\psv_Movehold => cmd.exe /c regedit.exe /s "C:\ProgramData\Quoteex\LotPlus.reg" & del "C:\ProgramData\Quoteex\LotPlus.reg" & SCHTASKS /Delete /TN "psv_Movehold" /F <==== ATTENTION
Task: {BB5B6054-1CF1-469C-BE01-60D9253EA686} - System32\Tasks\tshydrates pronunciations bloomerhydrates pronunciations bloomer => C:\Users\Cord Bishop\AppData\Local\Meant.exe [2018-04-30] ()
Task: {C99898AD-F7F2-439B-8DB1-8A082DABFCE3} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-10] (Microleaves) <==== ATTENTION
Task: {CCC70D06-B64E-429B-BE64-2ED3DAB395A7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {CDF05B3D-ABA1-4B2B-810D-9C3EBC649928} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-07-08] (Microsoft Corporation)
Task: {D6A0E5CE-6602-474B-9EFB-3554AF2F6F1D} - System32\Tasks\Opera scheduled Autoupdate 1517200800 => C:\Program Files\Opera\launcher.exe [2018-07-06] (Opera Software)
Task: {DA177F58-A869-4B95-999A-DF1F4A5D003A} - System32\Tasks\starbuck_tomkins => C:\Users\Cord Bishop\AppData\Local\ligament.exe [2018-04-30] ()
Task: {DE70630C-AF88-4CDB-895C-622E77A72BB6} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {DF8E8142-1D63-432D-8AC6-BAE74650EE83} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {E6CB0B82-E089-4F68-874C-17E6B9C73A57} - System32\Tasks\tsstarbuck_tomkinsstarbuck_tomkins => C:\Users\Cord Bishop\AppData\Local\ligament.exe [2018-04-30] ()
Task: {F5393032-C88D-4EA7-B821-02F633A5C344} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-08] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
==================== Loaded Modules (Whitelisted) ==============
2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-30 21:14 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-04-30 21:15 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-30 14:02 - 2018-04-30 14:02 - 000049934 _____ () C:\Program Files (x86)\hesitations\basters.exe
2018-04-30 21:18 - 2018-04-30 21:21 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-04-30 21:18 - 2018-04-30 21:21 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-04-30 21:18 - 2018-04-30 21:21 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-04-30 21:18 - 2018-04-30 21:21 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-04-30 21:18 - 2018-04-30 21:21 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2018-04-30 14:02 - 2018-04-30 14:02 - 000064512 _____ () C:\Program Files (x86)\sank\ligament.exe
2018-04-30 14:02 - 2018-04-30 14:02 - 000064512 _____ () C:\Users\Cord Bishop\AppData\Local\Meant.exe
2018-07-10 19:46 - 2018-07-06 09:20 - 102646872 _____ () C:\Program Files\Opera\54.0.2952.51\opera_browser.dll
2018-07-10 19:46 - 2018-07-06 09:20 - 004613208 _____ () C:\Program Files\Opera\54.0.2952.51\libglesv2.dll
2018-07-10 19:46 - 2018-07-06 09:20 - 000100440 _____ () C:\Program Files\Opera\54.0.2952.51\libegl.dll
2018-01-28 22:25 - 2018-01-28 22:25 - 003657624 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-01-28 22:25 - 2018-01-28 22:25 - 002470296 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2018-04-30 14:02 - 2018-04-30 14:02 - 000064512 _____ () C:\Program Files (x86)\Jacobson\ligament.exe
2018-04-30 14:02 - 2018-04-30 14:02 - 000064512 _____ () C:\Program Files (x86)\Jacobson\Meant.exe
2018-04-30 14:02 - 2018-04-30 14:02 - 000064512 _____ () C:\Program Files (x86)\Rotatory\Meant.exe
2018-04-30 14:55 - 2012-01-16 21:06 - 000577621 _____ () C:\Program Files (x86)\PC Speed Up\sqlite3.dll
2018-04-30 14:47 - 2018-04-30 14:47 - 001077248 _____ () C:\WINDOWS\mabjadjvduiptqch.dll
2018-04-30 14:46 - 2018-04-30 14:46 - 000043520 _____ () c:\users\cord bishop\appdata\local\taonoa.dll
2015-05-06 10:36 - 2015-05-06 10:36 - 000508144 _____ () C:\Program Files (x86)\Movband\Movband Sync\pedoIolib.dll
2015-05-06 10:36 - 2015-05-06 10:36 - 000603376 _____ () C:\Program Files (x86)\Movband\Movband Sync\sportlib.dll
2018-04-30 14:55 - 2014-11-26 09:34 - 000434688 _____ () C:\Program Files (x86)\PC Speed Up\PopupNotification.dll
2017-05-25 23:36 - 2018-06-08 17:38 - 000788256 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-05-25 23:36 - 2018-06-08 17:42 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-05-25 23:36 - 2018-06-08 19:39 - 002632992 _____ () C:\Program Files (x86)\Steam\video.dll
2017-05-25 23:36 - 2018-06-08 17:40 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-05-25 23:36 - 2018-06-08 17:40 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-01-08 16:47 - 2018-06-08 17:40 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-01-08 16:47 - 2018-06-08 17:40 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-01-08 16:47 - 2018-06-08 17:40 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-01-08 16:47 - 2018-06-08 17:40 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-01-08 16:47 - 2018-06-08 17:40 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-05-25 23:36 - 2018-06-08 19:38 - 000979744 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-05-25 23:36 - 2018-06-08 17:40 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-06-13 20:48 - 2018-06-08 17:39 - 000788256 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-05-25 23:38 - 2018-06-08 17:39 - 083524384 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-05-25 23:36 - 2018-06-08 17:42 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-07-13 05:21 - 2018-06-08 17:39 - 002253600 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2017-07-13 05:21 - 2018-06-08 17:39 - 000109856 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libegl.dll
2017-11-02 06:51 - 2017-11-02 06:51 - 000199864 _____ () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\sharepoint.com -> hxxps://tigermailauburn-files.sharepoint.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-05-26 02:09 - 2018-04-30 20:32 - 000001280 _____ C:\WINDOWS\system32\Drivers\etc\hosts
162.222.193.86 aoaomo.tremorhub.com
188.95.50.62 bobomo.tremorhub.com
162.222.193.86 http://www.howcast.com
162.222.193.86 howcast.com
162.222.193.86 http://www.ustream.tv
162.222.193.86 ustream.tv
162.222.193.86 http://www.livestream.com
162.222.193.86 livestream.com
162.222.193.86 http://www.dailymotion.com
162.222.193.86 dailymotion.com
192.192.3.8 http://www.virustotal.com
192.192.3.8 virustotal.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{77E80898-D0D0-46A5-B657-8FD67347EA50}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7FC433DD-3655-47EB-951D-B173A32ECE0D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F4142044-B17C-4B43-A4B9-B3ADAEBEDD7B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7A357E46-2006-4FE1-854C-75BEDAF040DD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F974AC5F-1EFD-4C86-A266-189BCA8FDA19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{65ECB87F-1E05-46FC-AC75-45282EC9268D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2591E72E-0E45-4F99-BC90-03A50311C72D}] => (Allow) C:\Users\Cord Bishop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{76C4B8A3-3E4E-40D2-9D55-BEEBB85762B3}] => (Allow) C:\Users\Cord Bishop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5C2810B7-789A-4879-824B-B8291E6398CC}] => (Allow) C:\Users\Cord Bishop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6CB820A7-EF39-4457-B403-8DD0B603D422}] => (Allow) C:\Users\Cord Bishop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8B2000A4-CE53-452A-8C5F-8B2C59898887}] => (Allow) C:\Users\Cord Bishop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A71FD7ED-BCB6-4372-8CE6-294C09906EA5}] => (Allow) C:\Users\Cord Bishop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A686286B-D01B-4FC5-81BB-852C62D62247}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{04BC64EF-FA11-4E94-9531-EADBE2E295F9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{49BB9E6B-4EF9-4397-BB2A-599FC7B84BE2}C:\program files (x86)\ip hider\ip hider.exe] => (Allow) C:\program files (x86)\ip hider\ip hider.exe
FirewallRules: [UDP Query User{327DC6DD-911A-430A-A5FA-327C7620FE14}C:\program files (x86)\ip hider\ip hider.exe] => (Allow) C:\program files (x86)\ip hider\ip hider.exe
FirewallRules: [{C5016F0D-014C-43DC-9EF6-7FB821B3C553}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{AF66DDF9-662A-4A53-AE7D-62D3F055E93C}] => (Allow) C:\WINDOWS\system32\config\systemprofile\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{BECB5210-66C8-492E-9A07-C6A9A76869F4}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{10FC9A23-F826-4202-9FEF-3C6CB8586865}] => (Allow) C:\Program Files (x86)\Rotatory\Meant.exe
FirewallRules: [{3B88A98E-91EB-4F2C-BBFF-1E6C6DA4CDF6}] => (Allow) C:\Program Files (x86)\Jacobson\Meant.exe
FirewallRules: [{4DE4E600-6515-49D2-BBD2-5465FC9C1BA1}] => (Allow) C:\Program Files (x86)\sank\ligament.exe
FirewallRules: [{C02CD512-499A-42C3-B03C-4A747FBDC9CC}] => (Allow) C:\Program Files (x86)\Jacobson\ligament.exe
FirewallRules: [{160DB582-DA0F-406C-A748-8BC33D2C843F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{4EEA0EAA-B7E8-4271-B218-A7DF8D82C833}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{73BF56EA-67BA-4A8B-8FB6-1D1A8AAC296E}] => (Allow) C:\Program Files\Opera\54.0.2952.51\opera.exe
FirewallRules: [{D0D12D19-CBFF-4974-8AA5-93F89050A487}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
08-07-2018 21:51:24 Windows Update
08-07-2018 21:52:29 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/10/2018 07:49:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Online-Guardian.exe, version: 2.0.9.0, time stamp: 0x59faf815
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xffffffff
Faulting process id: 0x20d4
Faulting application start time: 0x01d418a892b26e3a
Faulting application path: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
Faulting module path: unknown
Report Id: 6ea41f38-fdb5-437f-aa64-8287a47d3370
Faulting package full name:
Faulting package-relative application ID:
Error: (07/10/2018 07:33:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ligament.exe version 6.8.6.111 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 3900
Start Time: 01d4189762e1b6aa
Termination Time: 250
Application Path: C:\Users\Cord Bishop\AppData\Local\ligament.exe
Report Id: e50751c3-b3b8-4901-9cfc-6fd05ddb3864
Faulting package full name:
Faulting package-relative application ID:
Error: (07/10/2018 05:41:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 66.0.3359.139, time stamp: 0x5ae13bcc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x23e4
Faulting application start time: 0x01d41896bbfd28bc
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: unknown
Report Id: 05bfc8b0-1308-4e64-8105-3022ab2a10bc
Faulting package full name:
Faulting package-relative application ID:
Error: (07/10/2018 05:35:08 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
Error: (07/10/2018 05:35:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (07/09/2018 12:45:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ligament.exe, version: 6.8.6.111, time stamp: 0x5ae75a19
Faulting module name: Flash.ocx, version: 29.0.0.140, time stamp: 0x5ab99580
Exception code: 0xc0000005
Fault offset: 0x00000000000b6455
Faulting process id: 0x%9
Faulting application start time: 0xligament.exe0
Faulting application path: ligament.exe1
Faulting module path: ligament.exe2
Report Id: ligament.exe3
Faulting package full name: ligament.exe4
Faulting package-relative application ID: ligament.exe5
Error: (07/08/2018 10:27:04 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (07/08/2018 10:25:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.371, time stamp: 0x5abdadc7
Faulting module name: chakra.dll, version: 11.0.16299.371, time stamp: 0xa2ac1aec
Exception code: 0xcfffffff
Fault offset: 0x0000000000095575
Faulting process id: 0x4114
Faulting application start time: 0x01d4172646118aa7
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\chakra.dll
Report Id: a5e4dbcb-f05b-49e4-a846-fe9d43feee26
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.371.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
System errors:
=============
Error: (07/10/2018 10:44:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6SV4VTR)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Error: (07/10/2018 10:43:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6SV4VTR)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Error: (07/10/2018 10:41:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6SV4VTR)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Error: (07/10/2018 10:40:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6SV4VTR)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Error: (07/10/2018 10:38:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6SV4VTR)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Error: (07/10/2018 10:37:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6SV4VTR)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Error: (07/10/2018 10:35:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6SV4VTR)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Error: (07/10/2018 10:34:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6SV4VTR)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Windows Defender:
===================================
Date: 2018-04-30 20:24:06.064
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Trojan:Win64/Detrahere!rfn
ID: 2147725652
Severity: Severe
Category: Trojan
Path: driver:_alcehoxz;file:_C:\Windows\System32\drivers\lmckragn.sys;file:_C:\WINDOWS\system32\drivers\racnlxzd.sys
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\ByteFence\ByteFence.exe
Signature Version: AV: 1.261.1633.0, AS: 1.261.1633.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0
Date: 2018-04-30 15:21:01.097
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Trojan:Win64/Detrahere!rfn
ID: 2147725652
Severity: Severe
Category: Trojan
Path: driver:_alcehoxz;file:_C:\Windows\System32\drivers\lmckragn.sys;file:_C:\WINDOWS\system32\drivers\racnlxzd.sys
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.261.1633.0, AS: 1.261.1633.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0
Date: 2018-04-30 14:51:42.134
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Behavior:Win32/ObfuscatorGd.gen!B
ID: 2147719222
Severity: Severe
Category: Suspicious Behavior
Path: behavior:_pid:12576:272351750268619;file:_C:\Users\Cord Bishop\AppData\Local\Temp\1392770704\ic-0.1ca5a887e650fc.exe;process:_pid:8144,ProcessStart:131695877329974301
Detection Origin: Local machine
Detection Type: Generic
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.261.1633.0, AS: 1.261.1633.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0
Date: 2018-04-30 14:51:42.131
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: BrowserModifier:Win32/Soctuseer!excl
ID: 237119
Severity: High
Category: Browser Modifier
Path: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\f5c7ea05b9581bddda4e485b8ea95efc\
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.261.1633.0, AS: 1.261.1633.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0
Date: 2018-04-30 14:49:47.567
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Trojan:Win64/Detrahere!rfn
ID: 2147725652
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\drivers\lmckragn.sys
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.261.1633.0, AS: 1.261.1633.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0
Date: 2018-04-30 20:33:11.186
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1633.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.
Date: 2018-04-30 20:33:11.185
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.
Date: 2018-04-30 20:32:58.711
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1633.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.
Date: 2018-04-30 20:32:58.710
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1633.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.
Date: 2018-04-30 20:32:58.710
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1633.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.
==================== Memory info ===========================
Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 53%
Total physical RAM: 7134.36 MB
Available physical RAM: 3307.75 MB
Total Virtual: 14558.36 MB
Available Virtual: 9743.45 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:914.32 GB) (Free:829.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:16.9 GB) (Free:16.81 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.1 GB) FAT32
\\?\Volume{17046d24-0000-0000-0000-100000000000}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 17046D24)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=914.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)
==================== End of Addition.txt ============================
These programs keep opening up and playing ads on my computer, but I can only see that they are open when I alt+tab. It's super annoying to have to keep closing out of them either with task manager to just end the processes or just close them out through alt tabbing, can anyone help me get rid of it? Also I have an anti virus software and it either couldn't find it or couldn't get rid of it because it's still popping up.