Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-05.2019 Ran by Adrian (administrator) on ADRIAN-PC (Dell Inc. Inspiron 3521) (02-05-2019 15:08:48) Running from C:\Users\Adrian\Desktop Loaded Profiles: Adrian (Available Profiles: Adrian & Guest) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1554809684\fshoster64.exe (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1554809684\fshoster64.exe (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1554809684\fsorsp64.exe (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1554809684\fsulprothoster.exe (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\fshoster32.exe (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\fshoster32.exe (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Telia SAFE\fshoster32.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [735336 2019-04-16] (AVB Disc Soft, SIA -> Disc Soft Ltd) HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd) HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [255488 2011-05-30] () [File not signed] HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-14] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS) HKLM\...\Drivers32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-11] (Google LLC -> Google Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems, Inc.) FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1497F405-E052-404B-BC6D-F21C5586BC72} - System32\Tasks\Microsoft\Windows\comhosts\runco => C:\Users\Adrian\AppData\Roaming\server\runhosts.exe Task: {1525B772-FB8C-4A33-8095-3B1D111CE541} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Task: {180BCAF9-5A08-4DDE-9571-50855D3BEC5C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent Task: {180BCAF9-5A08-4DDE-9571-50855D3BEC5C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation) Task: {20B6F0F3-C640-4B35-9DCE-C9F402964757} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig Task: {20B6F0F3-C640-4B35-9DCE-C9F402964757} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation) Task: {346CD88F-2C4E-4138-BA9C-1E4A33B5F611} - System32\Tasks\AdobeGCInvoker-1.0-Adrian-PC-Adrian => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) Task: {3533BBF0-3A3C-4CE4-8F84-86D517CA2393} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd) Task: {466C48A9-00CA-4409-A968-53F6645D1741} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime Task: {466C48A9-00CA-4409-A968-53F6645D1741} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation) Task: {82200675-0F52-47D2-AB6A-F351D3DEB67F} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [1174016 2011-04-24] (Microsoft Windows -> Microsoft Corporation) Task: {934A53E4-A6A5-4727-BCBE-BC76A6DD986F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {93F844FE-9641-491B-8471-B3D84D3A5EA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd) Task: {9B9E43C7-C8A8-4993-9EA1-315B69728A06} - System32\Tasks\Microsoft\Windows\system\r => C:\Users\Adrian\AppData\Roaming\server\runhosts.exe <==== ATTENTION Task: {D6697156-6082-4A51-BECE-13EB6DF0032B} - System32\Tasks\A PDF Realiser => C:\Windows\system32\rundll32.exe "C:\Program Files\A PDF Realiser\A PDF Realiser.dll",YudTOxN <==== ATTENTION Task: {D86DE2B9-2662-4A7F-81CF-A321F2B84CBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-01] (Google Inc -> Google Inc.) Task: {E205646E-7DD1-4DB6-BB51-8071D17B216F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe Task: {E5A8D920-3869-46B8-87D5-07BF18FECEA8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig Task: {E5A8D920-3869-46B8-87D5-07BF18FECEA8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent Task: {E5A8D920-3869-46B8-87D5-07BF18FECEA8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation) Task: {F40A2F71-8C43-479C-A3C1-03699A89746F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-01] (Google Inc -> Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\A PDF Realiser.job => rundll32.exe C:\Program Files\A PDF Realiser\A PDF Realiser.dll ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{12AA26AC-4392-403A-9A14-02CD4B939AC0}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{B1A57BC6-6D23-472E-B8AD-E4B5EB2CEAC1}: [NameServer] 8.8.8.8 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-4055709356-1465872850-4113285666-1000\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Telia SAFE\apps\Ultralight\nif\1553689882\browser\install\fs_ie_https\fs_ie_https64.dll [2019-04-08] (F-Secure Corporation -> F-Secure Corporation) BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Telia SAFE\apps\Ultralight\nif\1553689882\browser\install\fs_ie_https\fs_ie_https.dll [2019-04-08] (F-Secure Corporation -> F-Secure Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-14] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-14] (Oracle America, Inc. -> Oracle Corporation) FireFox: ======== FF DefaultProfile: r120bcec.default-1485454395780-1533903884218 FF DefaultProfile: y4erocbx.default FF ProfilePath: C:\Users\Adrian\AppData\Roaming\TomTom\HOME\Profiles\urd9ga9k.default [2017-06-01] FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\r120bcec.default-1485454395780-1533903884218 [2019-05-02] FF Extension: (Video DownloadHelper) - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\r120bcec.default-1485454395780-1533903884218\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-10] FF Extension: (Telemetry coverage) - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\r120bcec.default-1485454395780-1533903884218\features\{93c81a15-9e5c-4ff5-a632-ed5eae26fdb5}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-08] [Legacy] FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\y4erocbx.default [2019-05-02] FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\Telia SAFE\apps\Ultralight\nif\1553689882\browser\install\fs_firefox_https\fs_firefox_https.xpi FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\Telia SAFE\apps\Ultralight\nif\1553689882\browser\install\fs_firefox_https\fs_firefox_https.xpi [2019-04-08] FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\Telia SAFE\apps\Ultralight\nif\1553689882\browser\install\fs_firefox_https\fs_firefox_https.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-26] (Adobe Systems Incorporated -> ) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-07-25] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-26] (Adobe Systems Incorporated -> ) FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-14] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-14] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-07-25] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-04-08] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-04-08] (Google Inc -> Google LLC) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-26] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default [2019-05-02] CHR Extension: (Flash Video Downloader) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-09-24] CHR Extension: (SportZone) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeikikackmjcmgkcgpnangjlnicecml [2018-03-05] CHR Extension: (Image Downloader) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2018-03-18] CHR Extension: (Anti-Porn Pro - The best Anti-Porn addon!) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp [2018-06-22] CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2018-12-17] CHR Extension: (Video DownloadHelper) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-08-01] CHR Extension: (Pursued) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mglmffkipgdhdkolbbkofkfhappinpin [2018-03-04] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Chrome Media Router) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-08] CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-04-20] CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12] Opera: ======= OPR Extension: (No Name) - C:\Users\Adrian\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-11-13] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4132456 2019-04-16] (AVB Disc Soft, SIA -> Disc Soft Ltd) R2 fshoster; C:\Program Files (x86)\Telia SAFE\fshoster32.exe [213448 2018-10-05] (F-Secure Corporation -> F-Secure Corporation) R2 fsnethoster; C:\Program Files (x86)\Telia SAFE\fshoster32.exe [213448 2018-10-05] (F-Secure Corporation -> F-Secure Corporation) R2 fsulhoster; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1554809684\fshoster64.exe [579048 2019-04-09] (F-Secure Corporation -> F-Secure Corporation) R2 fsulnethoster; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1554809684\fshoster64.exe [579048 2019-04-09] (F-Secure Corporation -> F-Secure Corporation) R2 fsulorsp; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1554809684\fsorsp64.exe [101320 2019-04-09] (F-Secure Corporation -> F-Secure Corporation) R2 fsulprothoster; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1554809684\fsulprothoster.exe [579048 2019-04-09] (F-Secure Corporation -> F-Secure Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor Corp -> Realtek Semiconductor) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (APOWERSOFT LIMITED -> Wondershare) S3 atrfiltr; C:\Windows\System32\DRIVERS\atrfiltr.sys [16224 2014-09-11] (Estonian Informatics Centre -> Windows (R) Win 7 DDK provider) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2014-07-23] (Broadcom Corporation -> Broadcom Corporation.) S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [23760 2014-07-23] (Broadcom Corporation -> Broadcom Corporation) R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [9082064 2014-07-23] (Broadcom Corporation -> Broadcom Corporation) S3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [191224 2014-05-14] (HID Global -> HID Global Corporation) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [42256 2019-02-23] (AVB Disc Soft, SIA -> Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [59360 2019-02-23] (AVB Disc Soft, SIA -> Disc Soft Ltd) R3 F-Secure Gatekeeper; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1554809684\fsulgk.sys [278088 2019-04-09] (F-Secure Corporation -> F-Secure Corporation) R1 F-Secure UL HIPS; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\ulcore\1554809684\fshs.sys [102480 2019-04-09] (F-Secure Corporation -> F-Secure Corporation) R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [65872 2018-12-17] (F-Secure Corporation -> ) R3 fsni; C:\Program Files (x86)\Telia SAFE\apps\Ultralight\nif\1553689882\fsni64.sys [108704 2019-04-08] (F-Secure Corporation -> F-Secure Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [5343584 2012-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) R3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [342528 2012-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation) S3 jakstaVA; C:\Windows\System32\DRIVERS\jaksta_va.sys [103816 2014-12-09] (Jaksta Technologies Pty Ltd -> e2eSoft) S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11973 2016-12-28] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-05-27] (AnchorFree Inc -> Anchorfree Inc.) S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies) S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X] S3 btwaudio; system32\drivers\btwaudio.sys [X] S3 btwavdt; system32\drivers\btwavdt.sys [X] S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X] S3 btwrchid; system32\DRIVERS\btwrchid.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X] S3 SmbDrvI; system32\DRIVERS\Smb_driver_Intel.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-02 15:08 - 2019-05-02 15:11 - 000027766 _____ C:\Users\Adrian\Desktop\FRST.txt 2019-05-02 15:08 - 2019-05-02 15:08 - 002430464 _____ (Farbar) C:\Users\Adrian\Desktop\FRST64.exe 2019-05-02 15:08 - 2019-05-02 15:08 - 000000000 ____D C:\FRST 2019-05-02 15:06 - 2019-05-02 15:09 - 154881408 _____ C:\Users\Adrian\Downloads\TEA1 (13).rar 2019-05-02 15:03 - 2019-05-02 15:04 - 042827239 _____ C:\Users\Adrian\Downloads\TEA1 (12).rar 2019-05-02 14:31 - 2009-11-04 18:14 - 000000000 ____D C:\Users\Adrian\Downloads\Organisation1970 2019-05-02 14:01 - 2019-05-02 14:02 - 034641476 _____ C:\Users\Adrian\Downloads\SHAARGHOT.zip 2019-05-02 14:00 - 2019-05-02 14:10 - 553763139 _____ C:\Users\Adrian\Downloads\Waxx.zip 2019-05-02 13:56 - 2019-05-02 13:56 - 000000000 ____D C:\Users\Adrian\Downloads\FM The Italian Job 2019-05-02 13:18 - 2019-05-02 13:18 - 000000000 ____D C:\Users\Adrian\Downloads\BMSNudo 2019-05-02 12:14 - 2013-08-04 19:49 - 2083683644 _____ C:\Users\Adrian\Downloads\1968 - The legend of Lylah Clare - Le Démon des femmes (de Robert Aldrich).avi 2019-05-02 10:44 - 2019-05-02 10:44 - 000144609 _____ C:\Users\Adrian\Desktop\ZHPDiag.txt 2019-04-30 23:13 - 2019-04-30 23:13 - 003032448 _____ C:\Users\Adrian\Downloads\ZHPDiag3.exe 2019-04-30 00:59 - 2019-04-30 00:59 - 000000000 ____D C:\Users\Adrian\Downloads\BMS79CANPRI 2019-04-30 00:59 - 2019-04-30 00:59 - 000000000 ____D C:\Users\Adrian\Downloads\BMS70CAPO 2019-04-30 00:58 - 2019-04-30 00:58 - 000000000 ____D C:\Users\Adrian\Downloads\BMSNaso 2019-04-30 00:19 - 2019-04-30 00:19 - 000000000 ____D C:\Users\Adrian\AppData\LocalLow\uTorrent 2019-04-29 23:11 - 2014-11-24 20:30 - 030414329 _____ C:\Users\Adrian\Downloads\Disco Playa.mp4 2019-04-29 17:58 - 2019-04-29 22:38 - 1049523358 _____ C:\Users\Adrian\Downloads\All the Marbles (1981).mp4 2019-04-28 12:07 - 2019-04-28 12:11 - 000093302 _____ C:\Users\Adrian\Downloads\new.txt 2019-04-27 12:51 - 2019-04-27 12:51 - 001497483 _____ C:\Users\Adrian\Downloads\video-1556351427.mp4 2019-04-26 12:58 - 2019-04-26 13:04 - 000000000 ____D C:\Users\Adrian\Downloads\Arena 2019-04-25 21:06 - 2019-04-25 23:09 - 743117584 _____ C:\Users\Adrian\Downloads\The Choirboys (1977).avi 2019-04-25 20:51 - 2019-04-25 20:51 - 000000000 ____D C:\Users\Adrian\Downloads\Too Late The Hero (War Drama 1970) Michael Caine 720p 2019-04-23 17:47 - 2019-04-23 17:47 - 000432455 _____ C:\Users\Adrian\Downloads\bgb.zip 2019-04-22 22:29 - 2019-04-22 23:09 - 1084268858 _____ C:\Users\Adrian\Downloads\The Cremator (1968).mkv 2019-04-22 21:52 - 2019-04-23 17:43 - 000000000 ____D C:\Users\Adrian\Downloads\Gold 2019-04-20 13:08 - 2019-04-20 13:08 - 000000000 ____D C:\Users\Adrian\Downloads\1980 - Telekon 2019-04-20 13:06 - 2019-04-20 14:09 - 000000000 ____D C:\Users\Adrian\Downloads\The Fleetwood Mac Discography by Sketch 2019-04-18 14:43 - 2016-05-09 16:28 - 000000000 ____D C:\Users\Adrian\Downloads\Banco78 2019-04-18 14:11 - 2019-04-18 14:11 - 010124801 _____ C:\Users\Adrian\Downloads\Don Felder.m4a 2019-04-16 13:20 - 2019-04-16 13:20 - 000001085 _____ C:\Users\Public\Desktop\Championship Manager 01-02.lnk 2019-04-16 13:20 - 2019-04-16 13:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Championship Manager 01-02 2019-04-16 13:07 - 2019-04-16 13:07 - 000000077 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2019-04-16 13:07 - 2019-04-16 13:07 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software 2019-04-16 13:06 - 2019-04-16 13:17 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2019-04-16 13:06 - 2019-04-16 13:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\DAEMON Tools Lite 2019-04-16 13:06 - 2019-04-16 13:06 - 000000000 ____D C:\Program Files\DAEMON Tools Lite 2019-04-16 13:05 - 2019-04-16 13:31 - 000000000 ____D C:\Program Files\Common Files\AVAST Software 2019-04-16 13:03 - 2019-04-16 13:06 - 000001703 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2019-04-16 12:52 - 2019-04-16 12:57 - 307431424 _____ C:\Users\Adrian\Downloads\Championship Manager 01-02.iso 2019-04-11 22:37 - 2019-05-02 14:06 - 000000000 ____D C:\Users\Adrian\Downloads\Press Gang Metropol 2019-04-11 22:37 - 2019-03-16 15:47 - 000000000 ____D C:\Users\Adrian\Downloads\2019 Bonnie Tyler - Between the Earth and the Stars @320 2019-04-11 22:25 - 2019-04-05 19:44 - 000000000 ____D C:\Users\Adrian\Downloads\Banco_del_Mutuo_Soccorso__Transiberiana 2019-04-11 22:21 - 2019-04-04 11:58 - 000000000 ____D C:\Users\Adrian\Downloads\Red Bazar 2019-04-11 22:16 - 2019-04-11 22:17 - 009187785 _____ C:\Users\Adrian\Downloads\Bonnie Tyler.m4a 2019-04-10 10:06 - 2019-04-10 10:06 - 002510684 _____ ( ) C:\Users\Adrian\Downloads\Mickey Mania - Timeless Adventures of Mickey Mouse (E) [!]_4091736028.exe 2019-04-10 10:06 - 2019-04-10 10:06 - 001282159 _____ C:\Users\Adrian\Downloads\Mickey Mania - The Timeless Adventures of Mickey Mouse (Europe) (1).zip 2019-04-09 19:01 - 2019-04-09 19:01 - 000540166 _____ C:\Users\Adrian\Downloads\EE_Rollout_2019_EBP_for April 2019.pdf 2019-04-09 16:00 - 2019-04-09 16:00 - 002097152 _____ C:\Users\Adrian\Downloads\Sonic The Hedgehog 3.smd 2019-04-08 15:31 - 2019-04-20 13:05 - 000000000 ____D C:\Users\Adrian\AppData\Local\BitTorrentHelper ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-02 14:59 - 2009-07-14 08:13 - 000788374 _____ C:\Windows\system32\PerfStringBackup.INI 2019-05-02 14:59 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf 2019-05-02 14:35 - 2014-07-30 10:34 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\FileZilla 2019-05-02 14:32 - 2019-01-18 21:32 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\Mp3tag 2019-05-02 14:00 - 2014-07-30 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2019-05-02 14:00 - 2014-07-30 10:34 - 000000000 ____D C:\Program Files (x86)\FileZilla FTP Client 2019-05-02 13:59 - 2019-02-18 10:48 - 000000000 ____D C:\Users\Adrian\Downloads\2019 2019-05-02 11:49 - 2014-07-24 17:31 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\vlc 2019-05-02 10:44 - 2015-08-16 21:19 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\ZHP 2019-05-02 10:02 - 2009-07-14 07:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-05-02 10:02 - 2009-07-14 07:45 - 000025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-05-02 09:46 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-05-01 02:27 - 2018-07-28 17:26 - 000000000 ____D C:\Program Files (x86)\Championship Manager 01-02 2019-04-30 01:15 - 2014-07-24 16:42 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\uTorrent 2019-04-30 01:14 - 2018-01-10 20:10 - 000000000 ____D C:\Users\Adrian\Documents\Roman 2019-04-29 18:48 - 2018-04-29 14:41 - 000000000 ____D C:\Users\Adrian\Documents\Livre Ultravox 2019-04-29 17:43 - 2014-08-22 19:55 - 000000000 ____D C:\Users\Adrian\Downloads\Pas finis 2019-04-28 12:38 - 2018-04-26 22:38 - 000000000 ____D C:\Users\Adrian\Documents\Livre Blondie 2019-04-26 09:06 - 2015-08-31 18:49 - 000000000 ____D C:\Program Files\CCleaner 2019-04-25 23:55 - 2014-09-04 17:35 - 023983734 _____ C:\Users\Adrian\Documents\Films vus.odt 2019-04-25 00:37 - 2014-09-04 18:07 - 001354186 _____ C:\Users\Adrian\Documents\Classement des réalisateurs.ods 2019-04-23 17:32 - 2019-02-23 19:35 - 000000000 ____D C:\Users\Public\Documents\Catch! 2019-04-22 15:38 - 2016-06-03 17:33 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\MPC-HC 2019-04-22 15:03 - 2017-11-09 11:59 - 000000000 ____D C:\Users\Adrian\dwhelper 2019-04-20 13:02 - 2015-04-30 22:03 - 000000000 ____D C:\Users\Adrian\AppData\Roaming\DAEMON Tools Lite 2019-04-16 13:31 - 2014-07-23 20:37 - 000000000 ____D C:\ProgramData\AVAST Software 2019-04-16 13:07 - 2019-02-23 19:35 - 000003160 _____ C:\Windows\System32\Tasks\SidebarExecute 2019-04-12 16:31 - 2017-04-14 11:33 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-04-11 06:36 - 2017-12-01 14:41 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-04-08 06:01 - 2017-12-01 14:39 - 000003380 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2019-04-08 06:01 - 2017-12-01 14:39 - 000003252 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2015-12-06 19:47 - 2017-08-06 13:32 - 000011264 _____ () C:\Users\Adrian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-09-06 20:27 - 2017-09-06 20:27 - 000140800 _____ () C:\Users\Adrian\AppData\Local\installer.dat 2018-09-28 13:07 - 2018-09-28 13:07 - 000000000 _____ () C:\Users\Adrian\AppData\Local\oobelibMkey.log 2016-07-17 10:44 - 2016-07-17 10:46 - 000002222 _____ () C:\Users\Adrian\AppData\Local\WiDiSetupLog.20160717.104454.txt 2016-07-17 10:55 - 2016-07-17 10:55 - 000011200 _____ () C:\Users\Adrian\AppData\Local\WiDiSetupLog.20160717.105514.txt ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) LastRegBack: 2015-12-17 13:22 ==================== End of FRST.txt ============================