Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

These programs called saigon and boiaphh keep popping up.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

These programs called saigon and boiaphh keep popping up.

Unread postby cordbish » July 10th, 2018, 10:51 pm

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Cord Bishop (administrator) on DESKTOP-6SV4VTR (10-07-2018 22:38:37)
Running from C:\Users\Cord Bishop\Desktop
Loaded Profiles: Cord Bishop (Available Profiles: defaultuser0 & Cord Bishop)
Platform: Windows 10 Pro Version 1709 16299.371 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\comaibhsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(HP) C:\Windows\System32\HP3DDGService.exe
(Optimal Software s.r.o.) C:\Program Files (x86)\PC Speed Up\PCSUService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Optimal Software s.r.o.) C:\Program Files (x86)\PC Speed Up\SpeedCheckerService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TODO: <Company name>) C:\ProgramData\Quoteex\Quoteex.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Users\Cord Bishop\AppData\Local\exavwtc\exavwtc.exe
() C:\Program Files (x86)\hesitations\basters.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Movband) C:\Program Files (x86)\Movband\Movband Sync\MOVband.Sync.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Optimal Software s.r.o.) C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files (x86)\sank\ligament.exe
() C:\Users\Cord Bishop\AppData\Local\Meant.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.51\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.51\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.51\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.51\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.51\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.51\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.51\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.51\opera.exe
(Opera Software) C:\Program Files\Opera\54.0.2952.51\opera.exe
() C:\Users\Cord Bishop\AppData\Local\exavwtc\cgcxzik.exe
() C:\Users\Cord Bishop\AppData\Local\exavwtc\cgcxzik.exe
() C:\Users\Cord Bishop\AppData\Local\exavwtc\cgcxzik.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files (x86)\Jacobson\ligament.exe
() C:\Program Files (x86)\Jacobson\Meant.exe
() C:\Users\Cord Bishop\AppData\Local\exavwtc\cgcxzik.exe
() C:\Users\Cord Bishop\AppData\Local\exavwtc\cgcxzik.exe
() C:\Program Files (x86)\Rotatory\Meant.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [dogfish] => c:\program files (x86)\rotatory\meant.exe [64512 2018-04-30] ()
HKLM\...\Run: [RTHDVCPL] => c:\program files\realtek\audio\hda\rtkngui64.exe [7546072 2014-03-10] (Realtek Semiconductor)
HKLM\...\Run: [dogfishembrace] => c:\program files (x86)\sank\ligament.exe [64512 2018-04-30] ()
HKLM\...\Run: [dogfishdogfish] => c:\program files (x86)\jacobson\meant.exe [64512 2018-04-30] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [cmsc] => "c:\program files (x86)\cmcm\Clean Master\cmtray.exe" -autorun
HKLM-x32\...\Run: [teardrop] => C:\Program Files (x86)\Rotatory\Meant.exe [64512 2018-04-30] ()
HKLM-x32\...\Run: [teardroptechnet] => C:\Program Files (x86)\sank\ligament.exe [64512 2018-04-30] ()
HKLM-x32\...\Run: [teardropteardrop] => C:\Program Files (x86)\Jacobson\Meant.exe [64512 2018-04-30] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [Chromium] => "c:\users\cord bishop\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [taonoa] => rundll32.exe "c:\users\cord bishop\appdata\local\taonoa.dll",taonoa <==== ATTENTION
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [Steam] => c:\program files (x86)\steam\steam.exe [3201312 2018-06-08] (Valve Corporation)
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [technet] => c:\program files (x86)\rotatory\meant.exe [64512 2018-04-30] ()
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [embrace] => c:\program files (x86)\rotatory\meant.exe [64512 2018-04-30] ()
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [embracedogfish] => c:\program files (x86)\sank\ligament.exe [64512 2018-04-30] ()
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [embraceembrace] => c:\program files (x86)\jacobson\meant.exe [64512 2018-04-30] ()
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [technetteardrop] => c:\program files (x86)\sank\ligament.exe [64512 2018-04-30] ()
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [technettechnet] => c:\program files (x86)\jacobson\meant.exe [64512 2018-04-30] ()
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [PCSpeedUp] => c:\program files (x86)\pc speed up\pcsunotifier.exe [354976 2017-02-09] (Optimal Software s.r.o.) <==== ATTENTION
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [bea] => C:\Program Files (x86)\Rotatory\Meant.exe [64512 2018-04-30] ()
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\Run: [basters] => C:\Program Files (x86)\hesitations\basters.exe [49934 2018-04-30] ()
AppInit_DLLs: C:\ProgramData\Quoteex\Indigostring.dll => C:\ProgramData\Quoteex\Indigostring.dll [342528 2018-04-30] ()
AppInit_DLLs-x32: C:\ProgramData\Quoteex\Daltdox.dll => C:\ProgramData\Quoteex\Daltdox.dll [460800 2018-07-10] ()
Startup: C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\galant.lnk [2018-04-30]
ShortcutTarget: galant.lnk -> C:\Program Files (x86)\Rotatory\Meant.exe ()
Startup: C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\galantgalant.lnk [2018-04-30]
ShortcutTarget: galantgalant.lnk -> C:\Program Files (x86)\sank\ligament.exe ()
Startup: C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Movband Sync.lnk [2017-08-23]
ShortcutTarget: Movband Sync.lnk -> C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Installer\{83CE0588-DD6F-4C0D-8C55-58DF0AF99DB2}\_FA72FA1DDC52D24D86F6BF.exe ()
Startup: C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-01-17]
ShortcutTarget: Twitch.lnk -> C:\Users\Cord Bishop\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3054831734-3423443630-68311492-1001] => 127.0.0.1:8090
Winsock: Catalog9-x64 01 C:\Windows\system32\EasyRedirect64.dll [547544 2016-07-01] (EasyTech)
Winsock: Catalog9-x64 02 C:\Windows\system32\EasyRedirect64.dll [547544 2016-07-01] (EasyTech)
Winsock: Catalog9-x64 03 C:\Windows\system32\EasyRedirect64.dll [547544 2016-07-01] (EasyTech)
Winsock: Catalog9-x64 04 C:\Windows\system32\EasyRedirect64.dll [547544 2016-07-01] (EasyTech)
Winsock: Catalog9-x64 05 C:\Windows\system32\EasyRedirect64.dll [547544 2016-07-01] (EasyTech)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5efbf95f-94de-4daa-a5c5-1861b30efce2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{816bce3e-fc9e-4a09-ae4a-ee56fba31cf2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{efc56e40-b91f-4b6e-93b7-19ac0190ce67}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hsp ... 2B10%2BPro
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... gc9kg,,&q={searchTerms}
HKU\S-1-5-21-3054831734-3423443630-68311492-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... zGiLAbkDA,,
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search? ... 0%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search? ... 0%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... gc9kg,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search? ... 0%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3054831734-3423443630-68311492-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... gc9kg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3054831734-3423443630-68311492-1001 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-3054831734-3423443630-68311492-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... gc9kg,,&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-08] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-30] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-24] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-08] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-08] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-08] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-08] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-04-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... cHGf-fn2A,,
CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... wVwMw,,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Profile: C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default [2018-07-10]
CHR Extension: (Slides) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (BetterTTV) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-20]
CHR Extension: (Docs) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-25]
CHR Extension: (YouTube) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-25]
CHR Extension: (Sheets) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-26]
CHR Extension: (AdBlock) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-04-30]
CHR Extension: (Bazz Search) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh [2018-04-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-30]
CHR Extension: (Gmail) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-25]
CHR Extension: (Chrome Media Router) - C:\Users\Cord Bishop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-10]
CHR HKLM\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3054831734-3423443630-68311492-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3054831734-3423443630-68311492-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3054831734-3423443630-68311492-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\alcehoxz <==== ATTENTION (Rootkit!)

R2 93bcb992e1192aa897fb453d43b84c8b; C:\WINDOWS\mabjadjvduiptqch.dll [1077248 2018-04-30] () [File not signed]
S2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2018-04-30] () [File not signed] <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-06-20] (Microsoft Corporation)
S2 f5c7ea05b9581bddda4e485b8ea95efc; C:\Program Files\f5c7ea05b9581bddda4e485b8ea95efc\b180290e19a7df0fcf43fa77ce84061d.exe [1332256 2018-07-07] ()
R2 hp3ddgsrv; C:\WINDOWS\system32\HP3DDGService.exe [130072 2017-10-03] (HP)
R2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [445600 2017-02-09] (Optimal Software s.r.o.) <==== ATTENTION
R2 Quoteex; C:\ProgramData\\Quoteex\\Quoteex.exe [2136576 2018-04-30] (TODO: <Company name>) [File not signed] <==== ATTENTION
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SCService; C:\Program Files (x86)\PC Speed Up\SpeedCheckerService.exe [81608 2017-11-30] (Optimal Software s.r.o.) <==== ATTENTION
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2018-01-28] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2016-12-27] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-19] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-19] (Microsoft Corporation)
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [53760 2017-12-18] (HP)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmdag.sys [38774688 2017-10-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [549792 2017-10-13] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices, Inc. )
S3 Andbus; C:\WINDOWS\System32\drivers\lgandbus64.sys [19456 2014-04-14] (LG Electronics Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 dd6f3570e40d4efa5e0f6eb7916ee152; C:\WINDOWS\System32\drivers\dd6f3570e40d4efa5e0f6eb7916ee152.sys [331120 2018-04-30] ()
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 DSI_SiUSBXp_3_1; C:\WINDOWS\system32\drivers\DSI_SiUSBXp_3_1.sys [16384 2007-09-06] (Silicon Laboratories)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [39936 2017-12-18] (HP)
S3 ksapi64; C:\WINDOWS\system32\drivers\ksapi64.sys [89776 2017-12-24] (Kingsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
S3 ssaebus; C:\WINDOWS\System32\drivers\ssaebus.sys [136264 2014-04-14] (MCCI Corporation)
S3 ssaeunic; C:\WINDOWS\System32\drivers\ssaeunic.sys [178760 2014-04-14] (MCCI Corporation)
S3 ssbcbus; C:\WINDOWS\System32\drivers\ssbcbus.sys [108032 1999-12-31] (MCCI)
S3 sscdserd; C:\WINDOWS\System32\drivers\sscdserd.sys [158024 2016-03-16] (MCCI Corporation)
S3 ssceserd; C:\WINDOWS\System32\drivers\ssceserd.sys [158024 2016-03-16] (MCCI Corporation)
S3 ssecbus; C:\WINDOWS\System32\drivers\ssecbus.sys [113664 1999-12-31] (MCCI Corporation)
S3 ssecmgmt; C:\WINDOWS\System32\drivers\ssecmgmt.sys [132096 1999-12-31] (MCCI Corporation)
S3 ssecobex; C:\WINDOWS\System32\drivers\ssecobex.sys [127488 1999-12-31] (MCCI Corporation)
S3 ssecunic; C:\WINDOWS\System32\drivers\ssecunic.sys [145408 1999-12-31] (MCCI Corporation)
S3 ssm_bus; C:\WINDOWS\System32\drivers\ssm_bus.sys [136192 1999-12-31] (MCCI Corporation)
S3 ssm_mdm; C:\WINDOWS\System32\drivers\ssm_mdm.sys [172032 1999-12-31] (MCCI Corporation)
S3 sssdbus; C:\WINDOWS\System32\drivers\sssdbus.sys [129352 1999-12-31] (MCCI Corporation)
S3 sssdmgmt; C:\WINDOWS\System32\drivers\sssdmgmt.sys [142664 1999-12-31] (MCCI Corporation)
S3 sssdobex; C:\WINDOWS\System32\drivers\sssdobex.sys [138056 1999-12-31] (MCCI Corporation)
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2016-03-16] (DEVGURU Co., LTD.(http://www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2016-03-16] (DEVGURU Co., LTD.(http://www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-04-25] (QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2015-05-28] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2016-03-16] (DEVGURU Co., LTD.(http://www.devguru.co.kr))
S3 ss_bserd; C:\WINDOWS\System32\drivers\ss_bserd.sys [128000 1999-12-31] (MCCI Corporation)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2015-05-28] (DEVGURU Co., LTD.)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-06-15] (Anchorfree Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-01-19] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2018-01-19] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-19] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [30392 2017-04-25] (HP)
R3 mptwzc; system32\drivers\twzcgj.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-10 22:38 - 2018-07-10 22:40 - 000028672 _____ C:\Users\Cord Bishop\Desktop\FRST.txt
2018-07-10 22:38 - 2018-07-10 22:38 - 000000000 ____D C:\FRST
2018-07-10 22:37 - 2018-07-10 22:37 - 002412544 _____ (Farbar) C:\Users\Cord Bishop\Desktop\FRST64.exe
2018-07-10 22:26 - 2018-07-10 22:26 - 000001723 _____ C:\Users\Cord Bishop\Desktop\image1 - Shortcut.lnk
2018-07-10 22:20 - 2018-07-10 22:22 - 000084157 _____ C:\Users\Cord Bishop\Downloads\image1.jpeg
2018-07-10 17:35 - 2018-07-10 22:38 - 000000000 ____D C:\Users\Cord Bishop\AppData\Local\seenhpb
2018-07-10 17:35 - 2018-07-10 17:35 - 000000000 ____D C:\Users\Cord Bishop\AppData\Local\svdhmrn
2018-07-10 17:33 - 2018-07-10 17:33 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-07-10 17:31 - 2018-07-10 19:55 - 000651732 _____ C:\WINDOWS\Minidump\071018-47406-01.dmp
2018-07-10 17:26 - 2018-07-10 17:26 - 000000000 _____ C:\WINDOWS\Minidump\071018-48000-01.dmp
2018-07-10 17:20 - 2018-07-10 17:20 - 000000000 _____ C:\WINDOWS\Minidump\071018-47890-01.dmp
2018-07-10 17:15 - 2018-07-10 17:15 - 000000000 _____ C:\WINDOWS\Minidump\071018-53859-01.dmp
2018-07-10 17:10 - 2018-07-10 17:10 - 000000000 _____ C:\WINDOWS\Minidump\071018-45343-01.dmp
2018-07-10 17:05 - 2018-07-10 17:31 - 3186380977 _____ C:\WINDOWS\MEMORY.DMP
2018-07-10 17:05 - 2018-07-10 17:05 - 000000000 _____ C:\WINDOWS\Minidump\071018-57343-01.dmp
2018-07-09 00:09 - 2018-05-04 05:37 - 000278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Notifier.exe
2018-07-08 22:50 - 2018-07-08 22:51 - 011092800 _____ C:\Users\Cord Bishop\Downloads\569129f4-5926-4f85-91d2-f6ccb09054a4.tmp
2018-07-08 22:33 - 2018-07-08 22:33 - 000000000 ____D C:\Users\Cord Bishop\Documents\TotalAV
2018-07-08 22:32 - 2018-07-08 22:32 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-07-08 22:27 - 2018-07-08 22:53 - 000000000 ____D C:\Program Files (x86)\TotalAV
2018-07-08 22:27 - 2018-07-08 22:28 - 000000000 ____D C:\Users\Cord Bishop\AppData\Roaming\TotalAV
2018-07-08 22:27 - 2018-07-08 22:27 - 011093688 _____ C:\Users\Cord Bishop\Downloads\TotalAV_Setup.exe
2018-07-08 22:27 - 2018-07-08 22:27 - 000001085 _____ C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
2018-07-08 22:27 - 2018-07-08 22:27 - 000001060 _____ C:\Users\Cord Bishop\Desktop\TotalAV.lnk
2018-07-08 22:12 - 2018-07-08 22:12 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-08 22:12 - 2018-07-08 22:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-08 21:53 - 2018-06-08 14:09 - 000130808 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2018-07-08 21:44 - 2018-07-08 21:44 - 000000000 ___HD C:\OneDriveTemp
2018-07-07 19:21 - 2018-07-07 19:21 - 001791488 _____ C:\WINDOWS\9942737ecb4a96d204f38d601f8ef7a3.exe
2018-07-07 19:21 - 2018-07-07 19:21 - 000213152 _____ C:\WINDOWS\system32\Drivers\7b7b5e23dea64ca508e4192df0f50d77.sys
2018-07-07 19:21 - 2018-07-07 19:21 - 000111057 _____ C:\WINDOWS\uninstaller.dat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-10 22:42 - 2018-05-01 10:34 - 000000000 ____D C:\Users\Cord Bishop\AppData\Local\exavwtc
2018-07-10 22:39 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-10 22:36 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-07-10 22:32 - 2018-04-30 14:51 - 000000000 ____D C:\ProgramData\Quoteex
2018-07-10 22:31 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-10 22:08 - 2018-01-28 19:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-10 20:01 - 2017-05-25 23:33 - 000000000 ____D C:\Program Files (x86)\Steam
2018-07-10 20:00 - 2017-05-25 23:29 - 000002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-10 20:00 - 2017-05-25 23:29 - 000002272 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-10 19:55 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-10 19:55 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-07-10 19:48 - 2018-01-29 00:40 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1517200800
2018-07-10 19:48 - 2018-01-29 00:40 - 000001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-07-10 19:48 - 2018-01-29 00:37 - 000000000 ____D C:\Program Files\Opera
2018-07-10 19:36 - 2018-01-28 20:08 - 000004176 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{690B9376-94A3-4528-AFA6-FD648C19A30B}
2018-07-10 19:35 - 2018-04-30 14:55 - 000000000 ____D C:\Program Files (x86)\PC Speed Up
2018-07-10 17:41 - 2018-01-28 20:03 - 001216064 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-10 17:40 - 2018-01-17 18:21 - 000000000 ____D C:\Users\Cord Bishop\AppData\Roaming\Twitch
2018-07-10 17:37 - 2017-05-25 23:25 - 000000000 __RDL C:\Users\Cord Bishop\OneDrive
2018-07-10 17:32 - 2018-01-28 20:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-10 17:31 - 2018-05-01 09:08 - 000000000 ____D C:\WINDOWS\Minidump
2018-07-10 17:31 - 2017-08-24 07:53 - 000000000 ____D C:\ProgramData\Validity
2018-07-10 17:30 - 2018-04-30 23:05 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\comaibhsvc.exe
2018-07-10 17:25 - 2017-09-29 04:45 - 019398656 _____ C:\WINDOWS\system32\config\HARDWARE
2018-07-09 01:09 - 2018-05-15 20:29 - 000000000 ____D C:\Users\Cord Bishop\AppData\Local\lmhiptv
2018-07-09 00:52 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-09 00:43 - 2017-05-25 23:42 - 000000000 ____D C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-07-09 00:06 - 2018-01-29 00:44 - 000000000 ____D C:\Users\Cord Bishop\Downloads\The Social Network (2010) [1080]
2018-07-09 00:06 - 2017-05-30 23:07 - 000000000 ____D C:\Users\Cord Bishop\Downloads\Harry Potter and the Order of the Phoenix (2007) [1080p]
2018-07-09 00:01 - 2018-04-30 14:47 - 000000000 ____D C:\Program Files\f5c7ea05b9581bddda4e485b8ea95efc
2018-07-08 23:57 - 2018-01-12 01:57 - 000000000 ____D C:\Users\Cord Bishop\AppData\Roaming\Pacahef
2018-07-08 22:15 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-08 22:12 - 2017-05-28 12:45 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-07-08 22:12 - 2017-05-28 12:45 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-08 22:12 - 2017-05-28 12:45 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-08 22:12 - 2017-05-28 12:45 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-08 22:12 - 2017-05-28 12:45 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-08 22:12 - 2017-05-28 12:45 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-08 22:12 - 2017-05-28 12:45 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-08 22:08 - 2017-05-28 12:37 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-08 21:44 - 2018-01-28 20:08 - 000003386 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3054831734-3423443630-68311492-1001
2018-07-08 21:44 - 2017-05-25 23:25 - 000002381 _____ C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-08 21:41 - 2018-01-28 20:08 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-08 21:41 - 2018-01-28 20:08 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-07-08 21:40 - 2018-04-30 14:52 - 000015606 _____ C:\WINDOWS\SysWOW64\findit.xml
2018-07-08 21:40 - 2018-04-30 14:50 - 000929792 _____ C:\Users\Cord Bishop\AppData\Local\sham.db

==================== Files in the root of some directories =======

2018-04-13 06:45 - 2018-04-13 06:45 - 004279968 _____ (NeoSoft Tools ) C:\Users\Cord Bishop\AppData\Roaming\ctask.exe
2018-01-15 20:44 - 2018-01-25 02:38 - 000000194 _____ () C:\Users\Cord Bishop\AppData\Roaming\WB.CFG
2018-04-30 14:51 - 2018-04-30 14:51 - 007605760 _____ () C:\Users\Cord Bishop\AppData\Local\agent.dat
2018-01-16 06:56 - 2018-01-18 11:57 - 000000052 _____ () C:\Users\Cord Bishop\AppData\Local\AhUBiVCjWD
2018-04-30 14:51 - 2018-04-30 14:51 - 000070896 _____ () C:\Users\Cord Bishop\AppData\Local\Config.xml
2018-04-30 14:46 - 2018-04-30 14:46 - 000194048 _____ () C:\Users\Cord Bishop\AppData\Local\fdloix.dll
2018-04-30 14:51 - 2018-04-30 14:50 - 002136576 _____ (TODO: <Company name>) C:\Users\Cord Bishop\AppData\Local\Goodsololex.exe
2018-04-30 14:51 - 2018-04-30 14:51 - 001985574 _____ () C:\Users\Cord Bishop\AppData\Local\Goodsololex.tst
2018-04-30 14:50 - 2018-04-30 14:50 - 000016416 _____ () C:\Users\Cord Bishop\AppData\Local\InstallationConfiguration.xml
2018-04-30 14:50 - 2018-04-30 14:50 - 000140800 _____ () C:\Users\Cord Bishop\AppData\Local\installer.dat
2018-04-30 14:02 - 2018-04-30 14:02 - 000064512 _____ () C:\Users\Cord Bishop\AppData\Local\ligament.exe
2018-04-30 14:51 - 2018-04-30 14:51 - 000018432 _____ () C:\Users\Cord Bishop\AppData\Local\Main.dat
2018-04-30 14:51 - 2018-04-30 14:51 - 000005568 _____ () C:\Users\Cord Bishop\AppData\Local\md.xml
2018-04-30 14:02 - 2018-04-30 14:02 - 000064512 _____ () C:\Users\Cord Bishop\AppData\Local\Meant.exe
2018-01-25 02:38 - 2018-01-25 02:38 - 000000052 _____ () C:\Users\Cord Bishop\AppData\Local\mrw13579bg
2018-04-30 14:51 - 2018-04-30 14:51 - 000126464 _____ () C:\Users\Cord Bishop\AppData\Local\noah.dat
2018-04-30 14:50 - 2018-04-30 14:50 - 002136576 _____ (TODO: <Company name>) C:\Users\Cord Bishop\AppData\Local\Runity.exe
2018-04-30 14:51 - 2018-04-30 14:51 - 000278509 _____ () C:\Users\Cord Bishop\AppData\Local\Runity.tst
2018-04-30 14:46 - 2018-04-30 14:46 - 000003072 _____ () C:\Users\Cord Bishop\AppData\Local\setupInRAMQueue.exe
2018-04-30 14:50 - 2018-07-08 21:40 - 000929792 _____ () C:\Users\Cord Bishop\AppData\Local\sham.db
2018-04-30 14:51 - 2018-04-30 14:51 - 001895383 _____ () C:\Users\Cord Bishop\AppData\Local\StrongNamstrong.bin
2018-04-30 14:46 - 2018-04-30 14:46 - 000043520 _____ () C:\Users\Cord Bishop\AppData\Local\taonoa.dll
2018-04-30 14:52 - 2018-04-30 14:52 - 000032038 _____ () C:\Users\Cord Bishop\AppData\Local\uninstall_temp.ico

Files to move or delete:
====================
c:\program files (x86)\pc speed up\pcsunotifier.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\racnlxzd.sys -> Access Denied <======= ATTENTION

LastRegBack: 2018-04-30 22:51

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Cord Bishop (10-07-2018 22:42:54)
Running from C:\Users\Cord Bishop\Desktop
Windows 10 Pro Version 1709 16299.371 (X64) (2018-01-29 00:11:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3054831734-3423443630-68311492-500 - Administrator - Disabled)
Cord Bishop (S-1-5-21-3054831734-3423443630-68311492-1001 - Administrator - Enabled) => C:\Users\Cord Bishop
DefaultAccount (S-1-5-21-3054831734-3423443630-68311492-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3054831734-3423443630-68311492-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3054831734-3423443630-68311492-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3054831734-3423443630-68311492-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Total AV (Disabled - Up to date) {AC3490DF-B2AE-610F-9290-A5E6E0CD5323}
AS: Total AV (Disabled - Up to date) {1755713B-9494-6E81-A820-9E949B4A199E}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\uTorrent) (Version: 3.5.3.44396 - BitTorrent Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Chromium (HKU\.DEFAULT\...\Chromium) (Version: 58.0.3012.0 - Chromium)
FL Studio 12.1.2 (HKLM\...\FL Studio 12.1.2_is1) (Version: - )
FL Studio ASIO (HKLM\...\FL Studio ASIO) (Version: - Image-Line)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10228.20080 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movband Sync (HKLM-x32\...\{83CE0588-DD6F-4C0D-8C55-58DF0AF99DB2}) (Version: 3.0.50 - Movband)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
Opera Stable 54.0.2952.51 (HKLM-x32\...\Opera 54.0.2952.51) (Version: 54.0.2952.51 - Opera Software)
PC Speed Up (HKLM\...\PCSU-SL_is1) (Version: 3.9.16.0 - Optimal Software s.r.o.) <==== ATTENTION
Pokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version: - "Pokemon Showdown")
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
s5m (HKLM-x32\...\s5m) (Version: 2.0.2 - s5m) <==== ATTENTION
SafeFinder (HKLM-x32\...\{8FEDDDBC-E3AF-4C58-8526-DE9E97A99CDF}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION
Secured Yahoo Powered (HKLM-x32\...\{65388DF8-35B8-5C78-8438-2CF854B8FF78}) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TotalAV (HKLM-x32\...\TotalAV) (Version: 4.6.19 - TotalAV)
Twitch (HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [cm_64bit] -> {69E19770-EA24-49e2-B997-405EDBEF4C05} => -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [cm_64bit] -> {69E19770-EA24-49e2-B997-405EDBEF4C05} => -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers4: [cm_64bit] -> {69E19770-EA24-49e2-B997-405EDBEF4C05} => -> No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-09-22] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BC03137-6620-4CD0-ABAE-6519ADC64862} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {0D492301-E9D0-4F90-AD59-0C9135EA5366} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {10F9B77B-586F-490C-BF20-2128D7532A33} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {1FC222DD-57A6-45CB-9749-3BE3AB4FA353} - System32\Tasks\tspotbellypotbelly => C:\Program Files (x86)\spiritedness\spiritedness.exe [2018-04-30] ()
Task: {20B1A8AC-4D97-476E-B0E5-241572F35C48} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-08] (Microsoft Corporation)
Task: {26402DAB-6A20-4475-A304-BAE26FB042D6} - System32\Tasks\tssteinhauser_kokisteinhauser_koki => C:\Program Files (x86)\Jacobson\Meant.exe [2018-04-30] ()
Task: {2A0B6E9B-7753-474C-AA9C-63BF02E74D9A} - System32\Tasks\tscitric hazilycitric hazily => C:\Program Files (x86)\Jacobson\ligament.exe [2018-04-30] ()
Task: {3ABCD8F5-393E-4A81-8797-D810FF2C5713} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-25] (Google Inc.)
Task: {3E878121-0CE0-4A9A-BE69-E28BF90F0AEF} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {43637C63-DF9A-46C7-93CB-763921E6E314} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-08] (Microsoft Corporation)
Task: {481C648C-9CDC-4AB0-99E0-F1C0C4AEE5CE} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe [2017-02-09] (Optimal Software s.r.o.) <==== ATTENTION
Task: {4BF03DC7-4B3D-4F0D-B6F4-36416ECF1365} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-08] (Microsoft Corporation)
Task: {4C807A7B-A43C-4538-AE74-AFBB767ABC66} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-25] (Google Inc.)
Task: {543A5E25-33DB-46C3-B76C-ECDEFCD0E334} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-20] (Microsoft Corporation)
Task: {5D918C9F-5F8A-470E-803C-2CADFED22E7A} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {68D6FC43-24BC-464A-92B9-DE084969B256} - System32\Tasks\tswarthogswarthogs => C:\Program Files (x86)\Rotatory\Meant.exe [2018-04-30] ()
Task: {6A0E20DF-3D41-4407-B752-6177B0A2729A} - System32\Tasks\steinhauser_koki => C:\Program Files (x86)\Jacobson\Meant.exe [2018-04-30] ()
Task: {6C06A8C7-7721-4955-BF69-5441236887DF} - System32\Tasks\fellas-shutter => C:\Program Files (x86)\sank\ligament.exe [2018-04-30] ()
Task: {7324A2FB-A4E4-4662-9854-C14159965F75} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-08] (Microsoft Corporation)
Task: {82AAE92B-2304-430A-9642-DD2BEAF21F88} - System32\Tasks\citric hazily => C:\Program Files (x86)\Jacobson\ligament.exe [2018-04-30] ()
Task: {8D294D69-800C-41F4-9359-5193275EBB66} - System32\Tasks\warthogs => C:\Program Files (x86)\Rotatory\Meant.exe [2018-04-30] ()
Task: {96723512-CA6F-40B2-88E6-ACD887A446CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {971CCC83-11FF-48C4-8BE6-42B0B1CA17D2} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-09-22] (Advanced Micro Devices, Inc.)
Task: {9E5B17D3-BCD4-4E69-83B7-543C88F46C30} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-20] (Microsoft Corporation)
Task: {9F8CD420-C2CD-41F6-9B7C-F75F0E30F193} - System32\Tasks\hydrates pronunciations bloomer => C:\Users\Cord Bishop\AppData\Local\Meant.exe [2018-04-30] ()
Task: {ACBC670B-8413-434F-AE1C-DF085BA07141} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {AD39FD9F-47CF-4634-900F-62DCD0F7A567} - System32\Tasks\potbelly => C:\Program Files (x86)\spiritedness\spiritedness.exe [2018-04-30] ()
Task: {AE4A8AB1-405C-4F6E-A692-C41DB2B25E71} - System32\Tasks\tsfellas-shutterfellas-shutter => C:\Program Files (x86)\sank\ligament.exe [2018-04-30] ()
Task: {AF384C93-C58E-48D2-BCC2-B494B4EE0BA5} - System32\Tasks\psv_Movehold => cmd.exe /c regedit.exe /s "C:\ProgramData\Quoteex\LotPlus.reg" & del "C:\ProgramData\Quoteex\LotPlus.reg" & SCHTASKS /Delete /TN "psv_Movehold" /F <==== ATTENTION
Task: {BB5B6054-1CF1-469C-BE01-60D9253EA686} - System32\Tasks\tshydrates pronunciations bloomerhydrates pronunciations bloomer => C:\Users\Cord Bishop\AppData\Local\Meant.exe [2018-04-30] ()
Task: {C99898AD-F7F2-439B-8DB1-8A082DABFCE3} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-10] (Microleaves) <==== ATTENTION
Task: {CCC70D06-B64E-429B-BE64-2ED3DAB395A7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {CDF05B3D-ABA1-4B2B-810D-9C3EBC649928} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-07-08] (Microsoft Corporation)
Task: {D6A0E5CE-6602-474B-9EFB-3554AF2F6F1D} - System32\Tasks\Opera scheduled Autoupdate 1517200800 => C:\Program Files\Opera\launcher.exe [2018-07-06] (Opera Software)
Task: {DA177F58-A869-4B95-999A-DF1F4A5D003A} - System32\Tasks\starbuck_tomkins => C:\Users\Cord Bishop\AppData\Local\ligament.exe [2018-04-30] ()
Task: {DE70630C-AF88-4CDB-895C-622E77A72BB6} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {DF8E8142-1D63-432D-8AC6-BAE74650EE83} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {E6CB0B82-E089-4F68-874C-17E6B9C73A57} - System32\Tasks\tsstarbuck_tomkinsstarbuck_tomkins => C:\Users\Cord Bishop\AppData\Local\ligament.exe [2018-04-30] ()
Task: {F5393032-C88D-4EA7-B821-02F633A5C344} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-08] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Cord Bishop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-30 21:14 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-04-30 21:15 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-30 14:02 - 2018-04-30 14:02 - 000049934 _____ () C:\Program Files (x86)\hesitations\basters.exe
2018-04-30 21:18 - 2018-04-30 21:21 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-04-30 21:18 - 2018-04-30 21:21 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-04-30 21:18 - 2018-04-30 21:21 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-04-30 21:18 - 2018-04-30 21:21 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-04-30 21:18 - 2018-04-30 21:21 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-13 03:01 - 2016-09-13 03:01 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2018-04-30 14:02 - 2018-04-30 14:02 - 000064512 _____ () C:\Program Files (x86)\sank\ligament.exe
2018-04-30 14:02 - 2018-04-30 14:02 - 000064512 _____ () C:\Users\Cord Bishop\AppData\Local\Meant.exe
2018-07-10 19:46 - 2018-07-06 09:20 - 102646872 _____ () C:\Program Files\Opera\54.0.2952.51\opera_browser.dll
2018-07-10 19:46 - 2018-07-06 09:20 - 004613208 _____ () C:\Program Files\Opera\54.0.2952.51\libglesv2.dll
2018-07-10 19:46 - 2018-07-06 09:20 - 000100440 _____ () C:\Program Files\Opera\54.0.2952.51\libegl.dll
2018-01-28 22:25 - 2018-01-28 22:25 - 003657624 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-01-28 22:25 - 2018-01-28 22:25 - 002470296 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2018-04-30 14:02 - 2018-04-30 14:02 - 000064512 _____ () C:\Program Files (x86)\Jacobson\ligament.exe
2018-04-30 14:02 - 2018-04-30 14:02 - 000064512 _____ () C:\Program Files (x86)\Jacobson\Meant.exe
2018-04-30 14:02 - 2018-04-30 14:02 - 000064512 _____ () C:\Program Files (x86)\Rotatory\Meant.exe
2018-04-30 14:55 - 2012-01-16 21:06 - 000577621 _____ () C:\Program Files (x86)\PC Speed Up\sqlite3.dll
2018-04-30 14:47 - 2018-04-30 14:47 - 001077248 _____ () C:\WINDOWS\mabjadjvduiptqch.dll
2018-04-30 14:46 - 2018-04-30 14:46 - 000043520 _____ () c:\users\cord bishop\appdata\local\taonoa.dll
2015-05-06 10:36 - 2015-05-06 10:36 - 000508144 _____ () C:\Program Files (x86)\Movband\Movband Sync\pedoIolib.dll
2015-05-06 10:36 - 2015-05-06 10:36 - 000603376 _____ () C:\Program Files (x86)\Movband\Movband Sync\sportlib.dll
2018-04-30 14:55 - 2014-11-26 09:34 - 000434688 _____ () C:\Program Files (x86)\PC Speed Up\PopupNotification.dll
2017-05-25 23:36 - 2018-06-08 17:38 - 000788256 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-05-25 23:36 - 2018-06-08 17:42 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-05-25 23:36 - 2018-06-08 19:39 - 002632992 _____ () C:\Program Files (x86)\Steam\video.dll
2017-05-25 23:36 - 2018-06-08 17:40 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-05-25 23:36 - 2018-06-08 17:40 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-01-08 16:47 - 2018-06-08 17:40 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-01-08 16:47 - 2018-06-08 17:40 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-01-08 16:47 - 2018-06-08 17:40 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-01-08 16:47 - 2018-06-08 17:40 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-01-08 16:47 - 2018-06-08 17:40 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-05-25 23:36 - 2018-06-08 19:38 - 000979744 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-05-25 23:36 - 2018-06-08 17:40 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-06-13 20:48 - 2018-06-08 17:39 - 000788256 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-05-25 23:38 - 2018-06-08 17:39 - 083524384 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-05-25 23:36 - 2018-06-08 17:42 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-07-13 05:21 - 2018-06-08 17:39 - 002253600 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2017-07-13 05:21 - 2018-06-08 17:39 - 000109856 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libegl.dll
2017-11-02 06:51 - 2017-11-02 06:51 - 000199864 _____ () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3054831734-3423443630-68311492-1001\...\sharepoint.com -> hxxps://tigermailauburn-files.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-05-26 02:09 - 2018-04-30 20:32 - 000001280 _____ C:\WINDOWS\system32\Drivers\etc\hosts

162.222.193.86 aoaomo.tremorhub.com
188.95.50.62 bobomo.tremorhub.com
162.222.193.86 http://www.howcast.com
162.222.193.86 howcast.com
162.222.193.86 http://www.ustream.tv
162.222.193.86 ustream.tv
162.222.193.86 http://www.livestream.com
162.222.193.86 livestream.com
162.222.193.86 http://www.dailymotion.com
162.222.193.86 dailymotion.com
192.192.3.8 http://www.virustotal.com
192.192.3.8 virustotal.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3054831734-3423443630-68311492-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{77E80898-D0D0-46A5-B657-8FD67347EA50}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7FC433DD-3655-47EB-951D-B173A32ECE0D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F4142044-B17C-4B43-A4B9-B3ADAEBEDD7B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7A357E46-2006-4FE1-854C-75BEDAF040DD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F974AC5F-1EFD-4C86-A266-189BCA8FDA19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{65ECB87F-1E05-46FC-AC75-45282EC9268D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2591E72E-0E45-4F99-BC90-03A50311C72D}] => (Allow) C:\Users\Cord Bishop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{76C4B8A3-3E4E-40D2-9D55-BEEBB85762B3}] => (Allow) C:\Users\Cord Bishop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5C2810B7-789A-4879-824B-B8291E6398CC}] => (Allow) C:\Users\Cord Bishop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6CB820A7-EF39-4457-B403-8DD0B603D422}] => (Allow) C:\Users\Cord Bishop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8B2000A4-CE53-452A-8C5F-8B2C59898887}] => (Allow) C:\Users\Cord Bishop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A71FD7ED-BCB6-4372-8CE6-294C09906EA5}] => (Allow) C:\Users\Cord Bishop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A686286B-D01B-4FC5-81BB-852C62D62247}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{04BC64EF-FA11-4E94-9531-EADBE2E295F9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{49BB9E6B-4EF9-4397-BB2A-599FC7B84BE2}C:\program files (x86)\ip hider\ip hider.exe] => (Allow) C:\program files (x86)\ip hider\ip hider.exe
FirewallRules: [UDP Query User{327DC6DD-911A-430A-A5FA-327C7620FE14}C:\program files (x86)\ip hider\ip hider.exe] => (Allow) C:\program files (x86)\ip hider\ip hider.exe
FirewallRules: [{C5016F0D-014C-43DC-9EF6-7FB821B3C553}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{AF66DDF9-662A-4A53-AE7D-62D3F055E93C}] => (Allow) C:\WINDOWS\system32\config\systemprofile\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{BECB5210-66C8-492E-9A07-C6A9A76869F4}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{10FC9A23-F826-4202-9FEF-3C6CB8586865}] => (Allow) C:\Program Files (x86)\Rotatory\Meant.exe
FirewallRules: [{3B88A98E-91EB-4F2C-BBFF-1E6C6DA4CDF6}] => (Allow) C:\Program Files (x86)\Jacobson\Meant.exe
FirewallRules: [{4DE4E600-6515-49D2-BBD2-5465FC9C1BA1}] => (Allow) C:\Program Files (x86)\sank\ligament.exe
FirewallRules: [{C02CD512-499A-42C3-B03C-4A747FBDC9CC}] => (Allow) C:\Program Files (x86)\Jacobson\ligament.exe
FirewallRules: [{160DB582-DA0F-406C-A748-8BC33D2C843F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{4EEA0EAA-B7E8-4271-B218-A7DF8D82C833}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{73BF56EA-67BA-4A8B-8FB6-1D1A8AAC296E}] => (Allow) C:\Program Files\Opera\54.0.2952.51\opera.exe
FirewallRules: [{D0D12D19-CBFF-4974-8AA5-93F89050A487}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-07-2018 21:51:24 Windows Update
08-07-2018 21:52:29 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2018 07:49:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Online-Guardian.exe, version: 2.0.9.0, time stamp: 0x59faf815
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xffffffff
Faulting process id: 0x20d4
Faulting application start time: 0x01d418a892b26e3a
Faulting application path: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
Faulting module path: unknown
Report Id: 6ea41f38-fdb5-437f-aa64-8287a47d3370
Faulting package full name:
Faulting package-relative application ID:

Error: (07/10/2018 07:33:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ligament.exe version 6.8.6.111 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3900

Start Time: 01d4189762e1b6aa

Termination Time: 250

Application Path: C:\Users\Cord Bishop\AppData\Local\ligament.exe

Report Id: e50751c3-b3b8-4901-9cfc-6fd05ddb3864

Faulting package full name:

Faulting package-relative application ID:

Error: (07/10/2018 05:41:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 66.0.3359.139, time stamp: 0x5ae13bcc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x23e4
Faulting application start time: 0x01d41896bbfd28bc
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: unknown
Report Id: 05bfc8b0-1308-4e64-8105-3022ab2a10bc
Faulting package full name:
Faulting package-relative application ID:

Error: (07/10/2018 05:35:08 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (07/10/2018 05:35:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (07/09/2018 12:45:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ligament.exe, version: 6.8.6.111, time stamp: 0x5ae75a19
Faulting module name: Flash.ocx, version: 29.0.0.140, time stamp: 0x5ab99580
Exception code: 0xc0000005
Fault offset: 0x00000000000b6455
Faulting process id: 0x%9
Faulting application start time: 0xligament.exe0
Faulting application path: ligament.exe1
Faulting module path: ligament.exe2
Report Id: ligament.exe3
Faulting package full name: ligament.exe4
Faulting package-relative application ID: ligament.exe5

Error: (07/08/2018 10:27:04 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (07/08/2018 10:25:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.371, time stamp: 0x5abdadc7
Faulting module name: chakra.dll, version: 11.0.16299.371, time stamp: 0xa2ac1aec
Exception code: 0xcfffffff
Fault offset: 0x0000000000095575
Faulting process id: 0x4114
Faulting application start time: 0x01d4172646118aa7
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\chakra.dll
Report Id: a5e4dbcb-f05b-49e4-a846-fe9d43feee26
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.371.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess


System errors:
=============
Error: (07/10/2018 10:44:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6SV4VTR)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (07/10/2018 10:43:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6SV4VTR)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (07/10/2018 10:41:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6SV4VTR)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (07/10/2018 10:40:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6SV4VTR)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (07/10/2018 10:38:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6SV4VTR)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (07/10/2018 10:37:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6SV4VTR)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (07/10/2018 10:35:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6SV4VTR)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (07/10/2018 10:34:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6SV4VTR)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2018-04-30 20:24:06.064
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Trojan:Win64/Detrahere!rfn
ID: 2147725652
Severity: Severe
Category: Trojan
Path: driver:_alcehoxz;file:_C:\Windows\System32\drivers\lmckragn.sys;file:_C:\WINDOWS\system32\drivers\racnlxzd.sys
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\ByteFence\ByteFence.exe
Signature Version: AV: 1.261.1633.0, AS: 1.261.1633.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-04-30 15:21:01.097
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Trojan:Win64/Detrahere!rfn
ID: 2147725652
Severity: Severe
Category: Trojan
Path: driver:_alcehoxz;file:_C:\Windows\System32\drivers\lmckragn.sys;file:_C:\WINDOWS\system32\drivers\racnlxzd.sys
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.261.1633.0, AS: 1.261.1633.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-04-30 14:51:42.134
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Behavior:Win32/ObfuscatorGd.gen!B
ID: 2147719222
Severity: Severe
Category: Suspicious Behavior
Path: behavior:_pid:12576:272351750268619;file:_C:\Users\Cord Bishop\AppData\Local\Temp\1392770704\ic-0.1ca5a887e650fc.exe;process:_pid:8144,ProcessStart:131695877329974301
Detection Origin: Local machine
Detection Type: Generic
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.261.1633.0, AS: 1.261.1633.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-04-30 14:51:42.131
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: BrowserModifier:Win32/Soctuseer!excl
ID: 237119
Severity: High
Category: Browser Modifier
Path: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\f5c7ea05b9581bddda4e485b8ea95efc\
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.261.1633.0, AS: 1.261.1633.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-04-30 14:49:47.567
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Trojan:Win64/Detrahere!rfn
ID: 2147725652
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\drivers\lmckragn.sys
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.261.1633.0, AS: 1.261.1633.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-04-30 20:33:11.186
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1633.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.

Date: 2018-04-30 20:33:11.185
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.

Date: 2018-04-30 20:32:58.711
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1633.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.

Date: 2018-04-30 20:32:58.710
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1633.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.

Date: 2018-04-30 20:32:58.710
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1633.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.

==================== Memory info ===========================

Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 53%
Total physical RAM: 7134.36 MB
Available physical RAM: 3307.75 MB
Total Virtual: 14558.36 MB
Available Virtual: 9743.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:914.32 GB) (Free:829.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:16.9 GB) (Free:16.81 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.1 GB) FAT32

\\?\Volume{17046d24-0000-0000-0000-100000000000}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 17046D24)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=914.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)

==================== End of Addition.txt ============================

These programs keep opening up and playing ads on my computer, but I can only see that they are open when I alt+tab. It's super annoying to have to keep closing out of them either with task manager to just end the processes or just close them out through alt tabbing, can anyone help me get rid of it? Also I have an anti virus software and it either couldn't find it or couldn't get rid of it because it's still popping up.
You do not have the required permissions to view the files attached to this post.
cordbish
Active Member
 
Posts: 10
Joined: July 10th, 2018, 10:17 pm
Advertisement
Register to Remove

Re: These programs called saigon and boiaphh keep popping up

Unread postby pgmigg » July 11th, 2018, 12:06 am

Hello cordbish,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: These programs called saigon and boiaphh keep popping up

Unread postby pgmigg » July 11th, 2018, 12:26 am

Hello cordbish,

P2P Advisory!
IMPORTANT: There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
µTorrent

As long as you have the P2P program(s) installed, per Forum Policy,
I can offer you no further assistance
.

If you choose NOT to remove the program(s), please indicate that in your next reply and this topic will be closed.

Otherwise, please perform the following steps:

Step 1.
Remove P2P Program
  1. Please press the Windows Key + R.
  2. Enter appwiz.cpl into the text box and click OK.
  3. Locate the following programs:
    µTorrent
  4. Click on the Change/Remove button to uninstall it.
  5. When the program have been uninstalled, please close Control Panel
  6. Reboot (restart) your computer.
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program itself may be safe but the files may not - use P2P at your own risk!
Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Step 2.
Run CKScanner
  1. Please download CKScanner from here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 3.
TSG - SysInfo utility
  1. Please download SysInfo utility and save it to your Desktop.
  2. Right click on SysInfo.exe, select "Run As Administrator..." to run it... if UAC prompts, please allow it.
  3. Right click, select copy and then paste in your next post.

Step 4.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 5.
LicDiag Command
  • Press the Windows Key + R.
  • Type notepad.exe into the text box and click OK.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    @Echo off
    Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab
    Notepad.exe %userprofile%\desktop\report.txt
    del %0
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Licdiag.bat to your Desktop.
  • Save as file type All Files or it won't work.
  • Now right click on Licdiag.bat and select Run as administrator.
  • A file report.txt will open on your Desktop, please post the contents in your next reply.
  • A file repfiles.cab will be produced on your Desktop. This is a backup and can be ignored for the time being.

Then:
Please tell me is this computer used for business or educational purposes and/or connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Your decision about P2P programs
  2. Do you have any problems executing the instructions?
  3. Contents of CKFiles.txt log file
  4. Contents of SysInfo scan
  5. Contents of a log created by codecheck.txt
  6. Contents of report.txt created by LicDiag Command
  7. Answer to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: These programs called saigon and boiaphh keep popping up

Unread postby cordbish » July 11th, 2018, 3:30 pm

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\image-line\fl studio 12.1\data\patches\plugin presets\generators\drumpad\sound fx\crack.fst
c:\program files\image-line\fl studio 12.1\plugins\fruity\effects\hardcore\presets\default\i cracked my tube!.hdprg
c:\program files\image-line\fl studio 12.1\plugins\fruity\generators\drumaxx\drum patches\sound fx\crack.dmpatch
c:\program files\image-line\fl studio 12.1\plugins\fruity\generators\drumpad\drum patches\sound fx\crack.dmpatch
c:\program files\image-line\fl studio 12.1\plugins\fruity\generators\sawer\presets\ambient\mc cracked.sawer
c:\users\cord bishop\documents\image-line\data\drumaxx\drum patches\sound fx\crack.dmpatch
c:\users\cord bishop\documents\image-line\data\hardcore\default\i cracked my tube!.hdprg
c:\users\cord bishop\documents\image-line\data\sawer\ambient\mc cracked.sawer
c:\users\cord bishop\documents\image-line\data\toxic biohazard\basses\crack.tbio
c:\users\cord bishop\downloads\fl studio 12 crack fruity loops full version torrent free 2018.zip
scanner sequence 3.DF.11.VWAPJZ
----- EOF -----
cordbish
Active Member
 
Posts: 10
Joined: July 10th, 2018, 10:17 pm

Re: These programs called saigon and boiaphh keep popping up

Unread postby cordbish » July 11th, 2018, 3:45 pm

A. I uninstalled the p2p file.
cordbish
Active Member
 
Posts: 10
Joined: July 10th, 2018, 10:17 pm

Re: These programs called saigon and boiaphh keep popping up

Unread postby cordbish » July 11th, 2018, 3:45 pm

B. When I ran the licdiag as administrator it did not work, but I got the other three to work.
cordbish
Active Member
 
Posts: 10
Joined: July 10th, 2018, 10:17 pm

Re: These programs called saigon and boiaphh keep popping up

Unread postby cordbish » July 11th, 2018, 3:46 pm

C. CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\image-line\fl studio 12.1\data\patches\plugin presets\generators\drumpad\sound fx\crack.fst
c:\program files\image-line\fl studio 12.1\plugins\fruity\effects\hardcore\presets\default\i cracked my tube!.hdprg
c:\program files\image-line\fl studio 12.1\plugins\fruity\generators\drumaxx\drum patches\sound fx\crack.dmpatch
c:\program files\image-line\fl studio 12.1\plugins\fruity\generators\drumpad\drum patches\sound fx\crack.dmpatch
c:\program files\image-line\fl studio 12.1\plugins\fruity\generators\sawer\presets\ambient\mc cracked.sawer
c:\users\cord bishop\documents\image-line\data\drumaxx\drum patches\sound fx\crack.dmpatch
c:\users\cord bishop\documents\image-line\data\hardcore\default\i cracked my tube!.hdprg
c:\users\cord bishop\documents\image-line\data\sawer\ambient\mc cracked.sawer
c:\users\cord bishop\documents\image-line\data\toxic biohazard\basses\crack.tbio
c:\users\cord bishop\downloads\fl studio 12 crack fruity loops full version torrent free 2018.zip
scanner sequence 3.DF.11.VWAPJZ
----- EOF -----
cordbish
Active Member
 
Posts: 10
Joined: July 10th, 2018, 10:17 pm

Re: These programs called saigon and boiaphh keep popping up

Unread postby cordbish » July 11th, 2018, 3:46 pm

D. Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Pro, 64 bit
Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics, AMD64 Family 22 Model 48 Stepping 1
Processor Count: 4
RAM: 7134 Mb
Graphics Card: AMD Radeon(TM) R4 Graphics, 1024 Mb
Hard Drives: C: 914 GB (830 GB Free); D: 16 GB (16 GB Free); E: 0 GB (0 GB Free);
Motherboard: Hewlett-Packard, 22C1
Antivirus: Windows Defender, Disabled
cordbish
Active Member
 
Posts: 10
Joined: July 10th, 2018, 10:17 pm

Re: These programs called saigon and boiaphh keep popping up

Unread postby cordbish » July 11th, 2018, 3:47 pm

E. Codecheck Version 1.0

07011
cordbish
Active Member
 
Posts: 10
Joined: July 10th, 2018, 10:17 pm

Re: These programs called saigon and boiaphh keep popping up

Unread postby cordbish » July 11th, 2018, 3:47 pm

F. Couldn't seem to get it to work, I retried and followed the instructions several times.
cordbish
Active Member
 
Posts: 10
Joined: July 10th, 2018, 10:17 pm

Re: These programs called saigon and boiaphh keep popping up

Unread postby cordbish » July 11th, 2018, 3:49 pm

It is for both business and educational purposes and is connected only through microsoft outlook for both business and school.
cordbish
Active Member
 
Posts: 10
Joined: July 10th, 2018, 10:17 pm

Re: These programs called saigon and boiaphh keep popping up

Unread postby pgmigg » July 11th, 2018, 5:13 pm

Business Use / Connected to an "Educational" Network / Illegal software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The sections here explain why we do not offer help for such computers.
Thank you for your understanding.

This topic is now closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: These programs called saigon and boiaphh keep popping up

Unread postby Gary R » July 12th, 2018, 1:24 am

Just so you know .... your computer is infected with one of the "Smart Service" variants, which without the correct procedure can be extremely difficult to remove.

Removal of it can be achieved in 2 ways ....

  • With expert assistance (for the reasons stated in the post above, we are unable to provide you with this).
  • By performing a "Reset" (which will restore you computer to factory condition).

Some Smart Service variants can block you from performing a Reset, and of course if you do Reset your machine, you will lose any personal files that you do not have backed up to external media.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 332 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware