Help for remove Glupteba & unknown virus that send out "some-info" to 224.0.0.25 - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Please help for guidance to remove Glupteba (maybe ?) and unknown virus that send out some information to ip 224.0.0.251 / 224.0.0.252 / 224.0.0.22 when i connected to internet.
 
I have tried to scan with Malwarebytes dan Hitman Pro, but not yet success.
This virus still remain exist after booting.
 
I already try to scan with Microsoft Safety Scanner - v 1.339.1425.0 , but still not yet success too.
This virus still exist after new booting.
 
That is a unique symptom, when i try to connected to internet, this unknown virus immediately send "some-information" to IP like :
- 224.0.0.252 : 5355 using UDP (using svchost.exe)
- 224.0.0.251 : 5353 using UDP (using svchost.exe)
- 224.0.0.22   using IGMP (using svchost.exe)
 
Please see attach 2 pictures that i capture "network intrusion" to IP (224.0.0.252 / 252 / 22) when using Comodo AV to try blocking IP (224.0.0.000 - 255)
 
Below, I attach files from Farbar Recovery Scan Tool (FRST)  scanning.
Maybe someone can help to guide what i have to do with files from FRST scanning for remove that virus.
 
Thanks in advance.
 
Rgds, 
Andi

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2021
Ran by GraciaAmanta (administrator) on GRACIAAS (AXIOO NEON HNM MODEL) (28-05-2021 17:33:08)
Running from D:\APP\FarbarRecoveryScanTool-FRST
Loaded Profiles: GraciaAmanta
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\CPSSoft\ACCURATE5 License Service\aclicfivsvc.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Autodesk, Inc -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\COMODO Secure Shopping\csssrv64.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe <2>
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(CPSSoft) [File not signed] C:\Program Files (x86)\CPSSoft\ACCURATE5 License Manager\bin\AccurateLicenseManager.exe
(Firebird Project) [File not signed] C:\Program Files\Firebird\Firebird_25\bin\fb_inet_server.exe
(Flexera Software LLC -> Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Lagerkvist Teknisk Radgivning i Boras HB -> Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed] C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Data\xxxMS--ert64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wisptis.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\EPSON\portcommunicationservice\PCSVC.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392872 2010-10-15] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1598144 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
HKLM\...\Run: [pac] => C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe [339464 2017-01-17] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [1725408 2017-03-14] (GlavSoft LLC -> GlavSoft LLC.)
HKLM-x32\...\Run: [Firebird] => [X]
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4251336 2018-10-10] (Comodo Security Solutions, Inc. -> COMODO)
HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1935704 2021-05-26] (Smadsoft) [File not signed]
HKLM-x32\...\Run: [vdcss] => C:\Program Files (x86)\COMODO\COMODO Secure Shopping\vdcss.exe [8511152 2018-03-14] (Comodo Security Solutions, Inc. -> COMODO)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2017-03-23] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2016-12-08] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [700328 2017-01-06] (Autodesk, Inc -> Autodesk, Inc.)
HKLM-x32\...\Run: [Norton Ghost 12.0] => C:\Program Files (x86)\NG12\Agent\VProTray.exe [2037352 2007-03-28] (Symantec Corporation -> Symantec Corporation)
HKLM\...\RunOnce: [GrpConv] => grpconv -o
HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\...\Run: [EPSON Stylus CX5500 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAP.EXE [211456 2017-02-27] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2016-11-26] (InstallShield Software Corporation) [File not signed]
HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\...\Run: [Iperius Backup] => C:\Program Files (x86)\Iperius Backup\Iperius.exe [62630024 2018-02-15] (Enter Srl -> Enter Srl)
HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\...\Run: [NC Scheduler] => C:\Program Files (x86)\NC201\NC_SCHED.EXE /Hide
HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\...\RunOnce: [Adobe Speed Launcher] => 1622170555
HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\...\MountPoints2: {8681f983-ca6d-11e7-9657-2cfaa28bd697} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\...\MountPoints2: {bdca48b8-0d6a-11e3-bbb5-806e6f6e6963} - E:\Setup.exe
HKLM\...\Windows x64\Print Processors\Epson Inkjet: C:\Windows\System32\spool\prtprocs\x64\EP0NPP01.DLL [38912 2016-03-29] (Microsoft Windows -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\Windows\system32\cpwmon64.dll [89008 2016-01-22] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\Epson Inbox Language Monitor01: C:\Windows\system32\EP0SLM01.DLL [77824 2009-07-14] (Microsoft Windows -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON L355 Series 64MonitorBE: C:\Windows\system32\E_YLMI4E.DLL [120320 2011-04-19] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON L360 Series 64MonitorBE: C:\Windows\system32\E_YLMBN0E.DLL [180224 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON Port Handler Monitor: C:\Windows\system32\EAPPHPM.dll [238080 2013-04-15] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\EPSON Stylus CX5000 Series 64MonitorBA: C:\Windows\system32\E_ILMBVA.DLL [126976 2016-06-11] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON Stylus CX5500 Series 64MonitorBP: C:\Windows\system32\E_ILMCAP.DLL [108032 2017-02-27] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\Epson TM-T20 Language Monitor 4: C:\Windows\system32\EAPTMT20LM.dll [146432 2016-08-12] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\Nitro PDF Port Monitor: C:\Windows\system32\nitrolocalmon10.dll [31904 2016-08-02] (Nitro Software, Inc. -> Nitro Software, Inc.)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [120072 2016-06-14] (pdfforge GmbH -> pdfforge GmbH)
HKLM\...\Print\Monitors\PDFCreator: C:\Windows\system32\pdfcmnnt.dll [87040 2005-03-12] () [File not signed]
HKLM\...\Print\Monitors\PDFill Writer Monitor: C:\Program Files (x86)\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll [36176 2016-03-26] (PlotSoft LLC -> Windows ® Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\PrimoMon: C:\Windows\system32\Primomonnt.dll [95008 2015-09-01] (Nitro PDF Software -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\Installer\chrmstp.exe [2018-05-03] (Google Inc -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2018-04-14]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E28EB44-D678-4465-AEE4-51E0BA6F3697} - System32\Tasks\Create a Restore Point at Startup => C:\Windows\System32\wbem\WMIC.exe /Namespace:\\root\default Path SystemRestore Call CreateRestorePoint "Create Restore Point by HDK", 100, 7
Task: {127B0706-EACB-4212-8505-7D6F580FA376} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5502144 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {4CF7D329-D2B4-439A-BA6E-8E2EC7B47AF7} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5502144 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {87F95868-845D-4A0C-A6FD-3FDEDB123E2E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [3643160 2013-07-23] (Piriform Ltd -> Piriform Ltd)
Task: {8817F181-8DA3-44E5-B9D2-B1B96E67BBA3} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [11578048 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {98ABD5B4-FD3D-435E-9A79-C90AD7880873} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [43816 2015-07-12] (Apple Inc. -> Apple Inc.)
Task: {9B26C0C1-6F45-4377-A2C7-7303BAB25310} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe [683008 2017-12-28] (FreeDownloadManager.org) [File not signed]
Task: {B0C5292C-7DA0-414A-B5DE-789080B72180} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5502144 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {C64181CA-11BA-485B-BF78-34AD4D6C8B5E} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1935704 2021-05-26] (Smadsoft) [File not signed]
Task: {CA819993-2A42-47B2-83D7-72115971C871} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-05-04] (Google Inc -> Google Inc.)
Task: {E1D7C4F0-AC08-49D6-8133-8F5B6596F727} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1598144 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {F4D3BCDE-AC0D-4B57-A2A9-B99406FAF1E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-05-04] (Google Inc -> Google Inc.)
Task: {FB927C92-FE5F-4B74-9491-836253CC6911} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5502144 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {FC4C6A23-302E-436D-9ABB-0A61C29CD2D3} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5502144 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299101196-3374494760-3322787721-1000Core1cfacb125a4dbc8.job => C:\Users\GraciaAmanta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299101196-3374494760-3322787721-1000Core1d04780725624cd.job => C:\Users\GraciaAmanta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299101196-3374494760-3322787721-1000Core1d04dc065b1f085.job => C:\Users\GraciaAmanta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299101196-3374494760-3322787721-1000Core1d09fa943c307ac.job => C:\Users\GraciaAmanta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299101196-3374494760-3322787721-1000Core1d0c6e23470bb35.job => C:\Users\GraciaAmanta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299101196-3374494760-3322787721-1000Core1d0e3f5cba036b2.job => C:\Users\GraciaAmanta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299101196-3374494760-3322787721-1000Core1d10d3c64ffac0e.job => C:\Users\GraciaAmanta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299101196-3374494760-3322787721-1000Core1d133e13931dc24.job => C:\Users\GraciaAmanta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299101196-3374494760-3322787721-1000Core1d15e3f46af6948.job => C:\Users\GraciaAmanta\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{29629ADD-2883-46B8-919E-02B0DAE64589}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{2A2A3437-BBAD-4287-9C58-0551EDC95E12}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{6A146728-B2FE-4438-8A75-1A1BA52652E9}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF DefaultProfile: hyxhcxvz.default
FF DefaultProfile: v792iezs.default
FF ProfilePath: C:\Users\GraciaAmanta\AppData\Roaming\Zotero\Zotero\Profiles\hyxhcxvz.default [2015-11-07]
FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [2015-08-25] [Legacy] [not signed]
FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [2015-08-25] [Legacy] [not signed]
FF ProfilePath: C:\Users\GraciaAmanta\AppData\Roaming\Mozilla\Firefox\Profiles\v792iezs.default [2021-05-28]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-06-14] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-08-12] [Legacy] [not signed]
FF HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\GraciaAmanta\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\GraciaAmanta\AppData\Roaming\IDM\idmmzcc5 [2016-11-09] [Legacy] [not signed]
FF HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\GraciaAmanta\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-22] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-22] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] (Apple Inc. -> )
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 5\npnitromozilla.dll [2016-08-02] (Nitro Software, Inc. -> Nitro PDF)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2009-10-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2009-10-14] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader11\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-05-04] (pdfforge GmbH -> pdfforge GmbH)
FF Plugin HKU\S-1-5-21-2299101196-3374494760-3322787721-1000: @tools.google.com/Google Update;version=3 -> C:\Users\GraciaAmanta\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-2299101196-3374494760-3322787721-1000: @tools.google.com/Google Update;version=9 -> C:\Users\GraciaAmanta\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc -> Google Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2021-05-28] <==== ATTENTION
CHR Extension: (Docs) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2021-05-28]
CHR Extension: (YouTube) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-28]
CHR Extension: (PrivDog) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cmaiofennmphjldldcpphcechfnnohja [2021-05-28] [UpdateUrl:hxxp://privdog.com/updates/865/googlechrome/update.xml] <==== ATTENTION
CHR Extension: (IDM Integration) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\jmolcgpienlcieaajfkkdamlngancncm [2021-05-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-28]
CHR Extension: (Chrome Media Router) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-28]
CHR Profile: C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default [2018-02-21]
CHR Extension: (Slides) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-01]
CHR Extension: (Docs) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-01]
CHR Extension: (Google Drive) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-27]
CHR Extension: (YouTube) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-27]
CHR Extension: (PrivDog) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2017-05-26] [UpdateUrl:hxxp://privdog.com/updates/865/googlechrome/update.xml] <==== ATTENTION
CHR Extension: (Tampermonkey) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-26]
CHR Extension: (Sheets) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-01]
CHR Extension: (Google Docs Offline) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-01]
CHR Extension: (IDM Integration) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm [2017-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-01]
CHR Extension: (Gmail) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-27]
CHR Extension: (Chrome Media Router) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-01]
CHR HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2013-11-16]
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2012-10-10]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Acc5LicSvc; c:\program files (x86)\CpsSoft\Accurate5 License Service\Aclicfivsvc.exe [6109696 2016-09-01] () [File not signed]
S3 AccurateDashboardSvc; C:\Program Files (x86)\CPSSoft\ACCURATE Dashboard Server/AccDashboardSvc.exe [3789824 2016-01-18] () [File not signed]
R2 AccurateLicenseManager; C:\Program Files (x86)\CPSSoft\ACCURATE5 License Manager\bin\AccurateLicenseManager.exe [150203392 2016-05-30] (CPSSoft) [File not signed]
S3 ACCURATESvc; C:\Program Files (x86)/CPSSoft/ACCURATE Service/AccSvc.exe [26368000 2018-01-12] () [File not signed]
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1276216 2017-02-15] (Acronis International GmbH -> )
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1290744 2017-01-06] (Autodesk, Inc -> Autodesk Inc.)
S3 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088 2014-12-03] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
S4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-07-31] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S3 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6086232 2017-02-15] (Acronis International GmbH -> )
S3 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [2001608 2018-04-14] (philandro Software GmbH -> )
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-07-12] (Apple Inc. -> Apple Inc.)
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2016-06-19] (Autodesk, Inc. -> Autodesk, Inc.)
S4 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2304184 2016-04-23] (Comodo Security Solutions -> Comodo)
S4 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe [72024 2017-04-03] (Google Inc -> Google Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10747264 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
R2 csssrv; C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe [4199600 2018-03-14] (Comodo Security Solutions, Inc. -> COMODO)
S3 eaglesvc; C:\Windows\SysWOW64\eaglesvclic.exe [2046976 2013-12-13] (cpssoft intl) [File not signed]
S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-09-19] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2017-03-15] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 EPSON_Device_Control_Log_Service; C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe [395776 2016-08-12] (SEIKO EPSON CORPORATION) [File not signed]
R3 EPSON_Port_Communication_Service; C:\Program Files\epson\portcommunicationservice\PCSVC.exe [586240 2016-08-12] (SEIKO EPSON CORPORATION) [File not signed]
S3 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2\bin\fbguard.exe [81920 2015-10-17] (Firebird Project) [File not signed]
R2 FirebirdServer25; C:\Program Files\Firebird\Firebird_25\bin\fb_inet_server.exe [5782016 2017-11-22] (Firebird Project) [File not signed]
S3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2\bin\fbserver.exe [2764800 2015-10-17] (Firebird Project) [File not signed]
S4 FirebirdServerFB302ss64Port3500; C:\Program Files\Firebird\Firebird-3.0.1\firebird.exe [821760 2017-03-21] (Firebird Project) [File not signed]
R2 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-08-28] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
S3 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [136864 2018-02-15] (eVenture Limited -> eVenture Limited)
S3 HWSuperPowerTablet; C:\Windows\jwpen.exe [66560 2008-06-04] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 ImDskSvc; C:\windows\system32\imdsksvc.exe [19552 2016-02-24] (Lagerkvist Teknisk Radgivning i Boras HB -> Olof Lagerkvist)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation -> Microsoft Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1044680 2018-10-10] (Comodo Security Solutions, Inc. -> COMODO)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2541248 2006-10-31] (Symantec Corporation -> Symantec Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes Corporation -> Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4692840 2017-02-15] (Acronis International GmbH -> Acronis International GmbH)
S4 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [7717528 2017-02-15] (Acronis International GmbH -> Acronis International GmbH)
S4 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1510712 2017-02-15] (Acronis International GmbH -> )
S4 NitroReaderDriverReadSpool5; C:\Program Files\Nitro64\Reader5\NitroPDFReaderDriverService5x64.exe [327328 2016-08-02] (Nitro Software, Inc. -> Nitro Software, Inc.)
S4 Norton Ghost; C:\Program Files (x86)\NG12\Agent\VProSvc.exe [3290728 2007-03-28] (Symantec Corporation -> Symantec Corporation)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38016 2017-10-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438368 2016-06-14] (pdfforge GmbH -> pdfforge GmbH)
S4 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-06-14] (pdfforge GmbH -> pdfforge GmbH)
S3 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-06-14] (pdfforge GmbH -> pdfforge GmbH)
S4 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [972056 2016-06-14] (pdfforge GmbH -> © pdfforge GmbH.)
S2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [413320 2017-08-29] (Geek Software GmbH -> Geek Software GmbH)
S2 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2675712 2012-11-06] (Microsoft Corporation) [File not signed]
S3 renetwo_svc; C:\Program Files (x86)/CPSSoft/RENE2Server/renetwosvc.exe [1403392 2015-02-09] () [File not signed]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936 2008-06-19] () [File not signed]
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2013-08-28] (Realtek Semiconductor.) [File not signed]
R2 Spooler; C:\windows\SysWOW64\spoolsv.exe [316416 2017-09-12] (Microsoft Corporation) [File not signed]
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-20] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9729272 2017-02-15] (Acronis International GmbH -> )
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10938880 2017-12-05] (TeamViewer GmbH) [File not signed]
S3 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [1725408 2017-03-14] (GlavSoft LLC -> GlavSoft LLC.)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [129144 2017-08-23] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AWEAlloc; C:\windows\System32\DRIVERS\awealloc.sys [21048 2016-02-24] (Lagerkvist Teknisk Radgivning i Boras HB -> Olof Lagerkvist)
S3 btmaudio; C:\windows\System32\drivers\btmaud.sys [42496 2010-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Motorola, Inc.)
S3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [52736 2010-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Motorola, Inc.)
S3 BTMNET; C:\windows\System32\DRIVERS\btmnet.sys [28672 2010-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Motorola, Inc.)
S3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [3231616 2010-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Motorola, Inc.)
S3 CamSuiteVAC; C:\windows\System32\DRIVERS\CamSuiteVAC.sys [56320 2008-09-19] (Reallusion Inc. -> )
R1 cmdcss; C:\windows\system32\drivers\cmdcss.sys [112656 2018-03-14] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmderd; C:\windows\System32\DRIVERS\cmderd.sys [34280 2018-05-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdGuard; C:\windows\System32\DRIVERS\cmdguard.sys [846624 2018-05-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdHlp; C:\windows\System32\DRIVERS\cmdhlp.sys [59096 2018-05-22] (Comodo Security Solutions, Inc. -> COMODO)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [24056 2016-01-14] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S2 EPSON_PCS_Parallel_Port_Driver; C:\Windows\system32\DRIVERS\pcslpt.sys [21640 2012-11-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R0 EUBAKUP; C:\windows\System32\drivers\eubakup.sys [60968 2016-09-19] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\windows\System32\drivers\EUBKMON.sys [48168 2016-09-19] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18472 2016-09-19] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [192552 2016-09-19] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [10848 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R0 file_tracker; C:\windows\System32\DRIVERS\file_tracker.sys [375136 2017-02-15] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 ImDisk; C:\windows\System32\DRIVERS\imdisk.sys [48704 2016-02-24] (Lagerkvist Teknisk Radgivning i Boras HB -> Olof Lagerkvist)
R1 inspect; C:\windows\System32\DRIVERS\inspect.sys [124568 2018-05-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 isedrv; C:\windows\system32\drivers\isedrv.sys [51368 2018-10-10] (Comodo Security Solutions, Inc. -> COMODO)
R2 LiveGpdKBFilter; C:\Windows\System32\Drivers\LiveGpdKBFilter.sys [11168 2010-01-22] (Elitegroup Computer Systems Co LTD. -> Windows ® Win 7 DDK provider) [File not signed]
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [253888 2021-05-28] (Malwarebytes Corporation -> Malwarebytes)
S3 ptun0901; C:\windows\System32\DRIVERS\ptun0901.sys [27136 2016-06-15] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2016-02-25] (MiniTool Solution Ltd -> )
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R0 symsnap; C:\windows\System32\DRIVERS\symsnap.sys [208696 2007-03-28] (Symantec Corporation -> StorageCraft)
R3 tap0901; C:\windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R0 tib; C:\windows\System32\DRIVERS\tib.sys [1267544 2017-02-15] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\windows\System32\DRIVERS\tib_mounter.sys [212320 2017-02-15] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
U5 TMUSB; C:\windows\System32\DRIVERS\TMUSB64.SYS [63096 2016-08-12] (SEIKO EPSON Corporation Test Signing -> Seiko Epson Corporation)
S3 tnd; C:\windows\System32\DRIVERS\tnd.sys [687968 2017-02-15] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2015-07-12] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R2 v2imount; C:\windows\System32\DRIVERS\v2imount.sys [55096 2007-03-28] (Symantec Corporation -> Symantec Corporation)
R3 VHWDrawing; C:\windows\System32\DRIVERS\HWDrawing.sys [8320 2007-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Codename Longhorn DDK provider)
R2 virtual_file; C:\windows\System32\DRIVERS\virtual_file.sys [331104 2017-02-15] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 VProEventMonitor; C:\windows\System32\DRIVERS\vproeventmonitor.sys [19256 2007-03-28] (Symantec Corporation -> Symantec Corporation)
S3 WDC_SAM; C:\windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 wdm_usb; C:\windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three months (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-29 00:43 - 2021-05-29 00:43 - 000000000 ____D C:\windows\Microsoft Antimalware
2021-05-27 14:53 - 2021-05-27 14:53 - 000000000 ____D C:\Users\GraciaAmanta\Desktop\Cara mengunduh pembaruan definisi terbaru untuk Microsoft Security Essentials secara manual_files
2021-05-27 14:53 - 2021-05-19 14:40 - 000197708 _____ C:\Users\GraciaAmanta\Desktop\Cara mengunduh pembaruan definisi terbaru untuk Microsoft Security Essentials secara manual.htm
2021-05-27 12:15 - 2021-05-27 12:15 - 000000000 _____ C:\windows\SysWOW64\rufus.ini
2021-05-27 00:01 - 2018-03-14 01:37 - 000447696 _____ (COMODO) C:\windows\system32\cssguard64.dll
2021-05-27 00:01 - 2018-03-14 01:37 - 000349488 _____ (COMODO) C:\windows\SysWOW64\cssguard32.dll
2021-05-27 00:01 - 2018-03-14 01:37 - 000337072 _____ (COMODO) C:\windows\system32\cmdkbdcss64.dll
2021-05-27 00:01 - 2018-03-14 01:37 - 000267440 _____ (COMODO) C:\windows\SysWOW64\cmdkbdcss32.dll
2021-05-27 00:01 - 2018-03-14 01:37 - 000050256 _____ (COMODO) C:\windows\system32\csscsr64.dll
2021-05-27 00:01 - 2018-03-14 01:36 - 000112656 _____ (COMODO) C:\windows\system32\Drivers\cmdcss.sys
2021-05-27 00:00 - 2021-05-27 00:00 - 000002111 _____ C:\Users\Public\Desktop\Comodo Secure Shopping.lnk
2021-05-26 23:24 - 2021-05-26 23:25 - 001173560 _____ (Akeo Consulting) C:\Users\GraciaAmanta\Downloads\rufus-3.14p.exe
2021-05-26 22:12 - 2021-05-28 17:37 - 000000000 ___DC C:\FRST
2021-05-26 21:52 - 2021-05-26 21:52 - 000001810 _____ C:\Users\GraciaAmanta\Desktop\Norton Commander.lnk
2021-05-26 21:52 - 2021-05-26 21:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Commander
2021-05-26 21:52 - 2021-05-26 21:52 - 000000000 ____D C:\Program Files (x86)\NC201
2021-05-26 21:52 - 1999-02-12 02:01 - 000322832 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC30.DLL
2021-05-26 21:52 - 1999-02-12 02:01 - 000133904 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFCANS32.DLL
2021-05-26 21:52 - 1999-02-12 02:01 - 000133392 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFCO30.DLL
2021-05-26 21:52 - 1999-02-12 02:01 - 000108032 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFCUIA32.DLL
2021-05-26 21:52 - 1999-02-12 02:01 - 000087360 _____ C:\windows\SysWOW64\Norton Commander Name Bounce.Scr
2021-05-26 21:52 - 1999-02-12 02:01 - 000027840 _____ C:\windows\SysWOW64\Norton Commander Starry Night.Scr
2021-05-26 21:52 - 1999-02-12 02:01 - 000020992 _____ C:\windows\SysWOW64\NC_INST.DLL
2021-05-26 21:51 - 1998-01-23 12:22 - 000304128 _____ (InstallShield Software Corporation) C:\windows\IsUninst.exe

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-28 16:53 - 2016-12-08 15:19 - 000000000 ___DC C:\Data
2021-05-28 16:53 - 2009-07-14 12:13 - 000935836 _____ C:\windows\system32\PerfStringBackup.INI
2021-05-28 16:53 - 2009-07-14 10:20 - 000000000 ____D C:\windows\inf
2021-05-28 16:48 - 2018-02-22 10:41 - 003901574 _____ C:\windows\ntbtlog.txt
2021-05-28 16:47 - 2013-08-25 16:52 - 000000000 ____D C:\Users\GraciaAmanta
2021-05-28 14:51 - 2016-12-04 21:57 - 000000000 ____D C:\Users\GraciaAmanta\AppData\LocalLow\Mozilla
2021-05-28 14:50 - 2016-05-06 21:04 - 001474832 _____ C:\windows\system32\Drivers\sfi.dat
2021-05-28 14:37 - 2017-09-14 07:55 - 000015744 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-05-28 14:37 - 2017-09-14 07:55 - 000015744 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-05-28 14:31 - 2013-10-15 07:15 - 000007602 _____ C:\Users\GraciaAmanta\AppData\Local\Resmon.ResmonCfg
2021-05-28 14:20 - 2017-09-10 14:56 - 000000006 ____H C:\windows\Tasks\SA.DAT
2021-05-28 10:59 - 2017-12-30 12:26 - 001577318 _____ C:\windows\system32\Drivers\fvstore.dat
2021-05-28 10:58 - 2017-09-14 11:58 - 000000000 ____D C:\windows\SysWOW64\GroupPolicy
2021-05-28 10:58 - 2017-08-22 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazarus
2021-05-28 10:58 - 2015-07-02 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2021-05-28 10:58 - 2009-07-14 10:20 - 000000000 ___HD C:\windows\system32\GroupPolicy
2021-05-28 10:03 - 2018-02-22 11:32 - 000253888 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2021-05-28 09:56 - 2013-08-25 22:14 - 000000000 ____D C:\Users\GraciaAmanta\AppData\Roaming\Smadav
2021-05-27 16:22 - 2015-08-31 21:16 - 000000000 ____D C:\ProgramData\firebird
2021-05-27 12:26 - 2016-09-06 12:52 - 000001927 _____ C:\Users\GraciaAmanta\.xmlcopyeditor
2021-05-27 11:49 - 2015-10-17 19:26 - 000000000 ____D C:\Users\GraciaAmanta\AppData\Roaming\ACCURATE4
2021-05-27 00:30 - 2016-02-04 13:47 - 000000000 ____D C:\Users\GraciaAmanta\AppData\Local\Epic Privacy Browser
2021-05-27 00:19 - 2013-08-25 23:30 - 000000000 ____D C:\Program Files (x86)\B1 Free Archiver
2021-05-27 00:16 - 2018-02-15 10:26 - 000000000 ____D C:\windows\AutoKMS
2021-05-27 00:00 - 2013-08-26 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2021-05-26 23:41 - 2017-09-14 07:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2021-05-26 23:35 - 2016-11-21 00:23 - 000000117 _____ C:\Users\GraciaAmanta\Downloads\rufus.ini
2021-05-26 23:19 - 2016-12-08 05:11 - 000000000 ____D C:\Users\DefaultAppPool
2021-05-26 22:48 - 2017-09-10 14:56 - 000032636 _____ C:\windows\Tasks\SCHEDLGU.TXT
2021-05-26 22:15 - 2018-05-03 17:28 - 000003332 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-05-26 22:15 - 2018-05-03 17:28 - 000003204 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-05-26 22:14 - 2013-08-25 20:42 - 000000000 ____D C:\Program Fi...

Comments

Popular posts from this blog

ZLUDA v2 Released For Drop-In CUDA On Intel Graphics - Phoronix

Google chrome crashed and now laptop is running very slowly. Malware? - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

SPECapc for Solidworks 2020 benchmark adds new GUI; CPU and 2D drafting tests - Graphic Speak