Help for remove Glupteba & unknown virus that send out "some-info" to 224.0.0.25 - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Please help for guidance to remove Glupteba (maybe ?) and unknown virus that send out some information to ip 224.0.0.251 / 224.0.0.252 / 224.0.0.22 when i connected to internet.
 
I have tried to scan with Malwarebytes dan Hitman Pro, but not yet success.
This virus still remain exist after booting.
 
I already try to scan with Microsoft Safety Scanner - v 1.339.1425.0 , but still not yet success too.
This virus still exist after new booting.
 
That is a unique symptom, when i try to connected to internet, this unknown virus immediately send "some-information" to IP like :
- 224.0.0.252 : 5355 using UDP (using svchost.exe)
- 224.0.0.251 : 5353 using UDP (using svchost.exe)
- 224.0.0.22   using IGMP (using svchost.exe)
 
Please see attach 2 pictures that i capture "network intrusion" to IP (224.0.0.252 / 252 / 22) when using Comodo AV to try blocking IP (224.0.0.000 - 255)
 
Below, I attach files from Farbar Recovery Scan Tool (FRST)  scanning.
Maybe someone can help to guide what i have to do with files from FRST scanning for remove that virus.
 
Thanks in advance.
 
Rgds, 
Andi

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2021
Ran by GraciaAmanta (administrator) on GRACIAAS (AXIOO NEON HNM MODEL) (28-05-2021 17:33:08)
Running from D:\APP\FarbarRecoveryScanTool-FRST
Loaded Profiles: GraciaAmanta
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\CPSSoft\ACCURATE5 License Service\aclicfivsvc.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Autodesk, Inc -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\COMODO Secure Shopping\csssrv64.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe <2>
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(CPSSoft) [File not signed] C:\Program Files (x86)\CPSSoft\ACCURATE5 License Manager\bin\AccurateLicenseManager.exe
(Firebird Project) [File not signed] C:\Program Files\Firebird\Firebird_25\bin\fb_inet_server.exe
(Flexera Software LLC -> Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Lagerkvist Teknisk Radgivning i Boras HB -> Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed] C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Data\xxxMS--ert64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wisptis.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\EPSON\portcommunicationservice\PCSVC.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392872 2010-10-15] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1598144 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
HKLM\...\Run: [pac] => C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe [339464 2017-01-17] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [1725408 2017-03-14] (GlavSoft LLC -> GlavSoft LLC.)
HKLM-x32\...\Run: [Firebird] => [X]
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4251336 2018-10-10] (Comodo Security Solutions, Inc. -> COMODO)
HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1935704 2021-05-26] (Smadsoft) [File not signed]
HKLM-x32\...\Run: [vdcss] => C:\Program Files (x86)\COMODO\COMODO Secure Shopping\vdcss.exe [8511152 2018-03-14] (Comodo Security Solutions, Inc. -> COMODO)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2017-03-23] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2016-12-08] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [700328 2017-01-06] (Autodesk, Inc -> Autodesk, Inc.)
HKLM-x32\...\Run: [Norton Ghost 12.0] => C:\Program Files (x86)\NG12\Agent\VProTray.exe [2037352 2007-03-28] (Symantec Corporation -> Symantec Corporation)
HKLM\...\RunOnce: [GrpConv] => grpconv -o
HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\...\Run: [EPSON Stylus CX5500 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAP.EXE [211456 2017-02-27] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2016-11-26] (InstallShield Software Corporation) [File not signed]
HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\...\Run: [Iperius Backup] => C:\Program Files (x86)\Iperius Backup\Iperius.exe [62630024 2018-02-15] (Enter Srl -> Enter Srl)
HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\...\Run: [NC Scheduler] => C:\Program Files (x86)\NC201\NC_SCHED.EXE /Hide
HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\...\RunOnce: [Adobe Speed Launcher] => 1622170555
HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\...\MountPoints2: {8681f983-ca6d-11e7-9657-2cfaa28bd697} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\...\MountPoints2: {bdca48b8-0d6a-11e3-bbb5-806e6f6e6963} - E:\Setup.exe
HKLM\...\Windows x64\Print Processors\Epson Inkjet: C:\Windows\System32\spool\prtprocs\x64\EP0NPP01.DLL [38912 2016-03-29] (Microsoft Windows -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\Windows\system32\cpwmon64.dll [89008 2016-01-22] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\Epson Inbox Language Monitor01: C:\Windows\system32\EP0SLM01.DLL [77824 2009-07-14] (Microsoft Windows -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON L355 Series 64MonitorBE: C:\Windows\system32\E_YLMI4E.DLL [120320 2011-04-19] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON L360 Series 64MonitorBE: C:\Windows\system32\E_YLMBN0E.DLL [180224 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON Port Handler Monitor: C:\Windows\system32\EAPPHPM.dll [238080 2013-04-15] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\EPSON Stylus CX5000 Series 64MonitorBA: C:\Windows\system32\E_ILMBVA.DLL [126976 2016-06-11] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON Stylus CX5500 Series 64MonitorBP: C:\Windows\system32\E_ILMCAP.DLL [108032 2017-02-27] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\Epson TM-T20 Language Monitor 4: C:\Windows\system32\EAPTMT20LM.dll [146432 2016-08-12] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\Nitro PDF Port Monitor: C:\Windows\system32\nitrolocalmon10.dll [31904 2016-08-02] (Nitro Software, Inc. -> Nitro Software, Inc.)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [120072 2016-06-14] (pdfforge GmbH -> pdfforge GmbH)
HKLM\...\Print\Monitors\PDFCreator: C:\Windows\system32\pdfcmnnt.dll [87040 2005-03-12] () [File not signed]
HKLM\...\Print\Monitors\PDFill Writer Monitor: C:\Program Files (x86)\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll [36176 2016-03-26] (PlotSoft LLC -> Windows ® Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\PrimoMon: C:\Windows\system32\Primomonnt.dll [95008 2015-09-01] (Nitro PDF Software -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\Installer\chrmstp.exe [2018-05-03] (Google Inc -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2018-04-14]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E28EB44-D678-4465-AEE4-51E0BA6F3697} - System32\Tasks\Create a Restore Point at Startup => C:\Windows\System32\wbem\WMIC.exe /Namespace:\\root\default Path SystemRestore Call CreateRestorePoint "Create Restore Point by HDK", 100, 7
Task: {127B0706-EACB-4212-8505-7D6F580FA376} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5502144 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {4CF7D329-D2B4-439A-BA6E-8E2EC7B47AF7} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5502144 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {87F95868-845D-4A0C-A6FD-3FDEDB123E2E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [3643160 2013-07-23] (Piriform Ltd -> Piriform Ltd)
Task: {8817F181-8DA3-44E5-B9D2-B1B96E67BBA3} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [11578048 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {98ABD5B4-FD3D-435E-9A79-C90AD7880873} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [43816 2015-07-12] (Apple Inc. -> Apple Inc.)
Task: {9B26C0C1-6F45-4377-A2C7-7303BAB25310} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe [683008 2017-12-28] (FreeDownloadManager.org) [File not signed]
Task: {B0C5292C-7DA0-414A-B5DE-789080B72180} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5502144 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {C64181CA-11BA-485B-BF78-34AD4D6C8B5E} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1935704 2021-05-26] (Smadsoft) [File not signed]
Task: {CA819993-2A42-47B2-83D7-72115971C871} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-05-04] (Google Inc -> Google Inc.)
Task: {E1D7C4F0-AC08-49D6-8133-8F5B6596F727} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1598144 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {F4D3BCDE-AC0D-4B57-A2A9-B99406FAF1E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-05-04] (Google Inc -> Google Inc.)
Task: {FB927C92-FE5F-4B74-9491-836253CC6911} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5502144 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
Task: {FC4C6A23-302E-436D-9ABB-0A61C29CD2D3} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5502144 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299101196-3374494760-3322787721-1000Core1cfacb125a4dbc8.job => C:\Users\GraciaAmanta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299101196-3374494760-3322787721-1000Core1d04780725624cd.job => C:\Users\GraciaAmanta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299101196-3374494760-3322787721-1000Core1d04dc065b1f085.job => C:\Users\GraciaAmanta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299101196-3374494760-3322787721-1000Core1d09fa943c307ac.job => C:\Users\GraciaAmanta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299101196-3374494760-3322787721-1000Core1d0c6e23470bb35.job => C:\Users\GraciaAmanta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299101196-3374494760-3322787721-1000Core1d0e3f5cba036b2.job => C:\Users\GraciaAmanta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299101196-3374494760-3322787721-1000Core1d10d3c64ffac0e.job => C:\Users\GraciaAmanta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299101196-3374494760-3322787721-1000Core1d133e13931dc24.job => C:\Users\GraciaAmanta\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299101196-3374494760-3322787721-1000Core1d15e3f46af6948.job => C:\Users\GraciaAmanta\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{29629ADD-2883-46B8-919E-02B0DAE64589}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{2A2A3437-BBAD-4287-9C58-0551EDC95E12}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{6A146728-B2FE-4438-8A75-1A1BA52652E9}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF DefaultProfile: hyxhcxvz.default
FF DefaultProfile: v792iezs.default
FF ProfilePath: C:\Users\GraciaAmanta\AppData\Roaming\Zotero\Zotero\Profiles\hyxhcxvz.default [2015-11-07]
FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [2015-08-25] [Legacy] [not signed]
FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [2015-08-25] [Legacy] [not signed]
FF ProfilePath: C:\Users\GraciaAmanta\AppData\Roaming\Mozilla\Firefox\Profiles\v792iezs.default [2021-05-28]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-06-14] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-08-12] [Legacy] [not signed]
FF HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\GraciaAmanta\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\GraciaAmanta\AppData\Roaming\IDM\idmmzcc5 [2016-11-09] [Legacy] [not signed]
FF HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\GraciaAmanta\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-22] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-22] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] (Apple Inc. -> )
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 5\npnitromozilla.dll [2016-08-02] (Nitro Software, Inc. -> Nitro PDF)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2009-10-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2009-10-14] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader11\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-05-04] (pdfforge GmbH -> pdfforge GmbH)
FF Plugin HKU\S-1-5-21-2299101196-3374494760-3322787721-1000: @tools.google.com/Google Update;version=3 -> C:\Users\GraciaAmanta\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-2299101196-3374494760-3322787721-1000: @tools.google.com/Google Update;version=9 -> C:\Users\GraciaAmanta\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc -> Google Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2021-05-28] <==== ATTENTION
CHR Extension: (Docs) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2021-05-28]
CHR Extension: (YouTube) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-28]
CHR Extension: (PrivDog) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cmaiofennmphjldldcpphcechfnnohja [2021-05-28] [UpdateUrl:hxxp://privdog.com/updates/865/googlechrome/update.xml] <==== ATTENTION
CHR Extension: (IDM Integration) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\jmolcgpienlcieaajfkkdamlngancncm [2021-05-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-28]
CHR Extension: (Chrome Media Router) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-28]
CHR Profile: C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default [2018-02-21]
CHR Extension: (Slides) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-01]
CHR Extension: (Docs) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-01]
CHR Extension: (Google Drive) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-27]
CHR Extension: (YouTube) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-27]
CHR Extension: (PrivDog) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2017-05-26] [UpdateUrl:hxxp://privdog.com/updates/865/googlechrome/update.xml] <==== ATTENTION
CHR Extension: (Tampermonkey) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-26]
CHR Extension: (Sheets) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-01]
CHR Extension: (Google Docs Offline) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-01]
CHR Extension: (IDM Integration) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm [2017-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-01]
CHR Extension: (Gmail) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-27]
CHR Extension: (Chrome Media Router) - C:\Users\GraciaAmanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-01]
CHR HKU\S-1-5-21-2299101196-3374494760-3322787721-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2013-11-16]
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2012-10-10]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Acc5LicSvc; c:\program files (x86)\CpsSoft\Accurate5 License Service\Aclicfivsvc.exe [6109696 2016-09-01] () [File not signed]
S3 AccurateDashboardSvc; C:\Program Files (x86)\CPSSoft\ACCURATE Dashboard Server/AccDashboardSvc.exe [3789824 2016-01-18] () [File not signed]
R2 AccurateLicenseManager; C:\Program Files (x86)\CPSSoft\ACCURATE5 License Manager\bin\AccurateLicenseManager.exe [150203392 2016-05-30] (CPSSoft) [File not signed]
S3 ACCURATESvc; C:\Program Files (x86)/CPSSoft/ACCURATE Service/AccSvc.exe [26368000 2018-01-12] () [File not signed]
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1276216 2017-02-15] (Acronis International GmbH -> )
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1290744 2017-01-06] (Autodesk, Inc -> Autodesk Inc.)
S3 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088 2014-12-03] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
S4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-07-31] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S3 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6086232 2017-02-15] (Acronis International GmbH -> )
S3 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [2001608 2018-04-14] (philandro Software GmbH -> )
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-07-12] (Apple Inc. -> Apple Inc.)
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2016-06-19] (Autodesk, Inc. -> Autodesk, Inc.)
S4 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2304184 2016-04-23] (Comodo Security Solutions -> Comodo)
S4 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe [72024 2017-04-03] (Google Inc -> Google Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10747264 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
R2 csssrv; C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe [4199600 2018-03-14] (Comodo Security Solutions, Inc. -> COMODO)
S3 eaglesvc; C:\Windows\SysWOW64\eaglesvclic.exe [2046976 2013-12-13] (cpssoft intl) [File not signed]
S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-09-19] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2017-03-15] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 EPSON_Device_Control_Log_Service; C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe [395776 2016-08-12] (SEIKO EPSON CORPORATION) [File not signed]
R3 EPSON_Port_Communication_Service; C:\Program Files\epson\portcommunicationservice\PCSVC.exe [586240 2016-08-12] (SEIKO EPSON CORPORATION) [File not signed]
S3 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2\bin\fbguard.exe [81920 2015-10-17] (Firebird Project) [File not signed]
R2 FirebirdServer25; C:\Program Files\Firebird\Firebird_25\bin\fb_inet_server.exe [5782016 2017-11-22] (Firebird Project) [File not signed]
S3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2\bin\fbserver.exe [2764800 2015-10-17] (Firebird Project) [File not signed]
S4 FirebirdServerFB302ss64Port3500; C:\Program Files\Firebird\Firebird-3.0.1\firebird.exe [821760 2017-03-21] (Firebird Project) [File not signed]
R2 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-08-28] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
S3 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [136864 2018-02-15] (eVenture Limited -> eVenture Limited)
S3 HWSuperPowerTablet; C:\Windows\jwpen.exe [66560 2008-06-04] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 ImDskSvc; C:\windows\system32\imdsksvc.exe [19552 2016-02-24] (Lagerkvist Teknisk Radgivning i Boras HB -> Olof Lagerkvist)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation -> Microsoft Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1044680 2018-10-10] (Comodo Security Solutions, Inc. -> COMODO)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2541248 2006-10-31] (Symantec Corporation -> Symantec Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes Corporation -> Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4692840 2017-02-15] (Acronis International GmbH -> Acronis International GmbH)
S4 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [7717528 2017-02-15] (Acronis International GmbH -> Acronis International GmbH)
S4 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1510712 2017-02-15] (Acronis International GmbH -> )
S4 NitroReaderDriverReadSpool5; C:\Program Files\Nitro64\Reader5\NitroPDFReaderDriverService5x64.exe [327328 2016-08-02] (Nitro Software, Inc. -> Nitro Software, Inc.)
S4 Norton Ghost; C:\Program Files (x86)\NG12\Agent\VProSvc.exe [3290728 2007-03-28] (Symantec Corporation -> Symantec Corporation)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38016 2017-10-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438368 2016-06-14] (pdfforge GmbH -> pdfforge GmbH)
S4 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-06-14] (pdfforge GmbH -> pdfforge GmbH)
S3 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-06-14] (pdfforge GmbH -> pdfforge GmbH)
S4 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [972056 2016-06-14] (pdfforge GmbH -> © pdfforge GmbH.)
S2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [413320 2017-08-29] (Geek Software GmbH -> Geek Software GmbH)
S2 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2675712 2012-11-06] (Microsoft Corporation) [File not signed]
S3 renetwo_svc; C:\Program Files (x86)/CPSSoft/RENE2Server/renetwosvc.exe [1403392 2015-02-09] () [File not signed]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936 2008-06-19] () [File not signed]
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2013-08-28] (Realtek Semiconductor.) [File not signed]
R2 Spooler; C:\windows\SysWOW64\spoolsv.exe [316416 2017-09-12] (Microsoft Corporation) [File not signed]
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-20] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9729272 2017-02-15] (Acronis International GmbH -> )
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10938880 2017-12-05] (TeamViewer GmbH) [File not signed]
S3 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [1725408 2017-03-14] (GlavSoft LLC -> GlavSoft LLC.)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [129144 2017-08-23] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AWEAlloc; C:\windows\System32\DRIVERS\awealloc.sys [21048 2016-02-24] (Lagerkvist Teknisk Radgivning i Boras HB -> Olof Lagerkvist)
S3 btmaudio; C:\windows\System32\drivers\btmaud.sys [42496 2010-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Motorola, Inc.)
S3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [52736 2010-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Motorola, Inc.)
S3 BTMNET; C:\windows\System32\DRIVERS\btmnet.sys [28672 2010-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Motorola, Inc.)
S3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [3231616 2010-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Motorola, Inc.)
S3 CamSuiteVAC; C:\windows\System32\DRIVERS\CamSuiteVAC.sys [56320 2008-09-19] (Reallusion Inc. -> )
R1 cmdcss; C:\windows\system32\drivers\cmdcss.sys [112656 2018-03-14] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmderd; C:\windows\System32\DRIVERS\cmderd.sys [34280 2018-05-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdGuard; C:\windows\System32\DRIVERS\cmdguard.sys [846624 2018-05-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdHlp; C:\windows\System32\DRIVERS\cmdhlp.sys [59096 2018-05-22] (Comodo Security Solutions, Inc. -> COMODO)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [24056 2016-01-14] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S2 EPSON_PCS_Parallel_Port_Driver; C:\Windows\system32\DRIVERS\pcslpt.sys [21640 2012-11-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R0 EUBAKUP; C:\windows\System32\drivers\eubakup.sys [60968 2016-09-19] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\windows\System32\drivers\EUBKMON.sys [48168 2016-09-19] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18472 2016-09-19] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [192552 2016-09-19] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [10848 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R0 file_tracker; C:\windows\System32\DRIVERS\file_tracker.sys [375136 2017-02-15] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 ImDisk; C:\windows\System32\DRIVERS\imdisk.sys [48704 2016-02-24] (Lagerkvist Teknisk Radgivning i Boras HB -> Olof Lagerkvist)
R1 inspect; C:\windows\System32\DRIVERS\inspect.sys [124568 2018-05-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 isedrv; C:\windows\system32\drivers\isedrv.sys [51368 2018-10-10] (Comodo Security Solutions, Inc. -> COMODO)
R2 LiveGpdKBFilter; C:\Windows\System32\Drivers\LiveGpdKBFilter.sys [11168 2010-01-22] (Elitegroup Computer Systems Co LTD. -> Windows ® Win 7 DDK provider) [File not signed]
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [253888 2021-05-28] (Malwarebytes Corporation -> Malwarebytes)
S3 ptun0901; C:\windows\System32\DRIVERS\ptun0901.sys [27136 2016-06-15] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2016-02-25] (MiniTool Solution Ltd -> )
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R0 symsnap; C:\windows\System32\DRIVERS\symsnap.sys [208696 2007-03-28] (Symantec Corporation -> StorageCraft)
R3 tap0901; C:\windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R0 tib; C:\windows\System32\DRIVERS\tib.sys [1267544 2017-02-15] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\windows\System32\DRIVERS\tib_mounter.sys [212320 2017-02-15] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
U5 TMUSB; C:\windows\System32\DRIVERS\TMUSB64.SYS [63096 2016-08-12] (SEIKO EPSON Corporation Test Signing -> Seiko Epson Corporation)
S3 tnd; C:\windows\System32\DRIVERS\tnd.sys [687968 2017-02-15] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2015-07-12] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R2 v2imount; C:\windows\System32\DRIVERS\v2imount.sys [55096 2007-03-28] (Symantec Corporation -> Symantec Corporation)
R3 VHWDrawing; C:\windows\System32\DRIVERS\HWDrawing.sys [8320 2007-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Codename Longhorn DDK provider)
R2 virtual_file; C:\windows\System32\DRIVERS\virtual_file.sys [331104 2017-02-15] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 VProEventMonitor; C:\windows\System32\DRIVERS\vproeventmonitor.sys [19256 2007-03-28] (Symantec Corporation -> Symantec Corporation)
S3 WDC_SAM; C:\windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 wdm_usb; C:\windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three months (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-29 00:43 - 2021-05-29 00:43 - 000000000 ____D C:\windows\Microsoft Antimalware
2021-05-27 14:53 - 2021-05-27 14:53 - 000000000 ____D C:\Users\GraciaAmanta\Desktop\Cara mengunduh pembaruan definisi terbaru untuk Microsoft Security Essentials secara manual_files
2021-05-27 14:53 - 2021-05-19 14:40 - 000197708 _____ C:\Users\GraciaAmanta\Desktop\Cara mengunduh pembaruan definisi terbaru untuk Microsoft Security Essentials secara manual.htm
2021-05-27 12:15 - 2021-05-27 12:15 - 000000000 _____ C:\windows\SysWOW64\rufus.ini
2021-05-27 00:01 - 2018-03-14 01:37 - 000447696 _____ (COMODO) C:\windows\system32\cssguard64.dll
2021-05-27 00:01 - 2018-03-14 01:37 - 000349488 _____ (COMODO) C:\windows\SysWOW64\cssguard32.dll
2021-05-27 00:01 - 2018-03-14 01:37 - 000337072 _____ (COMODO) C:\windows\system32\cmdkbdcss64.dll
2021-05-27 00:01 - 2018-03-14 01:37 - 000267440 _____ (COMODO) C:\windows\SysWOW64\cmdkbdcss32.dll
2021-05-27 00:01 - 2018-03-14 01:37 - 000050256 _____ (COMODO) C:\windows\system32\csscsr64.dll
2021-05-27 00:01 - 2018-03-14 01:36 - 000112656 _____ (COMODO) C:\windows\system32\Drivers\cmdcss.sys
2021-05-27 00:00 - 2021-05-27 00:00 - 000002111 _____ C:\Users\Public\Desktop\Comodo Secure Shopping.lnk
2021-05-26 23:24 - 2021-05-26 23:25 - 001173560 _____ (Akeo Consulting) C:\Users\GraciaAmanta\Downloads\rufus-3.14p.exe
2021-05-26 22:12 - 2021-05-28 17:37 - 000000000 ___DC C:\FRST
2021-05-26 21:52 - 2021-05-26 21:52 - 000001810 _____ C:\Users\GraciaAmanta\Desktop\Norton Commander.lnk
2021-05-26 21:52 - 2021-05-26 21:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Commander
2021-05-26 21:52 - 2021-05-26 21:52 - 000000000 ____D C:\Program Files (x86)\NC201
2021-05-26 21:52 - 1999-02-12 02:01 - 000322832 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC30.DLL
2021-05-26 21:52 - 1999-02-12 02:01 - 000133904 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFCANS32.DLL
2021-05-26 21:52 - 1999-02-12 02:01 - 000133392 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFCO30.DLL
2021-05-26 21:52 - 1999-02-12 02:01 - 000108032 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFCUIA32.DLL
2021-05-26 21:52 - 1999-02-12 02:01 - 000087360 _____ C:\windows\SysWOW64\Norton Commander Name Bounce.Scr
2021-05-26 21:52 - 1999-02-12 02:01 - 000027840 _____ C:\windows\SysWOW64\Norton Commander Starry Night.Scr
2021-05-26 21:52 - 1999-02-12 02:01 - 000020992 _____ C:\windows\SysWOW64\NC_INST.DLL
2021-05-26 21:51 - 1998-01-23 12:22 - 000304128 _____ (InstallShield Software Corporation) C:\windows\IsUninst.exe

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-28 16:53 - 2016-12-08 15:19 - 000000000 ___DC C:\Data
2021-05-28 16:53 - 2009-07-14 12:13 - 000935836 _____ C:\windows\system32\PerfStringBackup.INI
2021-05-28 16:53 - 2009-07-14 10:20 - 000000000 ____D C:\windows\inf
2021-05-28 16:48 - 2018-02-22 10:41 - 003901574 _____ C:\windows\ntbtlog.txt
2021-05-28 16:47 - 2013-08-25 16:52 - 000000000 ____D C:\Users\GraciaAmanta
2021-05-28 14:51 - 2016-12-04 21:57 - 000000000 ____D C:\Users\GraciaAmanta\AppData\LocalLow\Mozilla
2021-05-28 14:50 - 2016-05-06 21:04 - 001474832 _____ C:\windows\system32\Drivers\sfi.dat
2021-05-28 14:37 - 2017-09-14 07:55 - 000015744 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-05-28 14:37 - 2017-09-14 07:55 - 000015744 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-05-28 14:31 - 2013-10-15 07:15 - 000007602 _____ C:\Users\GraciaAmanta\AppData\Local\Resmon.ResmonCfg
2021-05-28 14:20 - 2017-09-10 14:56 - 000000006 ____H C:\windows\Tasks\SA.DAT
2021-05-28 10:59 - 2017-12-30 12:26 - 001577318 _____ C:\windows\system32\Drivers\fvstore.dat
2021-05-28 10:58 - 2017-09-14 11:58 - 000000000 ____D C:\windows\SysWOW64\GroupPolicy
2021-05-28 10:58 - 2017-08-22 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazarus
2021-05-28 10:58 - 2015-07-02 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2021-05-28 10:58 - 2009-07-14 10:20 - 000000000 ___HD C:\windows\system32\GroupPolicy
2021-05-28 10:03 - 2018-02-22 11:32 - 000253888 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2021-05-28 09:56 - 2013-08-25 22:14 - 000000000 ____D C:\Users\GraciaAmanta\AppData\Roaming\Smadav
2021-05-27 16:22 - 2015-08-31 21:16 - 000000000 ____D C:\ProgramData\firebird
2021-05-27 12:26 - 2016-09-06 12:52 - 000001927 _____ C:\Users\GraciaAmanta\.xmlcopyeditor
2021-05-27 11:49 - 2015-10-17 19:26 - 000000000 ____D C:\Users\GraciaAmanta\AppData\Roaming\ACCURATE4
2021-05-27 00:30 - 2016-02-04 13:47 - 000000000 ____D C:\Users\GraciaAmanta\AppData\Local\Epic Privacy Browser
2021-05-27 00:19 - 2013-08-25 23:30 - 000000000 ____D C:\Program Files (x86)\B1 Free Archiver
2021-05-27 00:16 - 2018-02-15 10:26 - 000000000 ____D C:\windows\AutoKMS
2021-05-27 00:00 - 2013-08-26 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2021-05-26 23:41 - 2017-09-14 07:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2021-05-26 23:35 - 2016-11-21 00:23 - 000000117 _____ C:\Users\GraciaAmanta\Downloads\rufus.ini
2021-05-26 23:19 - 2016-12-08 05:11 - 000000000 ____D C:\Users\DefaultAppPool
2021-05-26 22:48 - 2017-09-10 14:56 - 000032636 _____ C:\windows\Tasks\SCHEDLGU.TXT
2021-05-26 22:15 - 2018-05-03 17:28 - 000003332 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-05-26 22:15 - 2018-05-03 17:28 - 000003204 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-05-26 22:14 - 2013-08-25 20:42 - 000000000 ____D C:\Program Fi...

Comments

Post a Comment

Popular posts from this blog

ZLUDA v2 Released For Drop-In CUDA On Intel Graphics - Phoronix

Image
One of many interesting and original open-source projects to be started in 2020 was ZLUDA, an open-spurce drop-in CUDA implementation for Intel graphics. ZLUDA - developed independent of Intel and NVIDIA - is built atop Intel's oneAPI Level Zero interface (hence the name, ZLUDA) and allows for unmodified CUDA applications to run on Intel UHD/Xe Graphics hardware with near-native performance. Well, that's the goal at least but with the initial ZLUDA release were a number of support limitations. Out today is ZLUDA Version 2 that has been focused on ensuring it works well with the Geekbench CUDA test cases as an interesting stressor for CUDA on Intel graphics. Additionally, the Microsoft Windows support for ZLUDA has been improved while continuing to provide first-rate Linux support. ZLUDA Version 2 implements more host-side functions, a number of bugs have been fixed, I/O performance improvements, support for creating traces of CUDA kernel executions, and other enhancements for
Read more

Google chrome crashed and now laptop is running very slowly. Malware? - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Image
Hello, My Huawei laptop is not very old and has been working perfectly until yesterday. Google Chrome crashed and now it takes longer to start up, and neither chrome or Microsoft edge work properly (very slow and keep buffering). My avast anti virus has not found anything when I scanned, but I can't think what else the problem can be. I tried some of the steps in the post about a slow computer not being a malware problem but nothing changed, and since I don't have very much installed on my laptop I don't think it can be a problem with memory. Any help in fixing this would be very much appreciated. I have attached my log here; Rachel Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-04-2022 Ran by Rachel (administrator) on LAPTOP-AJP0U36V (HUAWEI BOHB-WAX9) (17-04-2022 16:11:18) Running from C:\Users\Rachel\Downloads Loaded Profiles: Rachel Platform: Microsoft Windows 10 Home Single Language Version 21H2 19044.1645 (X64) Language:
Read more

Google chrome crashed and now laptop is running very slowly. Malware? - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Image
Hello, My Huawei laptop is not very old and has been working perfectly until yesterday. Google Chrome crashed and now it takes longer to start up, and neither chrome or Microsoft edge work properly (very slow and keep buffering). My avast anti virus has not found anything when I scanned, but I can't think what else the problem can be. I tried some of the steps in the post about a slow computer not being a malware problem but nothing changed, and since I don't have very much installed on my laptop I don't think it can be a problem with memory. Any help in fixing this would be very much appreciated. I have attached my log here; Rachel Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-04-2022 Ran by Rachel (administrator) on LAPTOP-AJP0U36V (HUAWEI BOHB-WAX9) (17-04-2022 16:11:18) Running from C:\Users\Rachel\Downloads Loaded Profiles: Rachel Platform: Microsoft Windows 10 Home Single Language Version 21H2 19044.1645 (X64) Language:
Read more