Jump to content

Malware keeps Coming back


Go to solution Solved by kevinf80,

Recommended Posts

Hello iamthefutureofall and welcome to Malwarebytes,

Continue with the following:

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin
Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 3/12/21
Protection Event Time: 11:24 AM
Log File: f8b3d6fd-8346-11eb-bb82-d05099abd555.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1173
Update Package Version: 1.0.38047
License: Trial

-System Information-
OS: Windows 10 (Build 18362.1440)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Bitnami\wordpress-5.6-3\apache2\bin\httpd.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Compromised
Domain: 
IP Address: 65.49.20.68
Port: 80
Type: Inbound
File: C:\Bitnami\wordpress-5.6-3\apache2\bin\httpd.exe

(end)

 

 //adw cleaner didn't ask to reboot . that is the log file of clean mode

# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    03-12-2021
# Duration: 00:00:22
# OS:       Windows 10 Pro
# Cleaned:  5
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\lux\AppData\Roaming\Tencent

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1813 octets] - [12/03/2021 12:12:35]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

/////FarBar 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by lux (administrator) on DESKTOP-E8BVDK8 (12-03-2021 16:40:00)
Running from C:\Users\lux\Downloads
Loaded Profiles: lux
Platform: Windows 10 Pro Version 1909 18363.1440 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\afwServ.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124032 2018-05-26] (Corel Corporation -> WinZip Computing)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2018-05-26] (WinZip Computing LLC -> WinZip Computing, S.L.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [164608 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2021-01-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2021-01-04] (Adobe Inc. -> )
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11221496 2021-03-09] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Policies\Explorer: [] 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.82\Installer\chrmstp.exe [2021-03-06] (Google LLC -> Google LLC)
Startup: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk [2019-08-01]
ShortcutTarget: GenuineService.lnk -> C:\Users\lux\Autodesk\Genuine Service\GenuineService.exe (Autodesk, Inc. -> Autodesk)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A04EEC-D266-47C6-8ADD-FF966248287A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {0A4FB83A-1270-4965-91B6-680438E2F205} - System32\Tasks\Mozilla\Firefox Developer Edition Default Browser Agent CA9422711AE1A81C => C:\Program Files\Firefox Developer Edition\default-browser-agent.exe do-task "CA9422711AE1A81C"
Task: {1406319A-9FA7-446C-AF35-8280D92A044A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4730624 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {21C83A50-A09B-47BF-8865-F5469F008F33} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694752 2021-03-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {25DFC818-592C-4F1E-8A47-946ADB76658F} - System32\Tasks\Mozilla\Firefox Nightly Default Browser Agent 6F193CCC56814779 => C:\Program Files\Firefox Nightly\default-browser-agent.exe do-task "6F193CCC56814779"
Task: {2E352502-2149-4F32-8A79-42005652AF6D} - System32\Tasks\BlueStacksHelper => G:\BLUESTACKS\BlueStacks\Client\Helper\BlueStacksHelper.exe [754104 2021-01-07] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {3876FCD3-C190-47B2-8DC8-3865B4991A0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-30] (Google LLC -> Google LLC)
Task: {43912CE4-F6E9-4955-969E-8557BE97E7A7} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4022856778-3193992897-3864231476-1001 => C:\Users\lux\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {46D1C481-5130-4D61-9D33-0F2BD2308980} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation)
Task: {49FB58B4-DD4B-4519-9206-9B69F501BB2E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {57828313-D46B-4DE3-918D-00A4CF78BB82} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {740564A6-C064-48B7-A7E5-33A2A6660DE6} - System32\Tasks\Shutdown at 4 => Shutdown [Argument = at 4]
Task: {821141F5-F23A-4F86-A008-FDB5CCD5A346} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1822976 2021-02-23] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {994054D5-6822-45FF-89C4-9C133A0C43D0} - System32\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:f670f671-a83d-4db4-af77-19ffa5594347
Task: {9F26A201-557A-4803-A6BF-2541A4EF421E} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation)
Task: {B6462D50-60A9-49F7-BC85-911014C5C53D} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation)
Task: {B70DDA39-D8A1-41F8-840C-E5B7DE12AEF2} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {BC84898B-089D-4A76-9331-286EFD5930BD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {CF4233E2-36D6-4197-8DBB-A1D8C4910BAC} - System32\Tasks\shutdown => shutdown [Argument = /s /f /t 0]
Task: {D17D65C3-2279-43EE-8C27-AD00AF3D841F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform)
Task: {D977AB8B-28E7-4CE4-9AD9-B4EAD98B3CED} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {DF3F98B6-0381-4DB6-9F50-78364C6EFAE7} - System32\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:d7b383c5-6fed-4ab5-a88a-e04bda5480a0
Task: {E560DDA1-0B98-4B0F-9145-54E31B6E7F6C} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {F0DC8573-8780-481F-9B08-401CEE6FEE9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-30] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Internet (All) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\NLAapi.dll [70144 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 14 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 01 C:\Windows\system32\napinsp.dll [68096 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 02 C:\Windows\system32\pnrpnsp.dll [86528 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 03 C:\Windows\system32\pnrpnsp.dll [86528 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 04 C:\Windows\System32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 05 C:\Windows\System32\winrnr.dll [31232 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 06 C:\Windows\system32\NLAapi.dll [93184 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Windows\system32\wshbth.dll [64000 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 02 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 03 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 04 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 05 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 06 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 07 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 08 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 09 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 10 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 11 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 12 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 13 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 14 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.49.130.40 200.42.4.198
Tcpip\..\Interfaces\{588c67e1-02d4-490e-be08-ba8568127598}: [DhcpNameServer] 200.49.130.40 200.42.4.198
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\lux\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-12]
Edge HomePage: Default -> hxxp://www.google.com/ncr
Edge DefaultSearchURL: Default -> {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:iOSSearchLanguage}{google:prefetchSource}{google:searchClient}{google:sourceId}{google:contextualSearchVersion}ie={inputEncoding}
Edge DefaultSearchKeyword: Default -> google.com
Edge DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:omniboxFocusType}{google:cursorPosition}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
StartMenuInternet: Microsoft Edge - "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

 

///////Addition 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by lux (12-03-2021 16:30:32)
Running from C:\Users\lux\Downloads
Windows 10 Pro Version 1909 18363.1440 (X64) (2021-03-12 09:57:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4022856778-3193992897-3864231476-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4022856778-3193992897-3864231476-503 - Limited - Disabled)
Guest (S-1-5-21-4022856778-3193992897-3864231476-501 - Limited - Disabled)
lux (S-1-5-21-4022856778-3193992897-3864231476-1001 - Administrator - Enabled) => C:\Users\lux
WDAGUtilityAccount (S-1-5-21-4022856778-3193992897-3864231476-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Antivirus (Enabled) {2092F4DC-EC63-3680-C854-E2DACF7E736A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Ableton Live 10 Suite (HKLM\...\{FE06C730-0296-42D9-B869-4E819D7F47A3}) (Version: 10.0.0.0 - Ableton)
ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden
ACA & MEP 2020 Object Enabler (HKLM\...\{28B89EEF-3004-0000-5102-CF3F3A09B77D}) (Version: 8.2.45.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-3001-0000-3102-CF3F3A09B77D}) (Version: 23.1.47.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version:  - Adobe)
Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_0_1) (Version: 25.0.1 - Adobe Inc.)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_1_0) (Version: 11.1.0 - Adobe Systems Incorporated)
AIDA64 Extreme v6.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.00 - FinalWire Ltd.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.11.2 - Advanced Micro Devices, Inc.)
AmpliTube2 (HKLM-x32\...\{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}) (Version: 2.1.0 - IK Multimedia)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Arturia Moog Modular V v1.1 (HKLM-x32\...\Arturia Moog Modular V v1.1) (Version:  - )
Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team)
AutoCAD 2016 - Español (Spanish) (HKLM\...\{5783F2D7-F001-040A-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016  Language Pack - Español (Spanish) (HKLM\...\{5783F2D7-F001-040A-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2020 - English (HKLM\...\{28B89EEF-3001-0409-2102-CF3F3A09B77D}) (Version: 23.1.47.0 - Autodesk) Hidden
AutoCAD 2020 (HKLM\...\{28B89EEF-3001-0000-0102-CF3F3A09B77D}) (Version: 23.1.47.0 - Autodesk) Hidden
AutoCAD 2020 Language Pack - English (HKLM\...\{28B89EEF-3001-0409-1102-CF3F3A09B77D}) (Version: 23.1.47.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk AutoCAD 2016 - Español (Spanish) (HKLM\...\AutoCAD 2016 - Español (Spanish)) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD 2020 - English (HKLM\...\AutoCAD 2020 - English) (Version: 23.1.47.0 - Autodesk)
Autodesk Genuine Service (HKLM-x32\...\{317D67F2-9027-4E85-9ED1-ADF4D765AE02}) (Version: 3.0.11 - Autodesk)
AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 21.1.3164 - AVG Technologies)
Bandicam (HKLM-x32\...\Bandicam) (Version: 4.6.1.1688 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandicam.com)
Bitnami WordPress Stack (HKLM\...\Bitnami WordPress Stack 5.6-3) (Version: 5.6-3 - Bitnami)
Blender (HKLM\...\{A239FF96-639F-4269-9673-E7ED60D5C74D}) (Version: 2.83.3 - Blender Foundation)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.270.0.1053 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 9.5.6 - Andrew Sampson)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Bulk Image Downloader v4.91.0.0 (HKLM-x32\...\Bulk Image Downloader_is1) (Version:  - Antibody Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
Chaos License Server (HKLM\...\Chaos License Server) (Version: 5.1.1 - Chaos Software Ltd)
Cinema 4D 20.026 (HKLM\...\MAXONE3565005) (Version: 20.026 - MAXON Computer GmbH)
Counter Strike Source WaRzOnE (HKLM-x32\...\{3F77C740-D6C8-4BDB-B730-49C8D8BCA9ED}) (Version: 2.0 - Warzone) Hidden
DXTBmp (HKLM-x32\...\{2C1544E4-5DA6-4A72-B1BA-E4692991C1DC}) (Version: 1.00.000 - )
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
Enscape | BcgTeam | (HKLM\...\{F894D868-CEE6-4CE5-9F77-F39EEBA486A5}) (Version: 2.8.0.26218 - Enscape GmbH)
Epic Games Launcher (HKLM-x32\...\{5B340CD5-07E3-41AA-9117-0A0EC863E454}) (Version: 1.1.220.0 - Epic Games, Inc.)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
FastStone Image Viewer 6.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.7 - FastStone Soft)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Firefox Developer Edition 87.0 (x64 en-US) (HKLM\...\Firefox Developer Edition 87.0 (x64 en-US)) (Version: 87.0 - Mozilla)
GIMP 2.10.20 (HKLM\...\GIMP-2_is1) (Version: 2.10.20 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.82 - Google LLC)
Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)
Google SketchUp Pro 8 (HKLM-x32\...\{88A47643-0A80-4FA8-A568-E9A63AAA98F4}) (Version: 3.0.14346 - Google, Inc.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.8.8.889 - SurfRight B.V.)
Hotspot Shield 8.4.6 (HKLM-x32\...\{5a448f6b-7c15-4a0d-a10e-4f94eaf65bbb}) (Version: 8.4.6.11320 - AnchorFree Inc.)
Hotspot Shield 8.4.6 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925D1670F5B}) (Version: 8.4.6.11320 - AnchorFree Inc.) Hidden
Hotspot Shield 8.4.6 (HKLM-x32\...\HotspotShield) (Version: 8.4.6 - AnchorFree Inc.) Hidden
ILLUSION プレイクラブ (HKLM-x32\...\{EDA7A566-434A-4784-AE98-74AFA46A2485}) (Version: 1.00.0000 - ILLUSION)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{3DAC4F8C-80E6-4204-8A58-747FA4CBAA03}) (Version: 16.0.246 - Intel Corporation)
iTunes (HKLM\...\{0F55124A-C00E-4227-A543-19389E732653}) (Version: 12.10.10.2 - Apple Inc.)
Java SE Development Kit 8 Update 181 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation)
Java SE Development Kit 8 Update 181 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation)
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
M-Audio Fast Track 6.1.12 (x64) (HKLM\...\{102B819F-54FB-4CD3-8B48-B80C210D55BC}) (Version: 6.1.12 - M-Audio)
Microsoft .NET Core Runtime - 2.1.26 (x64) (HKLM-x32\...\{50acab5a-426e-4788-8de9-99b047dbe1c5}) (Version: 2.1.26.29812 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.400 (x64) (HKLM-x32\...\{341254ab-6143-402e-9b7e-944f8b63e97d}) (Version: 2.1.400 - Microsoft Corporation)
Microsoft ASP.NET Core 2.1.26 - Shared Framework (HKLM-x32\...\{8faa55cd-6b10-43b4-a759-4880f79eeac3}) (Version: 2.1.26.45833 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - )
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{52EBC484-44A1-4DC5-824A-0A503735ABD8}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28808 (HKLM-x32\...\{12410e80-cba2-4479-8539-12de3513ff53}) (Version: 14.26.28808.1 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.54.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.9.3352.28579 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{BBCDB523-F5B7-4E53-A911-C85191E3BDF0}) (Version: 10.0.2606 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 en-US) (HKLM\...\Mozilla Firefox 86.0 (x64 en-US)) (Version: 86.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0 - Mozilla)
N.I Pro-53 v3.0-OxYGeN (HKLM-x32\...\N.I Pro-53 v3.0-OxYGeN) (Version:  - )
Native Instruments FM7 v1.10.006 (HKLM-x32\...\Native Instruments FM7 v1.10.006) (Version:  - )
Nightly 84.0a1 (x64 en-US) (HKLM\...\Nightly 84.0a1 (x64 en-US)) (Version: 84.0a1 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - )
Pianoteq v2.2.0 (HKLM-x32\...\Pianoteq22) (Version:  - )
Revo Uninstaller Pro 4.4.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.4.2 - VS Revo Group, Ltd.)
SketchUp 2018 (HKLM\...\{C702DD60-EBF4-4961-8B7D-F209B361F985}) (Version: 18.0.16975 - Trimble, Inc.)
Smart2DCutting 3.5 Demo (HKLM-x32\...\Smart2DCutting_is1) (Version:  - )
Sonic Charge Synplant 1.0 (HKLM-x32\...\Sonic Charge Synplant_is1) (Version:  - )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.8.0 - Sophos Limited)
SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Spotify (HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Spotify) (Version: 1.1.45.621.gdddebadc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1220 - SUPERAntiSpyware.com)
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
VideoPad, editor de vídeo (HKLM-x32\...\VideoPad) (Version: 6.26 - NCH Software)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Voxengo Analogflux Suite 1.3 (HKLM-x32\...\Voxengo Analogflux Suite) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E6F877A1-2F65-4BF0-87B6-A4071B7663D3}) (Version: 10.1.0.0 - Microsoft Corporation)

Packages:
=========
Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-02-12] (eyeo GmbH)
Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_25.3.12.1_x64__adky2gkssdxte [2021-02-28] (Adobe Systems Incorporated)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [2019-11-15] (Dolby Laboratories)
Excel Mobile -> C:\Program Files\WindowsApps\Microsoft.Office.Excel_16001.13801.20274.0_x64__8wekyb3d8bbwe [2021-03-09] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Studios) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-10-01] (Microsoft Corporation)
PicsArt - Photo Studio -> C:\Program Files\WindowsApps\2FE3CB00.PICSART-PHOTOSTUDIO_9.3.4.0_x64__crhqpqs3x1ygc [2021-02-18] (PicsArt Inc.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c [2020-02-06] (Skype)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> G:\Program Files\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> G:\Program Files\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{4AC6DFE1-607B-45B2-B289-D7FBCD44169C}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2020\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> G:\Program Files\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2020\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{D1DE6864-2236-48B7-99C3-D29C757903A4}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2020\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> G:\Program Files\AutoCAD 2016\es-ES\acadficn.dll (Autodesk Development Sarl -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2019-01-30] (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [HitmanPro.Alert Shell Extension] -> {6FAC02B7-77D6-418B-AC11-962C65CDE8DD} => C:\WINDOWS\system32\hmpshell.dll [2021-03-08] (SurfRight B.V. -> SurfRight B.V.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2019-01-30] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2018-09-25] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2018-09-25] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hitman Codename 47\Run Registry Patch.lnk -> C:\Program Files (x86)\Hitman Codename 47\setup.bat ()
Shortcut: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZStudio4\Online Documentation.lnk -> hxxp:docs.daz3d.com\doku.php\public\software\dazstudio
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Nightly.lnk -> C:\Program Files\Firefox Nightly\firefox.exe (Mozilla Corporation)
ShortcutWithArgument: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\TikTok.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=ahoadnkmomodgfkfokbclmabbfdaejpe

==================== Loaded Modules (Whitelisted) =============

2018-12-23 06:37 - 2018-12-23 06:37 - 000948736 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220\e_sqlite3.dll
2019-11-15 13:49 - 2019-11-15 13:49 - 032709632 _____ (Dolby) [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220\DolbyUWP.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Library:{35007500-4800-7300-5800-440074003600} [728]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\Users\lux\Cookies:jb7Ejmron5USQnvE9YDNr [2354]
AlternateDataStreams: C:\Users\lux\Cookies:jcPDhmQNXLgJLiE3o79GNu9M [2346]
AlternateDataStreams: C:\Users\lux\Documents\Max 8:{35007500-4800-7300-5800-440074003600} [728]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\Software\Classes\.scr: AutoCADScriptFile => 

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171002&iDate=2020-07-26 01:16:55&bName=
URLSearchHook: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Windows -> Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Windows -> Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\89.0.774.50\BHO\ie_to_edge_bho_64.dll [2021-03-12] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\89.0.774.50\BHO\ie_to_edge_bho.dll [2021-03-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-11-01 13:43 - 2019-11-01 13:59 - 000000917 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 www.mefeedia.com
0.0.0.0 www.mefeedia.com
0.0.0.0 delivery.anchorfree.us/land.php

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Common Files\Autodesk Shared\
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 200.49.130.40 - 200.42.4.198
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: XblAuthManager => 3
HKLM\...\StartupApproved\Run: => "WinZip FAH"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "pac"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\StartupFolder: => "GenuineService.lnk"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "antMR"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "CCXProcess"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7E7D8DDA-2903-4810-B234-3E9A3190A219}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{9EBBD8A7-A6FC-4A9C-BBA2-54692569C546}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{7C4459D1-94AF-4735-BB83-E422076FB4B3}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{F8894969-DBB7-46CD-8C17-DB43EE686206}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{4FC22BC9-E9B1-4CAE-AE76-D764372CF704}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{EBCFC915-82C7-4565-A11C-014716BB5405}C:\bitnami\wordpress-5.6-3\apache2\bin\httpd.exe] => (Allow) C:\bitnami\wordpress-5.6-3\apache2\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{024CCE94-12F7-408D-9659-DBD2BF5C6C35}C:\bitnami\wordpress-5.6-3\apache2\bin\httpd.exe] => (Allow) C:\bitnami\wordpress-5.6-3\apache2\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{2B81AA42-F74A-4C97-BBC5-9DF9A94BEE1B}C:\bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe] => (Allow) C:\bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe () [File not signed]
FirewallRules: [TCP Query User{2EFCB0ED-73F4-4202-AEC2-6214D6563B7C}C:\bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe] => (Allow) C:\bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe () [File not signed]
FirewallRules: [UDP Query User{0422C48E-7139-4D86-B0A2-06FDA4FCF0C6}G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe => No File
FirewallRules: [TCP Query User{21B876E3-72F5-4520-A85F-6FF6253A24EA}G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe => No File
FirewallRules: [{12A7BC0E-1CE0-42FB-8173-111D20E2BE02}] => (Allow) G:\Program Files (x86)\Steam\steam.exe => No File
FirewallRules: [{EA86A368-C836-443A-AD35-BD82922E9F9D}] => (Allow) G:\Program Files (x86)\Steam\steam.exe => No File
FirewallRules: [UDP Query User{15EE96A1-0D00-4B59-B3F4-0C9372359DFF}C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Block) C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe (Epic Games, Inc. -> Epic Games)
FirewallRules: [TCP Query User{F67527AE-B139-4693-87D9-F0CE98F895E1}C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Block) C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe (Epic Games, Inc. -> Epic Games)
FirewallRules: [UDP Query User{B4B98CCC-D628-45EC-B935-D3FFF044C429}C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe] => (Block) C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe => No File
FirewallRules: [TCP Query User{7961091D-0532-4D4B-A673-22007AF9C8CC}C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe] => (Block) C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe => No File
FirewallRules: [UDP Query User{79E87D8A-CF81-4C2D-8025-087F136D1279}C:\program files\sketchup\sketchup 2018\sketchup.exe] => (Block) C:\program files\sketchup\sketchup 2018\sketchup.exe (Trimble Navigation -> Trimble, Inc.) [File not signed]
FirewallRules: [TCP Query User{4063BC32-126F-4281-8B00-E0E50E9D02AC}C:\program files\sketchup\sketchup 2018\sketchup.exe] => (Block) C:\program files\sketchup\sketchup 2018\sketchup.exe (Trimble Navigation -> Trimble, Inc.) [File not signed]
FirewallRules: [UDP Query User{A2523DDD-C391-4592-84D4-E20DD37D53D2}C:\program files\sketchup\sketchup 2018\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2018\sketchup.exe (Trimble Navigation -> Trimble, Inc.) [File not signed]
FirewallRules: [TCP Query User{A90EA75F-BFCD-40BF-9647-7DCC4685D987}C:\program files\sketchup\sketchup 2018\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2018\sketchup.exe (Trimble Navigation -> Trimble, Inc.) [File not signed]
FirewallRules: [{2C729319-D562-4A82-B1D7-0BD18BEC1176}] => (Allow) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe (Chaos Software Ltd. -> )
FirewallRules: [{AA42CA98-894E-42B8-A4D3-AB0BB287CFE4}] => (Allow) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe (Chaos Software Ltd. -> )
FirewallRules: [{7E9E0B21-3EC0-48A5-9D11-53E899A305FD}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{399E0CE8-30DB-4E57-B375-981327FDE6FA}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{09AF76EC-7182-427E-B7EC-776933EFA317}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{6540525A-8759-44FF-86D1-2A716E385E99}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{4068B1FC-33AA-48F9-9B21-91A41B0894C8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{6844176F-0359-470A-ACB1-3E788B31823D}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Block) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [TCP Query User{70AA0E45-01FB-4AD6-A31C-6CA7B6853F69}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Block) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [{E89A3E0B-9F9D-409F-ADF8-DE7EBA5BB8A4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File
FirewallRules: [{831C8389-9F24-46A9-A4F6-7E482220BC2E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File
FirewallRules: [{67093BFE-81BD-4B94-A764-0A7447E3D78F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File
FirewallRules: [{14831299-919C-4C93-B0AD-9978E73747F9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File
FirewallRules: [UDP Query User{B10CF55D-CF00-49EA-B00A-29EA66DDFDB9}G:\zclient\zclient.exe] => (Allow) G:\zclient\zclient.exe => No File
FirewallRules: [TCP Query User{26CDEE33-D14F-4EDB-95E3-61AAF5D5F8E1}G:\zclient\zclient.exe] => (Allow) G:\zclient\zclient.exe => No File
FirewallRules: [{C0A300DA-C7FE-46CB-AB64-24D54259F22E}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{46F01F67-F913-426B-9367-FDF633F82839}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{32A441C7-2B41-4729-81E4-B8246ED8D1CC}] => (Allow) C:\Program Files\Firefox Nightly\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D4BE90EA-6954-4650-8AD7-06997CE00DE0}] => (Allow) C:\Program Files\Firefox Nightly\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{9AE3A485-6746-4AC9-803E-F645FAE0DA45}C:\users\lux\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\lux\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{FC98E2F6-2EBE-4679-9C08-105C212D5A82}C:\users\lux\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\lux\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{74D27538-2737-4EE2-9C5B-DDF738C2308B}C:\users\lux\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lux\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{DCF0D657-09B1-4288-869E-77C13A2A570A}C:\users\lux\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lux\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [AITech.Hss] => (Block) C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe (AnchorFree Inc -> AnchorFree Inc.)
FirewallRules: [UDP Query User{DC3E93A4-8B5B-4F9F-ACD5-64FB5669939F}C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Allow) C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe (Epic Games, Inc. -> Epic Games)
FirewallRules: [TCP Query User{84E8E9E1-917B-4C3C-9480-89A3716AD041}C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Allow) C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe (Epic Games, Inc. -> Epic Games)
FirewallRules: [UDP Query User{345B7D43-516F-4009-9CBB-C94BB3CB26BD}C:\program files\maxon\cinema 4d r20\cinema 4d.exe] => (Block) C:\program files\maxon\cinema 4d r20\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [TCP Query User{1C743F75-4ED1-4179-980A-E861F4789287}C:\program files\maxon\cinema 4d r20\cinema 4d.exe] => (Block) C:\program files\maxon\cinema 4d r20\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [UDP Query User{45CFE5A9-734A-433F-961F-DCC2D0ABE5AD}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [TCP Query User{4132A5E6-FBD7-484E-B9B9-126A5751257C}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [UDP Query User{BF0FF537-6029-4FB6-8437-EED40580D18B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [TCP Query User{02B3DC22-BD25-49AF-B59F-0AD4FC7BC979}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [TCP Query User{0842BE26-2C89-4EA5-92A3-BCD0CB5AE75E}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{E00E4221-64BA-43AC-B760-80353239B723}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{685A9BDF-993F-4ADB-A0AC-9735DF5FF493}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{67F106EE-0F28-4878-A08A-733B4EF576F4}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [TCP Query User{DDA22431-DB1F-476C-8187-C3466203AF33}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{0CA4B7AA-3BFB-49C1-999D-01FC8F4E2DB9}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{E8B93944-6E12-4C1B-B8C4-AEFFF4363FE7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{8B4EC4A2-75F5-4443-B3C5-1BA336AE293A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{8618C14C-AFE8-43F1-924F-A4DCE06BD46D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{73D36F44-B8FC-46F9-BD86-85ACCF0ED44D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C3F448DB-750B-4371-934D-4F2CF89CEBE2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4497B2D4-F967-4811-93B1-38A39CBD5A5E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B484DAF7-D825-4122-8B3E-E23270E2BD6A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A012426A-AF53-4AA8-9C24-F1941D4BC685}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{C8D3CEB3-49FB-4C61-9E47-B5DCDE4F54FA}C:\users\lux\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\lux\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{14CD318F-06C1-4976-A70D-0935FA648005}C:\users\lux\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\lux\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

12-03-2021 10:01:06 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/12/2021 04:09:11 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11308,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (03/12/2021 03:57:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.18362.1411 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2e3c

Start Time: 01d71777c98daea9

Termination Time: 59

Application Path: C:\Windows\explorer.exe

Report Id: 544bb69c-2138-4219-9b5e-ae530adf3335

Faulting package full name: 

Faulting package-relative application ID: 

Hang type: Unknown

Error: (03/12/2021 03:41:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.18362.1411, time stamp: 0x04a4f9f5
Faulting module name: twinui.pcshell.dll, version: 10.0.18362.1411, time stamp: 0xe2f1d77e
Exception code: 0x80270233
Fault offset: 0x0000000000409c7b
Faulting process id: 0x2b24
Faulting application start time: 0x01d717778c977eee
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\system32\twinui.pcshell.dll
Report Id: 7531a467-6e0e-4076-a4a0-48b4c07067e4
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/12/2021 03:41:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.18362.1411 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 246c

Start Time: 01d7175683483116

Termination Time: 60000

Application Path: C:\Windows\explorer.exe

Report Id: 5878a8c5-6b56-4124-8fe0-9cbfadc951ff

Faulting package full name: 

Faulting package-relative application ID: 

Hang type: Unknown

Error: (03/12/2021 03:40:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program winamp.exe version 5.6.6.3516 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 15c8

Start Time: 01d7177703ba4e8b

Termination Time: 14495

Application Path: C:\Program Files (x86)\Winamp\winamp.exe

Report Id: 015d2468-92d8-4a02-bfd1-2d89a7ff4894

Faulting package full name: 

Faulting package-relative application ID: 

Hang type: Unknown

Error: (03/12/2021 03:39:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.18362.1350, time stamp: 0x66e9554c
Faulting module name: ntdll.dll, version: 10.0.18362.1411, time stamp: 0x443b1261
Exception code: 0xc0000005
Fault offset: 0x00000000000072a6
Faulting process id: 0x1218
Faulting application start time: 0x01d71776baa0a902
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: cda830fa-fec3-438b-9ed1-fecd6fe7e63e
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/12/2021 11:45:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.18362.1350 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2d5c

Start Time: 01d71756952b8940

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Report Id: 45d56f90-4814-4680-922c-dfb464a55ec9

Faulting package full name: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: CortanaUI

Hang type: Quiesce

Error: (03/12/2021 12:06:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hmpalert.exe, version: 3.8.8.889, time stamp: 0x5fcb59be
Faulting module name: ntdll.dll, version: 10.0.18362.1411, time stamp: 0x9ace5a5f
Exception code: 0xc000070a
Fault offset: 0x000fee5e
Faulting process id: 0xfc0
Faulting application start time: 0x01d7175241acc26a
Faulting application path: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 268dac3d-35f9-4250-956a-1918f67f6aa7
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (03/12/2021 04:02:14 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (03/12/2021 04:00:14 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (03/12/2021 03:58:14 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (03/12/2021 03:57:59 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8)
Description: Unable to start a DCOM Server: Microsoft.AAD.BrokerPlugin_1000.18362.449.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\WINDOWS\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider

Error: (03/12/2021 03:57:52 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8)
Description: Unable to start a DCOM Server: Microsoft.Windows.ContentDeliveryManager_10.0.18362.449_neutral_neutral_cw5n1h2txyewy!App.AppXea6epmb5w19sjwy9ckw8md46dm93nhkq.mca as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

Error: (03/12/2021 03:57:50 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8)
Description: Unable to start a DCOM Server: Microsoft.AAD.BrokerPlugin_1000.18362.449.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\WINDOWS\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider

Error: (03/12/2021 03:55:07 PM) (Source: DCOM) (EventID: 10029) (User: DESKTOP-E8BVDK8)
Description: The activation of the CLSID {E60687F7-01A1-40AA-86AC-DB1CBF673334} timed out waiting for the service wuauserv to stop.

Error: (03/12/2021 03:53:37 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8)
Description: Unable to start a DCOM Server: Microsoft.AAD.BrokerPlugin_1000.18362.449.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\WINDOWS\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider


==================== Memory info =========================== 

BIOS: American Megatrends Inc. P1.00 10/05/2015
Motherboard: ASRock N68-GS4/USB3 FX R2.0
Processor: AMD FX(tm)-4100 Quad-Core Processor 
Percentage of memory in use: 60%
Total physical RAM: 8175.24 MB
Available physical RAM: 3214.7 MB
Total Virtual: 9135.24 MB
Available Virtual: 3673.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.23 GB) (Free:53.3 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.75 GB) (Free:14.87 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.28 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (inthestudio) (Fixed) (Total:230 GB) (Free:4.9 GB) NTFS
Drive g: () (Fixed) (Total:1402.67 GB) (Free:133.69 GB) NTFS
Drive h: () (Fixed) (Total:232.88 GB) (Free:12.32 GB) NTFS
Drive i: (inthestudio) (Fixed) (Total:230 GB) (Free:4.68 GB) NTFS
Drive j: (DAT) (Fixed) (Total:232.88 GB) (Free:4.96 GB) NTFS

\\?\Volume{465b29d7-0000-0000-0000-800e25000000}\ () (Fixed) (Total:0.81 GB) (Free:0.38 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: 465B29D7)
Partition 1: (Active) - (Size=148.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=833 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3A233A22)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.8 GB) - (Type=0F Extended)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: E474C32A)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1402.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=230 GB) - (Type=0F Extended)

==================== End of Addition.txt =======================

 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by lux (administrator) on DESKTOP-E8BVDK8 (12-03-2021 16:40:00)
Running from C:\Users\lux\Downloads
Loaded Profiles: lux
Platform: Windows 10 Pro Version 1909 18363.1440 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\afwServ.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124032 2018-05-26] (Corel Corporation -> WinZip Computing)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2018-05-26] (WinZip Computing LLC -> WinZip Computing, S.L.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [164608 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2021-01-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2021-01-04] (Adobe Inc. -> )
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11221496 2021-03-09] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Policies\Explorer: [] 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.82\Installer\chrmstp.exe [2021-03-06] (Google LLC -> Google LLC)
Startup: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk [2019-08-01]
ShortcutTarget: GenuineService.lnk -> C:\Users\lux\Autodesk\Genuine Service\GenuineService.exe (Autodesk, Inc. -> Autodesk)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A04EEC-D266-47C6-8ADD-FF966248287A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {0A4FB83A-1270-4965-91B6-680438E2F205} - System32\Tasks\Mozilla\Firefox Developer Edition Default Browser Agent CA9422711AE1A81C => C:\Program Files\Firefox Developer Edition\default-browser-agent.exe do-task "CA9422711AE1A81C"
Task: {1406319A-9FA7-446C-AF35-8280D92A044A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4730624 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {21C83A50-A09B-47BF-8865-F5469F008F33} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694752 2021-03-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {25DFC818-592C-4F1E-8A47-946ADB76658F} - System32\Tasks\Mozilla\Firefox Nightly Default Browser Agent 6F193CCC56814779 => C:\Program Files\Firefox Nightly\default-browser-agent.exe do-task "6F193CCC56814779"
Task: {2E352502-2149-4F32-8A79-42005652AF6D} - System32\Tasks\BlueStacksHelper => G:\BLUESTACKS\BlueStacks\Client\Helper\BlueStacksHelper.exe [754104 2021-01-07] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {3876FCD3-C190-47B2-8DC8-3865B4991A0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-30] (Google LLC -> Google LLC)
Task: {43912CE4-F6E9-4955-969E-8557BE97E7A7} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4022856778-3193992897-3864231476-1001 => C:\Users\lux\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {46D1C481-5130-4D61-9D33-0F2BD2308980} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation)
Task: {49FB58B4-DD4B-4519-9206-9B69F501BB2E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {57828313-D46B-4DE3-918D-00A4CF78BB82} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {740564A6-C064-48B7-A7E5-33A2A6660DE6} - System32\Tasks\Shutdown at 4 => Shutdown [Argument = at 4]
Task: {821141F5-F23A-4F86-A008-FDB5CCD5A346} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1822976 2021-02-23] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {994054D5-6822-45FF-89C4-9C133A0C43D0} - System32\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:f670f671-a83d-4db4-af77-19ffa5594347
Task: {9F26A201-557A-4803-A6BF-2541A4EF421E} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation)
Task: {B6462D50-60A9-49F7-BC85-911014C5C53D} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation)
Task: {B70DDA39-D8A1-41F8-840C-E5B7DE12AEF2} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {BC84898B-089D-4A76-9331-286EFD5930BD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {CF4233E2-36D6-4197-8DBB-A1D8C4910BAC} - System32\Tasks\shutdown => shutdown [Argument = /s /f /t 0]
Task: {D17D65C3-2279-43EE-8C27-AD00AF3D841F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform)
Task: {D977AB8B-28E7-4CE4-9AD9-B4EAD98B3CED} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {DF3F98B6-0381-4DB6-9F50-78364C6EFAE7} - System32\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:d7b383c5-6fed-4ab5-a88a-e04bda5480a0
Task: {E560DDA1-0B98-4B0F-9145-54E31B6E7F6C} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {F0DC8573-8780-481F-9B08-401CEE6FEE9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-30] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Internet (All) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\NLAapi.dll [70144 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 14 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 01 C:\Windows\system32\napinsp.dll [68096 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 02 C:\Windows\system32\pnrpnsp.dll [86528 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 03 C:\Windows\system32\pnrpnsp.dll [86528 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 04 C:\Windows\System32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 05 C:\Windows\System32\winrnr.dll [31232 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 06 C:\Windows\system32\NLAapi.dll [93184 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Windows\system32\wshbth.dll [64000 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 02 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 03 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 04 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 05 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 06 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 07 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 08 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 09 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 10 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 11 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 12 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 13 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 14 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.49.130.40 200.42.4.198
Tcpip\..\Interfaces\{588c67e1-02d4-490e-be08-ba8568127598}: [DhcpNameServer] 200.49.130.40 200.42.4.198
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\lux\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-12]
Edge HomePage: Default -> hxxp://www.google.com/ncr
Edge DefaultSearchURL: Default -> {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:iOSSearchLanguage}{google:prefetchSource}{google:searchClient}{google:sourceId}{google:contextualSearchVersion}ie={inputEncoding}
Edge DefaultSearchKeyword: Default -> google.com
Edge DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:omniboxFocusType}{google:cursorPosition}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
StartMenuInternet: Microsoft Edge - "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2021
Ran by lux (administrator) on DESKTOP-E8BVDK8 (13-03-2021 08:21:25)
Running from C:\Users\lux\Desktop\FIRST
Loaded Profiles: lux
Platform: Windows 10 Pro Version 1909 18363.1440 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361132.inf_amd64_4863ccf4c1b997c9\B361196\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361132.inf_amd64_4863ccf4c1b997c9\B361196\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\afwServ.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <3>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(Avid Technology, Inc. -> M-Audio) C:\Program Files (x86)\M-Audio\Fast Track\AudioDevMon.exe
(Chaos Software Ltd. -> ) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe
(Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9>
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Nullsoft Inc. -> Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe <3>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124032 2018-05-26] (Corel Corporation -> WinZip Computing)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2018-05-26] (WinZip Computing LLC -> WinZip Computing, S.L.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [164608 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2021-01-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2021-01-04] (Adobe Inc. -> )
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11221496 2021-03-09] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Policies\Explorer: [] 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe [2021-03-12] (Google LLC -> Google LLC)
Startup: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk [2019-08-01]
ShortcutTarget: GenuineService.lnk -> C:\Users\lux\Autodesk\Genuine Service\GenuineService.exe (Autodesk, Inc. -> Autodesk)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A04EEC-D266-47C6-8ADD-FF966248287A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {053C1485-0519-4553-9CE7-75EC4E2ADED9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Antivirus Emergency Update" /ENABLE
Task: {053C1485-0519-4553-9CE7-75EC4E2ADED9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {053C1485-0519-4553-9CE7-75EC4E2ADED9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {053C1485-0519-4553-9CE7-75EC4E2ADED9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-4022856778-3193992897-3864231476-1001" /ENABLE
Task: {053C1485-0519-4553-9CE7-75EC4E2ADED9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0" /ENABLE
Task: {053C1485-0519-4553-9CE7-75EC4E2ADED9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347" /ENABLE
Task: {053C1485-0519-4553-9CE7-75EC4E2ADED9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {0A4FB83A-1270-4965-91B6-680438E2F205} - System32\Tasks\Mozilla\Firefox Developer Edition Default Browser Agent CA9422711AE1A81C => C:\Program Files\Firefox Developer Edition\default-browser-agent.exe do-task "CA9422711AE1A81C"
Task: {1406319A-9FA7-446C-AF35-8280D92A044A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4730624 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {21C83A50-A09B-47BF-8865-F5469F008F33} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694752 2021-03-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {25DFC818-592C-4F1E-8A47-946ADB76658F} - System32\Tasks\Mozilla\Firefox Nightly Default Browser Agent 6F193CCC56814779 => C:\Program Files\Firefox Nightly\default-browser-agent.exe do-task "6F193CCC56814779"
Task: {2E352502-2149-4F32-8A79-42005652AF6D} - System32\Tasks\BlueStacksHelper => G:\BLUESTACKS\BlueStacks\Client\Helper\BlueStacksHelper.exe [754104 2021-01-07] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {3876FCD3-C190-47B2-8DC8-3865B4991A0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-30] (Google LLC -> Google LLC)
Task: {43912CE4-F6E9-4955-969E-8557BE97E7A7} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4022856778-3193992897-3864231476-1001 => C:\Users\lux\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {46D1C481-5130-4D61-9D33-0F2BD2308980} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation)
Task: {49FB58B4-DD4B-4519-9206-9B69F501BB2E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {57828313-D46B-4DE3-918D-00A4CF78BB82} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {740564A6-C064-48B7-A7E5-33A2A6660DE6} - System32\Tasks\Shutdown at 4 => Shutdown [Argument = at 4]
Task: {821141F5-F23A-4F86-A008-FDB5CCD5A346} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1822976 2021-02-23] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {994054D5-6822-45FF-89C4-9C133A0C43D0} - System32\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:f670f671-a83d-4db4-af77-19ffa5594347
Task: {9F26A201-557A-4803-A6BF-2541A4EF421E} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation)
Task: {B6462D50-60A9-49F7-BC85-911014C5C53D} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation)
Task: {B70DDA39-D8A1-41F8-840C-E5B7DE12AEF2} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {BC84898B-089D-4A76-9331-286EFD5930BD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {CF4233E2-36D6-4197-8DBB-A1D8C4910BAC} - System32\Tasks\shutdown => shutdown [Argument = /s /f /t 0]
Task: {D17D65C3-2279-43EE-8C27-AD00AF3D841F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform)
Task: {D977AB8B-28E7-4CE4-9AD9-B4EAD98B3CED} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {DF3F98B6-0381-4DB6-9F50-78364C6EFAE7} - System32\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:d7b383c5-6fed-4ab5-a88a-e04bda5480a0
Task: {E560DDA1-0B98-4B0F-9145-54E31B6E7F6C} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {F0DC8573-8780-481F-9B08-401CEE6FEE9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-30] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.42.4.207 200.49.130.41
Tcpip\..\Interfaces\{588c67e1-02d4-490e-be08-ba8568127598}: [DhcpNameServer] 200.42.4.207 200.49.130.41
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\lux\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-12]
Edge HomePage: Default -> hxxp://www.google.com/ncr

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
StartMenuInternet: Firefox-6F193CCC56814779 - C:\Program Files\Firefox Nightly\firefox.exe

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default [2021-03-13]
CHR StartupUrls: Default -> "hxxps://www.google.com/ncr"
CHR DefaultSearchURL: Default -> hxxps://sf16-sg.tiktokcdn.com/obj/eden-sg/uvkuhyieh7lpqpbj/pwa/512x512.png
CHR Extension: (TikTok) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahoadnkmomodgfkfokbclmabbfdaejpe [2021-02-03]
CHR Extension: (Tema oscuro para Google Chrome) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\annfbnbieaamhaimclajlajpijgkdblo [2021-03-10]
CHR Extension: (Google Drive) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (TT Downloader) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbckhiepgpniilpmlionnkjoeehhgao [2020-11-06]
CHR Extension: (YouTube) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-26]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (Video Downloader professional) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2020-11-30]
CHR Extension: (WhatFont) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\enfmjcmgehfjmhdbdceflcijljnpjfjh [2021-03-01]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-10]
CHR Extension: (WhatFont) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2021-03-01]
CHR Extension: (Tema oscuro para cualquier sitio web) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhodgikjfpkmcfeokjkanalglikhcgoh [2021-03-13]
CHR Extension: (Right Click Opens Link New Tab Correct Order) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhjkeimpgjokbjmioglhlngefbddppnn [2020-11-05]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Video Downloader by Skyload) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\pebcmofchocakhnljflecpkhadfplaea [2020-11-19]
CHR Extension: (Gmail) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-26]
CHR Extension: (Chrome Media Router) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-03]
CHR Profile: C:\Users\lux\AppData\Local\Google\Chrome\User Data\System Profile [2021-03-10]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S3 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S3 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [16939312 2019-01-08] (Autodesk, Inc. -> Autodesk)
S3 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [622184 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [1301208 2021-03-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [353024 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8091704 2021-03-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109464 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8736880 2021-01-02] (BattlEye Innovations e.K. -> )
S4 DialogBlockingService; C:\WINDOWS\System32\DialogBlockingService.dll [75776 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
R2 FastTrackAudioDevMon; C:\Program Files (x86)\M-Audio\Fast Track\AudioDevMon.exe [1962768 2013-05-21] (Avid Technology, Inc. -> M-Audio)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [5136328 2021-03-08] (SurfRight B.V. -> SurfRight B.V.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-10] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6477936 2021-03-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 VRLService; C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe [12089880 2020-12-06] (Chaos Software Ltd. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\NisSrv.exe [3284840 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MsMpEng.exe [103168 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 wordpressApache; C:\Bitnami\wordpress-5.6-3\apache2\bin\httpd.exe [29696 2020-10-03] (Apache Software Foundation) [File not signed]
S2 wordpressMySQL; C:\Bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe [49974272 2020-09-23] () [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [208176 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [357400 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [249368 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [98840 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [16832 2020-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [41424 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [175368 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [521472 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [107920 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [83496 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [850248 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [465800 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [215464 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [327104 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-04] (Bluestack Systems, Inc -> Bluestack System Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-03-10] (Malwarebytes Corporation -> Malwarebytes)
R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [429800 2021-03-08] (SurfRight B.V. -> SurfRight B.V.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
R3 MAUSBFASTTRACK; C:\WINDOWS\System32\drivers\MAudioFastTrack.sys [460048 2013-05-21] (Avid Technology, Inc. -> M-Audio)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-03-12] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-03-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-03-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-03-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-10] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [155360 2021-03-12] (Malwarebytes Inc -> Malwarebytes)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2020-10-14] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-07-31] (TunnelBear, Inc. -> The OpenVPN Project)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [44976 2018-09-07] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-02-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [376032 2020-02-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2020-02-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-13 08:15 - 2021-03-13 08:21 - 000000000 ____D C:\Users\lux\Desktop\FIRST
2021-03-13 07:04 - 2021-03-13 07:04 - 000000000 ___HD C:\$SysReset
2021-03-12 23:11 - 2021-03-12 23:11 - 000000000 ___HD C:\$Windows.~WS
2021-03-12 20:55 - 2021-03-13 03:33 - 000000000 ____D C:\ESD
2021-03-12 20:37 - 2021-03-12 20:37 - 000000000 ____D C:\$WINDOWS.~BT
2021-03-12 18:24 - 2021-03-12 18:33 - 000000000 ____D C:\WINDOWS\Minidump
2021-03-12 17:28 - 2021-03-12 17:28 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-03-12 17:28 - 2021-03-12 17:28 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-03-12 17:27 - 2021-03-12 17:27 - 000155360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-03-12 17:15 - 2021-03-12 17:15 - 000000698 _____ C:\Users\lux\Desktop\malwarebytes.txt
2021-03-12 16:06 - 2021-03-13 08:22 - 000000000 ____D C:\FRST
2021-03-12 12:08 - 2021-03-12 12:13 - 000000000 ____D C:\AdwCleaner
2021-03-12 12:03 - 2021-03-10 16:07 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-03-12 10:44 - 2021-03-13 08:10 - 000003442 _____ C:\WINDOWS\system32\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347
2021-03-12 10:44 - 2021-03-13 08:10 - 000003184 _____ C:\WINDOWS\system32\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0
2021-03-12 10:44 - 2021-03-13 08:10 - 000000538 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347.job
2021-03-12 10:44 - 2021-03-13 08:10 - 000000538 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0.job
2021-03-12 10:32 - 2021-03-12 10:32 - 000000020 ___SH C:\Users\lux\ntuser.ini
2021-03-12 08:29 - 2021-03-12 08:43 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-03-12 08:26 - 2021-03-12 08:28 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-03-12 08:26 - 2021-03-12 08:26 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-03-12 08:16 - 2021-03-12 08:16 - 000000000 ____D C:\ProgramData\USOShared
2021-03-12 08:16 - 2021-03-12 08:16 - 000000000 ____D C:\ProgramData\ssh
2021-03-12 08:03 - 2021-03-12 08:03 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll
2021-03-12 08:03 - 2021-03-12 08:03 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2021-03-12 08:00 - 2021-03-12 08:00 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-03-12 08:00 - 2021-03-12 08:00 - 000515584 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-03-12 08:00 - 2021-03-12 08:00 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-03-12 08:00 - 2021-03-12 08:00 - 000151040 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-03-12 08:00 - 2021-03-12 08:00 - 000109056 _____ C:\WINDOWS\system32\RDVGHelper.exe
2021-03-12 08:00 - 2021-03-12 08:00 - 000094720 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-03-12 08:00 - 2021-03-12 08:00 - 000030720 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2021-03-12 07:59 - 2021-03-12 07:59 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-03-12 07:59 - 2021-03-12 07:59 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-03-12 07:59 - 2021-03-12 07:59 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-03-12 07:59 - 2021-03-12 07:59 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-03-12 07:58 - 2021-03-12 07:58 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-12 07:58 - 2021-03-12 07:58 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-03-12 07:58 - 2021-03-12 07:58 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-03-12 07:58 - 2021-03-12 07:58 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-03-12 07:58 - 2021-03-12 07:58 - 000386048 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\SysWOW64\curl.exe
2021-03-12 07:58 - 2021-03-12 07:58 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-03-12 07:58 - 2021-03-12 07:58 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-03-12 07:58 - 2021-03-12 07:58 - 000053248 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-03-12 07:57 - 2021-03-12 07:57 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-12 07:57 - 2021-03-12 07:57 - 002045952 _____ C:\WINDOWS\system32\rdpnano.dll
2021-03-12 07:57 - 2021-03-12 07:57 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-03-12 07:57 - 2021-03-12 07:57 - 000259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-03-12 07:57 - 2021-03-12 07:57 - 000171008 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-03-12 07:57 - 2021-03-12 07:57 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-03-12 07:57 - 2021-03-12 07:57 - 000059221 _____ C:\WINDOWS\system32\srms.dat
2021-03-12 07:56 - 2021-03-12 07:56 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-03-12 07:56 - 2021-03-12 07:56 - 001282360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-12 07:56 - 2021-03-12 07:56 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-03-12 07:56 - 2021-03-12 07:56 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-03-12 07:56 - 2021-03-12 07:56 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-03-12 07:56 - 2021-03-12 07:56 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-03-12 07:56 - 2021-03-12 07:56 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-03-12 07:56 - 2021-03-12 07:56 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-03-12 07:56 - 2021-03-12 07:56 - 000421376 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe
2021-03-12 07:56 - 2021-03-12 07:56 - 000110080 _____ C:\WINDOWS\system32\ResBParser.dll
2021-03-12 07:56 - 2021-03-12 07:56 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-03-12 07:56 - 2021-03-12 07:56 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-03-12 07:56 - 2021-03-12 07:56 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-03-12 07:56 - 2021-03-12 07:56 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth19.bin
2021-03-12 07:56 - 2021-03-12 07:56 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth14.bin
2021-03-12 07:56 - 2021-03-12 07:56 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth13.bin
2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-03-12 07:55 - 2021-03-12 07:55 - 000458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-03-12 07:55 - 2021-03-12 07:55 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-03-12 07:55 - 2021-03-12 07:55 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-03-12 07:55 - 2021-03-12 07:55 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-03-12 07:55 - 2021-03-12 07:55 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-03-12 07:54 - 2021-03-12 07:54 - 001893888 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-03-12 07:54 - 2021-03-12 07:54 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-03-12 07:54 - 2021-03-12 07:54 - 000208384 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-03-12 07:53 - 2021-03-12 07:53 - 000861696 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-12 07:53 - 2021-03-12 07:53 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-03-12 07:53 - 2021-03-12 07:53 - 000331264 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-03-12 07:53 - 2021-03-12 07:53 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-03-12 07:53 - 2021-03-12 07:53 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-03-12 07:53 - 2021-03-12 07:53 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-03-12 07:52 - 2021-03-12 07:52 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-03-12 07:52 - 2021-03-12 07:52 - 002590720 _____ C:\WINDOWS\system32\dwmscene.dll
2021-03-12 07:52 - 2021-03-12 07:52 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-03-12 07:52 - 2021-03-12 07:52 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-03-12 07:52 - 2021-03-12 07:52 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-03-12 07:52 - 2021-03-12 07:52 - 000811160 _____ C:\WINDOWS\SysWOW64\locale.nls
2021-03-12 07:52 - 2021-03-12 07:52 - 000811160 _____ C:\WINDOWS\system32\locale.nls
2021-03-12 07:52 - 2021-03-12 07:52 - 000059392 _____ C:\WINDOWS\system32\runexehelper.exe
2021-03-12 07:52 - 2021-03-12 07:52 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-03-12 07:52 - 2021-03-12 07:52 - 000047616 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-03-12 07:52 - 2021-03-12 07:52 - 000035840 _____ C:\WINDOWS\system32\deploymentcsphelper.exe
2021-03-12 07:52 - 2021-03-12 07:52 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-03-12 07:51 - 2021-03-12 07:51 - 002321408 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-03-12 07:51 - 2021-03-12 07:51 - 001757632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-12 07:51 - 2021-03-12 07:51 - 001365640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-12 07:51 - 2021-03-12 07:51 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-03-12 07:51 - 2021-03-12 07:51 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-03-12 07:51 - 2021-03-12 07:51 - 000232752 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-12 07:51 - 2021-03-12 07:51 - 000186368 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-03-12 07:51 - 2021-03-12 07:51 - 000053248 _____ C:\WINDOWS\system32\Drivers\UsbPmApi.sys
2021-03-12 07:51 - 2021-03-12 07:51 - 000047616 _____ C:\WINDOWS\system32\UsbPmApi.dll
2021-03-12 07:51 - 2021-03-12 07:51 - 000037888 _____ C:\WINDOWS\system32\usocoreps.dll
2021-03-12 07:50 - 2021-03-12 07:50 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-03-12 07:50 - 2021-03-12 07:50 - 000266752 _____ C:\WINDOWS\system32\HeatCore.dll
2021-03-12 07:49 - 2021-03-12 07:49 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-03-12 07:49 - 2021-03-12 07:49 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-03-12 07:49 - 2021-03-12 07:49 - 000453632 _____ C:\WINDOWS\system32\ssdm.dll
2021-03-12 07:49 - 2021-03-12 07:49 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-03-12 07:49 - 2021-03-12 07:49 - 000200704 _____ C:\WINDOWS\system32\IHDS.dll
2021-03-12 07:49 - 2021-03-12 07:49 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-03-12 07:49 - 2021-03-12 07:49 - 000061440 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-03-12 07:49 - 2021-03-12 07:49 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-03-12 07:15 - 2021-03-12 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\es
2021-03-12 07:15 - 2021-03-12 07:15 - 000000000 ____D C:\WINDOWS\system32\es
2021-03-12 07:15 - 2021-03-12 07:14 - 000346834 _____ C:\WINDOWS\system32\perfi00A.dat
2021-03-12 07:15 - 2021-03-12 07:14 - 000043954 _____ C:\WINDOWS\system32\perfd00A.dat
2021-03-12 07:15 - 2021-03-12 06:10 - 000783214 _____ C:\WINDOWS\system32\perfh00A.dat
2021-03-12 07:15 - 2021-03-12 06:10 - 000152732 _____ C:\WINDOWS\system32\perfc00A.dat
2021-03-12 07:02 - 2021-03-12 07:01 - 000144624 _____ C:\WINDOWS\system32\perfi011.dat
2021-03-12 07:02 - 2021-03-12 07:01 - 000033402 _____ C:\WINDOWS\system32\perfd011.dat
2021-03-12 07:02 - 2021-03-12 06:10 - 000487246 _____ C:\WINDOWS\system32\perfh011.dat
2021-03-12 07:02 - 2021-03-12 06:10 - 000132876 _____ C:\WINDOWS\system32\perfc011.dat
2021-03-12 07:01 - 2021-03-12 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-03-12 07:01 - 2021-03-12 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\ja
2021-03-12 07:01 - 2021-03-12 07:01 - 000000000 ____D C:\WINDOWS\system32\ja
2021-03-12 06:48 - 2021-03-12 06:48 - 000002060 _____ C:\WINDOWS\system32\noise.jpn
2021-03-12 06:47 - 2021-03-12 06:47 - 000415232 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2021-03-12 06:47 - 2021-03-12 06:47 - 000390656 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2021-03-12 06:46 - 2021-03-12 06:46 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-03-12 06:46 - 2021-03-12 06:46 - 000000000 ____D C:\Program Files\MSBuild
2021-03-12 06:46 - 2021-03-12 06:46 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-03-12 06:46 - 2021-03-12 06:46 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-03-12 06:22 - 2021-03-13 08:10 - 000002922 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4022856778-3193992897-3864231476-1001
2021-03-12 06:18 - 2021-03-12 06:18 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-03-12 05:59 - 2021-03-12 10:23 - 000000000 ____D C:\Users\TEMP.DESKTOP-E8BVDK8.001
2021-03-12 05:59 - 2019-03-19 00:46 - 000001105 _____ C:\Users\TEMP.DESKTOP-E8BVDK8.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-12 05:58 - 2021-03-12 05:59 - 000000000 ____D C:\Users\TEMP.DESKTOP-E8BVDK8.000
2021-03-12 05:58 - 2021-03-12 05:58 - 000000000 ____D C:\Users\TEMP.DESKTOP-E8BVDK8
2021-03-12 05:58 - 2019-03-19 00:46 - 000001105 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-12 05:58 - 2019-03-19 00:46 - 000001105 _____ C:\Users\TEMP.DESKTOP-E8BVDK8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-12 05:57 - 2021-03-12 05:58 - 000000000 ____D C:\Users\TEMP
2021-03-12 05:54 - 2021-03-13 08:10 - 000003310 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2021-03-12 05:54 - 2021-03-13 08:10 - 000003254 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-12 05:54 - 2021-03-13 08:10 - 000002280 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-03-12 05:54 - 2021-03-13 08:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2021-03-12 05:54 - 2021-03-12 18:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-12 05:54 - 2021-03-12 05:55 - 000003406 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-03-12 05:54 - 2021-03-12 05:55 - 000003366 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{46C008D5-D1E8-4A00-B94C-58EEA7E7B826}
2021-03-12 05:54 - 2021-03-12 05:55 - 000002754 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 2
2021-03-12 05:54 - 2021-03-12 05:55 - 000002752 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 3
2021-03-12 05:54 - 2021-03-12 05:55 - 000002752 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 1
2021-03-12 05:54 - 2021-03-12 05:55 - 000002672 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-03-12 05:54 - 2021-03-12 05:55 - 000002516 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2021-03-12 05:54 - 2021-03-12 05:55 - 000002426 _____ C:\WINDOWS\system32\Tasks\shutdown
2021-03-12 05:54 - 2021-03-12 05:55 - 000002424 _____ C:\WINDOWS\system32\Tasks\Shutdown at 4
2021-03-12 05:54 - 2021-03-12 05:54 - 000003468 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-12 05:54 - 2021-03-12 05:54 - 000003244 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-12 05:54 - 2021-03-12 05:54 - 000003182 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-03-12 05:54 - 2021-03-12 05:54 - 000003024 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper
2021-03-12 05:54 - 2021-03-12 05:54 - 000002448 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate
2021-03-12 05:54 - 2021-03-12 05:54 - 000002262 _____ C:\WINDOWS\system32\Tasks\StartCN
2021-03-12 05:54 - 2021-03-12 05:54 - 000002182 _____ C:\WINDOWS\system32\Tasks\StartDVR
2021-03-12 05:54 - 2021-03-12 05:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2021-03-12 05:54 - 2021-03-12 05:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2021-03-12 05:54 - 2021-03-12 05:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-03-12 05:54 - 2021-03-12 05:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2021-03-12 05:54 - 2021-03-12 05:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2021-03-12 05:51 - 2021-03-12 23:01 - 000012975 _____ C:\WINDOWS\diagwrn.xml
2021-03-12 05:51 - 2021-03-12 23:01 - 000009528 _____ C:\WINDOWS\diagerr.xml
2021-03-12 05:15 - 2021-03-12 12:04 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-03-12 05:15 - 2021-03-12 06:10 - 002378712 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-12 04:58 - 2021-03-12 18:27 - 000000000 ____D C:\Users\lux
2021-03-12 04:58 - 2019-03-19 00:46 - 000001105 _____ C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-12 04:45 - 2021-03-13 05:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-12 04:45 - 2021-03-12 05:08 - 005146480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-11 16:12 - 2021-03-11 16:13 - 000000000 ____D C:\windows update fix
2021-03-11 16:08 - 2021-03-11 16:08 - 000000000 ____D C:\Users\lux\AppData\Roaming\SUPERAntiSpyware.com
2021-03-11 16:06 - 2021-03-12 05:05 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2021-03-11 16:06 - 2021-03-11 16:08 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2021-03-11 16:06 - 2021-03-11 16:06 - 000001849 _____ C:\Users\lux\Desktop\SUPERAntiSpyware Professional X.lnk
2021-03-11 16:06 - 2021-03-11 16:06 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2021-03-11 16:02 - 2021-03-11 16:02 - 000000000 ____D C:\Users\lux\AppData\Local\ElevatedDiagnostics
2021-03-11 15:58 - 2021-03-11 15:58 - 000000689 _____ C:\Users\lux\Desktop\trojan.txt
2021-03-11 15:57 - 2021-03-11 15:57 - 000001459 _____ C:\Users\lux\Desktop\malware ai.txt
2021-03-11 15:57 - 2021-03-11 15:57 - 000000693 _____ C:\Users\lux\Desktop\compromised.txt
2021-03-11 15:33 - 2021-03-11 15:50 - 000000000 ____D C:\Users\lux\AppData\Local\NPE
2021-03-11 12:18 - 2021-03-13 03:33 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-11 11:49 - 2021-03-12 10:06 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-03-10 16:11 - 2021-03-12 12:04 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-03-10 16:11 - 2021-03-12 12:04 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-03-10 16:11 - 2021-03-10 16:11 - 000000000 ____D C:\Users\lux\AppData\Local\mbam
2021-03-10 16:10 - 2021-03-10 16:10 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-03-10 16:10 - 2021-03-10 16:07 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-03-10 16:07 - 2021-03-10 16:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-03-10 16:06 - 2021-03-10 16:06 - 000000000 ____D C:\Program Files\Malwarebytes
2021-03-09 19:33 - 2021-03-12 15:42 - 000000000 ____D C:\Users\lux\AppData\Local\CrashDumps
2021-03-09 17:41 - 2021-03-09 17:41 - 000000000 ____D C:\ProgramData\Sophos
2021-03-09 17:40 - 2021-03-12 08:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2021-03-09 17:40 - 2021-03-09 17:40 - 000002775 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk
2021-03-09 17:40 - 2021-03-09 17:40 - 000000000 ____D C:\Program Files (x86)\Sophos
2021-03-09 16:55 - 2021-03-09 16:55 - 000001864 _____ C:\Users\lux\Desktop\cc_20210309_165530.reg
2021-03-09 16:54 - 2021-03-09 16:54 - 000069224 _____ C:\Users\lux\Desktop\cc_20210309_165437.reg
2021-03-09 04:28 - 2021-03-09 04:28 - 000000000 ____D C:\Users\lux\AppData\Local\VS Revo Group
2021-03-09 04:21 - 2021-03-12 08:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2021-03-09 04:21 - 2021-03-09 04:21 - 000001122 _____ C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk
2021-03-09 04:21 - 2021-03-09 04:21 - 000000000 ____D C:\ProgramData\VS Revo Group
2021-03-09 04:21 - 2021-03-09 04:21 - 000000000 ____D C:\Program Files\VS Revo Group
2021-03-09 04:21 - 2020-10-14 04:07 - 000038400 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2021-03-09 03:30 - 2021-03-09 03:30 - 000000000 _____ C:\Users\lux\Desktop\F I G C.txt
2021-03-08 09:02 - 2021-03-08 09:02 - 000001999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Internet Security.lnk
2021-03-08 09:02 - 2021-02-22 17:03 - 000340224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2021-03-08 08:40 - 2021-03-12 11:12 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2021-03-08 08:40 - 2021-03-12 08:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2021-03-08 08:40 - 2021-03-08 08:40 - 001006032 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll
2021-03-08 08:40 - 2021-03-08 08:40 - 001004496 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll
2021-03-08 08:40 - 2021-03-08 08:40 - 000429800 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys
2021-03-08 08:40 - 2021-03-08 08:40 - 000179144 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpshell.dll
2021-03-08 08:40 - 2021-03-08 08:40 - 000000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2021-03-07 23:16 - 2021-03-07 23:16 - 000001912 _____ C:\ProgramData\Desktop\BlueStacks.lnk
2021-03-07 23:16 - 2021-03-07 23:16 - 000001283 _____ C:\ProgramData\Desktop\BlueStacks Multi-Instance Manager.lnk
2021-03-07 23:06 - 2021-03-07 23:06 - 000000000 ____D C:\Program Files\BlueStacks
2021-03-06 04:50 - 2021-03-06 04:50 - 000000000 _____ C:\Users\lux\Desktop\Nice Cookies style.txt
2021-03-04 15:06 - 2021-03-04 15:07 - 000001198 _____ C:\Users\lux\Desktop\cookies terms.txt
2021-03-01 07:17 - 2021-03-01 07:17 - 000911227 _____ C:\Users\lux\Desktop\untitled_backup_Mar-1-2021_7-8-58(2).oc
2021-03-01 06:26 - 2021-03-01 07:13 - 000000000 ____D C:\Users\lux\Documents\OrbComposer
2021-03-01 06:22 - 2021-03-01 07:46 - 000000000 ____D C:\Users\lux\AppData\Roaming\com.hexachords.OrbComposer
2021-03-01 06:22 - 2018-05-16 17:23 - 000116272 _____ (Bome Software GmbH & Co. KG) C:\WINDOWS\system32\bomemidi_coinst.dll
2021-03-01 06:21 - 2021-03-01 06:21 - 005198187 _____ C:\Users\lux\Desktop\wpautomatic3440.rar
2021-03-01 06:13 - 2021-03-01 06:13 - 000012220 _____ C:\Users\lux\Desktop\25781_Hexachords-Orb_.torrent
2021-03-01 00:31 - 2021-03-01 00:31 - 000002120 _____ C:\Users\lux\Desktop\third party cookies note bluehost website.txt
2021-02-28 23:17 - 2021-02-28 23:17 - 000001389 _____ C:\Users\lux\Desktop\Adobe XD.lnk
2021-02-28 22:19 - 2021-02-28 22:19 - 000000000 ___HD C:\$AV_AVG
2021-02-28 10:10 - 2021-03-13 03:03 - 000000000 ____D C:\Users\lux\AppData\LocalLow\IGDump
2021-02-26 06:17 - 2021-02-26 06:29 - 000000000 ____D C:\Program Files\Firefox Developer Edition
2021-02-25 03:32 - 2021-02-25 03:32 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign26b7d91229d188cc
2021-02-25 03:30 - 2021-02-25 03:30 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign80e22defb8466c88
2021-02-25 03:30 - 2021-02-25 03:30 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign4c950e0ca4a645c4
2021-02-25 02:21 - 2021-02-25 02:21 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign6d96c67bfd05aa51
2021-02-25 02:18 - 2021-02-25 02:18 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignf2886c52cf06e950
2021-02-25 02:18 - 2021-02-25 02:18 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignab9a586d22160791
2021-02-22 17:04 - 2021-02-22 17:03 - 000215464 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2021-02-20 00:58 - 2021-02-20 00:58 - 000035058 _____ C:\Users\lux\Documents\WINAMP.m3u8
2021-02-18 21:06 - 2021-02-18 21:06 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignac9b0181c25b9cc3
2021-02-18 20:55 - 2021-02-18 20:55 - 000000000 ____D C:\Users\lux\Documents\Adobe
2021-02-18 20:19 - 2021-02-18 20:19 - 000000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2017.lnk
2021-02-18 20:19 - 2021-02-18 20:19 - 000000000 ____D C:\ProgramData\Documents\Adobe
2021-02-17 23:53 - 2021-02-17 23:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignb120ae7686410add
2021-02-17 23:53 - 2021-02-17 23:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign72bae6680b5b6cab
2021-02-17 23:53 - 2021-02-17 23:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign09f3b43268feba29
2021-02-17 03:54 - 2021-02-17 03:54 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignbb41fb5c687b8a8d
2021-02-17 03:53 - 2021-02-17 03:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsigne9bc421c0fe2b19f
2021-02-17 03:53 - 2021-02-17 03:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign8b8309d16d6c13aa
2021-02-14 05:27 - 2021-02-14 05:27 - 000000000 ____D C:\backup
2021-02-12 03:24 - 2021-02-12 03:25 - 000001068 _____ C:\Users\lux\Documents\cc_20210212_032454.reg
2021-02-12 03:24 - 2021-02-12 03:24 - 000015302 _____ C:\Users\lux\Documents\cc_20210212_032357.reg

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-13 08:19 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-13 08:13 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-13 08:10 - 2020-07-13 02:04 - 000000000 ____D C:\Users\lux\AppData\Roaming\vlc
2021-03-13 08:10 - 2018-08-26 12:35 - 000000000 ____D C:\Users\lux\AppData\Local\D3DSCache
2021-03-13 00:07 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-12 20:08 - 2018-09-26 14:43 - 000000000 ____D C:\ProgramData\AVG
2021-03-12 20:04 - 2019-03-19 00:50 - 000000000 ____D C:\WINDOWS\INF
2021-03-12 19:34 - 2018-09-30 02:19 - 000000000 ____D C:\Program Files\CCleaner
2021-03-12 19:30 - 2020-10-30 02:09 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-12 18:24 - 2020-08-13 01:43 - 000309022 ____N C:\WINDOWS\Minidump\031221-64875-01.dmp
2021-03-12 17:29 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\appcompat
2021-03-12 17:21 - 2019-03-19 00:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-03-12 17:21 - 2018-08-30 21:47 - 000000000 ____D C:\ProgramData\HitmanPro
2021-03-12 17:21 - 2018-08-26 11:09 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-03-12 12:03 - 2019-03-19 00:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-03-12 11:10 - 2019-03-19 00:37 - 000000000 ____D C:\WINDOWS\servicing
2021-03-12 11:10 - 2019-03-19 00:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-12 10:57 - 2019-03-19 00:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-03-12 10:55 - 2020-08-02 20:46 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-12 10:50 - 2019-06-19 03:48 - 000000000 ____D C:\Program Files\UNP
2021-03-12 10:39 - 2018-08-26 10:52 - 000000000 ___RD C:\Users\lux\3D Objects
2021-03-12 10:38 - 2018-08-26 10:52 - 000000000 ____D C:\Users\lux\AppData\Local\Packages
2021-03-12 10:05 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-03-12 08:44 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-03-12 08:44 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-03-12 08:44 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-03-12 08:44 - 2019-03-19 00:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-03-12 08:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-03-12 08:43 - 2021-02-05 03:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2021-03-12 08:43 - 2021-02-05 03:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2021-03-12 08:43 - 2021-02-03 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-03-12 08:43 - 2021-01-31 11:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitnami WordPress Stack
2021-03-12 08:43 - 2021-01-13 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-03-12 08:43 - 2020-07-20 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2021-03-12 08:43 - 2020-07-11 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Charge
2021-03-12 08:43 - 2020-07-09 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-03-12 08:43 - 2020-06-28 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jBridge
2021-03-12 08:43 - 2020-06-27 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2021-03-12 08:43 - 2020-06-24 19:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2019.4.1f1 (64-bit)
2021-03-12 08:43 - 2020-06-17 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 FreeMultiplayer
2021-03-12 08:43 - 2020-04-23 23:29 - 000000000 ____D C:\WINDOWS\system32\UnityInjector
2021-03-12 08:43 - 2020-02-07 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2021-03-12 08:43 - 2019-08-19 01:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Borderless Gaming
2021-03-12 08:43 - 2019-08-01 20:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2020 - English
2021-03-12 08:43 - 2019-07-22 14:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON
2021-03-12 08:43 - 2019-07-20 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2021-03-12 08:43 - 2019-06-23 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2021-03-12 08:43 - 2019-06-14 15:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoulseekQt
2021-03-12 08:43 - 2019-06-03 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSS WaZrOnE
2021-03-12 08:43 - 2019-06-03 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter Strike Source WaRzOnE
2021-03-12 08:43 - 2019-06-01 14:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2021-03-12 08:43 - 2019-04-03 00:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart2DCutting 3
2021-03-12 08:43 - 2019-04-01 02:53 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-03-12 08:43 - 2019-03-31 22:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Image Downloader
2021-03-12 08:43 - 2019-03-19 00:56 - 000000000 ____D C:\WINDOWS\Setup
2021-03-12 08:43 - 2019-03-19 00:52 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-03-12 08:43 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\spool
2021-03-12 08:43 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-03-12 08:43 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-03-12 08:43 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\ServiceState
2021-03-12 08:43 - 2019-03-19 00:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-12 08:43 - 2019-01-26 04:20 - 000000000 ____D C:\WINDOWS\system32\myApp
2021-03-12 08:43 - 2018-12-18 05:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2021-03-12 08:43 - 2018-12-03 02:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2021-03-12 08:43 - 2018-11-22 08:03 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2021-03-12 08:43 - 2018-09-30 02:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-03-12 08:43 - 2018-09-18 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2021-03-12 08:43 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-03-12 08:43 - 2018-09-05 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2021-03-12 08:43 - 2018-09-05 10:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
2021-03-12 08:43 - 2018-08-28 11:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2018
2021-03-12 08:43 - 2018-08-27 05:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2021-03-12 08:43 - 2018-08-27 05:14 - 000000000 ____D C:\Program Files\IIS
2021-03-12 08:43 - 2018-04-11 19:38 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-03-12 08:31 - 2019-05-11 01:32 - 000000000 ____D C:\WINDOWS\system32\AMD
2021-03-12 08:31 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\Resources
2021-03-12 08:29 - 2021-02-06 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
2021-03-12 08:29 - 2020-07-13 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019
2021-03-12 08:29 - 2020-07-05 13:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2021-03-12 08:29 - 2020-06-28 00:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2021-03-12 08:29 - 2020-06-27 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia
2021-03-12 08:29 - 2020-04-06 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XCOM - Enemy Unknown [GOG.com]
2021-03-12 08:29 - 2019-08-19 01:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MWGraphics
2021-03-12 08:29 - 2019-05-24 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
2021-03-12 08:29 - 2018-08-27 04:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\TextInput
2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-12 08:16 - 2019-03-19 02:23 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-03-12 08:16 - 2019-03-19 02:23 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-03-12 08:16 - 2019-03-19 02:23 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-03-12 08:16 - 2019-03-19 02:23 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Com
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\IME
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\Program Files\Common Files\System
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\PerfLogs
2021-03-12 08:12 - 2019-03-19 02:23 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-03-12 08:12 - 2019-03-19 02:23 - 000019469 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-03-12 07:15 - 2019-03-19 02:20 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-03-12 07:15 - 2019-03-19 02:20 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-03-12 07:15 - 2019-03-19 02:20 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-03-12 07:15 - 2019-03-19 02:20 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-03-12 07:15 - 2019-03-19 02:20 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-03-12 07:15 - 2019-03-19 02:20 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-03-12 07:15 - 2019-03-19 02:20 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-03-12 07:15 - 2019-03-19 02:20 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-03-12 07:15 - 2019-03-19 00:52 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-03-12 07:15 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-03-12 07:15 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-03-12 06:44 - 2019-03-19 02:22 - 000000000 ____D C:\WINDOWS\OCR
2021-03-12 06:14 - 2019-03-19 00:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-12 06:03 - 2018-12-18 03:29 - 000000580 __RSH C:\ProgramData\ntuser.pol
2021-03-12 05:57 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\USOPrivate
2021-03-12 05:54 - 2019-03-19 00:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-03-12 05:54 - 2019-03-19 00:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-03-12 05:05 - 2020-07-01 19:00 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Pro-53
2021-03-12 05:05 - 2020-06-28 00:32 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arturia
2021-03-12 05:05 - 2020-01-30 02:54 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2021-03-12 05:05 - 2019-05-11 08:22 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hitman Codename 47
2021-03-12 05:05 - 2018-11-20 14:19 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2021-03-12 05:05 - 2018-09-25 01:44 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-03-12 05:01 - 2021-02-03 17:25 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome
2021-03-12 05:01 - 2020-07-29 21:49 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2021-03-12 05:01 - 2020-07-05 03:22 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iZotope
2021-03-12 05:01 - 2020-06-30 14:29 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments FM7
2021-03-12 05:01 - 2020-06-30 14:13 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Modartt
2021-03-12 05:01 - 2020-06-28 14:27 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Voxengo
2021-03-12 05:01 - 2020-06-27 23:42 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton
2021-03-12 05:01 - 2019-03-16 07:07 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2021-03-12 01:57 - 2018-08-26 19:33 - 000008192 __RSH C:\BOOTSECT.BAK
2021-03-12 00:34 - 2018-08-27 04:17 - 000000000 ____D C:\Program Files\dotnet
2021-03-12 00:34 - 2018-08-26 11:10 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-12 00:05 - 2018-08-26 19:33 - 000409654 __RSH C:\bootmgr
2021-03-12 00:05 - 2018-08-26 19:33 - 000000001 ___SH C:\BOOTNXT
2021-03-11 17:10 - 2020-12-06 11:09 - 000000000 ____D C:\Program Files\Chaos Group
2021-03-11 15:38 - 2018-08-26 11:00 - 000000000 ____D C:\ProgramData\Norton
2021-03-11 15:28 - 2020-08-16 10:50 - 000000000 ____D C:\unreal
2021-03-11 11:57 - 2018-08-26 15:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-11 11:46 - 2018-08-26 15:15 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-10 09:35 - 2018-08-27 04:10 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2021-03-10 09:35 - 2018-08-27 04:10 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2021-03-10 09:34 - 2019-06-23 22:08 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2021-03-10 09:20 - 2018-08-27 04:02 - 000000000 ____D C:\Users\lux\AppData\Roaming\Visual Studio Setup
2021-03-10 09:19 - 2018-08-27 04:02 - 000001433 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2021-03-10 09:19 - 2018-08-27 04:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2021-03-09 15:50 - 2020-07-20 20:04 - 000000000 ____D C:\Users\lux\Documents\Bandicam
2021-03-09 10:32 - 2019-10-04 04:02 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-03-09 06:45 - 2019-06-23 22:15 - 000000000 ____D C:\Program Files (x86)\Autodesk
2021-03-09 06:39 - 2018-09-01 11:34 - 000000000 ____D C:\Program Files\Epic Games
2021-03-09 05:45 - 2019-03-31 22:07 - 000000000 ____D C:\Users\lux\Documents\Bulk Image Downloader
2021-03-09 04:12 - 2018-10-06 15:37 - 000000000 ____D C:\Users\lux\AppData\Local\Opera Software
2021-03-09 04:12 - 2018-10-06 15:35 - 000000000 ____D C:\Users\lux\AppData\Roaming\Opera Software
2021-03-08 04:35 - 2018-12-13 17:22 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-08 03:17 - 2018-08-26 18:13 - 000000000 ____D C:\Users\lux\AppData\LocalLow\Mozilla
2021-03-07 23:21 - 2020-07-21 03:29 - 000000000 ____D C:\Users\lux\AppData\Local\BlueStacksSetup
2021-03-07 23:16 - 2020-07-21 03:42 - 000001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks.lnk
2021-03-07 23:16 - 2020-07-21 03:42 - 000001295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2021-03-07 22:55 - 2020-02-04 00:26 - 000000000 ____D C:\Users\lux\AppData\Local\BlueStacks
2021-03-07 12:43 - 2018-08-30 14:50 - 000280904 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2021-03-07 12:42 - 2019-05-04 03:22 - 000280904 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2021-03-07 11:46 - 2018-08-26 14:28 - 000000000 ____D C:\ProgramData\Origin
2021-03-07 05:41 - 2020-06-17 09:11 - 000000000 ____D C:\Users\lux\AppData\Local\nintend01337
2021-03-06 11:40 - 2021-01-04 01:18 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-03-06 11:40 - 2018-11-29 22:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-06 06:10 - 2018-11-29 22:42 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-05 08:33 - 2018-08-27 02:46 - 000000000 ____D C:\Users\lux\AppData\Roaming\Code
2021-03-02 23:54 - 2020-06-28 11:37 - 000000000 ____D C:\Users\lux\Documents\Max 8
2021-03-01 06:14 - 2019-05-30 10:50 - 000000000 ____D C:\Users\lux\AppData\Local\BitTorrentHelper
2021-02-28 23:11 - 2018-08-26 11:09 - 000000000 ____D C:\ProgramData\Packages
2021-02-28 23:10 - 2020-11-03 23:43 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-02-26 06:19 - 2020-08-16 05:58 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk
2021-02-25 03:30 - 2021-01-29 20:33 - 000000033 _____ C:\Users\lux\AppData\Roaming\AdobeWLCMCache.dat
2021-02-23 23:15 - 2019-06-27 02:45 - 000000000 ____D C:\Users\lux\AppData\Roaming\audacity
2021-02-23 14:49 - 2018-08-28 02:48 - 000000000 ____D C:\Users\lux\AppData\Local\.IdentityService
2021-02-22 17:04 - 2020-10-14 11:58 - 000175368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2021-02-22 17:04 - 2018-10-16 23:14 - 000465800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2021-02-22 17:04 - 2018-10-16 23:14 - 000327104 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2021-02-22 17:03 - 2020-06-19 09:01 - 000521472 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2021-02-22 17:03 - 2019-01-14 14:48 - 000357400 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2021-02-22 17:03 - 2019-01-04 12:18 - 000249368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2021-02-22 17:03 - 2019-01-04 12:18 - 000098840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2021-02-22 17:03 - 2018-10-16 23:14 - 000850248 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2021-02-22 17:03 - 2018-10-16 23:14 - 000208176 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2021-02-22 17:03 - 2018-10-16 23:14 - 000107920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2021-02-22 17:03 - 2018-10-16 23:14 - 000083496 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2021-02-22 17:03 - 2018-10-16 23:14 - 000041424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2021-02-19 07:04 - 2021-02-05 03:57 - 000000000 ____D C:\Users\lux\AppData\Local\AMD_Common
2021-02-18 21:06 - 2018-08-26 10:52 - 000000000 ____D C:\Users\lux\AppData\Roaming\Adobe
2021-02-18 20:19 - 2021-01-04 08:08 - 000000000 ____D C:\Program Files\Adobe
2021-02-14 00:16 - 2021-01-31 11:33 - 000000000 ____D C:\Bitnami

==================== Files in the root of some directories ========

2021-01-29 20:33 - 2021-02-25 03:30 - 000000033 _____ () C:\Users\lux\AppData\Roaming\AdobeWLCMCache.dat
2020-06-27 19:14 - 2020-06-28 12:44 - 000000016 _____ () C:\Users\lux\AppData\Roaming\msregsvv.dll
2019-04-21 01:12 - 2019-04-21 01:12 - 000000000 _____ () C:\Users\lux\AppData\Local\oobelibMkey.log
2019-05-01 04:20 - 2019-05-01 04:28 - 000007605 _____ () C:\Users\lux\AppData\Local\resmon.resmoncfg
2019-05-22 02:36 - 2019-05-22 02:36 - 000000000 _____ () C:\Users\lux\AppData\Local\{53175AFC-F601-483C-86F0-87B78D0EA455}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt 

Link to post
Share on other sites

  • Solution

Hiya  iamthefutureofall,

Thanks for those logs, continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.

Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see thoselogs in your reply...

Thank you,

Kevin..

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-03-2021
Ran by lux (13-03-2021 09:08:02) Run:1
Running from C:\Users\lux\Desktop\FIRST
Loaded Profiles: lux
Boot Mode: Normal
==============================================

fixlist content:
*****************
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Policies\Explorer: [] 
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION 
Task: {740564A6-C064-48B7-A7E5-33A2A6660DE6} - System32\Tasks\Shutdown at 4 => Shutdown [Argument = at 4]
Task: {CF4233E2-36D6-4197-8DBB-A1D8C4910BAC} - System32\Tasks\shutdown => shutdown [Argument = /s /f /t 0]
C:\Bitnami\WORDPR~1.6-3\apache2\bin\httpd.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION 
2021-03-12 05:54 - 2021-03-13 08:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2021-02-25 03:32 - 2021-02-25 03:32 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign26b7d91229d188cc
2021-02-25 03:30 - 2021-02-25 03:30 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign80e22defb8466c88
2021-02-25 03:30 - 2021-02-25 03:30 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign4c950e0ca4a645c4
2021-02-25 02:21 - 2021-02-25 02:21 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign6d96c67bfd05aa51
2021-02-25 02:18 - 2021-02-25 02:18 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignf2886c52cf06e950
2021-02-25 02:18 - 2021-02-25 02:18 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignab9a586d22160791
2021-02-18 21:06 - 2021-02-18 21:06 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignac9b0181c25b9cc3
2021-02-17 23:53 - 2021-02-17 23:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignb120ae7686410add
2021-02-17 23:53 - 2021-02-17 23:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign72bae6680b5b6cab
2021-02-17 23:53 - 2021-02-17 23:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign09f3b43268feba29
2021-02-17 03:54 - 2021-02-17 03:54 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignbb41fb5c687b8a8d
2021-02-17 03:53 - 2021-02-17 03:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsigne9bc421c0fe2b19f
2021-02-17 03:53 - 2021-02-17 03:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign8b8309d16d6c13aa
2019-05-22 02:36 - 2019-05-22 02:36 - 000000000 _____ () C:\Users\lux\AppData\Local\{53175AFC-F601-483C-86F0-87B78D0EA455}
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
AlternateDataStreams: C:\Library:{35007500-4800-7300-5800-440074003600} [728]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\Users\lux\Cookies:jb7Ejmron5USQnvE9YDNr [2354]
AlternateDataStreams: C:\Users\lux\Cookies:jcPDhmQNXLgJLiE3o79GNu9M [2346]
AlternateDataStreams: C:\Users\lux\Documents\Max 8:{35007500-4800-7300-5800-440074003600} [728] 
FirewallRules: [UDP Query User{0422C48E-7139-4D86-B0A2-06FDA4FCF0C6}G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe => No File
FirewallRules: [TCP Query User{21B876E3-72F5-4520-A85F-6FF6253A24EA}G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe => No File
FirewallRules: [{12A7BC0E-1CE0-42FB-8173-111D20E2BE02}] => (Allow) G:\Program Files (x86)\Steam\steam.exe => No File
FirewallRules: [{EA86A368-C836-443A-AD35-BD82922E9F9D}] => (Allow) G:\Program Files (x86)\Steam\steam.exe => No File
FirewallRules: [UDP Query User{B4B98CCC-D628-45EC-B935-D3FFF044C429}C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe] => (Block) C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe => No File
FirewallRules: [TCP Query User{7961091D-0532-4D4B-A673-22007AF9C8CC}C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe] => (Block) C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe => No File
FirewallRules: [{E89A3E0B-9F9D-409F-ADF8-DE7EBA5BB8A4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File
FirewallRules: [{831C8389-9F24-46A9-A4F6-7E482220BC2E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File
FirewallRules: [{67093BFE-81BD-4B94-A764-0A7447E3D78F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File
FirewallRules: [{14831299-919C-4C93-B0AD-9978E73747F9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File
FirewallRules: [UDP Query User{B10CF55D-CF00-49EA-B00A-29EA66DDFDB9}G:\zclient\zclient.exe] => (Allow) G:\zclient\zclient.exe => No File
FirewallRules: [TCP Query User{26CDEE33-D14F-4EDB-95E3-61AAF5D5F8E1}G:\zclient\zclient.exe] => (Allow) G:\zclient\zclient.exe => No File
FirewallRules: [UDP Query User{BF0FF537-6029-4FB6-8437-EED40580D18B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [TCP Query User{02B3DC22-BD25-49AF-B59F-0AD4FC7BC979}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
Hosts:
cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R
cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R
cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R
cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R
cmd: sfc /scannow
C:\Windows\Temp\*.*
EmptyTemp:

*****************

SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{740564A6-C064-48B7-A7E5-33A2A6660DE6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{740564A6-C064-48B7-A7E5-33A2A6660DE6}" => removed successfully
C:\WINDOWS\System32\Tasks\Shutdown at 4 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Shutdown at 4" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF4233E2-36D6-4197-8DBB-A1D8C4910BAC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF4233E2-36D6-4197-8DBB-A1D8C4910BAC}" => removed successfully
C:\WINDOWS\System32\Tasks\shutdown => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\shutdown" => removed successfully
C:\Bitnami\WORDPR~1.6-3\apache2\bin\httpd.exe => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
C:\WINDOWS\system32\Tasks\AVAST Software => moved successfully
C:\Users\lux\AppData\Local\Tempzxpsign26b7d91229d188cc => moved successfully
C:\Users\lux\AppData\Local\Tempzxpsign80e22defb8466c88 => moved successfully
C:\Users\lux\AppData\Local\Tempzxpsign4c950e0ca4a645c4 => moved successfully
C:\Users\lux\AppData\Local\Tempzxpsign6d96c67bfd05aa51 => moved successfully
C:\Users\lux\AppData\Local\Tempzxpsignf2886c52cf06e950 => moved successfully
C:\Users\lux\AppData\Local\Tempzxpsignab9a586d22160791 => moved successfully
C:\Users\lux\AppData\Local\Tempzxpsignac9b0181c25b9cc3 => moved successfully
C:\Users\lux\AppData\Local\Tempzxpsignb120ae7686410add => moved successfully
C:\Users\lux\AppData\Local\Tempzxpsign72bae6680b5b6cab => moved successfully
C:\Users\lux\AppData\Local\Tempzxpsign09f3b43268feba29 => moved successfully
C:\Users\lux\AppData\Local\Tempzxpsignbb41fb5c687b8a8d => moved successfully
C:\Users\lux\AppData\Local\Tempzxpsigne9bc421c0fe2b19f => moved successfully
C:\Users\lux\AppData\Local\Tempzxpsign8b8309d16d6c13aa => moved successfully
C:\Users\lux\AppData\Local\{53175AFC-F601-483C-86F0-87B78D0EA455} => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
"C:\Library" => ":{35007500-4800-7300-5800-440074003600}" ADS not found.
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`29hfm" ADS removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully
C:\Users\lux\Cookies => ":jb7Ejmron5USQnvE9YDNr" ADS removed successfully
C:\Users\lux\Cookies => ":jcPDhmQNXLgJLiE3o79GNu9M" ADS removed successfully
C:\Users\lux\Documents\Max 8 => ":{35007500-4800-7300-5800-440074003600}" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0422C48E-7139-4D86-B0A2-06FDA4FCF0C6}G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{21B876E3-72F5-4520-A85F-6FF6253A24EA}G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12A7BC0E-1CE0-42FB-8173-111D20E2BE02}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA86A368-C836-443A-AD35-BD82922E9F9D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B4B98CCC-D628-45EC-B935-D3FFF044C429}C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7961091D-0532-4D4B-A673-22007AF9C8CC}C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E89A3E0B-9F9D-409F-ADF8-DE7EBA5BB8A4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{831C8389-9F24-46A9-A4F6-7E482220BC2E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67093BFE-81BD-4B94-A764-0A7447E3D78F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14831299-919C-4C93-B0AD-9978E73747F9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B10CF55D-CF00-49EA-B00A-29EA66DDFDB9}G:\zclient\zclient.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{26CDEE33-D14F-4EDB-95E3-61AAF5D5F8E1}G:\zclient\zclient.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BF0FF537-6029-4FB6-8437-EED40580D18B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{02B3DC22-BD25-49AF-B59F-0AD4FC7BC979}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Error: Unable to rebuild performance counter setting from system backup store, error code is 2
========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= sfc /scannow =========


Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 0% complete. Verification 0% complete. Verification 1% complete. Verification 1% complete. Verification 2% complete. Verification 2% complete. Verification 2% complete. Verification 3% complete. Verification 3% complete. Verification 4% complete. Verification 4% complete. Verification 5% complete. Verification 5% complete. Verification 5% complete. Verification 6% complete. Verification 6% complete. Verification 7% complete. Verification 7% complete. Verification 8% complete. Verification 8% complete. Verification 8% complete. Verification 9% complete. Verification 9% complete. Verification 10% complete. Verification 10% complete. Verification 11% complete. Verification 11% complete. Verification 11% complete. Verification 12% complete. Verification 12% complete. Verification 13% complete. Verification 13% complete. Verification 13% complete. Verification 14% complete. Verification 14% complete. Verification 15% complete. Verification 15% complete. Verification 16% complete. Verification 16% complete. Verification 16% complete. Verification 17% complete. Verification 17% complete. Verification 18% complete. Verification 18% complete. Verification 19% complete. Verification 19% complete. Verification 19% complete. Verification 20% complete. Verification 20% complete. Verification 21% complete. Verification 21% complete. Verification 22% complete. Verification 22% complete. Verification 22% complete. Verification 23% complete. Verification 23% complete. Verification 24% complete. Verification 24% complete. Verification 24% complete. Verification 25% complete. Verification 25% complete. Verification 26% complete. Verification 26% complete. Verification 27% complete. Verification 27% complete. Verification 27% complete. Verification 28% complete. Verification 28% complete. Verification 29% complete. Verification 29% complete. Verification 30% complete. Verification 30% complete. Verification 30% complete. Verification 31% complete. Verification 31% complete. Verification 32% complete. Verification 32% complete. Verification 33% complete. Verification 33% complete. Verification 33% complete. Verification 34% complete. Verification 34% complete. Verification 35% complete. Verification 35% complete. Verification 36% complete. Verification 36% complete. Verification 36% complete. Verification 37% complete. Verification 37% complete. Verification 38% complete. Verification 38% complete. Verification 38% complete. Verification 39% complete. Verification 39% complete. Verification 40% complete. Verification 40% complete. Verification 41% complete. Verification 41% complete. Verification 41% complete. Verification 42% complete. Verification 42% complete. Verification 43% complete. Verification 43% complete. Verification 44% complete. Verification 44% complete. Verification 44% complete. Verification 45% complete. Verification 45% complete. Verification 46% complete. Verification 46% complete. Verification 47% complete. Verification 47% complete. Verification 47% complete. Verification 48% complete. Verification 48% complete. Verification 49% complete. Verification 49% complete. Verification 49% complete. Verification 50% complete. Verification 50% complete. Verification 51% complete. Verification 51% complete. Verification 52% complete. Verification 52% complete. Verification 52% complete. Verification 53% complete. Verification 53% complete. Verification 54% complete. Verification 54% complete. Verification 55% complete. Verification 55% complete. Verification 55% complete. Verification 56% complete. Verification 56% complete. Verification 57% complete. Verification 57% complete. Verification 58% complete. Verification 58% complete. Verification 58% complete. Verification 59% complete. Verification 59% complete. Verification 60% complete. Verification 60% complete. Verification 61% complete. Verification 61% complete. Verification 61% complete. Verification 62% complete. Verification 62% complete. Verification 63% complete. Verification 63% complete. Verification 63% complete. Verification 64% complete. Verification 64% complete. Verification 65% complete. Verification 65% complete. Verification 66% complete. Verification 66% complete. Verification 66% complete. Verification 67% complete. Verification 67% complete. Verification 68% complete. Verification 68% complete. Verification 69% complete. Verification 69% complete. Verification 69% complete. Verification 70% complete. Verification 70% complete. Verification 71% complete. Verification 71% complete. Verification 72% complete. Verification 72% complete. Verification 72% complete. Verification 73% complete. Verification 73% complete. Verification 74% complete. Verification 74% complete. Verification 74% complete. Verification 75% complete. Verification 75% complete. Verification 76% complete. Verification 76% complete. Verification 77% complete. Verification 77% complete. Verification 77% complete. Verification 78% complete. Verification 78% complete. Verification 79% complete. Verification 79% complete. Verification 80% complete. Verification 80% complete. Verification 80% complete. Verification 81% complete. Verification 81% complete. Verification 82% complete. Verification 82% complete. Verification 83% complete. Verification 83% complete. Verification 83% complete. Verification 84% complete. Verification 84% complete. Verification 85% complete. Verification 85% complete. Verification 86% complete. Verification 86% complete. Verification 86% complete. Verification 87% complete. Verification 87% complete. Verification 88% complete. Verification 88% complete. Verification 88% complete. Verification 89% complete. Verification 89% complete. Verification 90% complete. Verification 90% complete. Verification 91% complete. Verification 91% complete. Verification 91% complete. Verification 92% complete. Verification 92% complete. Verification 93% complete. Verification 93% complete. Verification 94% complete. Verification 94% complete. Verification 94% complete. Verification 95% complete. Verification 95% complete. Verification 96% complete. Verification 96% complete. Verification 97% complete. Verification 97% complete. Verification 97% complete. Verification 98% complete. Verification 98% complete. Verification 99% complete. Verification 99% complete. Verification 99% complete. Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

========= End of CMD: =========


=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\ASPNETSetup_00000.log => moved successfully
C:\Windows\Temp\ASPNETSetup_00001.log => moved successfully
C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\mat-debug-1540.log => moved successfully
C:\Windows\Temp\mat-debug-8560.log => moved successfully
C:\Windows\Temp\mbamiservice.log => moved successfully
C:\Windows\Temp\mb_errors2388.log => moved successfully
C:\Windows\Temp\mb_errors3792.log => moved successfully
C:\Windows\Temp\mb_errors8604.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully
C:\Windows\Temp\temE34.tmp => moved successfully
C:\Windows\Temp\temEA4D.tmp => moved successfully
C:\Windows\Temp\UpdHealthTools.msi => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28638661 B
Java, Flash, Steam htmlcache => 155966228 B
Windows/system/drivers => 1375 B
Edge => 0 B
Chrome => 454284218 B
Firefox => 38945094 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 40156 B
NetworkService => 41350 B
lux => 163888890 B

RecycleBin => 0 B
EmptyTemp: => 813.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:45:18 ====

 

 

 


---------------------------------------------------------------------------------------
Microsoft Safety Scanner v1.333, (build 1.333.322.0)
Started On Sat Mar 13 10:11:34 2021

Engine: 1.1.17900.7
Signatures: 1.333.322.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode

Quick Scan Results:
-------------------
Threat Detected: VirTool:Win32/DefenderTamperingRestore and Removed!
  Action: Remove, Result: 0x00000000
    regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware
        SigSeq: 0x0000055555C57273

Results Summary:
----------------
Found VirTool:Win32/DefenderTamperingRestore and Removed!
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Safety Scanner Finished On Sat Mar 13 10:30:13 2021


Return code: 6 (0x6)
 

 

 

 

 

Link to post
Share on other sites

1 hour ago, iamthefutureofall said:

 

 

1 hour ago, kevinf80 said:

That file was being flagged as a trojan..?

-Blocked Website Details-
Malicious Website: 1
, C:\Bitnami\WORDPR~1.6-3\apache2\bin\httpd.exe, Blocked, -1, -1, 0.0.0, ,

Can you reinstall apache..

 

The file was flagged as trojan and compromise .

I'll try to do that Thanks for all 

Link to post
Share on other sites

Hi kevinf80 i really don't know how to reinstall it  I did an avg clean up with the avg clean tool and now the apache server is gone it does not show on the bitnami stack, only mysql. I did a ticket with bitnami support. but I have a question for you maybe you can help me. I unninstall AVG becouse of this :

first I have 3 AVG instances running , maybe that's fine but when I go to Properties - Details  It shows in all instances Original file name  AvastUI.exe 

 

 

avg.jpg

Link to post
Share on other sites

1 hour ago, kevinf80 said:

I believe Avast bought out AVG 2016... AVG name is still trading under Avast as far as i`m aware.. Why did you uninstall AVG..?

but I uninstalled AVG and when it rebooted Apache was not anymore inside bitnami stack manager.  I uninstalled AVG couse for that I told you and because the program was not working properly , I had to activate some features manually every time the computer started , I used a used key just to have more features maybe it was that ? what do you recommend to my case? is it better doing a windows reset? how have you encountered the logs that I had sent to you?

 

Link to post
Share on other sites

1 hour ago, kevinf80 said:

I believe Avast bought out AVG 2016... AVG name is still trading under Avast as far as i`m aware.. Why did you uninstall AVG..?

thanks . I had to repair it first i understand now. but i had AVG for years. I was not sure. and they did not respond to my inquiries as fast as you . do you recommend using Hijackthis just to try it?  

Link to post
Share on other sites

XP OS was the last time I used HJT, it is of no use for Windows operating systems from Vista through to Windows 10... For the Ai log do you refer to the following:

Malware.AI.1728243281, C:\USERS\LUX\APPDATA\ROAMING\UTORRENT\UPDATES\3.5.5_45838.EXE, No Action By User, 1000000, 0, 1.0.37965, 1C711AA08B7D515A6702E651, dds, 01151714, 6A8B93E27DCCFF2F250A22B8BDC93168, 50BAEE75B0BB181B5280A1F60B32F7E75ABDA8A4E06CBF32074B1444D73A9CF7

You will note that "No Action By User" means that Malwarebytes flagged that entry, you will have been given the option to Quarantine that entry, did you not ok that option...?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.