iamthefutureofall Posted March 11, 2021 ID:1444019 Share Posted March 11, 2021 Malware Ai , keeps coming back Link to post Share on other sites More sharing options...
iamthefutureofall Posted March 11, 2021 Author ID:1444029 Share Posted March 11, 2021 Sorry . Forgot the files , they are here now compromised.txt malware ai.txt trojan.txt Link to post Share on other sites More sharing options...
kevinf80 Posted March 11, 2021 ID:1444035 Share Posted March 11, 2021 Hello iamthefutureofall and welcome to Malwarebytes, Continue with the following: Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab. Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin Link to post Share on other sites More sharing options...
iamthefutureofall Posted March 12, 2021 Author ID:1444270 Share Posted March 12, 2021 Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 3/12/21 Protection Event Time: 11:24 AM Log File: f8b3d6fd-8346-11eb-bb82-d05099abd555.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1173 Update Package Version: 1.0.38047 License: Trial -System Information- OS: Windows 10 (Build 18362.1440) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Bitnami\wordpress-5.6-3\apache2\bin\httpd.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Compromised Domain: IP Address: 65.49.20.68 Port: 80 Type: Inbound File: C:\Bitnami\wordpress-5.6-3\apache2\bin\httpd.exe (end) //adw cleaner didn't ask to reboot . that is the log file of clean mode # ------------------------------- # Mode: Clean # ------------------------------- # Start: 03-12-2021 # Duration: 00:00:22 # OS: Windows 10 Pro # Cleaned: 5 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Users\lux\AppData\Roaming\Tencent ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Lavasoft\Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1813 octets] - [12/03/2021 12:12:35] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## /////FarBar Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021 Ran by lux (administrator) on DESKTOP-E8BVDK8 (12-03-2021 16:40:00) Running from C:\Users\lux\Downloads Loaded Profiles: lux Platform: Windows 10 Pro Version 1909 18363.1440 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\afwServ.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4> (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SurfRight B.V. -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe <2> ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation) HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124032 2018-05-26] (Corel Corporation -> WinZip Computing) HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2018-05-26] (WinZip Computing LLC -> WinZip Computing, S.L.) HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [164608 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2021-01-04] (Adobe Inc. -> ) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2021-01-04] (Adobe Inc. -> ) HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11221496 2021-03-09] (Support.com Inc -> SUPERAntiSpyware) HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Policies\Explorer: [] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.82\Installer\chrmstp.exe [2021-03-06] (Google LLC -> Google LLC) Startup: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk [2019-08-01] ShortcutTarget: GenuineService.lnk -> C:\Users\lux\Autodesk\Genuine Service\GenuineService.exe (Autodesk, Inc. -> Autodesk) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01A04EEC-D266-47C6-8ADD-FF966248287A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {0A4FB83A-1270-4965-91B6-680438E2F205} - System32\Tasks\Mozilla\Firefox Developer Edition Default Browser Agent CA9422711AE1A81C => C:\Program Files\Firefox Developer Edition\default-browser-agent.exe do-task "CA9422711AE1A81C" Task: {1406319A-9FA7-446C-AF35-8280D92A044A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4730624 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) Task: {21C83A50-A09B-47BF-8865-F5469F008F33} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694752 2021-03-06] (Mozilla Corporation -> Mozilla Foundation) Task: {25DFC818-592C-4F1E-8A47-946ADB76658F} - System32\Tasks\Mozilla\Firefox Nightly Default Browser Agent 6F193CCC56814779 => C:\Program Files\Firefox Nightly\default-browser-agent.exe do-task "6F193CCC56814779" Task: {2E352502-2149-4F32-8A79-42005652AF6D} - System32\Tasks\BlueStacksHelper => G:\BLUESTACKS\BlueStacks\Client\Helper\BlueStacksHelper.exe [754104 2021-01-07] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) Task: {3876FCD3-C190-47B2-8DC8-3865B4991A0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-30] (Google LLC -> Google LLC) Task: {43912CE4-F6E9-4955-969E-8557BE97E7A7} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4022856778-3193992897-3864231476-1001 => C:\Users\lux\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {46D1C481-5130-4D61-9D33-0F2BD2308980} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation) Task: {49FB58B4-DD4B-4519-9206-9B69F501BB2E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.) Task: {57828313-D46B-4DE3-918D-00A4CF78BB82} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {740564A6-C064-48B7-A7E5-33A2A6660DE6} - System32\Tasks\Shutdown at 4 => Shutdown [Argument = at 4] Task: {821141F5-F23A-4F86-A008-FDB5CCD5A346} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1822976 2021-02-23] (AVG Technologies USA, LLC -> AVG Technologies) Task: {994054D5-6822-45FF-89C4-9C133A0C43D0} - System32\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:f670f671-a83d-4db4-af77-19ffa5594347 Task: {9F26A201-557A-4803-A6BF-2541A4EF421E} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation) Task: {B6462D50-60A9-49F7-BC85-911014C5C53D} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation) Task: {B70DDA39-D8A1-41F8-840C-E5B7DE12AEF2} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {BC84898B-089D-4A76-9331-286EFD5930BD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd) Task: {CF4233E2-36D6-4197-8DBB-A1D8C4910BAC} - System32\Tasks\shutdown => shutdown [Argument = /s /f /t 0] Task: {D17D65C3-2279-43EE-8C27-AD00AF3D841F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform) Task: {D977AB8B-28E7-4CE4-9AD9-B4EAD98B3CED} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {DF3F98B6-0381-4DB6-9F50-78364C6EFAE7} - System32\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:d7b383c5-6fed-4ab5-a88a-e04bda5480a0 Task: {E560DDA1-0B98-4B0F-9145-54E31B6E7F6C} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {F0DC8573-8780-481F-9B08-401CEE6FEE9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-30] (Google LLC -> Google LLC) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Internet (All) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\NLAapi.dll [70144 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 14 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5-x64 01 C:\Windows\system32\napinsp.dll [68096 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5-x64 02 C:\Windows\system32\pnrpnsp.dll [86528 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5-x64 03 C:\Windows\system32\pnrpnsp.dll [86528 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5-x64 04 C:\Windows\System32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5-x64 05 C:\Windows\System32\winrnr.dll [31232 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5-x64 06 C:\Windows\system32\NLAapi.dll [93184 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5-x64 07 C:\Windows\system32\wshbth.dll [64000 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 01 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 02 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 03 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 04 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 05 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 06 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 07 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 08 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 09 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 10 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 11 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 12 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 13 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 14 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 200.49.130.40 200.42.4.198 Tcpip\..\Interfaces\{588c67e1-02d4-490e-be08-ba8568127598}: [DhcpNameServer] 200.49.130.40 200.42.4.198 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\lux\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-12] Edge HomePage: Default -> hxxp://www.google.com/ncr Edge DefaultSearchURL: Default -> {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:iOSSearchLanguage}{google:prefetchSource}{google:searchClient}{google:sourceId}{google:contextualSearchVersion}ie={inputEncoding} Edge DefaultSearchKeyword: Default -> google.com Edge DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:omniboxFocusType}{google:cursorPosition}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} StartMenuInternet: Microsoft Edge - "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" ///////Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021 Ran by lux (12-03-2021 16:30:32) Running from C:\Users\lux\Downloads Windows 10 Pro Version 1909 18363.1440 (X64) (2021-03-12 09:57:12) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4022856778-3193992897-3864231476-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4022856778-3193992897-3864231476-503 - Limited - Disabled) Guest (S-1-5-21-4022856778-3193992897-3864231476-501 - Limited - Disabled) lux (S-1-5-21-4022856778-3193992897-3864231476-1001 - Administrator - Enabled) => C:\Users\lux WDAGUtilityAccount (S-1-5-21-4022856778-3193992897-3864231476-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Antivirus (Enabled) {2092F4DC-EC63-3680-C854-E2DACF7E736A} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov) Ableton Live 10 Suite (HKLM\...\{FE06C730-0296-42D9-B869-4E819D7F47A3}) (Version: 10.0.0.0 - Ableton) ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden ACA & MEP 2020 Object Enabler (HKLM\...\{28B89EEF-3004-0000-5102-CF3F3A09B77D}) (Version: 8.2.45.0 - Autodesk) Hidden ACAD Private (HKLM\...\{28B89EEF-3001-0000-3102-CF3F3A09B77D}) (Version: 23.1.47.0 - Autodesk) Hidden ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe) Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_0_1) (Version: 25.0.1 - Adobe Inc.) Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_1_0) (Version: 11.1.0 - Adobe Systems Incorporated) AIDA64 Extreme v6.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.00 - FinalWire Ltd.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.11.2 - Advanced Micro Devices, Inc.) AmpliTube2 (HKLM-x32\...\{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}) (Version: 2.1.0 - IK Multimedia) Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) Arturia Moog Modular V v1.1 (HKLM-x32\...\Arturia Moog Modular V v1.1) (Version: - ) Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team) AutoCAD 2016 - Español (Spanish) (HKLM\...\{5783F2D7-F001-040A-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden AutoCAD 2016 Language Pack - Español (Spanish) (HKLM\...\{5783F2D7-F001-040A-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden AutoCAD 2020 - English (HKLM\...\{28B89EEF-3001-0409-2102-CF3F3A09B77D}) (Version: 23.1.47.0 - Autodesk) Hidden AutoCAD 2020 (HKLM\...\{28B89EEF-3001-0000-0102-CF3F3A09B77D}) (Version: 23.1.47.0 - Autodesk) Hidden AutoCAD 2020 Language Pack - English (HKLM\...\{28B89EEF-3001-0409-1102-CF3F3A09B77D}) (Version: 23.1.47.0 - Autodesk) Hidden Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk) Autodesk AutoCAD 2016 - Español (Spanish) (HKLM\...\AutoCAD 2016 - Español (Spanish)) (Version: 20.1.49.0 - Autodesk) Autodesk AutoCAD 2020 - English (HKLM\...\AutoCAD 2020 - English) (Version: 23.1.47.0 - Autodesk) Autodesk Genuine Service (HKLM-x32\...\{317D67F2-9027-4E85-9ED1-ADF4D765AE02}) (Version: 3.0.11 - Autodesk) AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 21.1.3164 - AVG Technologies) Bandicam (HKLM-x32\...\Bandicam) (Version: 4.6.1.1688 - Bandicam.com) Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com) Bitnami WordPress Stack (HKLM\...\Bitnami WordPress Stack 5.6-3) (Version: 5.6-3 - Bitnami) Blender (HKLM\...\{A239FF96-639F-4269-9673-E7ED60D5C74D}) (Version: 2.83.3 - Blender Foundation) BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.270.0.1053 - BlueStack Systems, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 9.5.6 - Andrew Sampson) Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden Bulk Image Downloader v4.91.0.0 (HKLM-x32\...\Bulk Image Downloader_is1) (Version: - Antibody Software) CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform) Chaos License Server (HKLM\...\Chaos License Server) (Version: 5.1.1 - Chaos Software Ltd) Cinema 4D 20.026 (HKLM\...\MAXONE3565005) (Version: 20.026 - MAXON Computer GmbH) Counter Strike Source WaRzOnE (HKLM-x32\...\{3F77C740-D6C8-4BDB-B730-49C8D8BCA9ED}) (Version: 2.0 - Warzone) Hidden DXTBmp (HKLM-x32\...\{2C1544E4-5DA6-4A72-B1BA-E4692991C1DC}) (Version: 1.00.000 - ) eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH) Enscape | BcgTeam | (HKLM\...\{F894D868-CEE6-4CE5-9F77-F39EEBA486A5}) (Version: 2.8.0.26218 - Enscape GmbH) Epic Games Launcher (HKLM-x32\...\{5B340CD5-07E3-41AA-9117-0A0EC863E454}) (Version: 1.1.220.0 - Epic Games, Inc.) FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production) FastStone Image Viewer 6.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.7 - FastStone Soft) FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes) Firefox Developer Edition 87.0 (x64 en-US) (HKLM\...\Firefox Developer Edition 87.0 (x64 en-US)) (Version: 87.0 - Mozilla) GIMP 2.10.20 (HKLM\...\GIMP-2_is1) (Version: 2.10.20 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.82 - Google LLC) Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google) Google SketchUp Pro 8 (HKLM-x32\...\{88A47643-0A80-4FA8-A568-E9A63AAA98F4}) (Version: 3.0.14346 - Google, Inc.) HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.8.8.889 - SurfRight B.V.) Hotspot Shield 8.4.6 (HKLM-x32\...\{5a448f6b-7c15-4a0d-a10e-4f94eaf65bbb}) (Version: 8.4.6.11320 - AnchorFree Inc.) Hotspot Shield 8.4.6 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925D1670F5B}) (Version: 8.4.6.11320 - AnchorFree Inc.) Hidden Hotspot Shield 8.4.6 (HKLM-x32\...\HotspotShield) (Version: 8.4.6 - AnchorFree Inc.) Hidden ILLUSION プレイクラブ (HKLM-x32\...\{EDA7A566-434A-4784-AE98-74AFA46A2485}) (Version: 1.00.0000 - ILLUSION) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{3DAC4F8C-80E6-4204-8A58-747FA4CBAA03}) (Version: 16.0.246 - Intel Corporation) iTunes (HKLM\...\{0F55124A-C00E-4227-A543-19389E732653}) (Version: 12.10.10.2 - Apple Inc.) Java SE Development Kit 8 Update 181 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) Java SE Development Kit 8 Update 181 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) JBridge (HKLM-x32\...\JBridge) (Version: - JBridge) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.) Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes) M-Audio Fast Track 6.1.12 (x64) (HKLM\...\{102B819F-54FB-4CD3-8B48-B80C210D55BC}) (Version: 6.1.12 - M-Audio) Microsoft .NET Core Runtime - 2.1.26 (x64) (HKLM-x32\...\{50acab5a-426e-4788-8de9-99b047dbe1c5}) (Version: 2.1.26.29812 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.400 (x64) (HKLM-x32\...\{341254ab-6143-402e-9b7e-944f8b63e97d}) (Version: 2.1.400 - Microsoft Corporation) Microsoft ASP.NET Core 2.1.26 - Shared Framework (HKLM-x32\...\{8faa55cd-6b10-43b4-a759-4880f79eeac3}) (Version: 2.1.26.45833 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.50 - Microsoft Corporation) Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - ) Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{52EBC484-44A1-4DC5-824A-0A503735ABD8}) (Version: 12.1.4100.1 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28808 (HKLM-x32\...\{12410e80-cba2-4479-8539-12de3513ff53}) (Version: 14.26.28808.1 - Microsoft Corporation) Microsoft Visual Studio Code (User) (HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.54.1 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.9.3352.28579 - Microsoft Corporation) Microsoft Web Deploy 4.0 (HKLM\...\{BBCDB523-F5B7-4E53-A911-C85191E3BDF0}) (Version: 10.0.2606 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation) Mozilla Firefox 86.0 (x64 en-US) (HKLM\...\Mozilla Firefox 86.0 (x64 en-US)) (Version: 86.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0 - Mozilla) N.I Pro-53 v3.0-OxYGeN (HKLM-x32\...\N.I Pro-53 v3.0-OxYGeN) (Version: - ) Native Instruments FM7 v1.10.006 (HKLM-x32\...\Native Instruments FM7 v1.10.006) (Version: - ) Nightly 84.0a1 (x64 en-US) (HKLM\...\Nightly 84.0a1 (x64 en-US)) (Version: 84.0a1 - Mozilla) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - ) Pianoteq v2.2.0 (HKLM-x32\...\Pianoteq22) (Version: - ) Revo Uninstaller Pro 4.4.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.4.2 - VS Revo Group, Ltd.) SketchUp 2018 (HKLM\...\{C702DD60-EBF4-4961-8B7D-F209B361F985}) (Version: 18.0.16975 - Trimble, Inc.) Smart2DCutting 3.5 Demo (HKLM-x32\...\Smart2DCutting_is1) (Version: - ) Sonic Charge Synplant 1.0 (HKLM-x32\...\Sonic Charge Synplant_is1) (Version: - ) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.8.0 - Sophos Limited) SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC) Spotify (HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Spotify) (Version: 1.1.45.621.gdddebadc - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1220 - SUPERAntiSpyware.com) UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden VideoPad, editor de vídeo (HKLM-x32\...\VideoPad) (Version: 6.26 - NCH Software) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN) Voxengo Analogflux Suite 1.3 (HKLM-x32\...\Voxengo Analogflux Suite) (Version: - ) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation) Windows SDK AddOn (HKLM-x32\...\{E6F877A1-2F65-4BF0-87B6-A4071B7663D3}) (Version: 10.1.0.0 - Microsoft Corporation) Packages: ========= Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-02-12] (eyeo GmbH) Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_25.3.12.1_x64__adky2gkssdxte [2021-02-28] (Adobe Systems Incorporated) Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [2019-11-15] (Dolby Laboratories) Excel Mobile -> C:\Program Files\WindowsApps\Microsoft.Office.Excel_16001.13801.20274.0_x64__8wekyb3d8bbwe [2021-03-09] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Studios) [MS Ad] Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-10-01] (Microsoft Corporation) PicsArt - Photo Studio -> C:\Program Files\WindowsApps\2FE3CB00.PICSART-PHOTOSTUDIO_9.3.4.0_x64__crhqpqs3x1ygc [2021-02-18] (PicsArt Inc.) Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c [2020-02-06] (Skype) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> G:\Program Files\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> G:\Program Files\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{4AC6DFE1-607B-45B2-B289-D7FBCD44169C}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2020\acad.exe (Autodesk, Inc. -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> G:\Program Files\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2020\acad.exe (Autodesk, Inc. -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{D1DE6864-2236-48B7-99C3-D29C757903A4}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2020\acad.exe (Autodesk, Inc. -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> G:\Program Files\AutoCAD 2016\es-ES\acadficn.dll (Autodesk Development Sarl -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2019-01-30] (Autodesk, Inc. -> Autodesk, Inc.) ShellIconOverlayIdentifiers: [HitmanPro.Alert Shell Extension] -> {6FAC02B7-77D6-418B-AC11-962C65CDE8DD} => C:\WINDOWS\system32\hmpshell.dll [2021-03-08] (SurfRight B.V. -> SurfRight B.V.) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2019-01-30] (Autodesk, Inc. -> Autodesk) ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-10] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-10] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2018-09-25] (Beepa P/L) [File not signed] HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2018-09-25] (Beepa P/L) [File not signed] HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> ) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hitman Codename 47\Run Registry Patch.lnk -> C:\Program Files (x86)\Hitman Codename 47\setup.bat () Shortcut: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZStudio4\Online Documentation.lnk -> hxxp:docs.daz3d.com\doku.php\public\software\dazstudio Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Nightly.lnk -> C:\Program Files\Firefox Nightly\firefox.exe (Mozilla Corporation) ShortcutWithArgument: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\TikTok.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ahoadnkmomodgfkfokbclmabbfdaejpe ==================== Loaded Modules (Whitelisted) ============= 2018-12-23 06:37 - 2018-12-23 06:37 - 000948736 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220\e_sqlite3.dll 2019-11-15 13:49 - 2019-11-15 13:49 - 032709632 _____ (Dolby) [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220\DolbyUWP.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Library:{35007500-4800-7300-5800-440074003600} [728] AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0] AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0] AlternateDataStreams: C:\Users\lux\Cookies:jb7Ejmron5USQnvE9YDNr [2354] AlternateDataStreams: C:\Users\lux\Cookies:jcPDhmQNXLgJLiE3o79GNu9M [2346] AlternateDataStreams: C:\Users\lux\Documents\Max 8:{35007500-4800-7300-5800-440074003600} [728] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\Software\Classes\.scr: AutoCADScriptFile => ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171002&iDate=2020-07-26 01:16:55&bName= URLSearchHook: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Windows -> Microsoft Corporation) URLSearchHook: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Windows -> Microsoft Corporation) SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC SearchScopes: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 SearchScopes: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\89.0.774.50\BHO\ie_to_edge_bho_64.dll [2021-03-12] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\89.0.774.50\BHO\ie_to_edge_bho.dll [2021-03-12] (Microsoft Corporation -> Microsoft Corporation) Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation) Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation) Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation) Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation) Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation) Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation) Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler-x32: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2021-03-12] (Microsoft Windows -> Microsoft Corporation) Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation) Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation) Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation) Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation) Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation) Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\localhost -> localhost ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-11-01 13:43 - 2019-11-01 13:59 - 000000917 _____ C:\WINDOWS\system32\drivers\etc\hosts 0.0.0.0 www.mefeedia.com 0.0.0.0 www.mefeedia.com 0.0.0.0 delivery.anchorfree.us/land.php ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Common Files\Autodesk Shared\ HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg DNS Servers: 200.49.130.40 - 200.42.4.198 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: XblAuthManager => 3 HKLM\...\StartupApproved\Run: => "WinZip FAH" HKLM\...\StartupApproved\Run: => "Launch LCore" HKLM\...\StartupApproved\Run: => "WinZip PreLoader" HKLM\...\StartupApproved\Run: => "WinZip UN" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "pac" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "SwitchBoard" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "WinZip PreLoader" HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess" HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\StartupFolder: => "GenuineService.lnk" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "antMR" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Windscribe" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "CyberGhost" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "IDMan" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Opera Browser Assistant" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "iCloudServices" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Gaijin.Net Updater" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\StartupApproved\Run: => "CCXProcess" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{7E7D8DDA-2903-4810-B234-3E9A3190A219}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) FirewallRules: [{9EBBD8A7-A6FC-4A9C-BBA2-54692569C546}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{7C4459D1-94AF-4735-BB83-E422076FB4B3}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{F8894969-DBB7-46CD-8C17-DB43EE686206}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{4FC22BC9-E9B1-4CAE-AE76-D764372CF704}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [UDP Query User{EBCFC915-82C7-4565-A11C-014716BB5405}C:\bitnami\wordpress-5.6-3\apache2\bin\httpd.exe] => (Allow) C:\bitnami\wordpress-5.6-3\apache2\bin\httpd.exe (Apache Software Foundation) [File not signed] FirewallRules: [TCP Query User{024CCE94-12F7-408D-9659-DBD2BF5C6C35}C:\bitnami\wordpress-5.6-3\apache2\bin\httpd.exe] => (Allow) C:\bitnami\wordpress-5.6-3\apache2\bin\httpd.exe (Apache Software Foundation) [File not signed] FirewallRules: [UDP Query User{2B81AA42-F74A-4C97-BBC5-9DF9A94BEE1B}C:\bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe] => (Allow) C:\bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe () [File not signed] FirewallRules: [TCP Query User{2EFCB0ED-73F4-4202-AEC2-6214D6563B7C}C:\bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe] => (Allow) C:\bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe () [File not signed] FirewallRules: [UDP Query User{0422C48E-7139-4D86-B0A2-06FDA4FCF0C6}G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe => No File FirewallRules: [TCP Query User{21B876E3-72F5-4520-A85F-6FF6253A24EA}G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe => No File FirewallRules: [{12A7BC0E-1CE0-42FB-8173-111D20E2BE02}] => (Allow) G:\Program Files (x86)\Steam\steam.exe => No File FirewallRules: [{EA86A368-C836-443A-AD35-BD82922E9F9D}] => (Allow) G:\Program Files (x86)\Steam\steam.exe => No File FirewallRules: [UDP Query User{15EE96A1-0D00-4B59-B3F4-0C9372359DFF}C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Block) C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe (Epic Games, Inc. -> Epic Games) FirewallRules: [TCP Query User{F67527AE-B139-4693-87D9-F0CE98F895E1}C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Block) C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe (Epic Games, Inc. -> Epic Games) FirewallRules: [UDP Query User{B4B98CCC-D628-45EC-B935-D3FFF044C429}C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe] => (Block) C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe => No File FirewallRules: [TCP Query User{7961091D-0532-4D4B-A673-22007AF9C8CC}C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe] => (Block) C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe => No File FirewallRules: [UDP Query User{79E87D8A-CF81-4C2D-8025-087F136D1279}C:\program files\sketchup\sketchup 2018\sketchup.exe] => (Block) C:\program files\sketchup\sketchup 2018\sketchup.exe (Trimble Navigation -> Trimble, Inc.) [File not signed] FirewallRules: [TCP Query User{4063BC32-126F-4281-8B00-E0E50E9D02AC}C:\program files\sketchup\sketchup 2018\sketchup.exe] => (Block) C:\program files\sketchup\sketchup 2018\sketchup.exe (Trimble Navigation -> Trimble, Inc.) [File not signed] FirewallRules: [UDP Query User{A2523DDD-C391-4592-84D4-E20DD37D53D2}C:\program files\sketchup\sketchup 2018\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2018\sketchup.exe (Trimble Navigation -> Trimble, Inc.) [File not signed] FirewallRules: [TCP Query User{A90EA75F-BFCD-40BF-9647-7DCC4685D987}C:\program files\sketchup\sketchup 2018\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2018\sketchup.exe (Trimble Navigation -> Trimble, Inc.) [File not signed] FirewallRules: [{2C729319-D562-4A82-B1D7-0BD18BEC1176}] => (Allow) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe (Chaos Software Ltd. -> ) FirewallRules: [{AA42CA98-894E-42B8-A4D3-AB0BB287CFE4}] => (Allow) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe (Chaos Software Ltd. -> ) FirewallRules: [{7E9E0B21-3EC0-48A5-9D11-53E899A305FD}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{399E0CE8-30DB-4E57-B375-981327FDE6FA}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{09AF76EC-7182-427E-B7EC-776933EFA317}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [TCP Query User{6540525A-8759-44FF-86D1-2A716E385E99}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{4068B1FC-33AA-48F9-9B21-91A41B0894C8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{6844176F-0359-470A-ACB1-3E788B31823D}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Block) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed] FirewallRules: [TCP Query User{70AA0E45-01FB-4AD6-A31C-6CA7B6853F69}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Block) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed] FirewallRules: [{E89A3E0B-9F9D-409F-ADF8-DE7EBA5BB8A4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File FirewallRules: [{831C8389-9F24-46A9-A4F6-7E482220BC2E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File FirewallRules: [{67093BFE-81BD-4B94-A764-0A7447E3D78F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File FirewallRules: [{14831299-919C-4C93-B0AD-9978E73747F9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File FirewallRules: [UDP Query User{B10CF55D-CF00-49EA-B00A-29EA66DDFDB9}G:\zclient\zclient.exe] => (Allow) G:\zclient\zclient.exe => No File FirewallRules: [TCP Query User{26CDEE33-D14F-4EDB-95E3-61AAF5D5F8E1}G:\zclient\zclient.exe] => (Allow) G:\zclient\zclient.exe => No File FirewallRules: [{C0A300DA-C7FE-46CB-AB64-24D54259F22E}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{46F01F67-F913-426B-9367-FDF633F82839}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{32A441C7-2B41-4729-81E4-B8246ED8D1CC}] => (Allow) C:\Program Files\Firefox Nightly\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{D4BE90EA-6954-4650-8AD7-06997CE00DE0}] => (Allow) C:\Program Files\Firefox Nightly\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{9AE3A485-6746-4AC9-803E-F645FAE0DA45}C:\users\lux\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\lux\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{FC98E2F6-2EBE-4679-9C08-105C212D5A82}C:\users\lux\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\lux\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{74D27538-2737-4EE2-9C5B-DDF738C2308B}C:\users\lux\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lux\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{DCF0D657-09B1-4288-869E-77C13A2A570A}C:\users\lux\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lux\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [AITech.Hss] => (Block) C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe (AnchorFree Inc -> AnchorFree Inc.) FirewallRules: [UDP Query User{DC3E93A4-8B5B-4F9F-ACD5-64FB5669939F}C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Allow) C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe (Epic Games, Inc. -> Epic Games) FirewallRules: [TCP Query User{84E8E9E1-917B-4C3C-9480-89A3716AD041}C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe] => (Allow) C:\program files\epic games\twinmotion\twinmotion\binaries\win64\twinmotion-win64-shipping.exe (Epic Games, Inc. -> Epic Games) FirewallRules: [UDP Query User{345B7D43-516F-4009-9CBB-C94BB3CB26BD}C:\program files\maxon\cinema 4d r20\cinema 4d.exe] => (Block) C:\program files\maxon\cinema 4d r20\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH) FirewallRules: [TCP Query User{1C743F75-4ED1-4179-980A-E861F4789287}C:\program files\maxon\cinema 4d r20\cinema 4d.exe] => (Block) C:\program files\maxon\cinema 4d r20\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH) FirewallRules: [UDP Query User{45CFE5A9-734A-433F-961F-DCC2D0ABE5AD}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed] FirewallRules: [TCP Query User{4132A5E6-FBD7-484E-B9B9-126A5751257C}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed] FirewallRules: [UDP Query User{BF0FF537-6029-4FB6-8437-EED40580D18B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File FirewallRules: [TCP Query User{02B3DC22-BD25-49AF-B59F-0AD4FC7BC979}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File FirewallRules: [TCP Query User{0842BE26-2C89-4EA5-92A3-BCD0CB5AE75E}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [UDP Query User{E00E4221-64BA-43AC-B760-80353239B723}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [{685A9BDF-993F-4ADB-A0AC-9735DF5FF493}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.) FirewallRules: [{67F106EE-0F28-4878-A08A-733B4EF576F4}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.) FirewallRules: [TCP Query User{DDA22431-DB1F-476C-8187-C3466203AF33}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [UDP Query User{0CA4B7AA-3BFB-49C1-999D-01FC8F4E2DB9}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [{E8B93944-6E12-4C1B-B8C4-AEFFF4363FE7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform) FirewallRules: [{8B4EC4A2-75F5-4443-B3C5-1BA336AE293A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform) FirewallRules: [{8618C14C-AFE8-43F1-924F-A4DCE06BD46D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{73D36F44-B8FC-46F9-BD86-85ACCF0ED44D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C3F448DB-750B-4371-934D-4F2CF89CEBE2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{4497B2D4-F967-4811-93B1-38A39CBD5A5E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B484DAF7-D825-4122-8B3E-E23270E2BD6A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{A012426A-AF53-4AA8-9C24-F1941D4BC685}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{C8D3CEB3-49FB-4C61-9E47-B5DCDE4F54FA}C:\users\lux\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\lux\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{14CD318F-06C1-4976-A70D-0935FA648005}C:\users\lux\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\lux\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 12-03-2021 10:01:06 Windows Update ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (03/12/2021 04:09:11 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (11308,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (03/12/2021 03:57:48 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program explorer.exe version 10.0.18362.1411 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2e3c Start Time: 01d71777c98daea9 Termination Time: 59 Application Path: C:\Windows\explorer.exe Report Id: 544bb69c-2138-4219-9b5e-ae530adf3335 Faulting package full name: Faulting package-relative application ID: Hang type: Unknown Error: (03/12/2021 03:41:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 10.0.18362.1411, time stamp: 0x04a4f9f5 Faulting module name: twinui.pcshell.dll, version: 10.0.18362.1411, time stamp: 0xe2f1d77e Exception code: 0x80270233 Fault offset: 0x0000000000409c7b Faulting process id: 0x2b24 Faulting application start time: 0x01d717778c977eee Faulting application path: C:\WINDOWS\explorer.exe Faulting module path: C:\WINDOWS\system32\twinui.pcshell.dll Report Id: 7531a467-6e0e-4076-a4a0-48b4c07067e4 Faulting package full name: Faulting package-relative application ID: Error: (03/12/2021 03:41:34 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program explorer.exe version 10.0.18362.1411 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 246c Start Time: 01d7175683483116 Termination Time: 60000 Application Path: C:\Windows\explorer.exe Report Id: 5878a8c5-6b56-4124-8fe0-9cbfadc951ff Faulting package full name: Faulting package-relative application ID: Hang type: Unknown Error: (03/12/2021 03:40:37 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program winamp.exe version 5.6.6.3516 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 15c8 Start Time: 01d7177703ba4e8b Termination Time: 14495 Application Path: C:\Program Files (x86)\Winamp\winamp.exe Report Id: 015d2468-92d8-4a02-bfd1-2d89a7ff4894 Faulting package full name: Faulting package-relative application ID: Hang type: Unknown Error: (03/12/2021 03:39:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AUDIODG.EXE, version: 10.0.18362.1350, time stamp: 0x66e9554c Faulting module name: ntdll.dll, version: 10.0.18362.1411, time stamp: 0x443b1261 Exception code: 0xc0000005 Fault offset: 0x00000000000072a6 Faulting process id: 0x1218 Faulting application start time: 0x01d71776baa0a902 Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: cda830fa-fec3-438b-9ed1-fecd6fe7e63e Faulting package full name: Faulting package-relative application ID: Error: (03/12/2021 11:45:29 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SearchUI.exe version 10.0.18362.1350 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2d5c Start Time: 01d71756952b8940 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe Report Id: 45d56f90-4814-4680-922c-dfb464a55ec9 Faulting package full name: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: CortanaUI Hang type: Quiesce Error: (03/12/2021 12:06:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: hmpalert.exe, version: 3.8.8.889, time stamp: 0x5fcb59be Faulting module name: ntdll.dll, version: 10.0.18362.1411, time stamp: 0x9ace5a5f Exception code: 0xc000070a Fault offset: 0x000fee5e Faulting process id: 0xfc0 Faulting application start time: 0x01d7175241acc26a Faulting application path: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 268dac3d-35f9-4250-956a-1918f67f6aa7 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (03/12/2021 04:02:14 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout. Error: (03/12/2021 04:00:14 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout. Error: (03/12/2021 03:58:14 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout. Error: (03/12/2021 03:57:59 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8) Description: Unable to start a DCOM Server: Microsoft.AAD.BrokerPlugin_1000.18362.449.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider as Unavailable/Unavailable. The error: "2147942402" Happened while starting this command: "C:\WINDOWS\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider Error: (03/12/2021 03:57:52 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8) Description: Unable to start a DCOM Server: Microsoft.Windows.ContentDeliveryManager_10.0.18362.449_neutral_neutral_cw5n1h2txyewy!App.AppXea6epmb5w19sjwy9ckw8md46dm93nhkq.mca as Unavailable/Unavailable. The error: "2147942402" Happened while starting this command: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca Error: (03/12/2021 03:57:50 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8) Description: Unable to start a DCOM Server: Microsoft.AAD.BrokerPlugin_1000.18362.449.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider as Unavailable/Unavailable. The error: "2147942402" Happened while starting this command: "C:\WINDOWS\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider Error: (03/12/2021 03:55:07 PM) (Source: DCOM) (EventID: 10029) (User: DESKTOP-E8BVDK8) Description: The activation of the CLSID {E60687F7-01A1-40AA-86AC-DB1CBF673334} timed out waiting for the service wuauserv to stop. Error: (03/12/2021 03:53:37 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-E8BVDK8) Description: Unable to start a DCOM Server: Microsoft.AAD.BrokerPlugin_1000.18362.449.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider as Unavailable/Unavailable. The error: "2147942402" Happened while starting this command: "C:\WINDOWS\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider ==================== Memory info =========================== BIOS: American Megatrends Inc. P1.00 10/05/2015 Motherboard: ASRock N68-GS4/USB3 FX R2.0 Processor: AMD FX(tm)-4100 Quad-Core Processor Percentage of memory in use: 60% Total physical RAM: 8175.24 MB Available physical RAM: 3214.7 MB Total Virtual: 9135.24 MB Available Virtual: 3673.19 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.23 GB) (Free:53.3 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:465.75 GB) (Free:14.87 GB) NTFS Drive e: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.28 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: (inthestudio) (Fixed) (Total:230 GB) (Free:4.9 GB) NTFS Drive g: () (Fixed) (Total:1402.67 GB) (Free:133.69 GB) NTFS Drive h: () (Fixed) (Total:232.88 GB) (Free:12.32 GB) NTFS Drive i: (inthestudio) (Fixed) (Total:230 GB) (Free:4.68 GB) NTFS Drive j: (DAT) (Fixed) (Total:232.88 GB) (Free:4.96 GB) NTFS \\?\Volume{465b29d7-0000-0000-0000-800e25000000}\ () (Fixed) (Total:0.81 GB) (Free:0.38 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: 465B29D7) Partition 1: (Active) - (Size=148.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=833 MB) - (Type=27) ========================================================== Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3A233A22) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.8 GB) - (Type=0F Extended) ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: E474C32A) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1402.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=230 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=230 GB) - (Type=0F Extended) ==================== End of Addition.txt ======================= Link to post Share on other sites More sharing options...
kevinf80 Posted March 12, 2021 ID:1444311 Share Posted March 12, 2021 Part of the primary log from FRST "frst.txt" is missing, can ypou post the full log. Logs are saved here: C:\FRST\Logs Link to post Share on other sites More sharing options...
iamthefutureofall Posted March 13, 2021 Author ID:1444341 Share Posted March 13, 2021 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021 Ran by lux (administrator) on DESKTOP-E8BVDK8 (12-03-2021 16:40:00) Running from C:\Users\lux\Downloads Loaded Profiles: lux Platform: Windows 10 Pro Version 1909 18363.1440 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\afwServ.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4> (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SurfRight B.V. -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe <2> ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation) HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124032 2018-05-26] (Corel Corporation -> WinZip Computing) HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2018-05-26] (WinZip Computing LLC -> WinZip Computing, S.L.) HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [164608 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2021-01-04] (Adobe Inc. -> ) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2021-01-04] (Adobe Inc. -> ) HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11221496 2021-03-09] (Support.com Inc -> SUPERAntiSpyware) HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Policies\Explorer: [] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.82\Installer\chrmstp.exe [2021-03-06] (Google LLC -> Google LLC) Startup: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk [2019-08-01] ShortcutTarget: GenuineService.lnk -> C:\Users\lux\Autodesk\Genuine Service\GenuineService.exe (Autodesk, Inc. -> Autodesk) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01A04EEC-D266-47C6-8ADD-FF966248287A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {0A4FB83A-1270-4965-91B6-680438E2F205} - System32\Tasks\Mozilla\Firefox Developer Edition Default Browser Agent CA9422711AE1A81C => C:\Program Files\Firefox Developer Edition\default-browser-agent.exe do-task "CA9422711AE1A81C" Task: {1406319A-9FA7-446C-AF35-8280D92A044A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4730624 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) Task: {21C83A50-A09B-47BF-8865-F5469F008F33} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694752 2021-03-06] (Mozilla Corporation -> Mozilla Foundation) Task: {25DFC818-592C-4F1E-8A47-946ADB76658F} - System32\Tasks\Mozilla\Firefox Nightly Default Browser Agent 6F193CCC56814779 => C:\Program Files\Firefox Nightly\default-browser-agent.exe do-task "6F193CCC56814779" Task: {2E352502-2149-4F32-8A79-42005652AF6D} - System32\Tasks\BlueStacksHelper => G:\BLUESTACKS\BlueStacks\Client\Helper\BlueStacksHelper.exe [754104 2021-01-07] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) Task: {3876FCD3-C190-47B2-8DC8-3865B4991A0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-30] (Google LLC -> Google LLC) Task: {43912CE4-F6E9-4955-969E-8557BE97E7A7} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4022856778-3193992897-3864231476-1001 => C:\Users\lux\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {46D1C481-5130-4D61-9D33-0F2BD2308980} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation) Task: {49FB58B4-DD4B-4519-9206-9B69F501BB2E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.) Task: {57828313-D46B-4DE3-918D-00A4CF78BB82} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {740564A6-C064-48B7-A7E5-33A2A6660DE6} - System32\Tasks\Shutdown at 4 => Shutdown [Argument = at 4] Task: {821141F5-F23A-4F86-A008-FDB5CCD5A346} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1822976 2021-02-23] (AVG Technologies USA, LLC -> AVG Technologies) Task: {994054D5-6822-45FF-89C4-9C133A0C43D0} - System32\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:f670f671-a83d-4db4-af77-19ffa5594347 Task: {9F26A201-557A-4803-A6BF-2541A4EF421E} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation) Task: {B6462D50-60A9-49F7-BC85-911014C5C53D} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation) Task: {B70DDA39-D8A1-41F8-840C-E5B7DE12AEF2} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {BC84898B-089D-4A76-9331-286EFD5930BD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd) Task: {CF4233E2-36D6-4197-8DBB-A1D8C4910BAC} - System32\Tasks\shutdown => shutdown [Argument = /s /f /t 0] Task: {D17D65C3-2279-43EE-8C27-AD00AF3D841F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform) Task: {D977AB8B-28E7-4CE4-9AD9-B4EAD98B3CED} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {DF3F98B6-0381-4DB6-9F50-78364C6EFAE7} - System32\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:d7b383c5-6fed-4ab5-a88a-e04bda5480a0 Task: {E560DDA1-0B98-4B0F-9145-54E31B6E7F6C} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {F0DC8573-8780-481F-9B08-401CEE6FEE9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-30] (Google LLC -> Google LLC) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Internet (All) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\NLAapi.dll [70144 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9 14 C:\WINDOWS\SysWOW64\mswsock.dll [325432 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5-x64 01 C:\Windows\system32\napinsp.dll [68096 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5-x64 02 C:\Windows\system32\pnrpnsp.dll [86528 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5-x64 03 C:\Windows\system32\pnrpnsp.dll [86528 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5-x64 04 C:\Windows\System32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5-x64 05 C:\Windows\System32\winrnr.dll [31232 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5-x64 06 C:\Windows\system32\NLAapi.dll [93184 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog5-x64 07 C:\Windows\system32\wshbth.dll [64000 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 01 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 02 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 03 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 04 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 05 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 06 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 07 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 08 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 09 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 10 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 11 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 12 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 13 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Winsock: Catalog9-x64 14 C:\Windows\system32\mswsock.dll [408064 2021-03-12] (Microsoft Windows -> Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 200.49.130.40 200.42.4.198 Tcpip\..\Interfaces\{588c67e1-02d4-490e-be08-ba8568127598}: [DhcpNameServer] 200.49.130.40 200.42.4.198 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\lux\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-12] Edge HomePage: Default -> hxxp://www.google.com/ncr Edge DefaultSearchURL: Default -> {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:iOSSearchLanguage}{google:prefetchSource}{google:searchClient}{google:sourceId}{google:contextualSearchVersion}ie={inputEncoding} Edge DefaultSearchKeyword: Default -> google.com Edge DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:omniboxFocusType}{google:cursorPosition}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} StartMenuInternet: Microsoft Edge - "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" Link to post Share on other sites More sharing options...
kevinf80 Posted March 13, 2021 ID:1444416 Share Posted March 13, 2021 That log is also not complete. Can you run FRST again and post new log.. Link to post Share on other sites More sharing options...
iamthefutureofall Posted March 13, 2021 Author ID:1444434 Share Posted March 13, 2021 did it and then this Link to post Share on other sites More sharing options...
kevinf80 Posted March 13, 2021 ID:1444436 Share Posted March 13, 2021 FRST is not malicious, it is used many times daily here at Malwarebytes and lots of other similar websites. If AVG continues to flag FRST either accept the alert or add as an exclusion or if no other way just turn AVG off.... Link to post Share on other sites More sharing options...
iamthefutureofall Posted March 13, 2021 Author ID:1444437 Share Posted March 13, 2021 ok will do it right now for you , I'll stay connected Link to post Share on other sites More sharing options...
iamthefutureofall Posted March 13, 2021 Author ID:1444440 Share Posted March 13, 2021 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2021 Ran by lux (administrator) on DESKTOP-E8BVDK8 (13-03-2021 08:21:25) Running from C:\Users\lux\Desktop\FIRST Loaded Profiles: lux Platform: Windows 10 Pro Version 1909 18363.1440 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361132.inf_amd64_4863ccf4c1b997c9\B361196\atieclxx.exe (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361132.inf_amd64_4863ccf4c1b997c9\B361196\atiesrxx.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\afwServ.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <3> (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe (Avid Technology, Inc. -> M-Audio) C:\Program Files (x86)\M-Audio\Fast Track\AudioDevMon.exe (Chaos Software Ltd. -> ) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe (Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9> (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe (Nullsoft Inc. -> Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SurfRight B.V. -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe <3> ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation) HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124032 2018-05-26] (Corel Corporation -> WinZip Computing) HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2018-05-26] (WinZip Computing LLC -> WinZip Computing, S.L.) HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [164608 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2021-01-04] (Adobe Inc. -> ) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2021-01-04] (Adobe Inc. -> ) HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11221496 2021-03-09] (Support.com Inc -> SUPERAntiSpyware) HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Policies\Explorer: [] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe [2021-03-12] (Google LLC -> Google LLC) Startup: C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk [2019-08-01] ShortcutTarget: GenuineService.lnk -> C:\Users\lux\Autodesk\Genuine Service\GenuineService.exe (Autodesk, Inc. -> Autodesk) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01A04EEC-D266-47C6-8ADD-FF966248287A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {053C1485-0519-4553-9CE7-75EC4E2ADED9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Antivirus Emergency Update" /ENABLE Task: {053C1485-0519-4553-9CE7-75EC4E2ADED9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE Task: {053C1485-0519-4553-9CE7-75EC4E2ADED9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE Task: {053C1485-0519-4553-9CE7-75EC4E2ADED9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-4022856778-3193992897-3864231476-1001" /ENABLE Task: {053C1485-0519-4553-9CE7-75EC4E2ADED9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0" /ENABLE Task: {053C1485-0519-4553-9CE7-75EC4E2ADED9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347" /ENABLE Task: {053C1485-0519-4553-9CE7-75EC4E2ADED9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE Task: {0A4FB83A-1270-4965-91B6-680438E2F205} - System32\Tasks\Mozilla\Firefox Developer Edition Default Browser Agent CA9422711AE1A81C => C:\Program Files\Firefox Developer Edition\default-browser-agent.exe do-task "CA9422711AE1A81C" Task: {1406319A-9FA7-446C-AF35-8280D92A044A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4730624 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) Task: {21C83A50-A09B-47BF-8865-F5469F008F33} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694752 2021-03-06] (Mozilla Corporation -> Mozilla Foundation) Task: {25DFC818-592C-4F1E-8A47-946ADB76658F} - System32\Tasks\Mozilla\Firefox Nightly Default Browser Agent 6F193CCC56814779 => C:\Program Files\Firefox Nightly\default-browser-agent.exe do-task "6F193CCC56814779" Task: {2E352502-2149-4F32-8A79-42005652AF6D} - System32\Tasks\BlueStacksHelper => G:\BLUESTACKS\BlueStacks\Client\Helper\BlueStacksHelper.exe [754104 2021-01-07] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) Task: {3876FCD3-C190-47B2-8DC8-3865B4991A0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-30] (Google LLC -> Google LLC) Task: {43912CE4-F6E9-4955-969E-8557BE97E7A7} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4022856778-3193992897-3864231476-1001 => C:\Users\lux\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {46D1C481-5130-4D61-9D33-0F2BD2308980} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation) Task: {49FB58B4-DD4B-4519-9206-9B69F501BB2E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.) Task: {57828313-D46B-4DE3-918D-00A4CF78BB82} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {740564A6-C064-48B7-A7E5-33A2A6660DE6} - System32\Tasks\Shutdown at 4 => Shutdown [Argument = at 4] Task: {821141F5-F23A-4F86-A008-FDB5CCD5A346} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1822976 2021-02-23] (AVG Technologies USA, LLC -> AVG Technologies) Task: {994054D5-6822-45FF-89C4-9C133A0C43D0} - System32\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:f670f671-a83d-4db4-af77-19ffa5594347 Task: {9F26A201-557A-4803-A6BF-2541A4EF421E} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation) Task: {B6462D50-60A9-49F7-BC85-911014C5C53D} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-05-26] (Corel Corporation -> Corel Corporation) Task: {B70DDA39-D8A1-41F8-840C-E5B7DE12AEF2} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {BC84898B-089D-4A76-9331-286EFD5930BD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd) Task: {CF4233E2-36D6-4197-8DBB-A1D8C4910BAC} - System32\Tasks\shutdown => shutdown [Argument = /s /f /t 0] Task: {D17D65C3-2279-43EE-8C27-AD00AF3D841F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform) Task: {D977AB8B-28E7-4CE4-9AD9-B4EAD98B3CED} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {DF3F98B6-0381-4DB6-9F50-78364C6EFAE7} - System32\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:d7b383c5-6fed-4ab5-a88a-e04bda5480a0 Task: {E560DDA1-0B98-4B0F-9145-54E31B6E7F6C} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {F0DC8573-8780-481F-9B08-401CEE6FEE9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-30] (Google LLC -> Google LLC) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 200.42.4.207 200.49.130.41 Tcpip\..\Interfaces\{588c67e1-02d4-490e-be08-ba8568127598}: [DhcpNameServer] 200.42.4.207 200.49.130.41 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\lux\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-12] Edge HomePage: Default -> hxxp://www.google.com/ncr FireFox: ======== FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems) StartMenuInternet: Firefox-6F193CCC56814779 - C:\Program Files\Firefox Nightly\firefox.exe Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default [2021-03-13] CHR StartupUrls: Default -> "hxxps://www.google.com/ncr" CHR DefaultSearchURL: Default -> hxxps://sf16-sg.tiktokcdn.com/obj/eden-sg/uvkuhyieh7lpqpbj/pwa/512x512.png CHR Extension: (TikTok) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahoadnkmomodgfkfokbclmabbfdaejpe [2021-02-03] CHR Extension: (Tema oscuro para Google Chrome) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\annfbnbieaamhaimclajlajpijgkdblo [2021-03-10] CHR Extension: (Google Drive) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26] CHR Extension: (TT Downloader) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbckhiepgpniilpmlionnkjoeehhgao [2020-11-06] CHR Extension: (YouTube) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-26] CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29] CHR Extension: (Video Downloader professional) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2020-11-30] CHR Extension: (WhatFont) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\enfmjcmgehfjmhdbdceflcijljnpjfjh [2021-03-01] CHR Extension: (Documentos de Google sin conexión) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-10] CHR Extension: (WhatFont) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2021-03-01] CHR Extension: (Tema oscuro para cualquier sitio web) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhodgikjfpkmcfeokjkanalglikhcgoh [2021-03-13] CHR Extension: (Right Click Opens Link New Tab Correct Order) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhjkeimpgjokbjmioglhlngefbddppnn [2020-11-05] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR Extension: (Video Downloader by Skyload) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\pebcmofchocakhnljflecpkhadfplaea [2020-11-19] CHR Extension: (Gmail) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-26] CHR Extension: (Chrome Media Router) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-03] CHR Profile: C:\Users\lux\AppData\Local\Google\Chrome\User Data\System Profile [2021-03-10] CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) S3 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated) S3 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [16939312 2019-01-08] (Autodesk, Inc. -> Autodesk) S3 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.) R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [622184 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [1301208 2021-03-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [353024 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8091704 2021-03-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109464 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8736880 2021-01-02] (BattlEye Innovations e.K. -> ) S4 DialogBlockingService; C:\WINDOWS\System32\DialogBlockingService.dll [75776 2021-03-12] (Microsoft Windows -> Microsoft Corporation) R2 FastTrackAudioDevMon; C:\Program Files (x86)\M-Audio\Fast Track\AudioDevMon.exe [1962768 2013-05-21] (Avid Technology, Inc. -> M-Audio) R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [5136328 2021-03-08] (SurfRight B.V. -> SurfRight B.V.) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-10] (Malwarebytes Inc -> Malwarebytes) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6477936 2021-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 VRLService; C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe [12089880 2020-12-06] (Chaos Software Ltd. -> ) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\NisSrv.exe [3284840 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MsMpEng.exe [103168 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation) S2 wordpressApache; C:\Bitnami\wordpress-5.6-3\apache2\bin\httpd.exe [29696 2020-10-03] (Apache Software Foundation) [File not signed] S2 wordpressMySQL; C:\Bitnami\wordpress-5.6-3\mysql\bin\mysqld.exe [49974272 2020-09-23] () [File not signed] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [208176 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [357400 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [249368 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [98840 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [16832 2020-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.) R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [41424 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [175368 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [521472 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [107920 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [83496 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [850248 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [465800 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [215464 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [327104 2021-02-22] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-04] (Bluestack Systems, Inc -> Bluestack System Inc.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-03-10] (Malwarebytes Corporation -> Malwarebytes) R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [429800 2021-03-08] (SurfRight B.V. -> SurfRight B.V.) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech) R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.) R3 MAUSBFASTTRACK; C:\WINDOWS\System32\drivers\MAudioFastTrack.sys [460048 2013-05-21] (Avid Technology, Inc. -> M-Audio) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-03-12] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-03-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-03-12] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-03-12] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-10] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [155360 2021-03-12] (Malwarebytes Inc -> Malwarebytes) S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2020-10-14] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-07-31] (TunnelBear, Inc. -> The OpenVPN Project) S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [44976 2018-09-07] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-02-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [376032 2020-02-04] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2020-02-04] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-03-13 08:15 - 2021-03-13 08:21 - 000000000 ____D C:\Users\lux\Desktop\FIRST 2021-03-13 07:04 - 2021-03-13 07:04 - 000000000 ___HD C:\$SysReset 2021-03-12 23:11 - 2021-03-12 23:11 - 000000000 ___HD C:\$Windows.~WS 2021-03-12 20:55 - 2021-03-13 03:33 - 000000000 ____D C:\ESD 2021-03-12 20:37 - 2021-03-12 20:37 - 000000000 ____D C:\$WINDOWS.~BT 2021-03-12 18:24 - 2021-03-12 18:33 - 000000000 ____D C:\WINDOWS\Minidump 2021-03-12 17:28 - 2021-03-12 17:28 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-03-12 17:28 - 2021-03-12 17:28 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2021-03-12 17:27 - 2021-03-12 17:27 - 000155360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2021-03-12 17:15 - 2021-03-12 17:15 - 000000698 _____ C:\Users\lux\Desktop\malwarebytes.txt 2021-03-12 16:06 - 2021-03-13 08:22 - 000000000 ____D C:\FRST 2021-03-12 12:08 - 2021-03-12 12:13 - 000000000 ____D C:\AdwCleaner 2021-03-12 12:03 - 2021-03-10 16:07 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-03-12 10:44 - 2021-03-13 08:10 - 000003442 _____ C:\WINDOWS\system32\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347 2021-03-12 10:44 - 2021-03-13 08:10 - 000003184 _____ C:\WINDOWS\system32\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0 2021-03-12 10:44 - 2021-03-13 08:10 - 000000538 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f670f671-a83d-4db4-af77-19ffa5594347.job 2021-03-12 10:44 - 2021-03-13 08:10 - 000000538 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d7b383c5-6fed-4ab5-a88a-e04bda5480a0.job 2021-03-12 10:32 - 2021-03-12 10:32 - 000000020 ___SH C:\Users\lux\ntuser.ini 2021-03-12 08:29 - 2021-03-12 08:43 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2021-03-12 08:26 - 2021-03-12 08:28 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2021-03-12 08:26 - 2021-03-12 08:26 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2021-03-12 08:16 - 2021-03-12 08:16 - 000000000 ____D C:\ProgramData\USOShared 2021-03-12 08:16 - 2021-03-12 08:16 - 000000000 ____D C:\ProgramData\ssh 2021-03-12 08:03 - 2021-03-12 08:03 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll 2021-03-12 08:03 - 2021-03-12 08:03 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx 2021-03-12 08:00 - 2021-03-12 08:00 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr 2021-03-12 08:00 - 2021-03-12 08:00 - 000515584 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll 2021-03-12 08:00 - 2021-03-12 08:00 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr 2021-03-12 08:00 - 2021-03-12 08:00 - 000151040 _____ C:\WINDOWS\system32\uwfcsp.dll 2021-03-12 08:00 - 2021-03-12 08:00 - 000109056 _____ C:\WINDOWS\system32\RDVGHelper.exe 2021-03-12 08:00 - 2021-03-12 08:00 - 000094720 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll 2021-03-12 08:00 - 2021-03-12 08:00 - 000030720 _____ C:\WINDOWS\system32\uwfservicingapi.dll 2021-03-12 07:59 - 2021-03-12 07:59 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax 2021-03-12 07:59 - 2021-03-12 07:59 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax 2021-03-12 07:59 - 2021-03-12 07:59 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax 2021-03-12 07:59 - 2021-03-12 07:59 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl 2021-03-12 07:58 - 2021-03-12 07:58 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-03-12 07:58 - 2021-03-12 07:58 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx 2021-03-12 07:58 - 2021-03-12 07:58 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl 2021-03-12 07:58 - 2021-03-12 07:58 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2021-03-12 07:58 - 2021-03-12 07:58 - 000386048 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\SysWOW64\curl.exe 2021-03-12 07:58 - 2021-03-12 07:58 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2021-03-12 07:58 - 2021-03-12 07:58 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2021-03-12 07:58 - 2021-03-12 07:58 - 000053248 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll 2021-03-12 07:57 - 2021-03-12 07:57 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-03-12 07:57 - 2021-03-12 07:57 - 002045952 _____ C:\WINDOWS\system32\rdpnano.dll 2021-03-12 07:57 - 2021-03-12 07:57 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2021-03-12 07:57 - 2021-03-12 07:57 - 000259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax 2021-03-12 07:57 - 2021-03-12 07:57 - 000171008 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll 2021-03-12 07:57 - 2021-03-12 07:57 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax 2021-03-12 07:57 - 2021-03-12 07:57 - 000059221 _____ C:\WINDOWS\system32\srms.dat 2021-03-12 07:56 - 2021-03-12 07:56 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll 2021-03-12 07:56 - 2021-03-12 07:56 - 001282360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-03-12 07:56 - 2021-03-12 07:56 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll 2021-03-12 07:56 - 2021-03-12 07:56 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll 2021-03-12 07:56 - 2021-03-12 07:56 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll 2021-03-12 07:56 - 2021-03-12 07:56 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx 2021-03-12 07:56 - 2021-03-12 07:56 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2021-03-12 07:56 - 2021-03-12 07:56 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2021-03-12 07:56 - 2021-03-12 07:56 - 000421376 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe 2021-03-12 07:56 - 2021-03-12 07:56 - 000110080 _____ C:\WINDOWS\system32\ResBParser.dll 2021-03-12 07:56 - 2021-03-12 07:56 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2021-03-12 07:56 - 2021-03-12 07:56 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll 2021-03-12 07:56 - 2021-03-12 07:56 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll 2021-03-12 07:56 - 2021-03-12 07:56 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth19.bin 2021-03-12 07:56 - 2021-03-12 07:56 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth14.bin 2021-03-12 07:56 - 2021-03-12 07:56 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth13.bin 2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin 2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin 2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin 2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin 2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin 2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin 2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin 2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin 2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin 2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin 2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin 2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin 2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin 2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin 2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin 2021-03-12 07:56 - 2021-03-12 07:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin 2021-03-12 07:55 - 2021-03-12 07:55 - 000458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl 2021-03-12 07:55 - 2021-03-12 07:55 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl 2021-03-12 07:55 - 2021-03-12 07:55 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl 2021-03-12 07:55 - 2021-03-12 07:55 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl 2021-03-12 07:55 - 2021-03-12 07:55 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2021-03-12 07:54 - 2021-03-12 07:54 - 001893888 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll 2021-03-12 07:54 - 2021-03-12 07:54 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2021-03-12 07:54 - 2021-03-12 07:54 - 000208384 _____ C:\WINDOWS\SysWOW64\HeatCore.dll 2021-03-12 07:53 - 2021-03-12 07:53 - 000861696 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-03-12 07:53 - 2021-03-12 07:53 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-03-12 07:53 - 2021-03-12 07:53 - 000331264 _____ C:\WINDOWS\SysWOW64\ssdm.dll 2021-03-12 07:53 - 2021-03-12 07:53 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl 2021-03-12 07:53 - 2021-03-12 07:53 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl 2021-03-12 07:53 - 2021-03-12 07:53 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl 2021-03-12 07:52 - 2021-03-12 07:52 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll 2021-03-12 07:52 - 2021-03-12 07:52 - 002590720 _____ C:\WINDOWS\system32\dwmscene.dll 2021-03-12 07:52 - 2021-03-12 07:52 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll 2021-03-12 07:52 - 2021-03-12 07:52 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll 2021-03-12 07:52 - 2021-03-12 07:52 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll 2021-03-12 07:52 - 2021-03-12 07:52 - 000811160 _____ C:\WINDOWS\SysWOW64\locale.nls 2021-03-12 07:52 - 2021-03-12 07:52 - 000811160 _____ C:\WINDOWS\system32\locale.nls 2021-03-12 07:52 - 2021-03-12 07:52 - 000059392 _____ C:\WINDOWS\system32\runexehelper.exe 2021-03-12 07:52 - 2021-03-12 07:52 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll 2021-03-12 07:52 - 2021-03-12 07:52 - 000047616 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2021-03-12 07:52 - 2021-03-12 07:52 - 000035840 _____ C:\WINDOWS\system32\deploymentcsphelper.exe 2021-03-12 07:52 - 2021-03-12 07:52 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt 2021-03-12 07:51 - 2021-03-12 07:51 - 002321408 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2021-03-12 07:51 - 2021-03-12 07:51 - 001757632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-03-12 07:51 - 2021-03-12 07:51 - 001365640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-03-12 07:51 - 2021-03-12 07:51 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl 2021-03-12 07:51 - 2021-03-12 07:51 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl 2021-03-12 07:51 - 2021-03-12 07:51 - 000232752 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-03-12 07:51 - 2021-03-12 07:51 - 000186368 _____ C:\WINDOWS\system32\BthpanContextHandler.dll 2021-03-12 07:51 - 2021-03-12 07:51 - 000053248 _____ C:\WINDOWS\system32\Drivers\UsbPmApi.sys 2021-03-12 07:51 - 2021-03-12 07:51 - 000047616 _____ C:\WINDOWS\system32\UsbPmApi.dll 2021-03-12 07:51 - 2021-03-12 07:51 - 000037888 _____ C:\WINDOWS\system32\usocoreps.dll 2021-03-12 07:50 - 2021-03-12 07:50 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2021-03-12 07:50 - 2021-03-12 07:50 - 000266752 _____ C:\WINDOWS\system32\HeatCore.dll 2021-03-12 07:49 - 2021-03-12 07:49 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin 2021-03-12 07:49 - 2021-03-12 07:49 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-03-12 07:49 - 2021-03-12 07:49 - 000453632 _____ C:\WINDOWS\system32\ssdm.dll 2021-03-12 07:49 - 2021-03-12 07:49 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl 2021-03-12 07:49 - 2021-03-12 07:49 - 000200704 _____ C:\WINDOWS\system32\IHDS.dll 2021-03-12 07:49 - 2021-03-12 07:49 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-03-12 07:49 - 2021-03-12 07:49 - 000061440 _____ C:\WINDOWS\system32\rdsxvmaudio.dll 2021-03-12 07:49 - 2021-03-12 07:49 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2021-03-12 07:15 - 2021-03-12 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\es 2021-03-12 07:15 - 2021-03-12 07:15 - 000000000 ____D C:\WINDOWS\system32\es 2021-03-12 07:15 - 2021-03-12 07:14 - 000346834 _____ C:\WINDOWS\system32\perfi00A.dat 2021-03-12 07:15 - 2021-03-12 07:14 - 000043954 _____ C:\WINDOWS\system32\perfd00A.dat 2021-03-12 07:15 - 2021-03-12 06:10 - 000783214 _____ C:\WINDOWS\system32\perfh00A.dat 2021-03-12 07:15 - 2021-03-12 06:10 - 000152732 _____ C:\WINDOWS\system32\perfc00A.dat 2021-03-12 07:02 - 2021-03-12 07:01 - 000144624 _____ C:\WINDOWS\system32\perfi011.dat 2021-03-12 07:02 - 2021-03-12 07:01 - 000033402 _____ C:\WINDOWS\system32\perfd011.dat 2021-03-12 07:02 - 2021-03-12 06:10 - 000487246 _____ C:\WINDOWS\system32\perfh011.dat 2021-03-12 07:02 - 2021-03-12 06:10 - 000132876 _____ C:\WINDOWS\system32\perfc011.dat 2021-03-12 07:01 - 2021-03-12 07:15 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2021-03-12 07:01 - 2021-03-12 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\ja 2021-03-12 07:01 - 2021-03-12 07:01 - 000000000 ____D C:\WINDOWS\system32\ja 2021-03-12 06:48 - 2021-03-12 06:48 - 000002060 _____ C:\WINDOWS\system32\noise.jpn 2021-03-12 06:47 - 2021-03-12 06:47 - 000415232 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe 2021-03-12 06:47 - 2021-03-12 06:47 - 000390656 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe 2021-03-12 06:46 - 2021-03-12 06:46 - 000000000 ____D C:\Program Files\Reference Assemblies 2021-03-12 06:46 - 2021-03-12 06:46 - 000000000 ____D C:\Program Files\MSBuild 2021-03-12 06:46 - 2021-03-12 06:46 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2021-03-12 06:46 - 2021-03-12 06:46 - 000000000 ____D C:\Program Files (x86)\MSBuild 2021-03-12 06:22 - 2021-03-13 08:10 - 000002922 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4022856778-3193992897-3864231476-1001 2021-03-12 06:18 - 2021-03-12 06:18 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2021-03-12 05:59 - 2021-03-12 10:23 - 000000000 ____D C:\Users\TEMP.DESKTOP-E8BVDK8.001 2021-03-12 05:59 - 2019-03-19 00:46 - 000001105 _____ C:\Users\TEMP.DESKTOP-E8BVDK8.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-12 05:58 - 2021-03-12 05:59 - 000000000 ____D C:\Users\TEMP.DESKTOP-E8BVDK8.000 2021-03-12 05:58 - 2021-03-12 05:58 - 000000000 ____D C:\Users\TEMP.DESKTOP-E8BVDK8 2021-03-12 05:58 - 2019-03-19 00:46 - 000001105 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-12 05:58 - 2019-03-19 00:46 - 000001105 _____ C:\Users\TEMP.DESKTOP-E8BVDK8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-12 05:57 - 2021-03-12 05:58 - 000000000 ____D C:\Users\TEMP 2021-03-12 05:54 - 2021-03-13 08:10 - 000003310 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update 2021-03-12 05:54 - 2021-03-13 08:10 - 000003254 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-03-12 05:54 - 2021-03-13 08:10 - 000002280 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2021-03-12 05:54 - 2021-03-13 08:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software 2021-03-12 05:54 - 2021-03-12 18:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-03-12 05:54 - 2021-03-12 05:55 - 000003406 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-03-12 05:54 - 2021-03-12 05:55 - 000003366 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{46C008D5-D1E8-4A00-B94C-58EEA7E7B826} 2021-03-12 05:54 - 2021-03-12 05:55 - 000002754 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 2 2021-03-12 05:54 - 2021-03-12 05:55 - 000002752 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 3 2021-03-12 05:54 - 2021-03-12 05:55 - 000002752 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 1 2021-03-12 05:54 - 2021-03-12 05:55 - 000002672 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0 2021-03-12 05:54 - 2021-03-12 05:55 - 000002516 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate 2021-03-12 05:54 - 2021-03-12 05:55 - 000002426 _____ C:\WINDOWS\system32\Tasks\shutdown 2021-03-12 05:54 - 2021-03-12 05:55 - 000002424 _____ C:\WINDOWS\system32\Tasks\Shutdown at 4 2021-03-12 05:54 - 2021-03-12 05:54 - 000003468 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-03-12 05:54 - 2021-03-12 05:54 - 000003244 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-03-12 05:54 - 2021-03-12 05:54 - 000003182 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-03-12 05:54 - 2021-03-12 05:54 - 000003024 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper 2021-03-12 05:54 - 2021-03-12 05:54 - 000002448 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate 2021-03-12 05:54 - 2021-03-12 05:54 - 000002262 _____ C:\WINDOWS\system32\Tasks\StartCN 2021-03-12 05:54 - 2021-03-12 05:54 - 000002182 _____ C:\WINDOWS\system32\Tasks\StartDVR 2021-03-12 05:54 - 2021-03-12 05:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation 2021-03-12 05:54 - 2021-03-12 05:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software 2021-03-12 05:54 - 2021-03-12 05:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-03-12 05:54 - 2021-03-12 05:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG 2021-03-12 05:54 - 2021-03-12 05:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple 2021-03-12 05:51 - 2021-03-12 23:01 - 000012975 _____ C:\WINDOWS\diagwrn.xml 2021-03-12 05:51 - 2021-03-12 23:01 - 000009528 _____ C:\WINDOWS\diagerr.xml 2021-03-12 05:15 - 2021-03-12 12:04 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-03-12 05:15 - 2021-03-12 06:10 - 002378712 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-03-12 04:58 - 2021-03-12 18:27 - 000000000 ____D C:\Users\lux 2021-03-12 04:58 - 2019-03-19 00:46 - 000001105 _____ C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-12 04:45 - 2021-03-13 05:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-03-12 04:45 - 2021-03-12 05:08 - 005146480 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-03-11 16:12 - 2021-03-11 16:13 - 000000000 ____D C:\windows update fix 2021-03-11 16:08 - 2021-03-11 16:08 - 000000000 ____D C:\Users\lux\AppData\Roaming\SUPERAntiSpyware.com 2021-03-11 16:06 - 2021-03-12 05:05 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2021-03-11 16:06 - 2021-03-11 16:08 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2021-03-11 16:06 - 2021-03-11 16:06 - 000001849 _____ C:\Users\lux\Desktop\SUPERAntiSpyware Professional X.lnk 2021-03-11 16:06 - 2021-03-11 16:06 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2021-03-11 16:02 - 2021-03-11 16:02 - 000000000 ____D C:\Users\lux\AppData\Local\ElevatedDiagnostics 2021-03-11 15:58 - 2021-03-11 15:58 - 000000689 _____ C:\Users\lux\Desktop\trojan.txt 2021-03-11 15:57 - 2021-03-11 15:57 - 000001459 _____ C:\Users\lux\Desktop\malware ai.txt 2021-03-11 15:57 - 2021-03-11 15:57 - 000000693 _____ C:\Users\lux\Desktop\compromised.txt 2021-03-11 15:33 - 2021-03-11 15:50 - 000000000 ____D C:\Users\lux\AppData\Local\NPE 2021-03-11 12:18 - 2021-03-13 03:33 - 000000000 ___DC C:\WINDOWS\Panther 2021-03-11 11:49 - 2021-03-12 10:06 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-03-10 16:11 - 2021-03-12 12:04 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-03-10 16:11 - 2021-03-12 12:04 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-03-10 16:11 - 2021-03-10 16:11 - 000000000 ____D C:\Users\lux\AppData\Local\mbam 2021-03-10 16:10 - 2021-03-10 16:10 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-03-10 16:10 - 2021-03-10 16:07 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-03-10 16:07 - 2021-03-10 16:07 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-03-10 16:06 - 2021-03-10 16:06 - 000000000 ____D C:\Program Files\Malwarebytes 2021-03-09 19:33 - 2021-03-12 15:42 - 000000000 ____D C:\Users\lux\AppData\Local\CrashDumps 2021-03-09 17:41 - 2021-03-09 17:41 - 000000000 ____D C:\ProgramData\Sophos 2021-03-09 17:40 - 2021-03-12 08:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2021-03-09 17:40 - 2021-03-09 17:40 - 000002775 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk 2021-03-09 17:40 - 2021-03-09 17:40 - 000000000 ____D C:\Program Files (x86)\Sophos 2021-03-09 16:55 - 2021-03-09 16:55 - 000001864 _____ C:\Users\lux\Desktop\cc_20210309_165530.reg 2021-03-09 16:54 - 2021-03-09 16:54 - 000069224 _____ C:\Users\lux\Desktop\cc_20210309_165437.reg 2021-03-09 04:28 - 2021-03-09 04:28 - 000000000 ____D C:\Users\lux\AppData\Local\VS Revo Group 2021-03-09 04:21 - 2021-03-12 08:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2021-03-09 04:21 - 2021-03-09 04:21 - 000001122 _____ C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk 2021-03-09 04:21 - 2021-03-09 04:21 - 000000000 ____D C:\ProgramData\VS Revo Group 2021-03-09 04:21 - 2021-03-09 04:21 - 000000000 ____D C:\Program Files\VS Revo Group 2021-03-09 04:21 - 2020-10-14 04:07 - 000038400 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys 2021-03-09 03:30 - 2021-03-09 03:30 - 000000000 _____ C:\Users\lux\Desktop\F I G C.txt 2021-03-08 09:02 - 2021-03-08 09:02 - 000001999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Internet Security.lnk 2021-03-08 09:02 - 2021-02-22 17:03 - 000340224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe 2021-03-08 08:40 - 2021-03-12 11:12 - 000000000 ____D C:\ProgramData\HitmanPro.Alert 2021-03-08 08:40 - 2021-03-12 08:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2021-03-08 08:40 - 2021-03-08 08:40 - 001006032 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll 2021-03-08 08:40 - 2021-03-08 08:40 - 001004496 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll 2021-03-08 08:40 - 2021-03-08 08:40 - 000429800 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys 2021-03-08 08:40 - 2021-03-08 08:40 - 000179144 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpshell.dll 2021-03-08 08:40 - 2021-03-08 08:40 - 000000000 ____D C:\Program Files (x86)\HitmanPro.Alert 2021-03-07 23:16 - 2021-03-07 23:16 - 000001912 _____ C:\ProgramData\Desktop\BlueStacks.lnk 2021-03-07 23:16 - 2021-03-07 23:16 - 000001283 _____ C:\ProgramData\Desktop\BlueStacks Multi-Instance Manager.lnk 2021-03-07 23:06 - 2021-03-07 23:06 - 000000000 ____D C:\Program Files\BlueStacks 2021-03-06 04:50 - 2021-03-06 04:50 - 000000000 _____ C:\Users\lux\Desktop\Nice Cookies style.txt 2021-03-04 15:06 - 2021-03-04 15:07 - 000001198 _____ C:\Users\lux\Desktop\cookies terms.txt 2021-03-01 07:17 - 2021-03-01 07:17 - 000911227 _____ C:\Users\lux\Desktop\untitled_backup_Mar-1-2021_7-8-58(2).oc 2021-03-01 06:26 - 2021-03-01 07:13 - 000000000 ____D C:\Users\lux\Documents\OrbComposer 2021-03-01 06:22 - 2021-03-01 07:46 - 000000000 ____D C:\Users\lux\AppData\Roaming\com.hexachords.OrbComposer 2021-03-01 06:22 - 2018-05-16 17:23 - 000116272 _____ (Bome Software GmbH & Co. KG) C:\WINDOWS\system32\bomemidi_coinst.dll 2021-03-01 06:21 - 2021-03-01 06:21 - 005198187 _____ C:\Users\lux\Desktop\wpautomatic3440.rar 2021-03-01 06:13 - 2021-03-01 06:13 - 000012220 _____ C:\Users\lux\Desktop\25781_Hexachords-Orb_.torrent 2021-03-01 00:31 - 2021-03-01 00:31 - 000002120 _____ C:\Users\lux\Desktop\third party cookies note bluehost website.txt 2021-02-28 23:17 - 2021-02-28 23:17 - 000001389 _____ C:\Users\lux\Desktop\Adobe XD.lnk 2021-02-28 22:19 - 2021-02-28 22:19 - 000000000 ___HD C:\$AV_AVG 2021-02-28 10:10 - 2021-03-13 03:03 - 000000000 ____D C:\Users\lux\AppData\LocalLow\IGDump 2021-02-26 06:17 - 2021-02-26 06:29 - 000000000 ____D C:\Program Files\Firefox Developer Edition 2021-02-25 03:32 - 2021-02-25 03:32 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign26b7d91229d188cc 2021-02-25 03:30 - 2021-02-25 03:30 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign80e22defb8466c88 2021-02-25 03:30 - 2021-02-25 03:30 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign4c950e0ca4a645c4 2021-02-25 02:21 - 2021-02-25 02:21 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign6d96c67bfd05aa51 2021-02-25 02:18 - 2021-02-25 02:18 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignf2886c52cf06e950 2021-02-25 02:18 - 2021-02-25 02:18 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignab9a586d22160791 2021-02-22 17:04 - 2021-02-22 17:03 - 000215464 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys 2021-02-20 00:58 - 2021-02-20 00:58 - 000035058 _____ C:\Users\lux\Documents\WINAMP.m3u8 2021-02-18 21:06 - 2021-02-18 21:06 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignac9b0181c25b9cc3 2021-02-18 20:55 - 2021-02-18 20:55 - 000000000 ____D C:\Users\lux\Documents\Adobe 2021-02-18 20:19 - 2021-02-18 20:19 - 000000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2017.lnk 2021-02-18 20:19 - 2021-02-18 20:19 - 000000000 ____D C:\ProgramData\Documents\Adobe 2021-02-17 23:53 - 2021-02-17 23:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignb120ae7686410add 2021-02-17 23:53 - 2021-02-17 23:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign72bae6680b5b6cab 2021-02-17 23:53 - 2021-02-17 23:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign09f3b43268feba29 2021-02-17 03:54 - 2021-02-17 03:54 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignbb41fb5c687b8a8d 2021-02-17 03:53 - 2021-02-17 03:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsigne9bc421c0fe2b19f 2021-02-17 03:53 - 2021-02-17 03:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign8b8309d16d6c13aa 2021-02-14 05:27 - 2021-02-14 05:27 - 000000000 ____D C:\backup 2021-02-12 03:24 - 2021-02-12 03:25 - 000001068 _____ C:\Users\lux\Documents\cc_20210212_032454.reg 2021-02-12 03:24 - 2021-02-12 03:24 - 000015302 _____ C:\Users\lux\Documents\cc_20210212_032357.reg ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-03-13 08:19 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-03-13 08:13 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-03-13 08:10 - 2020-07-13 02:04 - 000000000 ____D C:\Users\lux\AppData\Roaming\vlc 2021-03-13 08:10 - 2018-08-26 12:35 - 000000000 ____D C:\Users\lux\AppData\Local\D3DSCache 2021-03-13 00:07 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps 2021-03-12 20:08 - 2018-09-26 14:43 - 000000000 ____D C:\ProgramData\AVG 2021-03-12 20:04 - 2019-03-19 00:50 - 000000000 ____D C:\WINDOWS\INF 2021-03-12 19:34 - 2018-09-30 02:19 - 000000000 ____D C:\Program Files\CCleaner 2021-03-12 19:30 - 2020-10-30 02:09 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-03-12 18:24 - 2020-08-13 01:43 - 000309022 ____N C:\WINDOWS\Minidump\031221-64875-01.dmp 2021-03-12 17:29 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\appcompat 2021-03-12 17:21 - 2019-03-19 00:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-03-12 17:21 - 2018-08-30 21:47 - 000000000 ____D C:\ProgramData\HitmanPro 2021-03-12 17:21 - 2018-08-26 11:09 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2021-03-12 12:03 - 2019-03-19 00:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-03-12 11:10 - 2019-03-19 00:37 - 000000000 ____D C:\WINDOWS\servicing 2021-03-12 11:10 - 2019-03-19 00:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-03-12 10:57 - 2019-03-19 00:52 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-03-12 10:55 - 2020-08-02 20:46 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-03-12 10:50 - 2019-06-19 03:48 - 000000000 ____D C:\Program Files\UNP 2021-03-12 10:39 - 2018-08-26 10:52 - 000000000 ___RD C:\Users\lux\3D Objects 2021-03-12 10:38 - 2018-08-26 10:52 - 000000000 ____D C:\Users\lux\AppData\Local\Packages 2021-03-12 10:05 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2021-03-12 08:44 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2021-03-12 08:44 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2021-03-12 08:44 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2021-03-12 08:44 - 2019-03-19 00:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2021-03-12 08:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2021-03-12 08:43 - 2021-02-05 03:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software 2021-03-12 08:43 - 2021-02-05 03:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool 2021-03-12 08:43 - 2021-02-03 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2021-03-12 08:43 - 2021-01-31 11:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitnami WordPress Stack 2021-03-12 08:43 - 2021-01-13 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2021-03-12 08:43 - 2020-07-20 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam 2021-03-12 08:43 - 2020-07-11 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Charge 2021-03-12 08:43 - 2020-07-09 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2021-03-12 08:43 - 2020-06-28 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jBridge 2021-03-12 08:43 - 2020-06-27 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser 2021-03-12 08:43 - 2020-06-24 19:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2019.4.1f1 (64-bit) 2021-03-12 08:43 - 2020-06-17 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 FreeMultiplayer 2021-03-12 08:43 - 2020-04-23 23:29 - 000000000 ____D C:\WINDOWS\system32\UnityInjector 2021-03-12 08:43 - 2020-02-07 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield 2021-03-12 08:43 - 2019-08-19 01:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Borderless Gaming 2021-03-12 08:43 - 2019-08-01 20:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2020 - English 2021-03-12 08:43 - 2019-07-22 14:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON 2021-03-12 08:43 - 2019-07-20 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN 2021-03-12 08:43 - 2019-06-23 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk 2021-03-12 08:43 - 2019-06-14 15:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoulseekQt 2021-03-12 08:43 - 2019-06-03 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSS WaZrOnE 2021-03-12 08:43 - 2019-06-03 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter Strike Source WaRzOnE 2021-03-12 08:43 - 2019-06-01 14:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2021-03-12 08:43 - 2019-04-03 00:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart2DCutting 3 2021-03-12 08:43 - 2019-04-01 02:53 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2021-03-12 08:43 - 2019-03-31 22:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Image Downloader 2021-03-12 08:43 - 2019-03-19 00:56 - 000000000 ____D C:\WINDOWS\Setup 2021-03-12 08:43 - 2019-03-19 00:52 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files 2021-03-12 08:43 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\spool 2021-03-12 08:43 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-03-12 08:43 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Macromed 2021-03-12 08:43 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\ServiceState 2021-03-12 08:43 - 2019-03-19 00:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-03-12 08:43 - 2019-01-26 04:20 - 000000000 ____D C:\WINDOWS\system32\myApp 2021-03-12 08:43 - 2018-12-18 05:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74 2021-03-12 08:43 - 2018-12-03 02:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer 2021-03-12 08:43 - 2018-11-22 08:03 - 000000000 ____D C:\WINDOWS\system32\appmgmt 2021-03-12 08:43 - 2018-09-30 02:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2021-03-12 08:43 - 2018-09-18 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2021-03-12 08:43 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2021-03-12 08:43 - 2018-09-05 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2021-03-12 08:43 - 2018-09-05 10:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8 2021-03-12 08:43 - 2018-08-28 11:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2018 2021-03-12 08:43 - 2018-08-27 05:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2021-03-12 08:43 - 2018-08-27 05:14 - 000000000 ____D C:\Program Files\IIS 2021-03-12 08:43 - 2018-04-11 19:38 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2021-03-12 08:31 - 2019-05-11 01:32 - 000000000 ____D C:\WINDOWS\system32\AMD 2021-03-12 08:31 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\Resources 2021-03-12 08:29 - 2021-02-06 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio 2021-03-12 08:29 - 2020-07-13 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019 2021-03-12 08:29 - 2020-07-05 13:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia 2021-03-12 08:29 - 2020-06-28 00:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments 2021-03-12 08:29 - 2020-06-27 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia 2021-03-12 08:29 - 2020-04-06 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XCOM - Enemy Unknown [GOG.com] 2021-03-12 08:29 - 2019-08-19 01:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MWGraphics 2021-03-12 08:29 - 2019-05-24 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire 2021-03-12 08:29 - 2018-08-27 04:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017 2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ___SD C:\WINDOWS\system32\UNP 2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\TextInput 2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation 2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com 2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SystemResources 2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2021-03-12 08:17 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\setup 2021-03-12 08:16 - 2019-03-19 02:23 - 000000000 ___SD C:\WINDOWS\system32\AppV 2021-03-12 08:16 - 2019-03-19 02:23 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2021-03-12 08:16 - 2019-03-19 02:23 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-03-12 08:16 - 2019-03-19 02:23 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ___SD C:\WINDOWS\system32\F12 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Com 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\appraiser 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\ShellComponents 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\Provisioning 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\IME 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\DiagTrack 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\Program Files\Common Files\System 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2021-03-12 08:16 - 2019-03-19 00:52 - 000000000 ____D C:\PerfLogs 2021-03-12 08:12 - 2019-03-19 02:23 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll 2021-03-12 08:12 - 2019-03-19 02:23 - 000019469 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2021-03-12 07:15 - 2019-03-19 02:20 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm 2021-03-12 07:15 - 2019-03-19 02:20 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN 2021-03-12 07:15 - 2019-03-19 02:20 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr 2021-03-12 07:15 - 2019-03-19 02:20 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2021-03-12 07:15 - 2019-03-19 02:20 - 000000000 ____D C:\WINDOWS\system32\winrm 2021-03-12 07:15 - 2019-03-19 02:20 - 000000000 ____D C:\WINDOWS\system32\WCN 2021-03-12 07:15 - 2019-03-19 02:20 - 000000000 ____D C:\WINDOWS\system32\slmgr 2021-03-12 07:15 - 2019-03-19 02:20 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2021-03-12 07:15 - 2019-03-19 00:52 - 000000000 ___SD C:\WINDOWS\system32\dsc 2021-03-12 07:15 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI 2021-03-12 07:15 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\MUI 2021-03-12 06:44 - 2019-03-19 02:22 - 000000000 ____D C:\WINDOWS\OCR 2021-03-12 06:14 - 2019-03-19 00:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-03-12 06:03 - 2018-12-18 03:29 - 000000580 __RSH C:\ProgramData\ntuser.pol 2021-03-12 05:57 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\USOPrivate 2021-03-12 05:54 - 2019-03-19 00:52 - 000000000 ____D C:\Program Files\Windows Defender 2021-03-12 05:54 - 2019-03-19 00:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-03-12 05:05 - 2020-07-01 19:00 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Pro-53 2021-03-12 05:05 - 2020-06-28 00:32 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arturia 2021-03-12 05:05 - 2020-01-30 02:54 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder 2021-03-12 05:05 - 2019-05-11 08:22 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hitman Codename 47 2021-03-12 05:05 - 2018-11-20 14:19 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code 2021-03-12 05:05 - 2018-09-25 01:44 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2021-03-12 05:01 - 2021-02-03 17:25 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome 2021-03-12 05:01 - 2020-07-29 21:49 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender 2021-03-12 05:01 - 2020-07-05 03:22 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iZotope 2021-03-12 05:01 - 2020-06-30 14:29 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments FM7 2021-03-12 05:01 - 2020-06-30 14:13 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Modartt 2021-03-12 05:01 - 2020-06-28 14:27 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Voxengo 2021-03-12 05:01 - 2020-06-27 23:42 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton 2021-03-12 05:01 - 2019-03-16 07:07 - 000000000 ____D C:\Users\lux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D 2021-03-12 01:57 - 2018-08-26 19:33 - 000008192 __RSH C:\BOOTSECT.BAK 2021-03-12 00:34 - 2018-08-27 04:17 - 000000000 ____D C:\Program Files\dotnet 2021-03-12 00:34 - 2018-08-26 11:10 - 000000000 ____D C:\ProgramData\Package Cache 2021-03-12 00:05 - 2018-08-26 19:33 - 000409654 __RSH C:\bootmgr 2021-03-12 00:05 - 2018-08-26 19:33 - 000000001 ___SH C:\BOOTNXT 2021-03-11 17:10 - 2020-12-06 11:09 - 000000000 ____D C:\Program Files\Chaos Group 2021-03-11 15:38 - 2018-08-26 11:00 - 000000000 ____D C:\ProgramData\Norton 2021-03-11 15:28 - 2020-08-16 10:50 - 000000000 ____D C:\unreal 2021-03-11 11:57 - 2018-08-26 15:16 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-03-11 11:46 - 2018-08-26 15:15 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-03-10 09:35 - 2018-08-27 04:10 - 000000000 ____D C:\Program Files (x86)\Windows Kits 2021-03-10 09:35 - 2018-08-27 04:10 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs 2021-03-10 09:34 - 2019-06-23 22:08 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2021-03-10 09:20 - 2018-08-27 04:02 - 000000000 ____D C:\Users\lux\AppData\Roaming\Visual Studio Setup 2021-03-10 09:19 - 2018-08-27 04:02 - 000001433 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2021-03-10 09:19 - 2018-08-27 04:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2021-03-09 15:50 - 2020-07-20 20:04 - 000000000 ____D C:\Users\lux\Documents\Bandicam 2021-03-09 10:32 - 2019-10-04 04:02 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData 2021-03-09 06:45 - 2019-06-23 22:15 - 000000000 ____D C:\Program Files (x86)\Autodesk 2021-03-09 06:39 - 2018-09-01 11:34 - 000000000 ____D C:\Program Files\Epic Games 2021-03-09 05:45 - 2019-03-31 22:07 - 000000000 ____D C:\Users\lux\Documents\Bulk Image Downloader 2021-03-09 04:12 - 2018-10-06 15:37 - 000000000 ____D C:\Users\lux\AppData\Local\Opera Software 2021-03-09 04:12 - 2018-10-06 15:35 - 000000000 ____D C:\Users\lux\AppData\Roaming\Opera Software 2021-03-08 04:35 - 2018-12-13 17:22 - 000000000 ____D C:\ProgramData\Mozilla 2021-03-08 03:17 - 2018-08-26 18:13 - 000000000 ____D C:\Users\lux\AppData\LocalLow\Mozilla 2021-03-07 23:21 - 2020-07-21 03:29 - 000000000 ____D C:\Users\lux\AppData\Local\BlueStacksSetup 2021-03-07 23:16 - 2020-07-21 03:42 - 000001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks.lnk 2021-03-07 23:16 - 2020-07-21 03:42 - 000001295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk 2021-03-07 22:55 - 2020-02-04 00:26 - 000000000 ____D C:\Users\lux\AppData\Local\BlueStacks 2021-03-07 12:43 - 2018-08-30 14:50 - 000280904 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr 2021-03-07 12:42 - 2019-05-04 03:22 - 000280904 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2021-03-07 11:46 - 2018-08-26 14:28 - 000000000 ____D C:\ProgramData\Origin 2021-03-07 05:41 - 2020-06-17 09:11 - 000000000 ____D C:\Users\lux\AppData\Local\nintend01337 2021-03-06 11:40 - 2021-01-04 01:18 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-03-06 11:40 - 2018-11-29 22:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-03-06 06:10 - 2018-11-29 22:42 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-03-05 08:33 - 2018-08-27 02:46 - 000000000 ____D C:\Users\lux\AppData\Roaming\Code 2021-03-02 23:54 - 2020-06-28 11:37 - 000000000 ____D C:\Users\lux\Documents\Max 8 2021-03-01 06:14 - 2019-05-30 10:50 - 000000000 ____D C:\Users\lux\AppData\Local\BitTorrentHelper 2021-02-28 23:11 - 2018-08-26 11:09 - 000000000 ____D C:\ProgramData\Packages 2021-02-28 23:10 - 2020-11-03 23:43 - 000000000 ____D C:\Program Files\Common Files\Adobe 2021-02-26 06:19 - 2020-08-16 05:58 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk 2021-02-25 03:30 - 2021-01-29 20:33 - 000000033 _____ C:\Users\lux\AppData\Roaming\AdobeWLCMCache.dat 2021-02-23 23:15 - 2019-06-27 02:45 - 000000000 ____D C:\Users\lux\AppData\Roaming\audacity 2021-02-23 14:49 - 2018-08-28 02:48 - 000000000 ____D C:\Users\lux\AppData\Local\.IdentityService 2021-02-22 17:04 - 2020-10-14 11:58 - 000175368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys 2021-02-22 17:04 - 2018-10-16 23:14 - 000465800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys 2021-02-22 17:04 - 2018-10-16 23:14 - 000327104 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys 2021-02-22 17:03 - 2020-06-19 09:01 - 000521472 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys 2021-02-22 17:03 - 2019-01-14 14:48 - 000357400 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys 2021-02-22 17:03 - 2019-01-04 12:18 - 000249368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys 2021-02-22 17:03 - 2019-01-04 12:18 - 000098840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys 2021-02-22 17:03 - 2018-10-16 23:14 - 000850248 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys 2021-02-22 17:03 - 2018-10-16 23:14 - 000208176 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys 2021-02-22 17:03 - 2018-10-16 23:14 - 000107920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys 2021-02-22 17:03 - 2018-10-16 23:14 - 000083496 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys 2021-02-22 17:03 - 2018-10-16 23:14 - 000041424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys 2021-02-19 07:04 - 2021-02-05 03:57 - 000000000 ____D C:\Users\lux\AppData\Local\AMD_Common 2021-02-18 21:06 - 2018-08-26 10:52 - 000000000 ____D C:\Users\lux\AppData\Roaming\Adobe 2021-02-18 20:19 - 2021-01-04 08:08 - 000000000 ____D C:\Program Files\Adobe 2021-02-14 00:16 - 2021-01-31 11:33 - 000000000 ____D C:\Bitnami ==================== Files in the root of some directories ======== 2021-01-29 20:33 - 2021-02-25 03:30 - 000000033 _____ () C:\Users\lux\AppData\Roaming\AdobeWLCMCache.dat 2020-06-27 19:14 - 2020-06-28 12:44 - 000000016 _____ () C:\Users\lux\AppData\Roaming\msregsvv.dll 2019-04-21 01:12 - 2019-04-21 01:12 - 000000000 _____ () C:\Users\lux\AppData\Local\oobelibMkey.log 2019-05-01 04:20 - 2019-05-01 04:28 - 000007605 _____ () C:\Users\lux\AppData\Local\resmon.resmoncfg 2019-05-22 02:36 - 2019-05-22 02:36 - 000000000 _____ () C:\Users\lux\AppData\Local\{53175AFC-F601-483C-86F0-87B78D0EA455} ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt Link to post Share on other sites More sharing options...
Solution kevinf80 Posted March 13, 2021 Solution ID:1444446 Share Posted March 13, 2021 Hiya iamthefutureofall, Thanks for those logs, continue: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system....https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select Run as Administrator the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\msert.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see thoselogs in your reply... Thank you, Kevin.. fixlist.txt Link to post Share on other sites More sharing options...
iamthefutureofall Posted March 13, 2021 Author ID:1444456 Share Posted March 13, 2021 Fix result of Farbar Recovery Scan Tool (x64) Version: 13-03-2021 Ran by lux (13-03-2021 09:08:02) Run:1 Running from C:\Users\lux\Desktop\FIRST Loaded Profiles: lux Boot Mode: Normal ============================================== fixlist content: ***************** SystemRestore: On CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\...\Policies\Explorer: [] GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Task: {740564A6-C064-48B7-A7E5-33A2A6660DE6} - System32\Tasks\Shutdown at 4 => Shutdown [Argument = at 4] Task: {CF4233E2-36D6-4197-8DBB-A1D8C4910BAC} - System32\Tasks\shutdown => shutdown [Argument = /s /f /t 0] C:\Bitnami\WORDPR~1.6-3\apache2\bin\httpd.exe HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION 2021-03-12 05:54 - 2021-03-13 08:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software 2021-02-25 03:32 - 2021-02-25 03:32 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign26b7d91229d188cc 2021-02-25 03:30 - 2021-02-25 03:30 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign80e22defb8466c88 2021-02-25 03:30 - 2021-02-25 03:30 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign4c950e0ca4a645c4 2021-02-25 02:21 - 2021-02-25 02:21 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign6d96c67bfd05aa51 2021-02-25 02:18 - 2021-02-25 02:18 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignf2886c52cf06e950 2021-02-25 02:18 - 2021-02-25 02:18 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignab9a586d22160791 2021-02-18 21:06 - 2021-02-18 21:06 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignac9b0181c25b9cc3 2021-02-17 23:53 - 2021-02-17 23:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignb120ae7686410add 2021-02-17 23:53 - 2021-02-17 23:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign72bae6680b5b6cab 2021-02-17 23:53 - 2021-02-17 23:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign09f3b43268feba29 2021-02-17 03:54 - 2021-02-17 03:54 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsignbb41fb5c687b8a8d 2021-02-17 03:53 - 2021-02-17 03:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsigne9bc421c0fe2b19f 2021-02-17 03:53 - 2021-02-17 03:53 - 000000000 ____D C:\Users\lux\AppData\Local\Tempzxpsign8b8309d16d6c13aa 2019-05-22 02:36 - 2019-05-22 02:36 - 000000000 _____ () C:\Users\lux\AppData\Local\{53175AFC-F601-483C-86F0-87B78D0EA455} ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File AlternateDataStreams: C:\Library:{35007500-4800-7300-5800-440074003600} [728] AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0] AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0] AlternateDataStreams: C:\Users\lux\Cookies:jb7Ejmron5USQnvE9YDNr [2354] AlternateDataStreams: C:\Users\lux\Cookies:jcPDhmQNXLgJLiE3o79GNu9M [2346] AlternateDataStreams: C:\Users\lux\Documents\Max 8:{35007500-4800-7300-5800-440074003600} [728] FirewallRules: [UDP Query User{0422C48E-7139-4D86-B0A2-06FDA4FCF0C6}G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe => No File FirewallRules: [TCP Query User{21B876E3-72F5-4520-A85F-6FF6253A24EA}G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe => No File FirewallRules: [{12A7BC0E-1CE0-42FB-8173-111D20E2BE02}] => (Allow) G:\Program Files (x86)\Steam\steam.exe => No File FirewallRules: [{EA86A368-C836-443A-AD35-BD82922E9F9D}] => (Allow) G:\Program Files (x86)\Steam\steam.exe => No File FirewallRules: [UDP Query User{B4B98CCC-D628-45EC-B935-D3FFF044C429}C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe] => (Block) C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe => No File FirewallRules: [TCP Query User{7961091D-0532-4D4B-A673-22007AF9C8CC}C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe] => (Block) C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe => No File FirewallRules: [{E89A3E0B-9F9D-409F-ADF8-DE7EBA5BB8A4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File FirewallRules: [{831C8389-9F24-46A9-A4F6-7E482220BC2E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File FirewallRules: [{67093BFE-81BD-4B94-A764-0A7447E3D78F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File FirewallRules: [{14831299-919C-4C93-B0AD-9978E73747F9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File FirewallRules: [UDP Query User{B10CF55D-CF00-49EA-B00A-29EA66DDFDB9}G:\zclient\zclient.exe] => (Allow) G:\zclient\zclient.exe => No File FirewallRules: [TCP Query User{26CDEE33-D14F-4EDB-95E3-61AAF5D5F8E1}G:\zclient\zclient.exe] => (Allow) G:\zclient\zclient.exe => No File FirewallRules: [UDP Query User{BF0FF537-6029-4FB6-8437-EED40580D18B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File FirewallRules: [TCP Query User{02B3DC22-BD25-49AF-B59F-0AD4FC7BC979}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File Hosts: cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R cmd: sfc /scannow C:\Windows\Temp\*.* EmptyTemp: ***************** SystemRestore: On => completed Restore point was successfully created. Processes closed successfully. "HKU\S-1-5-21-4022856778-3193992897-3864231476-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully C:\ProgramData\NTUSER.pol => moved successfully HKLM\SOFTWARE\Policies\Mozilla => removed successfully HKLM\SOFTWARE\Policies\Google => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{740564A6-C064-48B7-A7E5-33A2A6660DE6}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{740564A6-C064-48B7-A7E5-33A2A6660DE6}" => removed successfully C:\WINDOWS\System32\Tasks\Shutdown at 4 => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Shutdown at 4" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF4233E2-36D6-4197-8DBB-A1D8C4910BAC}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF4233E2-36D6-4197-8DBB-A1D8C4910BAC}" => removed successfully C:\WINDOWS\System32\Tasks\shutdown => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\shutdown" => removed successfully C:\Bitnami\WORDPR~1.6-3\apache2\bin\httpd.exe => moved successfully HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully C:\WINDOWS\system32\Tasks\AVAST Software => moved successfully C:\Users\lux\AppData\Local\Tempzxpsign26b7d91229d188cc => moved successfully C:\Users\lux\AppData\Local\Tempzxpsign80e22defb8466c88 => moved successfully C:\Users\lux\AppData\Local\Tempzxpsign4c950e0ca4a645c4 => moved successfully C:\Users\lux\AppData\Local\Tempzxpsign6d96c67bfd05aa51 => moved successfully C:\Users\lux\AppData\Local\Tempzxpsignf2886c52cf06e950 => moved successfully C:\Users\lux\AppData\Local\Tempzxpsignab9a586d22160791 => moved successfully C:\Users\lux\AppData\Local\Tempzxpsignac9b0181c25b9cc3 => moved successfully C:\Users\lux\AppData\Local\Tempzxpsignb120ae7686410add => moved successfully C:\Users\lux\AppData\Local\Tempzxpsign72bae6680b5b6cab => moved successfully C:\Users\lux\AppData\Local\Tempzxpsign09f3b43268feba29 => moved successfully C:\Users\lux\AppData\Local\Tempzxpsignbb41fb5c687b8a8d => moved successfully C:\Users\lux\AppData\Local\Tempzxpsigne9bc421c0fe2b19f => moved successfully C:\Users\lux\AppData\Local\Tempzxpsign8b8309d16d6c13aa => moved successfully C:\Users\lux\AppData\Local\{53175AFC-F601-483C-86F0-87B78D0EA455} => moved successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => removed successfully HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => removed successfully "C:\Library" => ":{35007500-4800-7300-5800-440074003600}" ADS not found. C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`29hfm" ADS removed successfully C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully C:\Users\lux\Cookies => ":jb7Ejmron5USQnvE9YDNr" ADS removed successfully C:\Users\lux\Cookies => ":jcPDhmQNXLgJLiE3o79GNu9M" ADS removed successfully C:\Users\lux\Documents\Max 8 => ":{35007500-4800-7300-5800-440074003600}" ADS removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0422C48E-7139-4D86-B0A2-06FDA4FCF0C6}G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{21B876E3-72F5-4520-A85F-6FF6253A24EA}G:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12A7BC0E-1CE0-42FB-8173-111D20E2BE02}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA86A368-C836-443A-AD35-BD82922E9F9D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B4B98CCC-D628-45EC-B935-D3FFF044C429}C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7961091D-0532-4D4B-A673-22007AF9C8CC}C:\program files\chaos group\v-ray\v-ray for sketchup\extension\vrayneui-win32-x64\vrayneui.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E89A3E0B-9F9D-409F-ADF8-DE7EBA5BB8A4}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{831C8389-9F24-46A9-A4F6-7E482220BC2E}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67093BFE-81BD-4B94-A764-0A7447E3D78F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14831299-919C-4C93-B0AD-9978E73747F9}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B10CF55D-CF00-49EA-B00A-29EA66DDFDB9}G:\zclient\zclient.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{26CDEE33-D14F-4EDB-95E3-61AAF5D5F8E1}G:\zclient\zclient.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BF0FF537-6029-4FB6-8437-EED40580D18B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{02B3DC22-BD25-49AF-B59F-0AD4FC7BC979}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe" => removed successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Error: Unable to rebuild performance counter setting from system backup store, error code is 2 ========= End of CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= sfc /scannow ========= Beginning system scan. This process will take some time. Beginning verification phase of system scan. Verification 0% complete. Verification 0% complete. Verification 1% complete. Verification 1% complete. Verification 2% complete. Verification 2% complete. Verification 2% complete. Verification 3% complete. Verification 3% complete. Verification 4% complete. Verification 4% complete. Verification 5% complete. Verification 5% complete. Verification 5% complete. Verification 6% complete. Verification 6% complete. Verification 7% complete. Verification 7% complete. Verification 8% complete. Verification 8% complete. Verification 8% complete. Verification 9% complete. Verification 9% complete. Verification 10% complete. Verification 10% complete. Verification 11% complete. Verification 11% complete. Verification 11% complete. Verification 12% complete. Verification 12% complete. Verification 13% complete. Verification 13% complete. Verification 13% complete. Verification 14% complete. Verification 14% complete. Verification 15% complete. Verification 15% complete. Verification 16% complete. Verification 16% complete. Verification 16% complete. Verification 17% complete. Verification 17% complete. Verification 18% complete. Verification 18% complete. Verification 19% complete. Verification 19% complete. Verification 19% complete. Verification 20% complete. Verification 20% complete. Verification 21% complete. Verification 21% complete. Verification 22% complete. Verification 22% complete. Verification 22% complete. Verification 23% complete. Verification 23% complete. Verification 24% complete. Verification 24% complete. Verification 24% complete. Verification 25% complete. Verification 25% complete. Verification 26% complete. Verification 26% complete. Verification 27% complete. Verification 27% complete. Verification 27% complete. Verification 28% complete. Verification 28% complete. Verification 29% complete. Verification 29% complete. Verification 30% complete. Verification 30% complete. Verification 30% complete. Verification 31% complete. Verification 31% complete. Verification 32% complete. Verification 32% complete. Verification 33% complete. Verification 33% complete. Verification 33% complete. Verification 34% complete. Verification 34% complete. Verification 35% complete. Verification 35% complete. Verification 36% complete. Verification 36% complete. Verification 36% complete. Verification 37% complete. Verification 37% complete. Verification 38% complete. Verification 38% complete. Verification 38% complete. Verification 39% complete. Verification 39% complete. Verification 40% complete. Verification 40% complete. Verification 41% complete. Verification 41% complete. Verification 41% complete. Verification 42% complete. Verification 42% complete. Verification 43% complete. Verification 43% complete. Verification 44% complete. Verification 44% complete. Verification 44% complete. Verification 45% complete. Verification 45% complete. Verification 46% complete. Verification 46% complete. Verification 47% complete. Verification 47% complete. Verification 47% complete. Verification 48% complete. Verification 48% complete. Verification 49% complete. Verification 49% complete. Verification 49% complete. Verification 50% complete. Verification 50% complete. Verification 51% complete. Verification 51% complete. Verification 52% complete. Verification 52% complete. Verification 52% complete. Verification 53% complete. Verification 53% complete. Verification 54% complete. Verification 54% complete. Verification 55% complete. Verification 55% complete. Verification 55% complete. Verification 56% complete. Verification 56% complete. Verification 57% complete. Verification 57% complete. Verification 58% complete. Verification 58% complete. Verification 58% complete. Verification 59% complete. Verification 59% complete. Verification 60% complete. Verification 60% complete. Verification 61% complete. Verification 61% complete. Verification 61% complete. Verification 62% complete. Verification 62% complete. Verification 63% complete. Verification 63% complete. Verification 63% complete. Verification 64% complete. Verification 64% complete. Verification 65% complete. Verification 65% complete. Verification 66% complete. Verification 66% complete. Verification 66% complete. Verification 67% complete. Verification 67% complete. Verification 68% complete. Verification 68% complete. Verification 69% complete. Verification 69% complete. Verification 69% complete. Verification 70% complete. Verification 70% complete. Verification 71% complete. Verification 71% complete. Verification 72% complete. Verification 72% complete. Verification 72% complete. Verification 73% complete. Verification 73% complete. Verification 74% complete. Verification 74% complete. Verification 74% complete. Verification 75% complete. Verification 75% complete. Verification 76% complete. Verification 76% complete. Verification 77% complete. Verification 77% complete. Verification 77% complete. Verification 78% complete. Verification 78% complete. Verification 79% complete. Verification 79% complete. Verification 80% complete. Verification 80% complete. Verification 80% complete. Verification 81% complete. Verification 81% complete. Verification 82% complete. Verification 82% complete. Verification 83% complete. Verification 83% complete. Verification 83% complete. Verification 84% complete. Verification 84% complete. Verification 85% complete. Verification 85% complete. Verification 86% complete. Verification 86% complete. Verification 86% complete. Verification 87% complete. Verification 87% complete. Verification 88% complete. Verification 88% complete. Verification 88% complete. Verification 89% complete. Verification 89% complete. Verification 90% complete. Verification 90% complete. Verification 91% complete. Verification 91% complete. Verification 91% complete. Verification 92% complete. Verification 92% complete. Verification 93% complete. Verification 93% complete. Verification 94% complete. Verification 94% complete. Verification 94% complete. Verification 95% complete. Verification 95% complete. Verification 96% complete. Verification 96% complete. Verification 97% complete. Verification 97% complete. Verification 97% complete. Verification 98% complete. Verification 98% complete. Verification 99% complete. Verification 99% complete. Verification 99% complete. Verification 100% complete. Windows Resource Protection did not find any integrity violations. ========= End of CMD: ========= =========== "C:\Windows\Temp\*.*" ========== C:\Windows\Temp\ASPNETSetup_00000.log => moved successfully C:\Windows\Temp\ASPNETSetup_00001.log => moved successfully C:\Windows\Temp\chrome_installer.log => moved successfully C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully C:\Windows\Temp\mat-debug-1540.log => moved successfully C:\Windows\Temp\mat-debug-8560.log => moved successfully C:\Windows\Temp\mbamiservice.log => moved successfully C:\Windows\Temp\mb_errors2388.log => moved successfully C:\Windows\Temp\mb_errors3792.log => moved successfully C:\Windows\Temp\mb_errors8604.log => moved successfully C:\Windows\Temp\MpCmdRun.log => moved successfully C:\Windows\Temp\msedge_installer.log => moved successfully C:\Windows\Temp\temE34.tmp => moved successfully C:\Windows\Temp\temEA4D.tmp => moved successfully C:\Windows\Temp\UpdHealthTools.msi => moved successfully ========= End -> "C:\Windows\Temp\*.*" ======== =========== EmptyTemp: ========== BITS transfer queue => 10772480 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28638661 B Java, Flash, Steam htmlcache => 155966228 B Windows/system/drivers => 1375 B Edge => 0 B Chrome => 454284218 B Firefox => 38945094 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 40156 B NetworkService => 41350 B lux => 163888890 B RecycleBin => 0 B EmptyTemp: => 813.1 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 09:45:18 ==== --------------------------------------------------------------------------------------- Microsoft Safety Scanner v1.333, (build 1.333.322.0) Started On Sat Mar 13 10:11:34 2021 Engine: 1.1.17900.7 Signatures: 1.333.322.0 MpGear: 1.1.16330.1 Run Mode: Interactive Graphical Mode Quick Scan Results: ------------------- Threat Detected: VirTool:Win32/DefenderTamperingRestore and Removed! Action: Remove, Result: 0x00000000 regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware SigSeq: 0x0000055555C57273 Results Summary: ---------------- Found VirTool:Win32/DefenderTamperingRestore and Removed! Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Safety Scanner Finished On Sat Mar 13 10:30:13 2021 Return code: 6 (0x6) Link to post Share on other sites More sharing options...
kevinf80 Posted March 13, 2021 ID:1444462 Share Posted March 13, 2021 How is your PC responding now, any remaining issues or concerns...? Link to post Share on other sites More sharing options...
iamthefutureofall Posted March 13, 2021 Author ID:1444475 Share Posted March 13, 2021 Hi . Thanks Now the pc is responding better but the file httpd.exe was removed so now I can't run Apache server where I have a project going, for everything else it seems it's running better now. do you recommend running another antivirus software? like combofix hijackthis ? Link to post Share on other sites More sharing options...
kevinf80 Posted March 13, 2021 ID:1444484 Share Posted March 13, 2021 That file was being flagged as a trojan..? -Blocked Website Details- Malicious Website: 1 , C:\Bitnami\WORDPR~1.6-3\apache2\bin\httpd.exe, Blocked, -1, -1, 0.0.0, , Can you reinstall apache.. Link to post Share on other sites More sharing options...
iamthefutureofall Posted March 13, 2021 Author ID:1444493 Share Posted March 13, 2021 1 hour ago, iamthefutureofall said: 1 hour ago, kevinf80 said: That file was being flagged as a trojan..? -Blocked Website Details- Malicious Website: 1 , C:\Bitnami\WORDPR~1.6-3\apache2\bin\httpd.exe, Blocked, -1, -1, 0.0.0, , Can you reinstall apache.. The file was flagged as trojan and compromise . I'll try to do that Thanks for all Link to post Share on other sites More sharing options...
kevinf80 Posted March 14, 2021 ID:1444712 Share Posted March 14, 2021 Any progress with apache..? Link to post Share on other sites More sharing options...
iamthefutureofall Posted March 14, 2021 Author ID:1444719 Share Posted March 14, 2021 Hi kevinf80 i really don't know how to reinstall it I did an avg clean up with the avg clean tool and now the apache server is gone it does not show on the bitnami stack, only mysql. I did a ticket with bitnami support. but I have a question for you maybe you can help me. I unninstall AVG becouse of this : first I have 3 AVG instances running , maybe that's fine but when I go to Properties - Details It shows in all instances Original file name AvastUI.exe Link to post Share on other sites More sharing options...
kevinf80 Posted March 14, 2021 ID:1444723 Share Posted March 14, 2021 I believe Avast bought out AVG 2016... AVG name is still trading under Avast as far as i`m aware.. Why did you uninstall AVG..? Link to post Share on other sites More sharing options...
iamthefutureofall Posted March 14, 2021 Author ID:1444724 Share Posted March 14, 2021 1 hour ago, kevinf80 said: I believe Avast bought out AVG 2016... AVG name is still trading under Avast as far as i`m aware.. Why did you uninstall AVG..? but I uninstalled AVG and when it rebooted Apache was not anymore inside bitnami stack manager. I uninstalled AVG couse for that I told you and because the program was not working properly , I had to activate some features manually every time the computer started , I used a used key just to have more features maybe it was that ? what do you recommend to my case? is it better doing a windows reset? how have you encountered the logs that I had sent to you? Link to post Share on other sites More sharing options...
iamthefutureofall Posted March 14, 2021 Author ID:1444727 Share Posted March 14, 2021 1 hour ago, kevinf80 said: I believe Avast bought out AVG 2016... AVG name is still trading under Avast as far as i`m aware.. Why did you uninstall AVG..? thanks . I had to repair it first i understand now. but i had AVG for years. I was not sure. and they did not respond to my inquiries as fast as you . do you recommend using Hijackthis just to try it? Link to post Share on other sites More sharing options...
kevinf80 Posted March 14, 2021 ID:1444728 Share Posted March 14, 2021 Hijackthis is no longer supported, I have not used that tool for maybe 10 years. Why would you want to use HJT..? Link to post Share on other sites More sharing options...
iamthefutureofall Posted March 14, 2021 Author ID:1444731 Share Posted March 14, 2021 I didn't know . I've used Hijackthis before , I've used that tool on my routines. I've learned how to use it. that was on windows xp. Now it's running fine. im a little concerned about the malware Ai that the Malwarebytes program didn't do any action Link to post Share on other sites More sharing options...
kevinf80 Posted March 14, 2021 ID:1444732 Share Posted March 14, 2021 XP OS was the last time I used HJT, it is of no use for Windows operating systems from Vista through to Windows 10... For the Ai log do you refer to the following: Malware.AI.1728243281, C:\USERS\LUX\APPDATA\ROAMING\UTORRENT\UPDATES\3.5.5_45838.EXE, No Action By User, 1000000, 0, 1.0.37965, 1C711AA08B7D515A6702E651, dds, 01151714, 6A8B93E27DCCFF2F250A22B8BDC93168, 50BAEE75B0BB181B5280A1F60B32F7E75ABDA8A4E06CBF32074B1444D73A9CF7 You will note that "No Action By User" means that Malwarebytes flagged that entry, you will have been given the option to Quarantine that entry, did you not ok that option...? Link to post Share on other sites More sharing options...
Recommended Posts