Solved Malware Removal FRST

[NewbyRad]

Hi, Re: the Instructions thread. Is it okay if I go straight ahead and copy the text from addition and FRST?

 

[Broni]

Sure thing but let me know what the problems are.

 

[NewbyRad]

My bandwidth got significantly poor for weeks now, hardly 1 mbps. Months prior, I've been having boot up issues (not powering on, nor would the fan spin) but when I uninstalled the lousy game it began with, all seemed ok. (I only ignored that first issue because I concluded battery problem: my current one gone bad). So now with the network issues, I figured my computer picked up a bug. So I recently renewed my Malwarebytes and lo, upon scanning I found spyware, adware, etc. I been browsing the issue on various forums and I'm almost certain the solution revolves around this fixlist.txt notion.

 

[NewbyRad]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021

Ran by newra (administrator) on KRISNEWTECH (Acer Aspire E5-575G) (28-04-2021 18:40:29)

Running from C:\Users\newra\Downloads

Loaded Profiles: newra

Platform: Windows 10 Home Version 1909 18363.1440 (X64) Language: English (United States)

Default browser: "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --single-argument %1

Boot Mode: Normal



==================== Processes (Whitelisted) =================



(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)



(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe

(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe

(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe

(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe

(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.10002.53004.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe

(Autodesk, Inc -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AvLaunch.exe

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe

(AVG Technologies USA, LLC -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe <19>

(AVG Technologies USA, LLC -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\AVGBrowserCrashHandler.exe

(AVG Technologies USA, LLC -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe

(ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe

(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe

(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Intel(R) CN -> Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe

(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\igfxCUIService.exe

(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\igfxEM.exe

(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\igfxext.exe

(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\IntelCpHDCPSvc.exe

(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\IntelCpHeciSvc.exe

(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe <2>

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe



==================== Registry (Whitelisted) ===================



(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)



HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [166144 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33169992 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)

HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\Policies\Explorer: []

HKLM\Software\Microsoft\Active Setup\Installed Components: [{48F69C39-1356-4A7B-A899-70E3539D4982}] -> C:\Program Files (x86)\AVG\Browser\Application\90.0.9316.95\Installer\chrmstp.exe [2021-04-28] (AVG Technologies USA, LLC -> AVG Technologies)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-04-27] (Google LLC -> Google LLC)

HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\86.1.6738.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION



==================== Scheduled Tasks (Whitelisted) ============



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



Task: {0B6730D4-BE12-44F1-86E3-5F0750167AF6} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)

Task: {16C64CE5-0450-4C34-BB6D-EB18281B3D8F} - System32\Tasks\CareCenter\NvBackend_Reg_HKLMRun => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {19203369-09AF-469C-BA70-28AB5EC09758} - System32\Tasks\CareCenter\Autodesk Desktop App_Reg_HKLMWow6432Run => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-06-15] (Autodesk, Inc -> Autodesk, Inc.)

Task: {1A375B5E-AEAE-40D2-8E3F-0456059D725D} - System32\Tasks\CareCenter\BCSSync_Reg_HKLMWow6432Run => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)

Task: {238A6FC9-32C4-4CDC-8959-E5B9CA19A3B9} - System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [2232208 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)

Task: {3778B33F-80A0-4D46-A5E2-E25D08287CA3} - System32\Tasks\CareCenter\OneDriveSetup_Reg_HKCURun_S-1-5-21-4059444555-803053725-937440290-1001 => C:\Windows\SysWOW64\OneDriveSetup.exe [28832864 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)

Task: {45F09FE2-7C29-48A7-BDFB-5B4354EAB6C2} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [40352 2016-06-24] (Acer Incorporated -> )

Task: {54240F8C-1215-41D7-8560-0AD22683CE7C} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)

Task: {5CF82959-E6B0-474D-8E10-57EEC61F4178} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4645168 2017-05-24] (Acer Incorporated -> )

Task: {5DA27373-0044-408D-9BBD-3DBE314CD875} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-28] (Google Inc -> Google Inc.)

Task: {5EE3EE61-7F42-4CD6-8B90-1E703394F651} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe

Task: {60C538A1-86F0-4362-8D6F-3479DFA264A4} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1822976 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)

Task: {6DAA97AD-C1CE-4E9F-B4C4-2E2884160CA6} - System32\Tasks\CareCenter\SunJavaUpdateSched_Reg_HKLMWow6432Run => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)

Task: {70019EF7-6012-48D8-8192-76A4DC0B9B36} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [855352 2016-02-19] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)

Task: {72B77D7C-3F6D-4245-8E15-0797C67254CE} - System32\Tasks\CareCenter\RTHDVCPL_Reg_HKLMRun => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2018-11-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

Task: {7475FF3C-F2AE-4653-9338-767438C18E3B} - System32\Tasks\CareCenter\RtHDVBg_TrueHarmony_Reg_HKLMRun => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2018-11-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

Task: {74F305E7-F125-42C7-AC13-B28473BFFB72} - System32\Tasks\CareCenter\SwitchBoard_Reg_HKLMWow6432Run => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]

Task: {76F100FA-CF23-491E-B08C-B4812A211490} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2766240 2016-06-17] (Acer Incorporated -> Acer Incorporated)

Task: {7A5A5B34-1D6B-4443-970C-276263AA400D} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [472992 2016-06-24] (Acer Incorporated -> Acer Incorporated)

Task: {97218BEC-3F66-4E8B-91F5-02A938ABAD20} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-18] (Piriform Software Ltd -> Piriform)

Task: {9EF7EE22-C6F3-4DB1-B9A6-F475BBD9FFD1} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4747008 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

Task: {A8984948-C48C-4E3B-84E2-5658A6B15117} - System32\Tasks\AVG Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [2232208 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)

Task: {BBB140EF-9129-42D4-960D-C5CC1DB84A96} - System32\Tasks\FubToolByPLD => C:\OEM\Preload\FubTool\FubTool.exe [30976 2015-05-14] (Acer Incorporated -> )

Task: {C6A71F1D-38FA-4B87-9826-E6699F0FBF4E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27616328 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)

Task: {D3681284-B6F6-4550-A848-9ED09647E383} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)

Task: {E1546D9E-4C23-40FC-A66E-3F58CC07B2EE} - System32\Tasks\CareCenter\AdobeCS6ServiceManager_Reg_HKLMWow6432Run => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

Task: {ED679281-660C-4475-B8DB-F6BEBAC6666E} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920752 2017-05-24] (Acer Incorporated -> )

Task: {F038F3A7-2EEC-4AA7-B201-C9B72DA19077} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-28] (Google Inc -> Google Inc.)

Task: {F22A041D-A1F6-41DB-844E-C56A35109D34} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [421792 2016-06-17] (Acer Incorporated -> Acer Incorporated)

Task: {F948690E-F181-4767-9B06-10243862486F} - System32\Tasks\CareCenter\AdobeAAMUpdater-1.0_Reg_HKLMRun => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)



(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)



Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

Task: C:\WINDOWS\Tasks\EOSv3 Scheduler onLogOn.job => C:\Users\newra\Downloads\esetonlinescanner.exe

Task: C:\WINDOWS\Tasks\EOSv3 Scheduler onTime.job => C:\Users\newra\Downloads\esetonlinescanner.exe



==================== Internet (Whitelisted) ====================



(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)



Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{985c652a-cb0f-44a9-ad50-e8ed69c7f8da}: [DhcpNameServer] 192.168.1.1



FireFox:

========

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~2\Office14\NPAUTHZ.DLL [No File]

FF Plugin-x32: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-08-16] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-08-16] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [No File]

FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [No File]

FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll [2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)

FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll [2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-4059444555-803053725-937440290-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\newra\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-06-05] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)



Chrome:

=======

CHR DefaultProfile: Default

CHR Profile: C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default [2021-04-28]

CHR Notifications: Default -> hxxps://conservativetribune.com; hxxps://lfcglobe.co.uk; hxxps://mail.google.com; hxxps://web.whatsapp.com; hxxps://www.facebook.com; hxxps://www.reddit.com; hxxps://www.thisisanfield.com; hxxps://www.youtube.com

CHR StartupUrls: Default -> "hxxps://www.google.com.jm/","hxxp://www.facebook.com/"

CHR Session Restore: Default -> is enabled.

CHR Extension: (Google Translate) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-04-21]

CHR Extension: (Slides) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]

CHR Extension: (Google Drive) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghbiahbpaijignceidepookljebhfak [2021-03-16]

CHR Extension: (Docs) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]

CHR Extension: (Google Drive) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-08]

CHR Extension: (YouTube) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-28]

CHR Extension: (Sheets) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]

CHR Extension: (Google Docs Offline) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-24]

CHR Extension: (Pinterest Save Button) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2021-04-26]

CHR Extension: (Liverpool) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jogceghbjlhcdfebabdelcpjpnbhopjg [2017-06-29]

CHR Extension: (Grammarly for Chrome) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-04-26]

CHR Extension: (Controlled multi-tab browsing) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\kokmfemecmlekdnjllgobeplngdfifie [2017-06-28]

CHR Extension: (Chrome Web Store Payments) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-12]

CHR Extension: (Gmail) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-08]

CHR Extension: (Chrome Media Router) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-28]

CHR Profile: C:\Users\newra\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-04-28]

CHR Profile: C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-04-28]

CHR HomePage: Profile 2 -> hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP

CHR Session Restore: Profile 2 -> is enabled.

CHR Extension: (Slides) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-28]

CHR Extension: (Docs) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-28]

CHR Extension: (Google Drive) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-09]

CHR Extension: (YouTube) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-28]

CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-11-09]

CHR Extension: (Sheets) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-28]

CHR Extension: (Google Docs Offline) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-09]

CHR Extension: (Avast Online Security) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-06-13]

CHR Extension: (Grammarly for Chrome) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-11-10]

CHR Extension: (IDM Integration Module) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2020-11-09]

CHR Extension: (Chrome Web Store Payments) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-18]

CHR Extension: (Gmail) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-09]

CHR Extension: (Chrome Media Router) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-09]

CHR Profile: C:\Users\newra\AppData\Local\Google\Chrome\User Data\System Profile [2021-04-28]

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-04-19]

CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-04-19]



==================== Services (Whitelisted) ===================



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1353208 2017-06-15] (Autodesk, Inc -> Autodesk Inc.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)

S2 avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)

R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [607488 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [356608 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7941688 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

S3 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)

S3 AVGSecureBrowserElevationService; C:\Program Files (x86)\AVG\Browser\Application\90.0.9316.95\elevation_service.exe [1397000 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)

R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]

R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-04-28] (Malwarebytes Inc -> Malwarebytes)

R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-06-17] (Acer Incorporated -> Acer Incorporated)

R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-06-17] (Acer Incorporated -> Acer Incorporated)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"



===================== Drivers (Whitelisted) ===================



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)

S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2017-06-29] (AVAST Software s.r.o. -> The OpenVPN Project)

R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [35816 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [212344 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [365112 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [250408 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [99384 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [16816 2021-04-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)

R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [41432 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [180576 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [522520 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [107920 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [83008 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [850784 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [467840 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [215488 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [327104 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-06-29] (Disc Soft Ltd -> Disc Soft Ltd)

S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-06-29] (Disc Soft Ltd -> Disc Soft Ltd)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-28] (Malwarebytes Inc -> Malwarebytes)

S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)

R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated -> Acer Incorporated)

R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-04-28] (Malwarebytes Inc -> Malwarebytes)

S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-04-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-04-28] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-04-28] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-28] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [157944 2021-04-28] (Malwarebytes Inc -> Malwarebytes)

S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)

R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated -> Acer Incorporated)

S3 TS_ARN5416; C:\WINDOWS\system32\DRIVERS\ts_wathr11x.sys [5475688 2016-12-23] (TamoSoft Ltd -> TamoSoft Limited)

S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421088 2021-04-21] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-21] (Microsoft Windows -> Microsoft Corporation)

U1 avgbdisk; no ImagePath

U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]



==================== NetSvcs (Whitelisted) ===================



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)





==================== One month (created) (Whitelisted) =========



(If an entry is included in the fixlist, the file/folder will be moved.)



2021-04-28 18:40 - 2021-04-28 18:40 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2021-04-28 18:40 - 2021-04-28 18:40 - 000000000 ____D C:\Users\newra\AppData\LocalLow\IGDump

2021-04-28 18:39 - 2021-04-28 18:39 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys

2021-04-28 18:39 - 2021-04-28 18:39 - 000157944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

2021-04-28 18:34 - 2021-04-28 18:34 - 000000162 ____H C:\Users\newra\Downloads\~$FRST.txt

2021-04-28 18:15 - 2021-04-28 18:15 - 000000288 _____ C:\WINDOWS\Tasks\EOSv3 Scheduler onTime.job

2021-04-28 18:15 - 2021-04-28 18:15 - 000000288 _____ C:\WINDOWS\Tasks\EOSv3 Scheduler onLogOn.job

2021-04-28 18:15 - 2021-04-28 18:15 - 000000266 _____ C:\Users\newra\Downloads\ESETScan.txt

2021-04-28 17:10 - 2021-04-28 17:10 - 000000778 _____ C:\Users\newra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk

2021-04-28 17:10 - 2021-04-28 17:10 - 000000650 _____ C:\Users\newra\Desktop\ESET Online Scanner.lnk

2021-04-28 17:10 - 2021-04-28 17:10 - 000000000 ____D C:\Users\newra\AppData\Local\ESET

2021-04-28 17:07 - 2021-04-28 17:10 - 015019488 _____ (ESET spol. s r.o.) C:\Users\newra\Downloads\esetonlinescanner.exe

2021-04-28 16:57 - 2021-04-28 17:03 - 000000000 ____D C:\ProgramData\RogueKiller

2021-04-28 16:40 - 2021-04-28 16:57 - 031054160 _____ C:\Users\newra\Downloads\RogueKiller_portable64.exe

2021-04-28 15:55 - 2021-04-28 18:39 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

2021-04-28 15:55 - 2021-04-28 16:13 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys

2021-04-28 15:55 - 2021-04-28 15:55 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2021-04-28 15:55 - 2021-04-28 15:55 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2021-04-28 15:55 - 2021-04-28 15:55 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk

2021-04-28 15:55 - 2021-04-28 15:55 - 000000000 ____D C:\Users\newra\AppData\Local\mbam

2021-04-28 15:54 - 2021-04-28 15:54 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

2021-04-28 15:54 - 2021-04-28 15:54 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys

2021-04-28 15:35 - 2021-04-28 15:53 - 000009000 _____ C:\Users\newra\Downloads\netadapter-log-2021-04-28-15-35-51.txt

2021-04-28 14:14 - 2021-04-28 14:16 - 000008066 _____ C:\Users\newra\Downloads\netadapter-log-2021-04-28-14-14-43.txt

2021-04-28 14:00 - 2021-04-28 14:01 - 000015457 _____ C:\Users\newra\Downloads\Fixlog.txt

2021-04-28 13:57 - 2021-04-28 14:01 - 011266876 _____ C:\Users\newra\Downloads\Unconfirmed 633528.crdownload

2021-04-28 13:51 - 2021-04-28 13:52 - 000000000 ____D C:\AdwCleaner

2021-04-28 13:48 - 2021-04-28 16:27 - 000037398 _____ C:\Users\newra\Downloads\Addition.txt

2021-04-28 13:47 - 2021-04-28 18:41 - 000029872 _____ C:\Users\newra\Downloads\FRST.txt

2021-04-28 13:46 - 2021-04-28 18:40 - 000000000 ____D C:\FRST

2021-04-28 13:46 - 2021-04-28 13:49 - 008534696 _____ (Malwarebytes) C:\Users\newra\Downloads\AdwCleaner.exe

2021-04-28 13:43 - 2021-04-28 13:45 - 002298368 _____ (Farbar) C:\Users\newra\Downloads\FRST64.exe

2021-04-28 13:16 - 2021-04-28 13:16 - 000008342 _____ C:\Users\newra\Documents\cc_20210428_131634.reg

2021-04-28 12:57 - 2021-04-28 18:37 - 000436918 _____ C:\WINDOWS\ntbtlog.txt

2021-04-28 12:26 - 2021-04-28 12:26 - 000008154 _____ C:\Users\newra\Documents\cc_20210428_122639.reg

2021-04-28 12:19 - 2021-04-28 12:33 - 000003754 _____ C:\Users\newra\Downloads\netadapter-log-2021-04-28-12-19-45.txt

2021-04-28 12:13 - 2021-04-28 12:16 - 000005092 _____ C:\Users\newra\Downloads\netadapter-log-2021-04-28-12-13-34.txt

2021-04-28 12:08 - 2021-04-28 12:11 - 000007323 _____ C:\Users\newra\Downloads\netadapter-log-2021-04-28-12-08-35.txt

2021-04-28 11:49 - 2021-04-28 12:08 - 002091520 _____ (Conner Bernhard) C:\Users\newra\Downloads\NetAdapterRepair1.2.exe

2021-04-27 19:02 - 2021-04-27 19:02 - 000002034 _____ C:\Users\newra\Documents\cc_20210427_190203.reg

2021-04-27 18:44 - 2021-04-27 18:44 - 000000000 ____D C:\Users\newra\Documents\League of Legends

2021-04-27 11:49 - 2021-04-27 11:49 - 1284676342 _____ C:\WINDOWS\MEMORY.DMP

2021-04-27 11:49 - 2021-04-27 11:49 - 001484604 _____ C:\WINDOWS\Minidump\042721-8468-01.dmp

2021-04-27 11:05 - 2021-04-28 12:04 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk

2021-04-27 11:05 - 2021-04-28 12:04 - 000002340 _____ C:\Users\Public\Desktop\AVG Secure Browser.lnk

2021-04-27 11:05 - 2021-04-28 12:04 - 000002340 _____ C:\ProgramData\Desktop\AVG Secure Browser.lnk

2021-04-27 11:05 - 2021-04-27 11:05 - 000003826 _____ C:\WINDOWS\system32\Tasks\AVG Secure Browser Heartbeat Task (Hourly)

2021-04-27 11:05 - 2021-04-27 11:05 - 000003242 _____ C:\WINDOWS\system32\Tasks\AVG Secure Browser Heartbeat Task (Logon)

2021-04-27 11:05 - 2021-04-27 11:05 - 000000000 ____D C:\Users\newra\AppData\Local\AVG

2021-04-27 11:00 - 2021-04-27 11:00 - 000006682 _____ C:\Users\newra\Documents\cc_20210427_110018.reg

2021-04-27 10:54 - 2021-04-27 10:54 - 000003414 _____ C:\WINDOWS\system32\Tasks\AVGUpdateTaskMachineUA

2021-04-27 10:54 - 2021-04-27 10:54 - 000003290 _____ C:\WINDOWS\system32\Tasks\AVGUpdateTaskMachineCore

2021-04-27 10:54 - 2021-04-27 10:54 - 000000000 ____D C:\Program Files (x86)\AVG

2021-04-27 10:09 - 2021-04-28 12:59 - 000002059 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk

2021-04-27 10:09 - 2021-04-28 12:59 - 000002059 _____ C:\ProgramData\Desktop\AVG AntiVirus FREE.lnk

2021-04-27 10:09 - 2021-04-27 10:09 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk

2021-04-27 10:09 - 2021-04-27 10:09 - 000000000 ____D C:\Users\newra\AppData\Roaming\AVG

2021-04-27 09:58 - 2021-04-28 14:25 - 000004266 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update

2021-04-27 09:58 - 2021-04-27 09:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG

2021-04-27 09:58 - 2021-04-27 09:58 - 000000000 ____D C:\Program Files\Common Files\AVG

2021-04-27 09:58 - 2021-04-27 09:57 - 000850784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys

2021-04-27 09:58 - 2021-04-27 09:57 - 000522520 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys

2021-04-27 09:58 - 2021-04-27 09:57 - 000467840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys

2021-04-27 09:58 - 2021-04-27 09:57 - 000365112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys

2021-04-27 09:58 - 2021-04-27 09:57 - 000340224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe

2021-04-27 09:58 - 2021-04-27 09:57 - 000327104 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys

2021-04-27 09:58 - 2021-04-27 09:57 - 000250408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys

2021-04-27 09:58 - 2021-04-27 09:57 - 000215488 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys

2021-04-27 09:58 - 2021-04-27 09:57 - 000212344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys

2021-04-27 09:58 - 2021-04-27 09:57 - 000180576 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys

2021-04-27 09:58 - 2021-04-27 09:57 - 000107920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys

2021-04-27 09:58 - 2021-04-27 09:57 - 000099384 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys

2021-04-27 09:58 - 2021-04-27 09:57 - 000083008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys

2021-04-27 09:58 - 2021-04-27 09:57 - 000041432 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys

2021-04-27 09:58 - 2021-04-27 09:57 - 000035816 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys

2021-04-27 09:58 - 2021-04-27 09:57 - 000016816 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgElam.sys

2021-04-27 09:47 - 2021-04-27 09:47 - 000000000 ____D C:\Program Files\AVG

2021-04-27 09:46 - 2021-04-28 18:39 - 000000000 ____D C:\ProgramData\AVG

2021-04-27 09:44 - 2021-04-27 09:44 - 000259344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\newra\Downloads\avg_antivirus_free_setup.exe

2021-04-26 18:01 - 2021-04-27 18:43 - 000001681 _____ C:\Users\Public\Desktop\League of Legends.lnk

2021-04-26 18:01 - 2021-04-27 18:43 - 000001681 _____ C:\ProgramData\Desktop\League of Legends.lnk

2021-04-26 17:35 - 2021-04-28 16:02 - 000000000 ____D C:\ProgramData\Riot Games

2021-04-26 17:35 - 2021-04-27 18:43 - 000000000 ____D C:\Users\newra\AppData\Local\Riot Games

2021-04-26 17:35 - 2021-04-26 18:02 - 000000000 ____D C:\Riot Games

2021-04-26 17:23 - 2021-04-26 17:23 - 000000000 ____D C:\Program Files\Malwarebytes

2021-04-26 15:14 - 2021-04-26 15:14 - 000000017 _____ C:\Users\newra\AppData\Local\resmon.resmoncfg

2021-04-26 14:45 - 2021-04-26 14:45 - 000040176 _____ C:\Users\newra\Documents\cc_20210426_144543.reg

2021-04-24 21:28 - 2021-04-24 21:28 - 000000000 ___HD C:\$WINDOWS.~BT

2021-04-21 17:03 - 2021-04-21 16:55 - 000090973 _____ C:\Users\newra\Documents\Project Eden.bak

2021-04-21 16:55 - 2021-04-21 17:03 - 000073181 _____ C:\Users\newra\Documents\Project Eden.dwg

2021-04-12 17:49 - 2021-04-26 17:33 - 069423360 _____ (Riot Games, Inc.) C:\Users\newra\Downloads\Install League of Legends na.exe



==================== One month (modified) ==================



(If an entry is included in the fixlist, the file/folder will be moved.)



2021-04-28 18:40 - 2017-06-29 02:15 - 000000000 ____D C:\Program Files\CCleaner

2021-04-28 18:39 - 2019-09-16 12:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2021-04-28 18:39 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2021-04-28 18:39 - 2019-03-18 23:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI

2021-04-28 18:39 - 2017-06-28 15:39 - 000000000 __SHD C:\Users\newra\IntelGraphicsProfiles

2021-04-28 18:39 - 2016-11-21 13:16 - 000000000 ____D C:\ProgramData\NVIDIA

2021-04-28 17:49 - 2019-09-16 11:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2021-04-28 16:20 - 2019-09-16 12:01 - 000841062 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2021-04-28 16:20 - 2019-03-18 23:50 - 000000000 ____D C:\WINDOWS\INF

2021-04-28 16:13 - 2017-12-21 01:14 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

2021-04-28 15:54 - 2019-03-18 23:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

2021-04-28 15:54 - 2017-06-29 01:36 - 000000000 ____D C:\ProgramData\Malwarebytes

2021-04-28 15:17 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\NDF

2021-04-28 13:14 - 2016-11-21 12:54 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2021-04-28 13:09 - 2019-09-16 12:00 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update

2021-04-28 13:08 - 2017-06-29 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2017 - English

2021-04-28 13:08 - 2017-06-29 15:19 - 000000000 ____D C:\Users\newra\AppData\Roaming\Autodesk

2021-04-28 13:08 - 2017-06-29 15:19 - 000000000 ____D C:\ProgramData\Autodesk

2021-04-28 12:56 - 2019-09-16 11:52 - 000000000 ____D C:\Users\newra

2021-04-28 11:57 - 2019-09-16 12:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\CareCenter

2021-04-28 11:25 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports

2021-04-27 21:38 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\AppReadiness

2021-04-27 19:12 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps

2021-04-27 15:51 - 2017-06-28 22:38 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2021-04-27 11:49 - 2019-10-25 20:08 - 000000000 ____D C:\WINDOWS\Minidump

2021-04-27 11:01 - 2017-06-29 01:11 - 000000000 ____D C:\ProgramData\AVAST Software

2021-04-27 10:55 - 2017-06-29 01:13 - 000000000 ____D C:\Users\newra\AppData\Roaming\AVAST Software

2021-04-26 18:01 - 2020-02-06 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games

2021-04-26 17:32 - 2019-03-12 16:09 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager

2021-04-26 17:23 - 2017-09-02 02:37 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2021-04-26 16:22 - 2020-09-30 10:43 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

2021-04-26 16:20 - 2019-09-19 10:38 - 000037244 ____H C:\Users\newra\AppData\Local\IconCache.db.backup

2021-04-26 16:20 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\L2Schemas

2021-04-26 14:50 - 2017-06-28 15:45 - 000000000 ____D C:\Users\newra\AppData\Local\CrashDumps

2021-04-24 21:29 - 2019-09-15 21:42 - 000000000 ___DC C:\WINDOWS\Panther

2021-04-24 20:29 - 2017-06-28 15:41 - 000000000 ___RD C:\Users\newra\OneDrive

2021-04-21 12:02 - 2017-12-15 00:19 - 000000000 ____D C:\Users\newra\AppData\Local\Packages

2021-04-21 11:35 - 2018-06-11 17:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2021-04-21 11:06 - 2019-09-16 12:00 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA

2021-04-21 11:06 - 2019-09-16 12:00 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore



==================== Files in the root of some directories ========



2020-09-07 17:48 - 2020-09-07 17:48 - 000000000 ____H () C:\Users\newra\AppData\Local\BITC2AB.tmp

2021-04-26 15:14 - 2021-04-26 15:14 - 000000017 _____ () C:\Users\newra\AppData\Local\resmon.resmoncfg

2020-09-07 17:47 - 2020-09-07 17:48 - 000000000 _____ () C:\Users\newra\AppData\Local\{251455C8-EF68-4E67-87D2-544EEAF022F6}



==================== SigCheck ============================



(There is no automatic fix for files that do not pass verification.)



==================== End of FRST.txt ========================

 

[NewbyRad]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by newra (28-04-2021 18:41:57)
Running from C:\Users\newra\Downloads
Windows 10 Home Version 1909 18363.1440 (X64) (2019-09-16 17:00:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4059444555-803053725-937440290-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4059444555-803053725-937440290-503 - Limited - Disabled)
Guest (S-1-5-21-4059444555-803053725-937440290-501 - Limited - Disabled)
newra (S-1-5-21-4059444555-803053725-937440290-1001 - Administrator - Enabled) => C:\Users\newra
WDAGUtilityAccount (S-1-5-21-4059444555-803053725-937440290-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3029 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3006 - Acer Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
AutoCAD 2017 - English (HKLM\...\{28B89EEF-0001-0409-2102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Autodesk AutoCAD 2017 - English (HKLM\...\AutoCAD 2017 - English) (Version: 21.0.52.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.6.378 - Autodesk)
Autodesk DWG TrueView 2019 - English (HKLM\...\DWG TrueView 2019 - English) (Version: 23.0.46.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk ReCap 360 (HKLM\...\Autodesk ReCap 360) (Version: 3.0.0.52 - Autodesk)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 21.3.3174 - AVG Technologies)
AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 90.0.9316.95 - AVG Technologies)
AVG Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1066.0 - AVG Technologies) Hidden
Blade & Soul Launcher Bundle (HKLM-x32\...\{fcb7b621-345c-46f2-a010-76a58c939d54}) (Version: 1.0.2.0 - NC Interactive, LLC) Hidden
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.78 - Piriform)
Discord (HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
DIVA-GIS 7.5 (HKLM-x32\...\{45E46848-AD24-4E6C-9751-F5B5FD2C15FF}_is1) (Version: - diva-gis.org)
Documentation Manager (HKLM\...\{59C2C057-0051-48B0-8570-75E21B5BBAE1}) (Version: 21.90.3.2 - Intel Corporation) Hidden
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3015 - Acer Incorporated)
Free MP3 Cutter 2.1 (HKLM-x32\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: 2.1 - PolySoft Solutions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
Intel(R) Chipset Device Software (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 24.20.100.6286 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{03929cf1-3ae4-4765-b8b3-32b8e2e26a8d}) (Version: 19.60.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{4ac3b686-ca29-4a13-a973-06a4d4dd09e6}) (Version: 21.90.3.2 - Intel Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 261 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180261F0}) (Version: 8.0.2610.12 - Oracle Corporation)
League of Legends (HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E6BD8D0F-BA0D-4A4B-A5A8-C74DEB8365F9}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.34.0 - Microsoft Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Python 3.7.3 (32-bit) (HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\{24ac8299-2abd-4ddd-8be3-031debb6093c}) (Version: 3.7.3150.0 - Python Software Foundation)
Python 3.7.3 Add to Path (32-bit) (HKLM-x32\...\{2DB1318D-E51C-419B-99D5-D15F7120BD09}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Core Interpreter (32-bit) (HKLM-x32\...\{33AB9CEA-621E-4064-9FB0-7048E79DB5B5}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Development Libraries (32-bit) (HKLM-x32\...\{52DDE5D8-B45C-4C1D-81DD-D72317DE8B08}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Documentation (32-bit) (HKLM-x32\...\{2BC067C0-B392-49C0-988B-C839C62D8B65}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Executables (32-bit) (HKLM-x32\...\{E3E61712-C062-45E7-8348-D7DBF66FACFD}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 pip Bootstrap (32-bit) (HKLM-x32\...\{9846DC93-4A39-496F-8AE3-0E3AB4EF4385}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Standard Library (32-bit) (HKLM-x32\...\{DC6190E7-D05E-465A-9FB6-7418BC901991}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Tcl/Tk Support (32-bit) (HKLM-x32\...\{1341418F-C713-4943-ACB2-9F4D4743D193}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Test Suite (32-bit) (HKLM-x32\...\{FE5E4BF9-7487-4CE8-A2AC-F78C6B4BE487}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Utility Scripts (32-bit) (HKLM-x32\...\{AE9303AD-EBD0-4C85-A9D0-55B1BA972D11}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{A28C27E4-A725-482A-9C65-61EDC0E4D583}) (Version: 3.7.6657.0 - Python Software Foundation)
QGIS 3.8.2 'Zanzibar' (HKLM\...\QGIS 3.8) (Version: 3.8.2 - QGIS Development Team)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.191 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8569 - Realtek Semiconductor Corp.)
SketchUp Import 2016-2017 (HKLM-x32\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Zoom (HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

Packages:
=========
Dictionary. -> C:\Program Files\WindowsApps\Farlex.581429F59E1D8_5.1.2.0_x64__wyegy4e46y996 [2019-01-17] (Farlex) [MS Ad]
EGW Writings -> C:\Program Files\WindowsApps\EllenGWhiteEstate.EGWWritings_2.4.2.0_x64__tyrpwevhtjyep [2019-10-01] (Ellen G White Estate)
Flipboard -> C:\Program Files\WindowsApps\Flipboard.Flipboard_2.1.3.0_neutral__3f5azkryzdbc4 [2017-07-20] (Flipboard)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_121.1.193.0_x64__v10z8vjag6ke6 [2020-11-09] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12109.10002.53004.0_x64__nzyj5cx40ttqa [2020-11-09] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-22] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-08-05] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-05] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4059444555-803053725-937440290-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4059444555-803053725-937440290-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2019 - English\en-US\dwgviewrficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4059444555-803053725-937440290-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4059444555-803053725-937440290-1001_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2019 - English\dwgviewr.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4059444555-803053725-937440290-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\en-US\acadficn.dll (Autodesk, Inc -> Autodesk, Inc.)
ShellExecuteHooks: No Name - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - -> No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2018-01-29] (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2018-01-29] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-28] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\igfxDTCM.dll [2018-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-28] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\newra\Desktop\Daniek - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\newra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Eve - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2019-02-21 21:00 - 2019-02-21 21:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-4059444555-803053725-937440290-1001\Software\Classes\.scr: AutoCADScriptFile =>

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-4059444555-803053725-937440290-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180619__yaie
HKU\S-1-5-21-4059444555-803053725-937440290-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17swin10.msn.com/?pc=ASJE
SearchScopes: HKU\S-1-5-21-4059444555-803053725-937440290-1001 -> DefaultScope {127AEC89-3D2F-4D7C-B1CD-36621243C6B4} URL =
SearchScopes: HKU\S-1-5-21-4059444555-803053725-937440290-1001 -> {127AEC89-3D2F-4D7C-B1CD-36621243C6B4} URL =
SearchScopes: HKU\S-1-5-21-4059444555-803053725-937440290-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__180619__yaie&p={searchTerms}
BHO: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\ssv.dll [2020-08-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-08-16] (Oracle America, Inc. -> Oracle Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2021-04-28 14:16 - 000000762 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

2017-09-04 21:27 - 2019-09-23 13:45 - 000000605 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 KrisNewTech.mshome.net # 2024 6 5 28 22 23 51 222
10 0 8 21 59 13 136

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-4059444555-803053725-937440290-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\newra\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

21-04-2021 12:05:19 Scheduled Checkpoint
26-04-2021 16:21:59 Windows Update
28-04-2021 13:09:09 Removed Autodesk Advanced Material Library Image Library 2017
28-04-2021 13:09:30 Removed Autodesk App Manager 2016-2017.
28-04-2021 13:10:12 Removed Autodesk Featured Apps 2016-2017.
28-04-2021 13:11:00 Removed Autodesk AutoCAD Performance Feedback Tool 1.2.5
28-04-2021 13:11:25 Removed Autodesk Material Library 2017
28-04-2021 13:12:05 Removed Lyrics Plugin for Windows Media Player
28-04-2021 13:12:31 Removed Online Application
28-04-2021 13:14:06 Removed Qualcomm Atheros Setup.
28-04-2021 13:52:31 AdwCleaner_BeforeCleaning_28/04/2021_13:52:31

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/28/2021 06:39:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Autodesk\Autodesk ReCap 360\ReCap.exe".
Dependent Assembly FARO.LS,processorArchitecture="amd64",publicKeyToken="1d23f5635ba800ab",type="Win32",version="1.1.504.2" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/28/2021 06:34:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Autodesk\Autodesk ReCap 360\ReCap.exe".
Dependent Assembly FARO.LS,processorArchitecture="amd64",publicKeyToken="1d23f5635ba800ab",type="Win32",version="1.1.504.2" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/28/2021 04:24:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Autodesk\Autodesk ReCap 360\ReCap.exe".
Dependent Assembly FARO.LS,processorArchitecture="amd64",publicKeyToken="1d23f5635ba800ab",type="Win32",version="1.1.504.2" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/28/2021 04:24:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Autodesk\Autodesk ReCap 360\ReCap.exe".
Dependent Assembly FARO.LS,processorArchitecture="amd64",publicKeyToken="1d23f5635ba800ab",type="Win32",version="1.1.504.2" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/28/2021 04:13:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Autodesk\Autodesk ReCap 360\ReCap.exe".
Dependent Assembly FARO.LS,processorArchitecture="amd64",publicKeyToken="1d23f5635ba800ab",type="Win32",version="1.1.504.2" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/28/2021 04:11:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Exception code: 0xc0000409
Fault offset: 0x000000000022af80
Faulting process id: 0xff4
Faulting application start time: 0x01d73c70ac37a4f5
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: 051c0ab3-7542-4fe3-863f-d1545d6532ea
Faulting package full name:
Faulting package-relative application ID:

Error: (04/28/2021 04:11:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 804: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (04/28/2021 04:11:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 824: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)


System errors:
=============
Error: (04/28/2021 06:40:05 PM) (Source: DCOM) (EventID: 10010) (User: KRISNEWTECH)
Description: The server Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (04/28/2021 06:39:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Routing and Remote Access service terminated with the following service-specific error:
The system cannot find the file specified.

Error: (04/28/2021 06:39:22 PM) (Source: DCOM) (EventID: 10005) (User: KRISNEWTECH)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/28/2021 06:39:14 PM) (Source: DCOM) (EventID: 10005) (User: KRISNEWTECH)
Description: DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server:
Windows.Internal.CapabilityAccess.CapabilityAccess

Error: (04/28/2021 06:37:34 PM) (Source: DCOM) (EventID: 10005) (User: KRISNEWTECH)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (04/28/2021 06:37:30 PM) (Source: DCOM) (EventID: 10005) (User: KRISNEWTECH)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/28/2021 06:35:11 PM) (Source: DCOM) (EventID: 10005) (User: KRISNEWTECH)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/28/2021 06:35:11 PM) (Source: DCOM) (EventID: 10005) (User: KRISNEWTECH)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Windows Defender:
================
Date: 2021-04-26 17:18:15.225
Description:
Controlled Folder Access blocked C:\Program Files\Avast Software\Cleanup\AvBugReport.exe from making changes to memory.
Detection time: 2021-04-26T22:18:15.224Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Program Files\Avast Software\Cleanup\AvBugReport.exe
Security intelligence Version: 1.335.1735.0
Engine Version: 1.1.18000.5
Product Version: 4.18.2103.7

Date: 2021-04-26 16:21:54.775
Description:
Controlled Folder Access blocked C:\Program Files\CCleaner\CCleaner64.exe from making changes to memory.
Detection time: 2021-04-26T21:21:54.775Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Program Files\CCleaner\CCleaner64.exe
Security intelligence Version: 1.335.1614.0
Engine Version: 1.1.18000.5
Product Version: 4.18.2103.7

Date: 2021-04-21 11:22:42.590
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-21 11:08:14.142
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-03-26 16:51:00.446
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-27 09:05:40.318
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2021-04-24 20:32:02.826
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.335.1365.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18000.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-04-24 20:32:02.824
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.335.1365.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18000.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-04-24 20:32:02.822
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.335.1365.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18000.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-04-24 20:32:02.807
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.335.1365.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18000.5
Error code: 0x80072ee2
Error description: The operation timed out

==================== Memory info ===========================

BIOS: Insyde Corp. V1.15 09/19/2016
Motherboard: Acer Ironman_SK
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 57%
Total physical RAM: 8060.13 MB
Available physical RAM: 3445.43 MB
Total Virtual: 18812.13 MB
Available Virtual: 13982.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.36 GB) (Free:117.4 GB) NTFS

\\?\Volume{78ad9437-0299-4241-ae77-1152786ddb60}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.58 GB) NTFS
\\?\Volume{04338e8e-824c-4581-8db4-522ea8e14225}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 7EF15498)

Partition: GPT.

==================== End of Addition.txt =======================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[NewbyRad]

RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18363) 64 bits
Started in : Safe mode with network support
User : newra [Administrator]
Started from : C:\Users\newra\Downloads\RogueKiller_portable64.exe
Signatures : 20210426_080854, Driver : Not Loaded
Mode : Standard Scan, Scan -- Date : 2021/04/28 16:57:29 (Duration : 00:05:58)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.OnlineIO (Potentially Malicious)] (folder) AdvinstAnalytics -- C:\Users\newra\AppData\Local\AdvinstAnalytics -> Found
[PUP.HackTool (Potentially Malicious)] (folder) KMSAuto -- C:\ProgramData\KMSAuto -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Not Loaded [0x1]) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18363) 64 bits
Started in : Safe mode with network support
User : newra [Administrator]
Started from : C:\Users\newra\Downloads\RogueKiller_portable64.exe
Signatures : 20210426_080854, Driver : Not Loaded
Mode : Standard Scan, Delete -- Date : 2021/04/28 17:05:06 (Duration : 00:05:58)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.OnlineIO (Potentially Malicious)] AdvinstAnalytics -- %localappdata%\AdvinstAnalytics -> Deleted
=> tracking.ini -- C:\Users\newra\AppData\Local\ADVINS~1\57BEC7~1\27F29F~1.0\tracking.ini -> Deleted
=> 2.7.0 -- C:\Users\newra\AppData\Local\ADVINS~1\57BEC7~1\27F29F~1.0 -> Deleted
=> 57bec79515c1ec525f8858bf -- C:\Users\newra\AppData\Local\ADVINS~1\57BEC7~1 -> Deleted
[PUP.HackTool (Potentially Malicious)] KMSAuto -- %programdata%\KMSAuto -> Deleted

 

[NewbyRad]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/27/21
Scan Time: 9:40 AM
Log File: 7d1a8dbc-a766-11eb-8244-a81e840643f4.json

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.21124
License: Trial

-System Information-
OS: Windows 10 (Build 18362.1440)
CPU: x64
File System: NTFS
User: KRISNEWTECH\newra

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 335923
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 3 min, 5 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
MachineLearning/Anomalous.100%, C:\USERS\DEFAULTUSER100001\APPDATA\LOCAL\TEMP\BITE840.TMP, Quarantined, 0, 392687, 1.0.21124, , unknown, , 8B7092BECAAF1080F88AD1A0A0B3187D, 3046A27A98A34D50399C6415DBA4D7695EA7159A5F29C6D6A2B4560DC028C36D

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[NewbyRad]

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-03-22.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-28-2021
# Duration: 00:00:17
# OS: Windows 10 Home
# Scanned: 31986
# Detected: 31


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Microleaves HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
PUP.Optional.Microleaves HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

PUP.Optional.DefaultSearch.ShrtCln Adaware Secure Search - nladljmabboanhihfkjacnnkgjhnokhj

***** [ Chromium URLs ] *****

PUP.Optional.Legacy iZito

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.AcerCareCenter Folder C:\Program Files (x86)\ACER\CARE CENTER
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45F09FE2-7C29-48A7-BDFB-5B4354EAB6C2}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45F09FE2-7C29-48A7-BDFB-5B4354EAB6C2}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CF82959-E6B0-474D-8E10-57EEC61F4178}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication
Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1AF41E84-3408-499A-8C93-8891F0612719}
Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCAGENT
Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION
Preinstalled.AcerQuickAccess Folder C:\Program Files\ACER\ACER QUICK ACCESS
Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76F100FA-CF23-491E-B08C-B4812A211490}
Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F22A041D-A1F6-41DB-844E-C56A35109D34}
Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Power Button
Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Quick Access
Preinstalled.AcerQuickAccess Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}
Preinstalled.AcerQuickAccess Task C:\Windows\System32\Tasks\POWER BUTTON
Preinstalled.AcerQuickAccess Task C:\Windows\System32\Tasks\QUICK ACCESS
Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########








# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-03-22.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-28-2021
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 13
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}

***** [ Chromium (and derivatives) ] *****

Deleted Adaware Secure Search - nladljmabboanhihfkjacnnkgjhnokhj

***** [ Chromium URLs ] *****

Deleted iZito

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Deleted Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4878 octets] - [28/04/2021 13:51:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

[NewbyRad]

Pleasant morning to you friend, there are the files you requested.

I remember doing an AVG boot time scan and it reported about 4 zip files that may have been compression bombs in my C:/
Autodesk folder... Is that normal?

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[NewbyRad]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021
Ran by newra (administrator) on KRISNEWTECH (Acer Aspire E5-575G) (29-04-2021 11:31:13)
Running from C:\Users\newra\Downloads
Loaded Profiles: newra
Platform: Windows 10 Home Version 1909 18363.1440 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --single-argument %1
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acer Incorporated -> ) C:\OEM\Preload\FubTool\FubTool.exe
(Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.10002.53004.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Autodesk, Inc -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc -> Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe <3>
(Autodesk, Inc -> Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <3>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(AVG Technologies USA, LLC -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\AVGBrowserCrashHandler.exe
(AVG Technologies USA, LLC -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\AVGBrowserCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) CN -> Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\igfxext.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12010.1001.3.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [166144 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33169992 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\Policies\Explorer: []
HKLM\Software\Microsoft\Active Setup\Installed Components: [{48F69C39-1356-4A7B-A899-70E3539D4982}] -> C:\Program Files (x86)\AVG\Browser\Application\90.0.9316.95\Installer\chrmstp.exe [2021-04-28] (AVG Technologies USA, LLC -> AVG Technologies)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-04-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\86.1.6738.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B6730D4-BE12-44F1-86E3-5F0750167AF6} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {16C64CE5-0450-4C34-BB6D-EB18281B3D8F} - System32\Tasks\CareCenter\NvBackend_Reg_HKLMRun => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {19203369-09AF-469C-BA70-28AB5EC09758} - System32\Tasks\CareCenter\Autodesk Desktop App_Reg_HKLMWow6432Run => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-06-15] (Autodesk, Inc -> Autodesk, Inc.)
Task: {1A375B5E-AEAE-40D2-8E3F-0456059D725D} - System32\Tasks\CareCenter\BCSSync_Reg_HKLMWow6432Run => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {238A6FC9-32C4-4CDC-8959-E5B9CA19A3B9} - System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [2232208 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {3778B33F-80A0-4D46-A5E2-E25D08287CA3} - System32\Tasks\CareCenter\OneDriveSetup_Reg_HKCURun_S-1-5-21-4059444555-803053725-937440290-1001 => C:\Windows\SysWOW64\OneDriveSetup.exe [28832864 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {45F09FE2-7C29-48A7-BDFB-5B4354EAB6C2} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [40352 2016-06-24] (Acer Incorporated -> )
Task: {54240F8C-1215-41D7-8560-0AD22683CE7C} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {5CF82959-E6B0-474D-8E10-57EEC61F4178} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4645168 2017-05-24] (Acer Incorporated -> )
Task: {5DA27373-0044-408D-9BBD-3DBE314CD875} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-28] (Google Inc -> Google Inc.)
Task: {5EE3EE61-7F42-4CD6-8B90-1E703394F651} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Task: {60C538A1-86F0-4362-8D6F-3479DFA264A4} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {6DAA97AD-C1CE-4E9F-B4C4-2E2884160CA6} - System32\Tasks\CareCenter\SunJavaUpdateSched_Reg_HKLMWow6432Run => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
Task: {70019EF7-6012-48D8-8192-76A4DC0B9B36} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [855352 2016-02-19] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {72B77D7C-3F6D-4245-8E15-0797C67254CE} - System32\Tasks\CareCenter\RTHDVCPL_Reg_HKLMRun => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2018-11-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {7475FF3C-F2AE-4653-9338-767438C18E3B} - System32\Tasks\CareCenter\RtHDVBg_TrueHarmony_Reg_HKLMRun => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2018-11-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {74F305E7-F125-42C7-AC13-B28473BFFB72} - System32\Tasks\CareCenter\SwitchBoard_Reg_HKLMWow6432Run => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
Task: {76F100FA-CF23-491E-B08C-B4812A211490} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2766240 2016-06-17] (Acer Incorporated -> Acer Incorporated)
Task: {7A5A5B34-1D6B-4443-970C-276263AA400D} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [472992 2016-06-24] (Acer Incorporated -> Acer Incorporated)
Task: {97218BEC-3F66-4E8B-91F5-02A938ABAD20} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-18] (Piriform Software Ltd -> Piriform)
Task: {9EF7EE22-C6F3-4DB1-B9A6-F475BBD9FFD1} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4747008 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {A8984948-C48C-4E3B-84E2-5658A6B15117} - System32\Tasks\AVG Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [2232208 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {BBB140EF-9129-42D4-960D-C5CC1DB84A96} - System32\Tasks\FubToolByPLD => C:\OEM\Preload\FubTool\FubTool.exe [30976 2015-05-14] (Acer Incorporated -> )
Task: {C6A71F1D-38FA-4B87-9826-E6699F0FBF4E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27616328 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D3681284-B6F6-4550-A848-9ED09647E383} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {E1546D9E-4C23-40FC-A66E-3F58CC07B2EE} - System32\Tasks\CareCenter\AdobeCS6ServiceManager_Reg_HKLMWow6432Run => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {ED679281-660C-4475-B8DB-F6BEBAC6666E} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920752 2017-05-24] (Acer Incorporated -> )
Task: {F038F3A7-2EEC-4AA7-B201-C9B72DA19077} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-28] (Google Inc -> Google Inc.)
Task: {F22A041D-A1F6-41DB-844E-C56A35109D34} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [421792 2016-06-17] (Acer Incorporated -> Acer Incorporated)
Task: {F948690E-F181-4767-9B06-10243862486F} - System32\Tasks\CareCenter\AdobeAAMUpdater-1.0_Reg_HKLMRun => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EOSv3 Scheduler onLogOn.job => C:\Users\newra\Downloads\esetonlinescanner.exe
Task: C:\WINDOWS\Tasks\EOSv3 Scheduler onTime.job => C:\Users\newra\Downloads\esetonlinescanner.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{985c652a-cb0f-44a9-ad50-e8ed69c7f8da}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~2\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-08-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-08-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [No File]
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [No File]
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll [2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll [2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4059444555-803053725-937440290-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\newra\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-06-05] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default [2021-04-28]
CHR Notifications: Default -> hxxps://conservativetribune.com; hxxps://lfcglobe.co.uk; hxxps://mail.google.com; hxxps://web.whatsapp.com; hxxps://www.facebook.com; hxxps://www.reddit.com; hxxps://www.thisisanfield.com; hxxps://www.youtube.com
CHR StartupUrls: Default -> "hxxps://www.google.com.jm/","hxxp://www.facebook.com/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Google Translate) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-04-21]
CHR Extension: (Slides) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghbiahbpaijignceidepookljebhfak [2021-03-16]
CHR Extension: (Docs) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-08]
CHR Extension: (YouTube) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-28]
CHR Extension: (Sheets) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-24]
CHR Extension: (Pinterest Save Button) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2021-04-26]
CHR Extension: (Liverpool) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jogceghbjlhcdfebabdelcpjpnbhopjg [2017-06-29]
CHR Extension: (Grammarly for Chrome) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-04-26]
CHR Extension: (Controlled multi-tab browsing) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\kokmfemecmlekdnjllgobeplngdfifie [2017-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-12]
CHR Extension: (Gmail) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-08]
CHR Extension: (Chrome Media Router) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-28]
CHR Profile: C:\Users\newra\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-04-28]
CHR Profile: C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-04-28]
CHR HomePage: Profile 2 -> hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR Session Restore: Profile 2 -> is enabled.
CHR Extension: (Slides) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-28]
CHR Extension: (Docs) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-28]
CHR Extension: (Google Drive) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-09]
CHR Extension: (YouTube) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-28]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-11-09]
CHR Extension: (Sheets) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-28]
CHR Extension: (Google Docs Offline) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-09]
CHR Extension: (Avast Online Security) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-06-13]
CHR Extension: (Grammarly for Chrome) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-11-10]
CHR Extension: (IDM Integration Module) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2020-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-18]
CHR Extension: (Gmail) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-09]
CHR Extension: (Chrome Media Router) - C:\Users\newra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-09]
CHR Profile: C:\Users\newra\AppData\Local\Google\Chrome\User Data\System Profile [2021-04-28]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-04-19]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-04-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1353208 2017-06-15] (Autodesk, Inc -> Autodesk Inc.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S2 avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [607488 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [356608 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7941688 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)
S3 AVGSecureBrowserElevationService; C:\Program Files (x86)\AVG\Browser\Application\90.0.9316.95\elevation_service.exe [1397000 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-04-28] (Malwarebytes Inc -> Malwarebytes)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-06-17] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-06-17] (Acer Incorporated -> Acer Incorporated)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2017-06-29] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [35816 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [212344 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [365112 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [250408 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [99384 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [16816 2021-04-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [41432 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [180576 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [522520 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [107920 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [83008 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [850784 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [467840 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [215488 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [327104 2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-06-29] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-06-29] (Disc Soft Ltd -> Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-28] (Malwarebytes Inc -> Malwarebytes)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated -> Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-04-28] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-04-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-04-28] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-04-28] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-28] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [157944 2021-04-28] (Malwarebytes Inc -> Malwarebytes)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated -> Acer Incorporated)
S3 TS_ARN5416; C:\WINDOWS\system32\DRIVERS\ts_wathr11x.sys [5475688 2016-12-23] (TamoSoft Ltd -> TamoSoft Limited)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421088 2021-04-21] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-21] (Microsoft Windows -> Microsoft Corporation)
U1 avgbdisk; no ImagePath
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-29 11:19 - 2021-04-29 11:19 - 000001436 _____ C:\Users\newra\Downloads\Malwarebytes Scan.txt
2021-04-29 11:12 - 2021-04-29 11:12 - 000002050 _____ C:\Users\newra\Downloads\RogueKillerDelete.txt
2021-04-29 11:09 - 2021-04-29 11:09 - 000002738 _____ C:\Users\newra\Downloads\RogueKillerScan.txt
2021-04-28 18:40 - 2021-04-28 18:40 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-04-28 18:39 - 2021-04-28 18:39 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-04-28 18:39 - 2021-04-28 18:39 - 000157944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-04-28 18:34 - 2021-04-28 18:34 - 000000162 ____H C:\Users\newra\Downloads\~$FRST.txt
2021-04-28 18:15 - 2021-04-28 18:15 - 000000288 _____ C:\WINDOWS\Tasks\EOSv3 Scheduler onTime.job
2021-04-28 18:15 - 2021-04-28 18:15 - 000000288 _____ C:\WINDOWS\Tasks\EOSv3 Scheduler onLogOn.job
2021-04-28 18:15 - 2021-04-28 18:15 - 000000266 _____ C:\Users\newra\Downloads\ESETScan.txt
2021-04-28 17:10 - 2021-04-28 17:10 - 000000778 _____ C:\Users\newra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-04-28 17:10 - 2021-04-28 17:10 - 000000650 _____ C:\Users\newra\Desktop\ESET Online Scanner.lnk
2021-04-28 17:10 - 2021-04-28 17:10 - 000000000 ____D C:\Users\newra\AppData\Local\ESET
2021-04-28 17:07 - 2021-04-28 17:10 - 015019488 _____ (ESET spol. s r.o.) C:\Users\newra\Downloads\esetonlinescanner.exe
2021-04-28 16:57 - 2021-04-28 17:03 - 000000000 ____D C:\ProgramData\RogueKiller
2021-04-28 16:40 - 2021-04-28 16:57 - 031054160 _____ C:\Users\newra\Downloads\RogueKiller_portable64.exe
2021-04-28 15:55 - 2021-04-28 18:39 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-28 15:55 - 2021-04-28 16:13 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-04-28 15:55 - 2021-04-28 15:55 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-04-28 15:55 - 2021-04-28 15:55 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-04-28 15:55 - 2021-04-28 15:55 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-04-28 15:55 - 2021-04-28 15:55 - 000000000 ____D C:\Users\newra\AppData\Local\mbam
2021-04-28 15:54 - 2021-04-28 15:54 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-04-28 15:54 - 2021-04-28 15:54 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-04-28 15:35 - 2021-04-28 15:53 - 000009000 _____ C:\Users\newra\Downloads\netadapter-log-2021-04-28-15-35-51.txt
2021-04-28 14:14 - 2021-04-28 14:16 - 000008066 _____ C:\Users\newra\Downloads\netadapter-log-2021-04-28-14-14-43.txt
2021-04-28 14:00 - 2021-04-28 14:01 - 000015457 _____ C:\Users\newra\Downloads\Fixlog.txt
2021-04-28 13:51 - 2021-04-28 13:52 - 000000000 ____D C:\AdwCleaner
2021-04-28 13:48 - 2021-04-28 18:42 - 000035397 _____ C:\Users\newra\Downloads\Addition.txt
2021-04-28 13:47 - 2021-04-29 11:31 - 000031421 _____ C:\Users\newra\Downloads\FRST.txt
2021-04-28 13:46 - 2021-04-29 11:31 - 000000000 ____D C:\FRST
2021-04-28 13:46 - 2021-04-28 13:49 - 008534696 _____ (Malwarebytes) C:\Users\newra\Downloads\AdwCleaner.exe
2021-04-28 13:43 - 2021-04-28 13:45 - 002298368 _____ (Farbar) C:\Users\newra\Downloads\FRST64.exe
2021-04-28 13:16 - 2021-04-28 13:16 - 000008342 _____ C:\Users\newra\Documents\cc_20210428_131634.reg
2021-04-28 12:57 - 2021-04-28 18:37 - 000436918 _____ C:\WINDOWS\ntbtlog.txt
2021-04-28 12:26 - 2021-04-28 12:26 - 000008154 _____ C:\Users\newra\Documents\cc_20210428_122639.reg
2021-04-28 12:19 - 2021-04-28 12:33 - 000003754 _____ C:\Users\newra\Downloads\netadapter-log-2021-04-28-12-19-45.txt
2021-04-28 12:13 - 2021-04-28 12:16 - 000005092 _____ C:\Users\newra\Downloads\netadapter-log-2021-04-28-12-13-34.txt
2021-04-28 12:08 - 2021-04-28 12:11 - 000007323 _____ C:\Users\newra\Downloads\netadapter-log-2021-04-28-12-08-35.txt
2021-04-28 11:49 - 2021-04-28 12:08 - 002091520 _____ (Conner Bernhard) C:\Users\newra\Downloads\NetAdapterRepair1.2.exe
2021-04-27 19:02 - 2021-04-27 19:02 - 000002034 _____ C:\Users\newra\Documents\cc_20210427_190203.reg
2021-04-27 18:44 - 2021-04-27 18:44 - 000000000 ____D C:\Users\newra\Documents\League of Legends
2021-04-27 11:49 - 2021-04-27 11:49 - 1284676342 _____ C:\WINDOWS\MEMORY.DMP
2021-04-27 11:49 - 2021-04-27 11:49 - 001484604 _____ C:\WINDOWS\Minidump\042721-8468-01.dmp
2021-04-27 11:05 - 2021-04-28 12:04 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk
2021-04-27 11:05 - 2021-04-28 12:04 - 000002340 _____ C:\Users\Public\Desktop\AVG Secure Browser.lnk
2021-04-27 11:05 - 2021-04-28 12:04 - 000002340 _____ C:\ProgramData\Desktop\AVG Secure Browser.lnk
2021-04-27 11:05 - 2021-04-27 11:05 - 000003826 _____ C:\WINDOWS\system32\Tasks\AVG Secure Browser Heartbeat Task (Hourly)
2021-04-27 11:05 - 2021-04-27 11:05 - 000003242 _____ C:\WINDOWS\system32\Tasks\AVG Secure Browser Heartbeat Task (Logon)
2021-04-27 11:05 - 2021-04-27 11:05 - 000000000 ____D C:\Users\newra\AppData\Local\AVG
2021-04-27 11:00 - 2021-04-27 11:00 - 000006682 _____ C:\Users\newra\Documents\cc_20210427_110018.reg
2021-04-27 10:54 - 2021-04-27 10:54 - 000003414 _____ C:\WINDOWS\system32\Tasks\AVGUpdateTaskMachineUA
2021-04-27 10:54 - 2021-04-27 10:54 - 000003290 _____ C:\WINDOWS\system32\Tasks\AVGUpdateTaskMachineCore
2021-04-27 10:54 - 2021-04-27 10:54 - 000000000 ____D C:\Program Files (x86)\AVG
2021-04-27 10:09 - 2021-04-28 12:59 - 000002059 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2021-04-27 10:09 - 2021-04-28 12:59 - 000002059 _____ C:\ProgramData\Desktop\AVG AntiVirus FREE.lnk
2021-04-27 10:09 - 2021-04-27 10:09 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2021-04-27 10:09 - 2021-04-27 10:09 - 000000000 ____D C:\Users\newra\AppData\Roaming\AVG
2021-04-27 09:58 - 2021-04-28 14:25 - 000004266 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2021-04-27 09:58 - 2021-04-27 09:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2021-04-27 09:58 - 2021-04-27 09:58 - 000000000 ____D C:\Program Files\Common Files\AVG
2021-04-27 09:58 - 2021-04-27 09:57 - 000850784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2021-04-27 09:58 - 2021-04-27 09:57 - 000522520 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2021-04-27 09:58 - 2021-04-27 09:57 - 000467840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2021-04-27 09:58 - 2021-04-27 09:57 - 000365112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2021-04-27 09:58 - 2021-04-27 09:57 - 000340224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2021-04-27 09:58 - 2021-04-27 09:57 - 000327104 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2021-04-27 09:58 - 2021-04-27 09:57 - 000250408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2021-04-27 09:58 - 2021-04-27 09:57 - 000215488 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2021-04-27 09:58 - 2021-04-27 09:57 - 000212344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2021-04-27 09:58 - 2021-04-27 09:57 - 000180576 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2021-04-27 09:58 - 2021-04-27 09:57 - 000107920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2021-04-27 09:58 - 2021-04-27 09:57 - 000099384 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2021-04-27 09:58 - 2021-04-27 09:57 - 000083008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2021-04-27 09:58 - 2021-04-27 09:57 - 000041432 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2021-04-27 09:58 - 2021-04-27 09:57 - 000035816 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2021-04-27 09:58 - 2021-04-27 09:57 - 000016816 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgElam.sys
2021-04-27 09:47 - 2021-04-27 09:47 - 000000000 ____D C:\Program Files\AVG
2021-04-27 09:46 - 2021-04-28 18:39 - 000000000 ____D C:\ProgramData\AVG
2021-04-27 09:44 - 2021-04-27 09:44 - 000259344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\newra\Downloads\avg_antivirus_free_setup.exe
2021-04-26 18:01 - 2021-04-27 18:43 - 000001681 _____ C:\Users\Public\Desktop\League of Legends.lnk
2021-04-26 18:01 - 2021-04-27 18:43 - 000001681 _____ C:\ProgramData\Desktop\League of Legends.lnk
2021-04-26 17:35 - 2021-04-28 16:02 - 000000000 ____D C:\ProgramData\Riot Games
2021-04-26 17:35 - 2021-04-27 18:43 - 000000000 ____D C:\Users\newra\AppData\Local\Riot Games
2021-04-26 17:35 - 2021-04-26 18:02 - 000000000 ____D C:\Riot Games
2021-04-26 17:23 - 2021-04-26 17:23 - 000000000 ____D C:\Program Files\Malwarebytes
2021-04-26 15:14 - 2021-04-26 15:14 - 000000017 _____ C:\Users\newra\AppData\Local\resmon.resmoncfg
2021-04-26 14:45 - 2021-04-26 14:45 - 000040176 _____ C:\Users\newra\Documents\cc_20210426_144543.reg
2021-04-24 21:28 - 2021-04-24 21:28 - 000000000 ___HD C:\$WINDOWS.~BT
2021-04-21 17:03 - 2021-04-21 16:55 - 000090973 _____ C:\Users\newra\Documents\Project Eden.bak
2021-04-21 16:55 - 2021-04-21 17:03 - 000073181 _____ C:\Users\newra\Documents\Project Eden.dwg
2021-04-12 17:49 - 2021-04-26 17:33 - 069423360 _____ (Riot Games, Inc.) C:\Users\newra\Downloads\Install League of Legends na.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-29 11:08 - 2019-09-16 12:01 - 000841062 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-29 11:08 - 2019-03-18 23:50 - 000000000 ____D C:\WINDOWS\INF
2021-04-29 11:05 - 2017-06-29 02:15 - 000000000 ____D C:\Program Files\CCleaner
2021-04-29 11:02 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-29 11:02 - 2017-06-28 15:39 - 000000000 __SHD C:\Users\newra\IntelGraphicsProfiles
2021-04-29 11:02 - 2016-11-21 13:16 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-29 11:01 - 2019-09-16 12:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-29 11:01 - 2019-09-16 11:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-28 18:39 - 2019-03-18 23:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-04-28 16:13 - 2017-12-21 01:14 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-04-28 15:54 - 2019-03-18 23:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-28 15:54 - 2017-06-29 01:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-04-28 15:17 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-04-28 13:14 - 2016-11-21 12:54 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-04-28 13:09 - 2019-09-16 12:00 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-04-28 13:08 - 2017-06-29 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2017 - English
2021-04-28 13:08 - 2017-06-29 15:19 - 000000000 ____D C:\Users\newra\AppData\Roaming\Autodesk
2021-04-28 13:08 - 2017-06-29 15:19 - 000000000 ____D C:\ProgramData\Autodesk
2021-04-28 12:56 - 2019-09-16 11:52 - 000000000 ____D C:\Users\newra
2021-04-28 11:57 - 2019-09-16 12:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\CareCenter
2021-04-28 11:25 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-27 21:38 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-27 19:12 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-27 15:51 - 2017-06-28 22:38 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-27 11:49 - 2019-10-25 20:08 - 000000000 ____D C:\WINDOWS\Minidump
2021-04-27 11:01 - 2017-06-29 01:11 - 000000000 ____D C:\ProgramData\AVAST Software
2021-04-27 10:55 - 2017-06-29 01:13 - 000000000 ____D C:\Users\newra\AppData\Roaming\AVAST Software
2021-04-26 18:01 - 2020-02-06 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-04-26 17:32 - 2019-03-12 16:09 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2021-04-26 17:23 - 2017-09-02 02:37 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2021-04-26 16:22 - 2020-09-30 10:43 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-26 16:20 - 2019-09-19 10:38 - 000037244 ____H C:\Users\newra\AppData\Local\IconCache.db.backup
2021-04-26 16:20 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\L2Schemas
2021-04-26 14:50 - 2017-06-28 15:45 - 000000000 ____D C:\Users\newra\AppData\Local\CrashDumps
2021-04-24 21:29 - 2019-09-15 21:42 - 000000000 ___DC C:\WINDOWS\Panther
2021-04-24 20:29 - 2017-06-28 15:41 - 000000000 ___RD C:\Users\newra\OneDrive
2021-04-21 12:02 - 2017-12-15 00:19 - 000000000 ____D C:\Users\newra\AppData\Local\Packages
2021-04-21 11:35 - 2018-06-11 17:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-21 11:06 - 2019-09-16 12:00 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-21 11:06 - 2019-09-16 12:00 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories ========

2020-09-07 17:48 - 2020-09-07 17:48 - 000000000 ____H () C:\Users\newra\AppData\Local\BITC2AB.tmp
2021-04-26 15:14 - 2021-04-26 15:14 - 000000017 _____ () C:\Users\newra\AppData\Local\resmon.resmoncfg
2020-09-07 17:47 - 2020-09-07 17:48 - 000000000 _____ () C:\Users\newra\AppData\Local\{251455C8-EF68-4E67-87D2-544EEAF022F6}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[NewbyRad]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by newra (29-04-2021 11:32:38)
Running from C:\Users\newra\Downloads
Windows 10 Home Version 1909 18363.1440 (X64) (2019-09-16 17:00:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4059444555-803053725-937440290-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4059444555-803053725-937440290-503 - Limited - Disabled)
Guest (S-1-5-21-4059444555-803053725-937440290-501 - Limited - Disabled)
newra (S-1-5-21-4059444555-803053725-937440290-1001 - Administrator - Enabled) => C:\Users\newra
WDAGUtilityAccount (S-1-5-21-4059444555-803053725-937440290-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3029 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3006 - Acer Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
AutoCAD 2017 - English (HKLM\...\{28B89EEF-0001-0409-2102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Autodesk AutoCAD 2017 - English (HKLM\...\AutoCAD 2017 - English) (Version: 21.0.52.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.6.378 - Autodesk)
Autodesk DWG TrueView 2019 - English (HKLM\...\DWG TrueView 2019 - English) (Version: 23.0.46.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk ReCap 360 (HKLM\...\Autodesk ReCap 360) (Version: 3.0.0.52 - Autodesk)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 21.3.3174 - AVG Technologies)
AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 90.0.9316.95 - AVG Technologies)
AVG Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1066.0 - AVG Technologies) Hidden
Blade & Soul Launcher Bundle (HKLM-x32\...\{fcb7b621-345c-46f2-a010-76a58c939d54}) (Version: 1.0.2.0 - NC Interactive, LLC) Hidden
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.78 - Piriform)
Discord (HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
DIVA-GIS 7.5 (HKLM-x32\...\{45E46848-AD24-4E6C-9751-F5B5FD2C15FF}_is1) (Version: - diva-gis.org)
Documentation Manager (HKLM\...\{59C2C057-0051-48B0-8570-75E21B5BBAE1}) (Version: 21.90.3.2 - Intel Corporation) Hidden
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3015 - Acer Incorporated)
Free MP3 Cutter 2.1 (HKLM-x32\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: 2.1 - PolySoft Solutions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
Intel(R) Chipset Device Software (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 24.20.100.6286 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{03929cf1-3ae4-4765-b8b3-32b8e2e26a8d}) (Version: 19.60.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{4ac3b686-ca29-4a13-a973-06a4d4dd09e6}) (Version: 21.90.3.2 - Intel Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 261 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180261F0}) (Version: 8.0.2610.12 - Oracle Corporation)
League of Legends (HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E6BD8D0F-BA0D-4A4B-A5A8-C74DEB8365F9}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.34.0 - Microsoft Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Python 3.7.3 (32-bit) (HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\{24ac8299-2abd-4ddd-8be3-031debb6093c}) (Version: 3.7.3150.0 - Python Software Foundation)
Python 3.7.3 Add to Path (32-bit) (HKLM-x32\...\{2DB1318D-E51C-419B-99D5-D15F7120BD09}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Core Interpreter (32-bit) (HKLM-x32\...\{33AB9CEA-621E-4064-9FB0-7048E79DB5B5}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Development Libraries (32-bit) (HKLM-x32\...\{52DDE5D8-B45C-4C1D-81DD-D72317DE8B08}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Documentation (32-bit) (HKLM-x32\...\{2BC067C0-B392-49C0-988B-C839C62D8B65}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Executables (32-bit) (HKLM-x32\...\{E3E61712-C062-45E7-8348-D7DBF66FACFD}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 pip Bootstrap (32-bit) (HKLM-x32\...\{9846DC93-4A39-496F-8AE3-0E3AB4EF4385}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Standard Library (32-bit) (HKLM-x32\...\{DC6190E7-D05E-465A-9FB6-7418BC901991}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Tcl/Tk Support (32-bit) (HKLM-x32\...\{1341418F-C713-4943-ACB2-9F4D4743D193}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Test Suite (32-bit) (HKLM-x32\...\{FE5E4BF9-7487-4CE8-A2AC-F78C6B4BE487}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Utility Scripts (32-bit) (HKLM-x32\...\{AE9303AD-EBD0-4C85-A9D0-55B1BA972D11}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{A28C27E4-A725-482A-9C65-61EDC0E4D583}) (Version: 3.7.6657.0 - Python Software Foundation)
QGIS 3.8.2 'Zanzibar' (HKLM\...\QGIS 3.8) (Version: 3.8.2 - QGIS Development Team)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.191 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8569 - Realtek Semiconductor Corp.)
SketchUp Import 2016-2017 (HKLM-x32\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Zoom (HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

Packages:
=========
Dictionary. -> C:\Program Files\WindowsApps\Farlex.581429F59E1D8_5.1.2.0_x64__wyegy4e46y996 [2019-01-17] (Farlex) [MS Ad]
EGW Writings -> C:\Program Files\WindowsApps\EllenGWhiteEstate.EGWWritings_2.4.2.0_x64__tyrpwevhtjyep [2019-10-01] (Ellen G White Estate)
Flipboard -> C:\Program Files\WindowsApps\Flipboard.Flipboard_2.1.3.0_neutral__3f5azkryzdbc4 [2017-07-20] (Flipboard)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_121.1.193.0_x64__v10z8vjag6ke6 [2020-11-09] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12109.10002.53004.0_x64__nzyj5cx40ttqa [2020-11-09] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-22] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-08-05] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-05] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4059444555-803053725-937440290-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4059444555-803053725-937440290-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2019 - English\en-US\dwgviewrficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4059444555-803053725-937440290-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4059444555-803053725-937440290-1001_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2019 - English\dwgviewr.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4059444555-803053725-937440290-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\en-US\acadficn.dll (Autodesk, Inc -> Autodesk, Inc.)
ShellExecuteHooks: No Name - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - -> No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2018-01-29] (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2018-01-29] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-28] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_587befb80671fb38\igfxDTCM.dll [2018-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-04-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-28] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\newra\Desktop\Daniek - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\newra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Eve - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2017-06-29 15:27 - 2017-02-14 01:39 - 000950272 _____ () [File not signed] C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\ffmpegsumo.dll
2017-06-29 15:27 - 2017-02-14 01:39 - 000134144 _____ () [File not signed] C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libegl.dll
2017-06-29 15:27 - 2017-02-14 01:39 - 000912384 _____ () [File not signed] C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libglesv2.dll
2017-06-29 15:27 - 2017-02-14 01:39 - 009994752 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\icudt.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-4059444555-803053725-937440290-1001\Software\Classes\.scr: AutoCADScriptFile =>

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-4059444555-803053725-937440290-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180619__yaie
HKU\S-1-5-21-4059444555-803053725-937440290-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17swin10.msn.com/?pc=ASJE
SearchScopes: HKU\S-1-5-21-4059444555-803053725-937440290-1001 -> DefaultScope {127AEC89-3D2F-4D7C-B1CD-36621243C6B4} URL =
SearchScopes: HKU\S-1-5-21-4059444555-803053725-937440290-1001 -> {127AEC89-3D2F-4D7C-B1CD-36621243C6B4} URL =
SearchScopes: HKU\S-1-5-21-4059444555-803053725-937440290-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__180619__yaie&p={searchTerms}
BHO: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\ssv.dll [2020-08-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-08-16] (Oracle America, Inc. -> Oracle Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2021-04-28 14:16 - 000000762 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

2017-09-04 21:27 - 2019-09-23 13:45 - 000000605 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 KrisNewTech.mshome.net # 2024 6 5 28 22 23 51 222
10 0 8 21 59 13 136

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-4059444555-803053725-937440290-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\newra\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

21-04-2021 12:05:19 Scheduled Checkpoint
26-04-2021 16:21:59 Windows Update
28-04-2021 13:09:09 Removed Autodesk Advanced Material Library Image Library 2017
28-04-2021 13:09:30 Removed Autodesk App Manager 2016-2017.
28-04-2021 13:10:12 Removed Autodesk Featured Apps 2016-2017.
28-04-2021 13:11:00 Removed Autodesk AutoCAD Performance Feedback Tool 1.2.5
28-04-2021 13:11:25 Removed Autodesk Material Library 2017
28-04-2021 13:12:05 Removed Lyrics Plugin for Windows Media Player
28-04-2021 13:12:31 Removed Online Application
28-04-2021 13:14:06 Removed Qualcomm Atheros Setup.
28-04-2021 13:52:31 AdwCleaner_BeforeCleaning_28/04/2021_13:52:31

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/29/2021 11:20:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Autodesk\Autodesk ReCap 360\ReCap.exe".
Dependent Assembly FARO.LS,processorArchitecture="amd64",publicKeyToken="1d23f5635ba800ab",type="Win32",version="1.1.504.2" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/29/2021 11:12:15 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4028,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/28/2021 07:10:01 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13644,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/28/2021 07:02:47 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1580,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/28/2021 06:46:50 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3608,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/28/2021 06:39:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Autodesk\Autodesk ReCap 360\ReCap.exe".
Dependent Assembly FARO.LS,processorArchitecture="amd64",publicKeyToken="1d23f5635ba800ab",type="Win32",version="1.1.504.2" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/28/2021 06:34:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Autodesk\Autodesk ReCap 360\ReCap.exe".
Dependent Assembly FARO.LS,processorArchitecture="amd64",publicKeyToken="1d23f5635ba800ab",type="Win32",version="1.1.504.2" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/28/2021 04:24:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Autodesk\Autodesk ReCap 360\ReCap.exe".
Dependent Assembly FARO.LS,processorArchitecture="amd64",publicKeyToken="1d23f5635ba800ab",type="Win32",version="1.1.504.2" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (04/29/2021 11:02:25 AM) (Source: DCOM) (EventID: 10010) (User: KRISNEWTECH)
Description: The server Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (04/29/2021 11:02:16 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Routing and Remote Access service terminated with the following service-specific error:
The system cannot find the file specified.

Error: (04/29/2021 11:01:48 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (04/29/2021 11:01:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:20:05 PM on ‎4/‎28/‎2021 was unexpected.

Error: (04/28/2021 06:40:05 PM) (Source: DCOM) (EventID: 10010) (User: KRISNEWTECH)
Description: The server Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (04/28/2021 06:39:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Routing and Remote Access service terminated with the following service-specific error:
The system cannot find the file specified.

Error: (04/28/2021 06:39:22 PM) (Source: DCOM) (EventID: 10005) (User: KRISNEWTECH)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/28/2021 06:39:14 PM) (Source: DCOM) (EventID: 10005) (User: KRISNEWTECH)
Description: DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server:
Windows.Internal.CapabilityAccess.CapabilityAccess


Windows Defender:
================
Date: 2021-04-26 17:18:15.225
Description:
Controlled Folder Access blocked C:\Program Files\Avast Software\Cleanup\AvBugReport.exe from making changes to memory.
Detection time: 2021-04-26T22:18:15.224Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Program Files\Avast Software\Cleanup\AvBugReport.exe
Security intelligence Version: 1.335.1735.0
Engine Version: 1.1.18000.5
Product Version: 4.18.2103.7

Date: 2021-04-26 16:21:54.775
Description:
Controlled Folder Access blocked C:\Program Files\CCleaner\CCleaner64.exe from making changes to memory.
Detection time: 2021-04-26T21:21:54.775Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Program Files\CCleaner\CCleaner64.exe
Security intelligence Version: 1.335.1614.0
Engine Version: 1.1.18000.5
Product Version: 4.18.2103.7

Date: 2021-04-21 11:22:42.590
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-21 11:08:14.142
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-03-26 16:51:00.446
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-27 09:05:40.318
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2021-04-24 20:32:02.826
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.335.1365.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18000.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-04-24 20:32:02.824
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.335.1365.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18000.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-04-24 20:32:02.822
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.335.1365.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18000.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-04-24 20:32:02.807
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.335.1365.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18000.5
Error code: 0x80072ee2
Error description: The operation timed out

==================== Memory info ===========================

BIOS: Insyde Corp. V1.15 09/19/2016
Motherboard: Acer Ironman_SK
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 48%
Total physical RAM: 8060.13 MB
Available physical RAM: 4161.22 MB
Total Virtual: 18812.13 MB
Available Virtual: 14315.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.36 GB) (Free:116.7 GB) NTFS

\\?\Volume{78ad9437-0299-4241-ae77-1152786ddb60}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.58 GB) NTFS
\\?\Volume{04338e8e-824c-4581-8db4-522ea8e14225}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 7EF15498)

Partition: GPT.

==================== End of Addition.txt =======================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[NewbyRad]

Hi Broni,

I ran it and the system feels a lot smoother but right now I'm connected to the ethernet because my Atheros QCA9377 wireless adapter isn't functioning but being read as "Loopback pseudo-interface 1", 0 connectivity.

 

[Broni]

I'd like to see the log.

 

[NewbyRad]

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by newra (29-04-2021 16:10:00) Run:2
Running from C:\Users\newra\Downloads
Loaded Profiles: newra
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-4059444555-803053725-937440290-1001\...\Policies\Explorer: []
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~2\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [No File]
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [No File]
U1 avgbdisk; no ImagePath
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
2020-09-07 17:48 - 2020-09-07 17:48 - 000000000 ____H () C:\Users\newra\AppData\Local\BITC2AB.tmp
2021-04-26 15:14 - 2021-04-26 15:14 - 000000017 _____ () C:\Users\newra\AppData\Local\resmon.resmoncfg
2020-09-07 17:47 - 2020-09-07 17:48 - 000000000 _____ () C:\Users\newra\AppData\Local\{251455C8-EF68-4E67-87D2-544EEAF022F6}
ShellExecuteHooks: No Name - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - -> No File
BHO: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File



*****************

"HKU\S-1-5-21-4059444555-803053725-937440290-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@update.avastbrowser.com/Avast Browser;version=3 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@update.avastbrowser.com/Avast Browser;version=9 => removed successfully
HKLM\System\CurrentControlSet\Services\avgbdisk => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\TrueSight => removed successfully
TrueSight => service removed successfully
C:\Users\newra\AppData\Local\BITC2AB.tmp => moved successfully
C:\Users\newra\AppData\Local\resmon.resmoncfg => moved successfully
C:\Users\newra\AppData\Local\{251455C8-EF68-4E67-87D2-544EEAF022F6} => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => removed successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 29-04-2021 16:10:54)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\avgbdisk => could not remove, key could be protected

==== End of Fixlog 16:10:54 ====

 

[Broni]

Last scans....

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[NewbyRad]

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
AVG Antivirus
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 261
Java version 32-bit out of Date!
Adobe Reader XI
Google Chrome (90.0.4430.93)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
AVG Antivirus avgToolsSvc.exe
AVG Antivirus aswEngSrv.exe
AVG Antivirus AVGUI.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[NewbyRad]

Farbar Service Scanner Version: 23-12-2020
Ran by newra (administrator) on 29-04-2021 at 17:53:16
Running from "C:\Users\newra\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Windows Security:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[NewbyRad]

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: defaultuser100000
->Temp folder emptied: 0 bytes

User: defaultuser100001
->Temp folder emptied: 0 bytes

User: newra
->Temp folder emptied: 19381192 bytes
->Temporary Internet Files folder emptied: 27352418 bytes
->Java cache emptied: 2338 bytes
->Google Chrome cache emptied: 12588637 bytes
->Flash cache emptied: 1039 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 284144 bytes
%systemroot%\System32 (64bit) .tmp files removed: 150021768 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 149091 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 11300111 bytes
Process complete!

Total Files Cleaned = 211.00 mb

 

[NewbyRad]

Good morning,
Overnight Sophos scan took a while, haha. The results came back clean.

 

[Broni]

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.

 

[NewbyRad]

Hey Broni,
Done.

Everything is running smoothly on ethernet, thanks a lot for the assistance, you've been very helpful. Should reinstalling a new wireless network adapter fix it?

 

[Broni]

You're very welcome

Go ahead and fix your internet.