Solved Bestprosoft

BefuddledB

Posts: 53   +0
Hi Broni,

I have bestprosoft and I also just had another browser incident whereby I was taken to site offering me money for a survey.

I am grateful for your help as ever!


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021
Ran by User (administrator) on USER-PC (Hewlett-Packard HP Pavilion dv6 Notebook PC) (14-11-2021 23:32:12)
Running from C:\Users\User\Desktop
Loaded Profiles: User
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\MachinerData\Aurora_DVD_Copy.exe
() [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
() [File not signed] C:\Windows\KMS-R@1n.exe
() [File not signed] C:\Windows\KMS-R@1nHook.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\135.4.4221\QtWebEngineProcess.exe <3>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <43>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Temp\OfficeClickToRun.exe.bak
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Mozilla Corporation) [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\firefox.exe <4>
(PowerISO Computing, Inc.) [File not signed] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc. -> Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc. -> Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Western Digital Technologies, Inc. -> Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe" (No File)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [134936 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-03-15] (PowerISO Computing, Inc.) [File not signed]
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8807712 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91683688 2020-06-09] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [Opera Browser Assistant] => C:\Users\User\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3126296 2020-08-18] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34508416 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Policies\Explorer\DisallowRun: [1] 1.exe
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Policies\Explorer\DisallowRun: [2] irsetup.exe
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\MountPoints2: {23312558-207b-11e9-8379-ac7289c252c1} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\MountPoints2: {9fb92af0-d822-11e8-aa55-ac7289c252c1} - F:\HiSuiteDownLoader.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-11-09] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\95.0.12827.70\Installer\chrmstp.exe [2021-11-14] (Avast Software s.r.o. -> AVAST Software)
IFEO\OSPPSVC.EXE: [Debugger] KMS-R@1nHook.exe
IFEO\SppSvc.exe: [Debugger] KMS-R@1nHook.exe
InternetURL: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Latest Office 2016 Permanent Ultimate Activator.url -> URL: hxxp://bestprosoft.com/category/download-latest-best-professional-software-2016/
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-10-08]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01149AF2-91D3-421D-AE37-554601C33FF2} - System32\Tasks\Opera scheduled assistant Autoupdate 1596061853 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\User\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {04E72C72-C482-461C-8E2B-4984AE53DDF2} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4929304 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
Task: {065CBA15-8F23-462C-B9F1-B5E874D68F0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {0ABAB06E-9E5E-41F4-8E50-8ECC2081F60E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-17] (Piriform Software Ltd -> Piriform)
Task: {0C790257-6071-490A-BC56-5543226C2007} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24613248 2021-10-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {14036993-9EAB-43E4-9BAE-B6DF86611222} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-31] (Avast Software s.r.o. -> AVAST Software)
Task: {180B8E0B-626D-48AB-A236-50F5E679B3F6} - System32\Tasks\R@1n-KMS\Office16ProjectPro => wmic path OfficeSoftwareProtectionProduct where (ID="4f414197-0fc2-4c01-b68a-86cbb9ac254c") call Activate
Task: {1A6F9DA4-3D1C-4E60-83A8-9A7788D8EDCF} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-06-04] (ProtonVPN AG -> )
Task: {1DC69C46-7E58-4336-A944-8AAC00A36E05} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4371888 2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {296BE3F2-8435-4DBD-A973-3F28464DBF50} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [326320 2021-06-16] (HP Inc. -> HP Inc.)
Task: {2F3CCCD3-CF46-4DE2-80F6-4AB549C147E9} - System32\Tasks\{3B953E3C-891C-4131-8CD3-0642DB8D2E73} => C:\Windows\system32\pcalua.exe -a "C:\Users\User\Downloads\Bluetooth hpdv6\sp61617.exe" -d "C:\Users\User\Downloads\Bluetooth hpdv6"
Task: {3045603C-336A-4CF4-82FD-5FEBA05D608C} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {32A88FCA-D3B0-4A19-9140-38373B94969B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3F92D4D8-1A15-4D8F-9C39-6C069BB93D5C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2414739685-3642484520-4203288351-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {482F3F6C-8AA8-43AE-920E-DB0270CC26E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-17] (Google Inc -> Google Inc.)
Task: {5D280EBE-808D-40EE-8C77-1CA92B7ED0C7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {6158DBFF-208A-48BD-80B5-D79BB3671389} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2495608 2021-11-01] (Avast Software s.r.o. -> AVAST Software)
Task: {636EDCF0-DCD4-4012-832C-A9CA1EE6768D} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe /off=act (No File)
Task: {70D7D124-81ED-420D-9C45-3E433CCD5A40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {73B88F1A-4C3F-4A8A-9EAF-17E2CB472599} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic path OfficeSoftwareProtectionProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate
Task: {78AE1C7E-9FA3-42BC-82E9-8ED455813A0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {78B60131-294E-4C13-81FC-8176B89C5989} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2021-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {78F30F0D-F5C6-41B1-9703-E31CB9AC7053} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4371888 2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {7B1FDD86-A4F6-48B1-B35A-BF0044BBAE6F} - System32\Tasks\R@1n-KMS\Office16VisioPro => wmic path OfficeSoftwareProtectionProduct where (ID="6bf301c1-b94a-43e9-ba31-d494598c47fb") call Activate
Task: {7BA07AE5-928B-4EF6-8B0C-1E256296976F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28880512 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7BE16C90-4BF1-41B2-A01A-47D9C98FA39D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
Task: {7C30876A-9D75-4064-AA58-DC8C5E6F9FAC} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.)
Task: {7EF209F5-D4CD-4E02-9271-0D47AAA2A7E6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {81790D93-0133-433D-97A9-E7AB3E5C268E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24613248 2021-10-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {96176D95-2445-4C0F-A9EA-3235112F8E9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {9AFF46AF-F292-46E9-9E73-0CBD73DA7ACE} - System32\Tasks\Opera scheduled Autoupdate 1596061835 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software)
Task: {9DCB4068-A735-4220-B771-24FA6D211758} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2021-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {B67D3B71-B1D4-4CEB-A0C9-5FD66D25E0E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-17] (Google Inc -> Google Inc.)
Task: {C5E06225-6D7F-49B6-9D3F-8B7A1EAA855B} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-31] (Avast Software s.r.o. -> AVAST Software)
Task: {C80B29FD-9C63-4D38-85F1-EC78096F1978} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe [555640 2021-03-25] (HP Inc. -> HP Inc.)
Task: {D6D1F782-E125-466A-A86C-C2CAABCCC1E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {DC9FE7DB-0187-4AA1-9E77-08F7018D3338} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {F6C2C10B-D39E-4682-9A03-DC10E5AB0B0A} - System32\Tasks\GoogleUpdateSoftware => C:\Users\User\AppData\Roaming\GoogleUpdater.exe [971264 2021-02-01] (Google LLC) [File not signed] <==== ATTENTION
Task: {FBCC263E-A47B-4D42-A58E-99C91F2ECD95} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {FD1DA291-2AB1-4D08-B488-FB1376392910} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2495608 2021-11-01] (Avast Software s.r.o. -> AVAST Software)
Task: {FE82DD8A-B5DE-4227-83C4-8CAEFC4B7F5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {FFD19AA6-7616-4174-B709-757AC2589C98} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{11E4DE98-3DF0-4B24-8DF3-DC73EEC1F140}: [DhcpNameServer] 192.168.43.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-18]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 1ai3eh1c.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default [2021-09-29]
FF Homepage: Mozilla\Firefox\Profiles\1ai3eh1c.default -> search.yahoo.com
FF NewTab: Mozilla\Firefox\Profiles\1ai3eh1c.default -> hxxps://gr.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180508__yaff
FF Extension: (anonymoX) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\client@anonymox.net.xpi [2021-01-04]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\sp@avast.com.xpi [2021-09-29]
FF Extension: (Avast Online Security) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\wrc@avast.com.xpi [2021-05-23]
FF Extension: (Mozilla Official) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\{14553439-2741-4e9d-b474-784f336f58c9} [2021-08-18] [not signed]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-09-29]
FF Extension: (Video DownloadHelper) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-09-29]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-08]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-01-31] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-01-31] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-11-14]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://mail.protonmail.com; hxxps://mail.yahoo.com; hxxps://www.reddit.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://radindiemedia.com/","hxxps://sudantribune.com/","hxxps://www.lrb.co.uk/","hxxps://lareviewofbooks.org/"
CHR DefaultSearchKeyword: Default -> google.co.jp_
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-17]
CHR Extension: (TheFreeDictionary.com Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgabimphpgkjochcoogplolgpcagmap [2018-04-26]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-26]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-14]
CHR Extension: (DuckDuckGo) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2021-10-29]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-26]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-09-16]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2021-09-22]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-17]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-29]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-10-29]
CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2021-01-20]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-10-29]
CHR Extension: (Video Downloader Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkdmdpdhfaamhgaojpelccmeehpfljgf [2021-05-23]
CHR Extension: (Kindle Cloud Reader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2018-04-26]
CHR Extension: (anonymoX) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpklikeghomkemdellmmkoifgfbakio [2019-11-07]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-29]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2021-10-29]
CHR Extension: (Plugins) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcblfncjaclajmegihojiekebofjcen [2018-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-14]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-07-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
OPR Profile: C:\Users\User\AppData\Roaming\Opera Software\Opera Stable [2021-11-14]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-11-14]
OPR Extension: (Onion Control (anonymous proxy)) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\knfbgpkbkfebddfbklfpgmdjgolnkkfl [2021-01-03]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8323664 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-31] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [630040 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [1639704 2021-10-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [377624 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-31] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\95.0.12827.70\elevation_service.exe [1713640 2021-11-01] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-07-09] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11137416 2021-10-10] (Microsoft Corporation -> Microsoft Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-21] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [44328 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2021-08-18] () [File not signed]
R2 Main Service; C:\Program Files (x86)\MachinerData\Aurora_DVD_Copy.exe [2961408 2020-02-08] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7462200 2021-07-04] (Malwarebytes Inc -> Malwarebytes)
S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [101184 2020-06-04] (ProtonVPN AG -> )
S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-06-04] (ProtonVPN AG -> )
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13684792 2020-12-14] (Adlice -> )
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital Technologies, Inc. -> Western Digital)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital Technologies, Inc. -> Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital Technologies, Inc. -> Western Digital)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35720 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [221600 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [369176 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250408 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99368 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41368 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [184640 2021-10-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [538480 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107864 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82912 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851712 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [557152 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215392 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [328568 2021-10-05] (Avast Software s.r.o. -> AVAST Software)
S3 DSE_USB; C:\Windows\System32\drivers\DSE_USB.sys [336872 2017-10-24] (Jungo Connectivity Ltd. -> Jungo Connectivity)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2021-08-18] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-07-04] (Malwarebytes Inc -> Malwarebytes)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [91648 2011-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [208896 2011-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTunnelDriver.sys [22456 2020-06-04] (ProtonVPN AG -> Proton Technologies AG)
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [85424 2009-03-15] (Fenghua Lee -> PowerISO Computing, Inc.)
R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-04-06] (ProtonVPN AG -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-10-29] (Adlice -> )
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2012-09-19] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-14 23:32 - 2021-11-14 23:35 - 000036042 _____ C:\Users\User\Desktop\FRST.txt
2021-11-14 21:57 - 2021-11-14 21:57 - 000000000 ____D C:\Users\User\Desktop\FRST-OlderVersion
2021-11-14 21:56 - 2021-11-14 23:33 - 000000000 ____D C:\FRST
2021-11-14 21:55 - 2021-11-14 21:57 - 002311680 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2021-11-14 20:30 - 2021-11-14 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-11-11 04:09 - 2021-11-11 04:09 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2021-11-11 04:09 - 2021-11-11 04:09 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2021-11-11 04:09 - 2021-11-11 04:09 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2021-11-11 04:09 - 2021-11-11 04:09 - 000044328 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2021-10-29 18:27 - 2021-10-29 18:27 - 000038032 _____ C:\Windows\system32\Drivers\truesight.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-14 23:11 - 2018-04-17 20:22 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-14 22:35 - 2019-11-19 04:08 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-11-14 21:29 - 2020-02-20 05:10 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-11-14 21:06 - 2021-01-20 15:25 - 000003732 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2021-11-14 21:06 - 2020-07-01 16:15 - 000002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2021-11-14 21:06 - 2020-07-01 16:15 - 000002388 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2021-11-14 21:03 - 2021-01-20 14:35 - 000004040 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1596061835
2021-11-14 20:36 - 2018-05-22 23:59 - 000000000 ____D C:\Users\User\AppData\Local\Dropbox
2021-11-14 20:31 - 2018-05-22 23:59 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-11-14 20:19 - 2018-05-22 23:59 - 000003902 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineUA
2021-11-14 20:19 - 2018-05-22 23:59 - 000003650 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineCore
2021-11-14 20:19 - 2018-05-22 23:59 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2021-11-14 20:19 - 2018-05-22 23:59 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2021-11-14 20:13 - 2018-04-14 14:20 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2021-11-09 12:28 - 2018-04-17 20:49 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-09 12:28 - 2018-04-17 20:49 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-05 12:07 - 2009-07-14 08:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2021-11-05 12:07 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2021-11-01 16:36 - 2009-07-14 07:45 - 000026848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-11-01 16:36 - 2009-07-14 07:45 - 000026848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-11-01 16:15 - 2020-03-14 21:31 - 000002061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-11-01 16:13 - 2018-04-29 17:13 - 000000000 ____D C:\Users\User\AppData\Roaming\qBittorrent
2021-10-29 23:02 - 2021-09-26 23:19 - 000000000 ____D C:\Users\User\Downloads\Star.Trek.Picard.S01.COMPLETE.REPACK.720p.AMZN.WEBRip.x264-GalaxyTV[TGx]
2021-10-29 21:32 - 2018-10-18 00:03 - 000000000 ____D C:\Users\User\Documents\LLB
2021-10-29 20:42 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF
2021-10-29 19:34 - 2020-07-01 16:15 - 000000000 ____D C:\Users\User\AppData\Local\AVAST Software
2021-10-29 18:29 - 2018-04-13 12:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-10-29 18:26 - 2019-11-19 04:05 - 000000000 ____D C:\ProgramData\AVAST Software
2021-10-29 18:26 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-10-26 19:47 - 2020-12-18 16:16 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2021-10-26 18:15 - 2021-06-13 21:30 - 000000000 ____D C:\Users\User\Documents\Bet

==================== Files in the root of some directories ========

2021-02-01 19:57 - 2021-02-01 19:57 - 000971264 _____ (Google LLC) C:\Users\User\AppData\Roaming\GoogleUpdater.exe
2020-02-20 05:48 - 2020-02-20 05:48 - 000000000 _____ () C:\Users\User\AppData\Local\oobelibMkey.log
2021-09-17 16:38 - 2021-09-17 16:38 - 000000218 _____ () C:\Users\User\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-11-09 13:15
==================== End of FRST.txt ========================
 

BefuddledB

Posts: 53   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021
Ran by User (14-11-2021 23:35:31)
Running from C:\Users\User\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X64) (2018-04-13 08:44:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2414739685-3642484520-4203288351-500 - Administrator - Disabled)
Guest (S-1-5-21-2414739685-3642484520-4203288351-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2414739685-3642484520-4203288351-1002 - Limited - Enabled)
User (S-1-5-21-2414739685-3642484520-4203288351-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
ApowerPDF V4.1.1.315 (HKLM-x32\...\{99A1CF84-3154-433D-9F73-0A4D4DACBA1A}_is1) (Version: 4.1.1.315 - Apowersoft LIMITED)
Apowersoft Online Launcher version 1.7.1 (HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.1 - APOWERSOFT LIMITED)
Aurora DVD Copy 3.1.2 (HKLM-x32\...\Aurora DVD Copy_is1) (Version: - Aurora software, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.8.2487 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 95.0.12827.70 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
calibre 64bit (HKLM\...\{7CA53963-20B2-4EF3-B166-C26852019564}) (Version: 3.30.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.82 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Dropbox (HKLM-x32\...\Dropbox) (Version: 135.4.4221 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.541.1 - Dropbox, Inc.) Hidden
FrostWire 6.8.4 (HKLM\...\FrostWire 6) (Version: 6.8.4.292 - FrostWire LLC)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.23 - The GnuPG Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)
Gpg4win (3.1.13) (HKLM-x32\...\Gpg4win) (Version: 3.1.13 - The Gpg4win Project)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.8.34.31 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.18.34.21 - HP Inc.)
Inkscape (HKLM\...\{776C087E-B714-4153-9414-79592EC61B4A}) (Version: 1.0.1 - Inkscape)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Main service (HKLM-x32\...\{EF758C50-5FA2-4B0A-86D3-8B65B176BC53}) (Version: - )
Malwarebytes version 4.4.2.123 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.2.123 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.12527.22045 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 89.0 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0 (x64 en-US)) (Version: 89.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12527.21986 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12527.21986 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12527.21986 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.21986 - Microsoft Corporation) Hidden
Office 2016 Permanent Ultimate Activator v1.2 (HKLM\...\Office 2016 Permanent Ultimate Activator v1.2_is1) (Version: v1.2 - )
Opera Stable 80.0.4170.63 (HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Opera 80.0.4170.63) (Version: 80.0.4170.63 - Opera Software)
PowerISO (HKLM-x32\...\PowerISO) (Version: - )
ProtonVPN (HKLM-x32\...\{CC56589D-2FE8-4B38-9024-0ABCD9F3CB0E}) (Version: 1.16.1 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.16.1) (Version: 1.16.1 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{BCB82CD9-F514-4F93-A6D9-F898494DC927}) (Version: 1.1.0 - Proton Technologies AG)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
qBittorrent 4.3.6 (HKLM-x32\...\qBittorrent) (Version: 4.3.6 - The qBittorrent project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.28162 - Realtek Semiconduct Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
RogueKiller version 14.8.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.1.0 - Adlice Software)
Skype version 8.61 (HKLM-x32\...\Skype_is1) (Version: 8.61 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.8.0 - Sophos Limited)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2414739685-3642484520-4203288351-1000_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-10-05] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-10-05] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-10-05] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2020-09-04] (g10 Code GmbH) [File not signed]
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2009-03-15] (PowerISO Computing, Inc.) [File not signed]
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital Technologies, Inc. -> Western Digital)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2005-10-07] () [File not signed]
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital Technologies, Inc. -> Western Digital)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-10-05] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-20] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2020-09-04] (g10 Code GmbH) [File not signed]
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2009-03-15] (PowerISO Computing, Inc.) [File not signed]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2005-10-07] () [File not signed]
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-10-05] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-20] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2009-03-15] (PowerISO Computing, Inc.) [File not signed]
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital Technologies, Inc. -> Western Digital)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2005-10-07] () [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-01-29 11:22 - 2019-04-08 02:57 - 000860748 _____ () [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\TorBrowser\Tor\libevent-2-1-6.dll
2000-01-01 03:00 - 2019-04-08 02:57 - 000991228 _____ () [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\TorBrowser\Tor\libgcc_s_sjlj-1.dll
2000-01-01 03:00 - 2019-04-08 02:57 - 000278533 _____ () [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\TorBrowser\Tor\libssp-0.dll
2000-01-01 03:00 - 2019-04-08 02:57 - 000107520 _____ () [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\TorBrowser\Tor\zlib1.dll
2021-08-18 21:45 - 2021-08-18 21:45 - 000004096 _____ () [File not signed] C:\Windows\KMS-R@1nHook.dll
2019-03-27 23:48 - 2019-03-27 23:48 - 000115200 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2020-07-15 19:41 - 2020-07-15 19:41 - 000000000 ____L (Microsoft Corporation) [simlink -> c:\program files\avast software\avast\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-07-15 19:41 - 2020-07-15 19:41 - 000000000 ____L (Microsoft Corporation) [simlink -> c:\program files\avast software\avast\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-07-15 19:41 - 2020-07-15 19:41 - 000000000 ____L (Microsoft Corporation) [simlink -> c:\program files\avast software\avast\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-07-15 19:41 - 2020-07-15 19:41 - 000000000 ____L (Microsoft Corporation) [simlink -> c:\program files\avast software\avast\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-07-15 19:41 - 2020-07-15 19:41 - 000000000 ____L (Microsoft Corporation) [simlink -> c:\program files\avast software\avast\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-07-15 19:41 - 2020-07-15 19:41 - 000000000 ____L (Microsoft Corporation) [simlink -> c:\program files\avast software\avast\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-07-15 19:41 - 2020-07-15 19:41 - 000000000 ____L (Microsoft Corporation) [simlink -> c:\program files\avast software\avast\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll
2020-07-15 19:41 - 2020-07-15 19:41 - 000000000 ____L (Microsoft Corporation) [simlink -> c:\program files\avast software\avast\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
2020-07-15 19:41 - 2020-07-15 19:41 - 000000000 ____L (Microsoft Corporation) [simlink -> c:\program files\avast software\avast\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-07-15 19:41 - 2020-07-15 19:41 - 000000000 ____L (Microsoft Corporation) [simlink -> c:\program files\avast software\avast\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-07-15 19:41 - 2020-07-15 19:41 - 000000000 ____L (Microsoft Corporation) [simlink -> c:\program files\avast software\avast\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\msvcp140.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\MSVCP140.dll
2020-07-15 19:41 - 2020-07-15 19:41 - 000000000 ____L (Microsoft Corporation) [simlink -> c:\program files\avast software\avast\avast.local_vc142.crt\ucrtbase.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\ucrtbase.DLL
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\ucrtbase.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\ucrtbase.DLL
2020-07-15 19:41 - 2020-07-15 19:41 - 000000000 ____L (Microsoft Corporation) [simlink -> c:\program files\avast software\avast\avast.local_vc142.crt\vcruntime140.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\VCRUNTIME140.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\vcruntime140.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\VCRUNTIME140.dll
2021-11-14 20:04 - 2021-11-14 20:04 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\vcruntime140_1.dll] C:\Program Files\AVAST Software\Avast\defs\21111306\avast.local_vc142.crt\VCRUNTIME140_1.dll
2021-02-01 19:03 - 2021-02-01 19:03 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2021-02-01 19:03 - 2021-02-01 19:03 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2019-01-29 11:22 - 2019-05-03 02:28 - 000511930 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\TorBrowser\Tor\libwinpthread-1.dll
2000-01-01 03:00 - 2019-05-03 02:28 - 000488960 _____ (Mozilla Foundation) [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\freebl3.dll
2000-01-01 03:00 - 2019-05-03 02:28 - 000224768 _____ (Mozilla Foundation) [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\lgpllibs.dll
2000-01-01 03:00 - 2019-05-03 02:28 - 001886720 _____ (Mozilla Foundation) [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\mozavcodec.dll
2000-01-01 03:00 - 2019-05-03 02:28 - 000236544 _____ (Mozilla Foundation) [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\mozavutil.dll
2000-01-01 03:00 - 2019-05-03 02:28 - 000977920 _____ (Mozilla Foundation) [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\mozglue.dll
2000-01-01 03:00 - 2019-05-03 02:28 - 001739264 _____ (Mozilla Foundation) [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\nss3.dll
2000-01-01 03:00 - 2019-05-03 02:28 - 000365568 _____ (Mozilla Foundation) [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\nssckbi.dll
2000-01-01 03:00 - 2019-05-03 02:28 - 000200192 _____ (Mozilla Foundation) [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\softokn3.dll
2000-01-01 03:00 - 2019-05-03 02:28 - 082993695 _____ (Mozilla Foundation) [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\xul.dll
2012-09-19 21:04 - 2012-09-19 21:04 - 001006080 ____R (Robert Simpson, et al.) [File not signed] [File is in use] C:\Program Files (x86)\Western Digital\WD SmartWare\System.Data.SQLite.dll
2000-01-01 03:00 - 2019-04-08 02:57 - 002585371 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\TorBrowser\Tor\LIBEAY32.dll
2000-01-01 03:00 - 2019-04-08 02:57 - 000788352 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\User\Desktop\Tor Browser\Browser\TorBrowser\Tor\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-2414739685-3642484520-4203288351-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
SearchScopes: HKU\S-1-5-21-2414739685-3642484520-4203288351-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
SearchScopes: HKU\S-1-5-21-2414739685-3642484520-4203288351-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://gr.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180508__yaie&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-15] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2414739685-3642484520-4203288351-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8E6E2B68-CA7B-43DB-BAE5-B07F82013E2A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{12CD2F71-B2EA-4F28-AB73-4E5CF32EF49E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{336A1C8D-D1B5-49E1-80BA-9DE349C88353}] => (Allow) C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FB478F12-AA9A-4C5D-BB7C-69D6CE0FE8C0}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{D2D089DB-96EB-485D-9113-D636DF6AD8E8}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{59CB665C-2310-40EA-AE21-579139775D0B}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe => No File
FirewallRules: [{613B0F5C-3DFC-475B-A169-0E90046BDCAF}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe => No File
FirewallRules: [TCP Query User{9AD1FC98-C438-408C-ABC3-605A8D79984E}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => No File
FirewallRules: [UDP Query User{21D347A6-6487-401C-A3F6-E8DA1118E98A}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => No File
FirewallRules: [TCP Query User{364F560B-FA0E-4313-A41C-968CEE5BA3F6}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => No File
FirewallRules: [UDP Query User{70EAF6CC-A943-40E3-B8D3-8A488D075D56}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => No File
FirewallRules: [TCP Query User{4296B873-7DC7-4649-925E-683452B52872}C:\program files (x86)\frostwire 6\frostwire.exe] => (Block) C:\program files (x86)\frostwire 6\frostwire.exe => No File
FirewallRules: [UDP Query User{7E1BA250-BA92-4FF9-888A-0B371C5A56AF}C:\program files (x86)\frostwire 6\frostwire.exe] => (Block) C:\program files (x86)\frostwire 6\frostwire.exe => No File
FirewallRules: [{D9CC29E9-3BDA-407E-88BC-FB3FAB628055}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EC17F222-80A8-4415-B039-79456B44F243}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F30EA7BC-3DEE-41C8-89C7-3DA0A434D396}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5D9B5B0F-3254-48BC-92B2-D344F2336181}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A14B8ABD-4D33-4DD4-B984-6836155421FA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{949AE098-5FDE-4F2B-9804-B0B5AEA5C14A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D6D34296-D8F1-4DA4-ABF8-DE71EAE6053A}C:\users\user\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\71.0.3770.228\opera.exe => No File
FirewallRules: [UDP Query User{991EF0CA-5C61-433D-93D9-23E980D8606E}C:\users\user\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\71.0.3770.228\opera.exe => No File
FirewallRules: [TCP Query User{5301100B-2CE9-4440-BC4B-51FB2343658E}C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [UDP Query User{B78EF03B-C613-47FF-8511-B17BC10D2EB1}C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [{63D4657D-0D01-48FC-837B-8BFA5E35E6C1}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe => No File
FirewallRules: [TCP Query User{8AFF0B22-B932-408E-B645-89525C3C225D}C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [UDP Query User{9D71299C-6870-489A-BDFB-7323A27CC84B}C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [{035FC5B4-933D-4220-A6AC-284CA4BC3B9E}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{BDA8946C-B85C-4292-B15F-8D3EC29DBDB5}C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [UDP Query User{F06C5C8B-F709-4B9B-89F8-1F38EFBE1F06}C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [{BE56BFF9-0A29-4326-9999-FA97F703EFA5}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{1F26B03A-371C-4207-ACE3-88B6B6E1E5E0}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{816DD2C7-955E-4E1D-AA6C-A7315E3DA9BC}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{6FD81F13-11D4-4741-B4B0-011F6CD81F75}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{952B703F-ED8F-4CF5-8655-8F555B04EBD0}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
FirewallRules: [{DE92423E-F8B4-436F-B5FC-ACEFE45E4465}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
FirewallRules: [{77797EA1-1060-4421-A4E4-874E9AE33512}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FB93D60C-1054-40E0-9054-3C0D9BAE36B6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4038239C-D986-4A08-86D4-C648ECC8FB1D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{79EA397F-B896-4803-BE0B-EE293CB3E03D}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{C7B84C42-2DD5-47B4-83C0-7886A8A030D3}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{8EF22C6C-EC00-4A20-A478-E2B736140119}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{62E87F7A-38B7-4C43-B66A-34224D7F3EBB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{8F89464B-262D-4214-82FE-4B707ECA3135}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)

==================== Restore Points =========================
 

BefuddledB

Posts: 53   +0
==================== Faulty Device Manager Devices ============

Name: Standard VGA Graphics Adapter
Description: Standard VGA Graphics Adapter
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: vga
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/14/2021 08:30:07 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (11/14/2021 08:30:07 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (10/30/2021 11:40:51 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (10/30/2021 11:40:51 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/30/2021 11:24:44 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (10/30/2021 11:24:44 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/28/2021 11:42:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MBAMService.exe, version: 3.2.0.983, time stamp: 0x60cb5bd8
Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
Exception code: 0xc0000005
Fault offset: 0x0000000000032ad4
Faulting process id: 0xdec
Faulting application start time: 0x01d794fc0d28e302
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 93773443-382f-11ec-be72-ac7289c252c1

Error: (10/28/2021 11:27:15 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.


System errors:
=============
Error: (11/14/2021 10:42:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (11/14/2021 10:22:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

Error: (11/14/2021 08:40:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/14/2021 08:40:22 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (11/14/2021 08:39:42 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (11/14/2021 08:39:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/14/2021 08:24:53 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/05/2021 12:00:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.


Windows Defender:
================Event[0]:

Date: 2018-07-13 17:31:16.023
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.271.925.0
Previous Signature Version:1.267.1524.0
Update Source:User
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:1.1.15000.2
Previous Engine Version:1.1.14800.3
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2018-07-13 17:31:16.023
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.15000.2
Previous Engine Version:1.1.14800.3
Update Source:User
Error Code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

==================== Memory info ===========================

BIOS: Hewlett-Packard F.1A 07/20/2011
Motherboard: Hewlett-Packard 1657
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 85%
Total physical RAM: 6091.86 MB
Available physical RAM: 897.66 MB
Total Virtual: 16450.59 MB
Available Virtual: 3404.02 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:292.87 GB) (Free:15.3 GB) NTFS
Drive d: (DATA) (Fixed) (Total:638.54 GB) (Free:362.65 GB) NTFS

\\?\Volume{69b854b3-3f47-11e8-8300-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3C7E929E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

Broni

Posts: 55,846   +504
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

BefuddledB

Posts: 53   +0
Program : RogueKiller Anti-Malware
Version : 15.1.3.0
x64 : Yes
Program Date : Nov 9 2021
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : User
User is Admin : Yes
Date : 2021/11/15 13:55:52
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 718
Found items : 22
Total scanned : 60540
Signatures Version : 20211112_123736
Truesight Driver : Yes
Updates Count : 12
Arguments : -minimize

************************* Warnings *************************

************************* Removal *************************
[PUP.HackTool (Potentially Malicious)] KMS-R@1n.exe -- %SystemRoot%\KMS-R@1n.exe -> Killed [Tree]
[+] scan_what : 1
[+] vendors : PUP.HackTool
[+] Name : KMS-R@1n.exe
[+] value : %SystemRoot%\KMS-R@1n.exe
[+] Type : Process
[+] file_hash : 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 0
[+] status : 3
[+] status_str : Killed [Tree]
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.HackTool (Potentially Malicious)] KMS-R@1n -- %SystemRoot%\KMS-R@1n.exe -> ERROR [0]
[+] scan_what : 0
[+] vendors : PUP.HackTool
[+] Name : KMS-R@1n
[+] value : %SystemRoot%\KMS-R@1n.exe
[+] Type : Service
[+] file_hash : 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 1
[+] status : 4
[+] status_str : ERROR [0]
[+] removed : No
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Ursu (Malicious)] Main Service -- %programfiles(x86)%\MachinerData\Aurora_DVD_Copy.exe 1 -> Stopped
[+] scan_what : 0
[+] vendors : Tr.Ursu
[+] Name : Main Service
[+] value : %programfiles(x86)%\MachinerData\Aurora_DVD_Copy.exe 1
[+] Type : Service
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 2
[+] status : 3
[+] status_str : Stopped
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.HackTool (Potentially Malicious)] \KMSAutoNet -- "C:\ProgramData\KMSAutoS\KMSAuto Net.exe" (/off=act) -> Deleted
[+] scan_what : 0
[+] vendors : PUP.HackTool
[+] Name : \KMSAutoNet
[+] value : "C:\ProgramData\KMSAutoS\KMSAuto Net.exe" (/off=act)
[+] Type : Task
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 3
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Cloud.Generic (Malicious)] \GoogleUpdateSoftware -- C:\Users\User\AppData\Roaming\GoogleUpdater.exe -> Deleted
[+] scan_what : 0
[+] vendors : Cloud.Generic
[+] Name : \GoogleUpdateSoftware
[+] value : C:\Users\User\AppData\Roaming\GoogleUpdater.exe
[+] Type : Task
[+] file_hash : 5111AFE1317A79A32696EC71929418F3EFA352A03892D00048928D4E0074AB4F
[+] file_vtscore : 51
[+] file_vttotal : 70
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 4
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMS-R@1n -- [%SystemRoot%\KMS-R@1n.exe] -> Deleted
[+] scan_what : 2
[+] vendors : PUP.HackTool
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMS-R@1n
[+] value : [%SystemRoot%\KMS-R@1n.exe]
[+] Type : Registry
[+] file_hash : 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 5
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Ursu (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Main Service -- [%programfiles(x86)%\MachinerData\Aurora_DVD_Copy.exe 1] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Ursu
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Main Service
[+] value : [%programfiles(x86)%\MachinerData\Aurora_DVD_Copy.exe 1]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 6
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\KMS-R@1n -- [%SystemRoot%\KMS-R@1n.exe] -> Deleted
[+] scan_what : 2
[+] vendors : PUP.HackTool
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet002\Services\KMS-R@1n
[+] value : [%SystemRoot%\KMS-R@1n.exe]
[+] Type : Registry
[+] file_hash : 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 7
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Ursu (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Main Service -- [%programfiles(x86)%\MachinerData\Aurora_DVD_Copy.exe 1] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Ursu
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Main Service
[+] value : [%programfiles(x86)%\MachinerData\Aurora_DVD_Copy.exe 1]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 8
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DE92423E-F8B4-436F-B5FC-ACEFE45E4465} -- [%SystemRoot%\KMS-R@1n.exe] -> Deleted
[+] scan_what : 1
[+] vendors : PUP.HackTool
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DE92423E-F8B4-436F-B5FC-ACEFE45E4465}
[+] value : [%SystemRoot%\KMS-R@1n.exe]
[+] Type : Registry
[+] file_hash : 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 9
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{952B703F-ED8F-4CF5-8655-8F555B04EBD0} -- [%SystemRoot%\KMS-R@1n.exe] -> Deleted
[+] scan_what : 1
[+] vendors : PUP.HackTool
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{952B703F-ED8F-4CF5-8655-8F555B04EBD0}
[+] value : [%SystemRoot%\KMS-R@1n.exe]
[+] Type : Registry
[+] file_hash : 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 10
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{952B703F-ED8F-4CF5-8655-8F555B04EBD0} -- [%SystemRoot%\KMS-R@1n.exe] -> Deleted
[+] scan_what : 1
[+] vendors : PUP.HackTool
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{952B703F-ED8F-4CF5-8655-8F555B04EBD0}
[+] value : [%SystemRoot%\KMS-R@1n.exe]
[+] Type : Registry
[+] file_hash : 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 11
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DE92423E-F8B4-436F-B5FC-ACEFE45E4465} -- [%SystemRoot%\KMS-R@1n.exe] -> Deleted
[+] scan_what : 1
[+] vendors : PUP.HackTool
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DE92423E-F8B4-436F-B5FC-ACEFE45E4465}
[+] value : [%SystemRoot%\KMS-R@1n.exe]
[+] Type : Registry
[+] file_hash : 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 12
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppSvc.exe|Debugger -- [%SystemRoot%\KMS-R@1nHook.exe] -> Deleted
[+] scan_what : 1
[+] vendors : PUP.HackTool
[+] Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppSvc.exe|Debugger
[+] value : [%SystemRoot%\KMS-R@1nHook.exe]
[+] Type : Registry
[+] file_hash : 484C74D529EB1551FC2DDFE3C821A7A87113CE927CF22D79241030C2B4A4AA74
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 13
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSPPSVC.EXE|Debugger -- [%SystemRoot%\KMS-R@1nHook.exe] -> Deleted
[+] scan_what : 1
[+] vendors : PUP.HackTool
[+] Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSPPSVC.EXE|Debugger
[+] value : [%SystemRoot%\KMS-R@1nHook.exe]
[+] Type : Registry
[+] file_hash : 484C74D529EB1551FC2DDFE3C821A7A87113CE927CF22D79241030C2B4A4AA74
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 14
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSPPSVC.EXE|Debugger -- [%SystemRoot%\KMS-R@1nHook.exe] -> Deleted
[+] scan_what : 1
[+] vendors : PUP.HackTool
[+] Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSPPSVC.EXE|Debugger
[+] value : [%SystemRoot%\KMS-R@1nHook.exe]
[+] Type : Registry
[+] file_hash : 484C74D529EB1551FC2DDFE3C821A7A87113CE927CF22D79241030C2B4A4AA74
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 15
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppSvc.exe|Debugger -- [%SystemRoot%\KMS-R@1nHook.exe] -> Deleted
[+] scan_what : 1
[+] vendors : PUP.HackTool
[+] Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppSvc.exe|Debugger
[+] value : [%SystemRoot%\KMS-R@1nHook.exe]
[+] Type : Registry
[+] file_hash : 484C74D529EB1551FC2DDFE3C821A7A87113CE927CF22D79241030C2B4A4AA74
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 16
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.HackTool (Potentially Malicious)] KMS-R@1n.exe -- %SystemRoot%\KMS-R@1n.exe -> Deleted
[+] scan_what : 1
[+] vendors : PUP.HackTool
[+] Name : KMS-R@1n.exe
[+] value : %SystemRoot%\KMS-R@1n.exe
[+] Type : File/Folder
[+] file_hash : 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 17
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.HackTool (Potentially Malicious)] KMS-R@1nHook.exe -- %SystemRoot%\KMS-R@1nHook.exe -> Deleted
[+] scan_what : 1
[+] vendors : PUP.HackTool
[+] Name : KMS-R@1nHook.exe
[+] value : %SystemRoot%\KMS-R@1nHook.exe
[+] Type : File/Folder
[+] file_hash : 484C74D529EB1551FC2DDFE3C821A7A87113CE927CF22D79241030C2B4A4AA74
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 18
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.HackTool (Potentially Malicious)] KMS-R@1nHook.dll -- %SystemRoot%\KMS-R@1nHook.dll -> Deleted
[+] scan_what : 1
[+] vendors : PUP.HackTool
[+] Name : KMS-R@1nHook.dll
[+] value : %SystemRoot%\KMS-R@1nHook.dll
[+] Type : File/Folder
[+] file_hash : 5197323DDEE0141CA9C433D3860E5E7B0193C0821D9E5278D8E5F6EA0523C322
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 19
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Ursu (Malicious)] MachinerData -- %programfiles(x86)%\MachinerData -> Deleted
[+] scan_what : 1
[+] vendors : Tr.Ursu
[+] Name : MachinerData
[+] value : %programfiles(x86)%\MachinerData
[+] Type : File/Folder
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 20
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUM.SearchEngine (Potentially Malicious)] default_search_provider_data.template_url_data.keyword -- google.co.jp_ -> Deleted
[+] scan_what : 2
[+] vendors : PUM.SearchEngine
[+] Name : default_search_provider_data.template_url_data.keyword
[+] value : google.co.jp_
[+] Type : Browser
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 4
[+] id : 21
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1
 

BefuddledB

Posts: 53   +0
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/15/21
Scan Time: 5:09 PM
Log File: a2b7f180-461d-11ec-82bd-101f741c2452.json

-Software Information-
Version: 4.4.10.144
Components Version: 1.0.1499
Update Package Version: 1.0.47222
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User-PC\User

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 285047
Threats Detected: 72
Threats Quarantined: 72
Time Elapsed: 8 min, 42 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 13
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\R@1n-KMS\Office16ProjectPro, Quarantined, 900, 820459, , , , , ,
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{180B8E0B-626D-48AB-A236-50F5E679B3F6}, Quarantined, 900, 820459, , , , , ,
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{180B8E0B-626D-48AB-A236-50F5E679B3F6}, Quarantined, 900, 820459, , , , , ,
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\R@1n-KMS\Office16ProPlus, Quarantined, 900, 820459, , , , , ,
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{73B88F1A-4C3F-4A8A-9EAF-17E2CB472599}, Quarantined, 900, 820459, , , , , ,
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{73B88F1A-4C3F-4A8A-9EAF-17E2CB472599}, Quarantined, 900, 820459, , , , , ,
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\R@1n-KMS\Office16VisioPro, Quarantined, 900, 820459, , , , , ,
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7B1FDD86-A4F6-48B1-B35A-BF0044BBAE6F}, Quarantined, 900, 820459, , , , , ,
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{7B1FDD86-A4F6-48B1-B35A-BF0044BBAE6F}, Quarantined, 900, 820459, , , , , ,
Adware.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{EF758C50-5FA2-4B0A-86D3-8B65B176BC53}, Quarantined, 1004, 785573, 1.0.47222, , ame, , ,
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, 6752, 252393, 1.0.47222, , ame, , ,
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, 6752, 252393, 1.0.47222, , ame, , ,
Trojan.CrthRazy, HKLM\SOFTWARE\WOW6432NODE\Machiner, Quarantined, 3140, 676882, 1.0.47222, , ame, , ,

Registry Value: 3
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, Quarantined, 6752, 252393, 1.0.47222, , ame, , ,
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, Quarantined, 6752, 252393, 1.0.47222, , ame, , ,
Trojan.CrthRazy, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{EF758C50-5FA2-4B0A-86D3-8B65B176BC53}|DISPLAYNAME, Quarantined, 3140, 976792, 1.0.47222, , ame, , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 6
RiskWare.KMS, C:\WINDOWS\SYSTEM32\TASKS\R@1N-KMS, Quarantined, 900, 820459, 1.0.47222, , ame, , ,
Trojan.CrthRazy, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T2MRU6J7.DEFAULT\EXTENSIONS\{14553439-2741-4E9D-B474-784F336F58C9}, Quarantined, 3140, 976809, 1.0.47222, , ame, , ,
Trojan.CrthRazy, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AI3EH1C.DEFAULT\EXTENSIONS\{14553439-2741-4E9D-B474-784F336F58C9}, Quarantined, 3140, 976811, 1.0.47222, , ame, , ,
PUP.Optional.MySearchDial, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 110, 663899, , , , , ,
PUP.Optional.MySearchDial, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 110, 663899, , , , , ,
PUP.Optional.MySearchDial, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 110, 663899, , , , , ,

File: 50
RiskWare.KMS, C:\Windows\System32\Tasks\R@1n-KMS\Office16ProjectPro, Quarantined, 900, 820459, , , , , 6A4FD3C8510E64CA1655F2D382A608D1, BE52D45068D423C9A9C1610E9D307D91E22B9FD7AA379B18C3F357D98A7AD886
RiskWare.KMS, C:\Windows\System32\Tasks\R@1n-KMS\Office16ProPlus, Quarantined, 900, 820459, , , , , EB1F9B5C2D0D7A843420FBFFBB412CCC, 2AF7A40171F2688FCB2BB9D4DE3F5F8558BDA6CC82C9CA685419ED6BD1EA8D38
RiskWare.KMS, C:\Windows\System32\Tasks\R@1n-KMS\Office16VisioPro, Quarantined, 900, 820459, , , , , A5BD6CB06BCC5A56340F3131FB75B90C, 866A9208A09969290C05ED4ACBA367E310FDBBFA78584D65220FE41773643986
PUP.Optional.BestBuy, C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\DOWNLOAD LATEST OFFICE 2016 PERMANENT ULTIMATE ACTIVATOR.URL, Quarantined, 5470, 393595, 1.0.47222, , ame, , FBF4328F3B12B3C4402FB5BBB4B6F9AD, F8672FEA0EAC94E6178F70DE7B8B3FC165E50374DE43D2381B46085369673A03
Trojan.CrthRazy, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T2MRU6J7.DEFAULT\EXTENSIONS\{14553439-2741-4E9D-B474-784F336F58C9}\3IP5YXB4AN.JS, Quarantined, 3140, 976809, 1.0.47222, , ame, , 581D14B8C540A0646BE280158539B951, 3D4DB20DC7C2BCBC39509D21ED2EF508AAA05F48795E2621326CEE01C6D14880
Trojan.CrthRazy, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t2mru6j7.default\extensions\{14553439-2741-4e9d-b474-784f336f58c9}\01RXNT1OB1.js, Quarantined, 3140, 976809, , , , , 0349FB40326E7016B33B2A1BFB76F5B6, BAD2ADD1CA2ED2F86ED8A50736FE10DBEE9A79A3FB6901CEB5860CD224FB19C5
Trojan.CrthRazy, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t2mru6j7.default\extensions\{14553439-2741-4e9d-b474-784f336f58c9}\41V9I2GK85.js, Quarantined, 3140, 976809, , , , , 08A89FA8EA8442006DCF49F4E2E3685C, 4D7DB37656A64DF11841757EA3F1A57998F7797CA4E33F43B7A8B70AE5C01EF4
Trojan.CrthRazy, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t2mru6j7.default\extensions\{14553439-2741-4e9d-b474-784f336f58c9}\4V7DKEGV3Z.js, Quarantined, 3140, 976809, , , , , F550CD672189E3F56E8A4723009EF2D8, 818504F348510B7CE2C6512E0329F744199B1FBF6A40258C92B76B3BAB9788BE
Trojan.CrthRazy, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t2mru6j7.default\extensions\{14553439-2741-4e9d-b474-784f336f58c9}\7XCHIIFNJE.js, Quarantined, 3140, 976809, , , , , E3567F1DBADB0642EEEDFA605D46CE1F, 25BDAC504AB1004E463E030A728344C583CF057E05A44345E12EFF8B14D7C913
Trojan.CrthRazy, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t2mru6j7.default\extensions\{14553439-2741-4e9d-b474-784f336f58c9}\manifest.json, Quarantined, 3140, 976809, , , , , 06AE912ABC99AA6621731F2E7A9F6659, 3CA5208A4E5D3084533F75395A75258E954BB9E9D83357B3F0FAA195A7355A91
Trojan.CrthRazy, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T2MRU6J7.DEFAULT\EXTENSIONS\{14553439-2741-4E9D-B474-784F336F58C9}\6ZNF4GW3BF.JS, Quarantined, 3140, 976811, 1.0.47222, , ame, , 2BAFFA6F7BE9D0E8623F2D39406631B6, 0546F5A2DC51DFAE5D53865F3B1272987B99D52A37C9F6E1C1A59C1D8D7A2AB5
Trojan.CrthRazy, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AI3EH1C.DEFAULT\EXTENSIONS\{14553439-2741-4E9D-B474-784F336F58C9}\6ZNF4GW3BF.JS, Quarantined, 3140, 976811, 1.0.47222, , ame, , 2BAFFA6F7BE9D0E8623F2D39406631B6, 0546F5A2DC51DFAE5D53865F3B1272987B99D52A37C9F6E1C1A59C1D8D7A2AB5
Trojan.CrthRazy, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\extensions\{14553439-2741-4e9d-b474-784f336f58c9}\01RXNT1OB1.js, Quarantined, 3140, 976811, , , , , 0349FB40326E7016B33B2A1BFB76F5B6, BAD2ADD1CA2ED2F86ED8A50736FE10DBEE9A79A3FB6901CEB5860CD224FB19C5
Trojan.CrthRazy, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\extensions\{14553439-2741-4e9d-b474-784f336f58c9}\41V9I2GK85.js, Quarantined, 3140, 976811, , , , , 08A89FA8EA8442006DCF49F4E2E3685C, 4D7DB37656A64DF11841757EA3F1A57998F7797CA4E33F43B7A8B70AE5C01EF4
Trojan.CrthRazy, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\extensions\{14553439-2741-4e9d-b474-784f336f58c9}\4V7DKEGV3Z.js, Quarantined, 3140, 976811, , , , , F550CD672189E3F56E8A4723009EF2D8, 818504F348510B7CE2C6512E0329F744199B1FBF6A40258C92B76B3BAB9788BE
Trojan.CrthRazy, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\extensions\{14553439-2741-4e9d-b474-784f336f58c9}\7XCHIIFNJE.js, Quarantined, 3140, 976811, , , , , E3567F1DBADB0642EEEDFA605D46CE1F, 25BDAC504AB1004E463E030A728344C583CF057E05A44345E12EFF8B14D7C913
Trojan.CrthRazy, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\extensions\{14553439-2741-4e9d-b474-784f336f58c9}\manifest.json, Quarantined, 3140, 976811, , , , , 06AE912ABC99AA6621731F2E7A9F6659, 3CA5208A4E5D3084533F75395A75258E954BB9E9D83357B3F0FAA195A7355A91
Trojan.CrthRazy, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AI3EH1C.DEFAULT\EXTENSIONS\{14553439-2741-4E9D-B474-784F336F58C9}\3IP5YXB4AN.JS, Quarantined, 3140, 976809, 1.0.47222, , ame, , 581D14B8C540A0646BE280158539B951, 3D4DB20DC7C2BCBC39509D21ED2EF508AAA05F48795E2621326CEE01C6D14880
Trojan.CrthRazy.E.Generic, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T2MRU6J7.DEFAULT\EXTENSIONS\{14553439-2741-4E9D-B474-784F336F58C9}\DL9N22KTWY.JS, Quarantined, 15708, 689343, 1.0.47222, , ame, , 6ED49D7CBADD204E34184078BF77CD13, 74E337076D8D54A54233D5026C360DA830A79C9232FDB6E20E4B7E98E987B68A
Trojan.CrthRazy.E.Generic, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AI3EH1C.DEFAULT\EXTENSIONS\{14553439-2741-4E9D-B474-784F336F58C9}\DL9N22KTWY.JS, Quarantined, 15708, 689343, 1.0.47222, , ame, , 6ED49D7CBADD204E34184078BF77CD13, 74E337076D8D54A54233D5026C360DA830A79C9232FDB6E20E4B7E98E987B68A
Generic.Malware/Suspicious, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\452FD2B4DC6C55BF.VIR, Quarantined, 0, 392686, 1.0.47222, , shuriken, , DC30CFD21BBB742C10E3621D5B506780, 484C74D529EB1551FC2DDFE3C821A7A87113CE927CF22D79241030C2B4A4AA74
Generic.Malware/Suspicious, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\76E82524B351C4F8.VIR, Quarantined, 0, 392686, 1.0.47222, , shuriken, , 0F9FD9565E6EB157FA9BE11ED9C1DC9F, 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE
Adware.DownloadAssistant, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\64A568BC56754192.VIR, Quarantined, 746, 782417, 1.0.47222, 0000000000000000000003E9, dds, 01511344, 2C1E75B987EF1757A6AEC63B0DD861FA, 3EB434EF7A9A48D88CECF028DF35402248ACFD44B94A1D52292180B9F748A1D7
Adware.DownloadAssistant, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\DCA2CDCA8A9447A8.VIR, Quarantined, 746, 782417, 1.0.47222, 0000000000000000000003E9, dds, 01511344, 2C1E75B987EF1757A6AEC63B0DD861FA, 3EB434EF7A9A48D88CECF028DF35402248ACFD44B94A1D52292180B9F748A1D7
Trojan.Crypt, C:\USERS\USER\APPDATA\ROAMING\GOOGLEUPDATER.EXE, Quarantined, 513, 901746, 1.0.47222, EE0D2731F632025EFE6A28F0, dds, 01511344, 7EDC29AC383BF06E25EEFBB5F53423E7, 5111AFE1317A79A32696EC71929418F3EFA352A03892D00048928D4E0074AB4F
Trojan.Crypt, C:\USERS\USER\APPDATA\LOCAL\TEMP\1612198675479.EXE, Quarantined, 513, 901746, 1.0.47222, EE0D2731F632025EFE6A28F0, dds, 01511344, 7EDC29AC383BF06E25EEFBB5F53423E7, 5111AFE1317A79A32696EC71929418F3EFA352A03892D00048928D4E0074AB4F
Trojan.Crypt, C:\USERS\USER\APPDATA\LOCAL\TEMP\1612200170525.EXE, Quarantined, 513, 901746, 1.0.47222, EE0D2731F632025EFE6A28F0, dds, 01511344, 7EDC29AC383BF06E25EEFBB5F53423E7, 5111AFE1317A79A32696EC71929418F3EFA352A03892D00048928D4E0074AB4F
Trojan.Crypt, C:\USERS\USER\APPDATA\LOCAL\TEMP\1612200109585.EXE, Quarantined, 513, 901746, 1.0.47222, EE0D2731F632025EFE6A28F0, dds, 01511344, 7EDC29AC383BF06E25EEFBB5F53423E7, 5111AFE1317A79A32696EC71929418F3EFA352A03892D00048928D4E0074AB4F
Malware.AI.1795363553, C:\USERS\USER\DOWNLOADS\KMSPICO 11.1.2.EXE, Quarantined, 1000000, 0, 1.0.47222, 28CADB976B390FAF6B0312E1, dds, 01511344, 233C9C046E39BD738C0BD9746971B579, 509E8B0351843477445784F0B2B2A646763B37146E20C8F9AFB32AE36D685EB4
HackTool.Patcher, C:\USERS\USER\DESKTOP\ADOBE ACROBAT\ADOBE.SNR.PATCH.V2.0-PAINTER.EXE, Quarantined, 7380, 473286, 1.0.47222, 16E5B466C030F0E5254BF951, dds, 01511344, B31679DB7DB878992B4553290A9E6C7C, 256C2A409C97448D168F3EB1BFB89AF3D259DFC05A510A3F464D8E4B348116D4
PUP.Optional.BundleInstaller, C:\USERS\USER\DOWNLOADS\UTORRENT.EXE, Quarantined, 515, 790622, 1.0.47222, , ame, , A7D704B14D238E9A01FFDA03A692EF9C, 28A6221C9CF6CA14DA87B8A8716831CD5931CE617541D9FE8012417995EA13A9
Malware.AI.3757740365, C:\USERS\USER\DESKTOP\ADOBE ACROBAT\XF-ACRODC2015.EXE, Quarantined, 1000002, 0, 1.0.47222, 202F3CCBABE0F4D1DFFA914D, dds, 01511344, EB5F4D94D12C511D7BFE8608652ADB6A, B50816ECC6EC849FCB0ED0677C8A6B1F0867A74638679BCAFC4F63DCC5B2E1EF
Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\AURORA DVD COPY\AURORA_DVD_COPY.EXE, Quarantined, 1000001, 980983, 1.0.47222, 0000000000000000000003E9, dds, 01511344, 2C1E75B987EF1757A6AEC63B0DD861FA, 3EB434EF7A9A48D88CECF028DF35402248ACFD44B94A1D52292180B9F748A1D7
Adware.DownloadAssistant, C:\PROGRAM FILES (X86)\KMSPICO 10.2.1 FINAL\KMSPICOSETUP.EXE, Quarantined, 746, 789198, 1.0.47222, , ame, , 28D99FFBA67DCA1F8E5F8F628383A3E2, EF5A6BF13CE0C97678988965EE5798A9B5693081C9B2A2006ABD113EADE57231
Malware.AI.3757740365, C:\USERS\USER\DOWNLOADS\ADOBE ACROBAT PRO DC 2019.010.20098 + CRACK [WWW.TECH-TOOLS.ME]\ADOBE_ACROBAT_PRO_DC_V2015_MULTI-XFORCE.RAR, Quarantined, 1000002, 0, 1.0.47222, 202F3CCBABE0F4D1DFFA914D, dds, 01511344, 0D3C899A63F721859E9B9D8D1B1031E1, 163F7E03A28DDD35CF852B2712AEFAA07B460A53C022863006966948F108102B
HackTool.Patcher, C:\USERS\USER\DOWNLOADS\ADOBE ACROBAT PRO DC 2019.010.20098 + CRACK [WWW.TECH-TOOLS.ME]\ADOBE.SNR.PATCH.V2.0-PAINTER.ZIP, Quarantined, 7380, 473286, 1.0.47222, 16E5B466C030F0E5254BF951, dds, 01511344, 0CF0907EA199909CA9C86DE3097FFD21, 7B0BDEDD52B08BBED1DF72F13F333A556286AA6B0E9804422477994A245A4FE6
PUP.Optional.MySearchDial, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Quarantined, 110, 663899, , , , , 7024CF6BF6BA3DC1589529D2163A768E, 72BD46D32D9776C5D48C1789EEB156FC9735C10B0424DCA8E37C9FB5A9C7B079
PUP.Optional.MySearchDial, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000136.ldb, Quarantined, 110, 663899, , , , , CAE1498EE8281789EEEB5010032FED2C, EE4EC49E63E487B3E76D45AD3377400219C1D060800475F7B4C6C3F72ED31BC1
PUP.Optional.MySearchDial, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000138.ldb, Quarantined, 110, 663899, , , , , 83D2D7175C2F24C26CF45A7C3F657064, C81E6D152626BDF5C5B1E67818EAD6A306DFBC74418F54D358F8E1C878BBBA97
PUP.Optional.MySearchDial, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000140.ldb, Quarantined, 110, 663899, , , , , CADF9BF9A085809650DCD678AF01155A, 29AE5C4F080A8E45CAA43BE44C67A54B35E6425652FFCEAB20BA43242C3AC954
PUP.Optional.MySearchDial, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000142.log, Quarantined, 110, 663899, , , , , ,
PUP.Optional.MySearchDial, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000143.ldb, Quarantined, 110, 663899, , , , , 2E4F2F96511F1BF4DEA6573168063AD6, 82E8FB87C3B36FA90C427BEE3F651AE3584F389A6C9A3CF7720BE445C7C0A603
PUP.Optional.MySearchDial, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 110, 663899, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.MySearchDial, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 110, 663899, , , , , ,
PUP.Optional.MySearchDial, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 110, 663899, , , , , 5C975A819EEA10CFCE17068C12EDFFF6, 5ED44BA20B19E9CD50B5A30A33D6E7222282C7E67B235741CE70CE03506ABB8A
PUP.Optional.MySearchDial, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 110, 663899, , , , , AAF9D8F11415B0FCCFDB21097D38C379, DA927C72A9155BA5721B262A163795362F6A3AE1FD8622EA5E14981F1BEFB718
PUP.Optional.MySearchDial, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Quarantined, 110, 663899, , , , , 0B1C849A38D860F634B0733988764266, 1E5752FB309291D6959433D8340805ABA8775CB7F6EB88B5B3B7CD72EE2391A0
PUP.Optional.MySearchDial, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 110, 663899, 1.0.47222, , ame, , 3DAEB5D1B2115D5C48878B3512D36B66, FCE2B6EF91AC59AFBD88C02EB12218021D8109063F242DC95E98898998D20128
PUP.Optional.MySearchDial, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 110, 663899, 1.0.47222, , ame, , 3DAEB5D1B2115D5C48878B3512D36B66, FCE2B6EF91AC59AFBD88C02EB12218021D8109063F242DC95E98898998D20128
PUP.Optional.MySearchDial, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 110, 663899, 1.0.47222, , ame, , 3DAEB5D1B2115D5C48878B3512D36B66, FCE2B6EF91AC59AFBD88C02EB12218021D8109063F242DC95E98898998D20128

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

BefuddledB

Posts: 53   +0
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-10-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-15-2021
# Duration: 00:00:13
# OS: Windows 7 Ultimate
# Cleaned: 0
# Failed: 4


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Not Deleted AVG Secure Search
Not Deleted Mysearchdial
Not Deleted Mysearchdial
Not Deleted azlyrics.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3759 octets] - [15/11/2021 17:33:16]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Broni

Posts: 55,846   +504
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

BefuddledB

Posts: 53   +0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021
Ran by User (administrator) on USER-PC (Hewlett-Packard HP Pavilion dv6 Notebook PC) (15-11-2021 19:12:37)
Running from C:\Users\User\Desktop
Loaded Profiles: User
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ADLICE (ASCOET JULIEN) -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(ADLICE (ASCOET JULIEN) -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <30>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Western Digital Technologies, Inc. -> Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc. -> Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Western Digital Technologies, Inc. -> Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe" (No File)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [134936 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-03-15] (PowerISO Computing, Inc.) [File not signed]
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8807712 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91683688 2020-06-09] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [Opera Browser Assistant] => C:\Users\User\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3126296 2020-08-18] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34508416 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Policies\Explorer\DisallowRun: [1] 1.exe
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Policies\Explorer\DisallowRun: [2] irsetup.exe
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\MountPoints2: {23312558-207b-11e9-8379-ac7289c252c1} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\MountPoints2: {9fb92af0-d822-11e8-aa55-ac7289c252c1} - F:\HiSuiteDownLoader.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-15] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\95.0.12827.70\Installer\chrmstp.exe [2021-11-14] (Avast Software s.r.o. -> AVAST Software)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-10-08]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01149AF2-91D3-421D-AE37-554601C33FF2} - System32\Tasks\Opera scheduled assistant Autoupdate 1596061853 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\User\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {065CBA15-8F23-462C-B9F1-B5E874D68F0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {0ABAB06E-9E5E-41F4-8E50-8ECC2081F60E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-17] (Piriform Software Ltd -> Piriform)
Task: {0C790257-6071-490A-BC56-5543226C2007} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24613248 2021-10-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {14036993-9EAB-43E4-9BAE-B6DF86611222} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-31] (Avast Software s.r.o. -> AVAST Software)
Task: {1A6F9DA4-3D1C-4E60-83A8-9A7788D8EDCF} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-06-04] (ProtonVPN AG -> )
Task: {1DC69C46-7E58-4336-A944-8AAC00A36E05} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4371888 2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {296BE3F2-8435-4DBD-A973-3F28464DBF50} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [326320 2021-06-16] (HP Inc. -> HP Inc.)
Task: {2F3CCCD3-CF46-4DE2-80F6-4AB549C147E9} - System32\Tasks\{3B953E3C-891C-4131-8CD3-0642DB8D2E73} => C:\Windows\system32\pcalua.exe -a "C:\Users\User\Downloads\Bluetooth hpdv6\sp61617.exe" -d "C:\Users\User\Downloads\Bluetooth hpdv6"
Task: {3045603C-336A-4CF4-82FD-5FEBA05D608C} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {32A88FCA-D3B0-4A19-9140-38373B94969B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
Task: {381EA3F1-5637-4E3B-8507-4CF3D23BB126} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4974872 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
Task: {3F92D4D8-1A15-4D8F-9C39-6C069BB93D5C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2414739685-3642484520-4203288351-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {482F3F6C-8AA8-43AE-920E-DB0270CC26E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-17] (Google Inc -> Google Inc.)
Task: {5D280EBE-808D-40EE-8C77-1CA92B7ED0C7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {6158DBFF-208A-48BD-80B5-D79BB3671389} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2495608 2021-11-01] (Avast Software s.r.o. -> AVAST Software)
Task: {70D7D124-81ED-420D-9C45-3E433CCD5A40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {78AE1C7E-9FA3-42BC-82E9-8ED455813A0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {78B60131-294E-4C13-81FC-8176B89C5989} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2021-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {78F30F0D-F5C6-41B1-9703-E31CB9AC7053} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4371888 2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {7BA07AE5-928B-4EF6-8B0C-1E256296976F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28880512 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7BE16C90-4BF1-41B2-A01A-47D9C98FA39D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
Task: {7C30876A-9D75-4064-AA58-DC8C5E6F9FAC} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.)
Task: {7EF209F5-D4CD-4E02-9271-0D47AAA2A7E6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {81790D93-0133-433D-97A9-E7AB3E5C268E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24613248 2021-10-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {96176D95-2445-4C0F-A9EA-3235112F8E9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {9AFF46AF-F292-46E9-9E73-0CBD73DA7ACE} - System32\Tasks\Opera scheduled Autoupdate 1596061835 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software)
Task: {9DCB4068-A735-4220-B771-24FA6D211758} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2021-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {B67D3B71-B1D4-4CEB-A0C9-5FD66D25E0E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-17] (Google Inc -> Google Inc.)
Task: {C5E06225-6D7F-49B6-9D3F-8B7A1EAA855B} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-31] (Avast Software s.r.o. -> AVAST Software)
Task: {C80B29FD-9C63-4D38-85F1-EC78096F1978} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe [555640 2021-03-25] (HP Inc. -> HP Inc.)
Task: {D6D1F782-E125-466A-A86C-C2CAABCCC1E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {DC9FE7DB-0187-4AA1-9E77-08F7018D3338} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {FBCC263E-A47B-4D42-A58E-99C91F2ECD95} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {FD1DA291-2AB1-4D08-B488-FB1376392910} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2495608 2021-11-01] (Avast Software s.r.o. -> AVAST Software)
Task: {FE82DD8A-B5DE-4227-83C4-8CAEFC4B7F5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {FFD19AA6-7616-4174-B709-757AC2589C98} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{11E4DE98-3DF0-4B24-8DF3-DC73EEC1F140}: [DhcpNameServer] 192.168.43.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-18]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 1ai3eh1c.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default [2021-09-29]
FF Homepage: Mozilla\Firefox\Profiles\1ai3eh1c.default -> search.yahoo.com
FF NewTab: Mozilla\Firefox\Profiles\1ai3eh1c.default -> hxxps://gr.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180508__yaff
FF Extension: (anonymoX) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\client@anonymox.net.xpi [2021-01-04]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\sp@avast.com.xpi [2021-09-29]
FF Extension: (Avast Online Security) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\wrc@avast.com.xpi [2021-05-23]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-09-29]
FF Extension: (Video DownloadHelper) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-09-29]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-08]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-01-31] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-01-31] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-11-15]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://mail.protonmail.com; hxxps://mail.yahoo.com; hxxps://www.reddit.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://radindiemedia.com/","hxxps://sudantribune.com/","hxxps://www.lrb.co.uk/","hxxps://lareviewofbooks.org/"
CHR DefaultSearchKeyword: Default -> google.co.jp_
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-17]
CHR Extension: (TheFreeDictionary.com Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgabimphpgkjochcoogplolgpcagmap [2018-04-26]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-26]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-14]
CHR Extension: (DuckDuckGo) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2021-10-29]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-26]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-09-16]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2021-11-15]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-17]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-29]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-11-15]
CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2021-01-20]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-10-29]
CHR Extension: (Video Downloader Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkdmdpdhfaamhgaojpelccmeehpfljgf [2021-11-15]
CHR Extension: (Kindle Cloud Reader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2018-04-26]
CHR Extension: (anonymoX) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpklikeghomkemdellmmkoifgfbakio [2019-11-07]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-15]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2021-11-15]
CHR Extension: (Plugins) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcblfncjaclajmegihojiekebofjcen [2018-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-14]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-07-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
OPR Profile: C:\Users\User\AppData\Roaming\Opera Software\Opera Stable [2021-11-15]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-11-14]
OPR Extension: (Onion Control (anonymous proxy)) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\knfbgpkbkfebddfbklfpgmdjgolnkkfl [2021-01-03]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8376400 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-31] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [680728 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [1700632 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [427800 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-31] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\95.0.12827.70\elevation_service.exe [1713640 2021-11-01] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-07-09] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11137416 2021-10-10] (Microsoft Corporation -> Microsoft Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-21] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [44328 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-15] (Malwarebytes Inc -> Malwarebytes)
S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [101184 2020-06-04] (ProtonVPN AG -> )
S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-06-04] (ProtonVPN AG -> )
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14204760 2021-11-09] (ADLICE (ASCOET JULIEN) -> )
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital Technologies, Inc. -> Western Digital)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital Technologies, Inc. -> Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital Technologies, Inc. -> Western Digital)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35704 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [222112 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [367656 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250392 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99344 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41344 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [184648 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [538976 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107848 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82904 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [852216 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [557648 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [214384 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [317696 2021-11-15] (Avast Software s.r.o. -> AVAST Software)
S3 DSE_USB; C:\Windows\System32\drivers\DSE_USB.sys [336872 2017-10-24] (Jungo Connectivity Ltd. -> Jungo Connectivity)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [160176 2021-11-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [210352 2021-11-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [193448 2021-11-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [69040 2021-11-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-07-04] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [146864 2021-11-15] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [91648 2011-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [208896 2011-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTunnelDriver.sys [22456 2020-06-04] (ProtonVPN AG -> Proton Technologies AG)
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [85424 2009-03-15] (Fenghua Lee -> PowerISO Computing, Inc.)
R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-04-06] (ProtonVPN AG -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-11-15] (Adlice -> )
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2012-09-19] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-15 17:53 - 2021-11-15 17:53 - 000193448 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-11-15 17:49 - 2021-11-15 17:49 - 000069040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-11-15 17:48 - 2021-11-15 17:48 - 000146864 _____ C:\Windows\system32\Drivers\mwac.sys
2021-11-15 17:47 - 2021-11-15 18:06 - 000038032 _____ C:\Windows\system32\Drivers\truesight.sys
2021-11-15 17:30 - 2021-11-15 17:41 - 000000000 ____D C:\AdwCleaner
2021-11-15 17:06 - 2021-11-15 17:06 - 000210352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-11-15 16:25 - 2021-11-15 16:25 - 000000860 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2021-11-15 16:25 - 2021-11-15 16:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-11-15 16:25 - 2021-11-15 16:25 - 000000000 ____D C:\Program Files\RogueKiller
2021-11-15 16:24 - 2021-11-15 16:38 - 000000000 ____D C:\ProgramData\RogueKiller
2021-11-15 16:11 - 2021-11-15 16:10 - 000340248 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-11-15 16:11 - 2021-11-15 16:10 - 000214384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2021-11-15 03:19 - 2021-11-15 03:20 - 041652744 _____ (Adlice Software ) C:\Users\User\Desktop\RogueKiller_setup.exe
2021-11-15 03:19 - 2021-11-15 03:19 - 002101944 _____ (Malwarebytes) C:\Users\User\Desktop\MBSetup-10789.10789-consumer.exe
2021-11-15 03:12 - 2021-11-15 03:12 - 008553680 _____ (Malwarebytes) C:\Users\User\Desktop\AdwCleaner (1).exe
2021-11-14 23:35 - 2021-11-14 23:43 - 000051216 _____ C:\Users\User\Desktop\Addition.txt
2021-11-14 23:32 - 2021-11-15 19:13 - 000032893 _____ C:\Users\User\Desktop\FRST.txt
2021-11-14 21:57 - 2021-11-14 21:57 - 000000000 ____D C:\Users\User\Desktop\FRST-OlderVersion
2021-11-14 21:56 - 2021-11-15 19:13 - 000000000 ____D C:\FRST
2021-11-14 21:55 - 2021-11-14 21:57 - 002311680 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2021-11-14 20:30 - 2021-11-14 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-11-11 04:09 - 2021-11-11 04:09 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2021-11-11 04:09 - 2021-11-11 04:09 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2021-11-11 04:09 - 2021-11-11 04:09 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2021-11-11 04:09 - 2021-11-11 04:09 - 000044328 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-15 19:11 - 2018-04-17 20:22 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-15 18:20 - 2020-07-01 16:15 - 000000000 ____D C:\Users\User\AppData\Local\AVAST Software
2021-11-15 18:01 - 2009-07-14 07:45 - 000026848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-11-15 18:01 - 2009-07-14 07:45 - 000026848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-11-15 17:59 - 2020-02-20 05:10 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-11-15 17:58 - 2018-05-22 23:59 - 000000000 ____D C:\Users\User\AppData\Local\Dropbox
2021-11-15 17:49 - 2019-11-19 04:05 - 000000000 ____D C:\ProgramData\AVAST Software
2021-11-15 17:48 - 2019-11-19 04:09 - 000002005 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2021-11-15 17:46 - 2019-11-19 04:08 - 000003910 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-11-15 17:46 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-11-15 17:25 - 2020-02-20 04:43 - 000000000 ____D C:\Users\User\Desktop\Adobe Acrobat
2021-11-15 17:25 - 2020-02-20 00:17 - 000000000 ____D C:\Users\User\Downloads\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]
2021-11-15 17:25 - 2020-02-17 23:24 - 000000000 ____D C:\Program Files (x86)\Aurora DVD Copy
2021-11-15 17:25 - 2020-02-17 23:10 - 000000000 ____D C:\Program Files (x86)\KMSPico 10.2.1 Final
2021-11-15 17:20 - 2018-04-17 20:49 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-15 17:20 - 2018-04-17 20:49 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-15 17:06 - 2020-06-29 00:04 - 000001962 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-11-15 17:06 - 2019-11-20 05:27 - 000001950 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-11-15 17:05 - 2019-11-20 05:25 - 000160176 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-11-15 17:01 - 2019-11-20 05:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-11-15 17:01 - 2019-11-20 05:20 - 000000000 ____D C:\Program Files\Malwarebytes
2021-11-15 16:24 - 2020-12-18 16:16 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2021-11-15 16:18 - 2019-11-19 04:08 - 000367656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2021-11-15 16:18 - 2019-11-19 04:08 - 000317696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2021-11-15 16:10 - 2020-10-25 18:43 - 000184648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2021-11-15 16:10 - 2020-04-25 16:09 - 000538976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2021-11-15 16:10 - 2019-11-19 04:08 - 000852216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2021-11-15 16:10 - 2019-11-19 04:08 - 000557648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2021-11-15 16:10 - 2019-11-19 04:08 - 000250392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2021-11-15 16:10 - 2019-11-19 04:08 - 000222112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2021-11-15 16:10 - 2019-11-19 04:08 - 000107848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2021-11-15 16:10 - 2019-11-19 04:08 - 000099344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2021-11-15 16:10 - 2019-11-19 04:08 - 000082904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2021-11-15 16:10 - 2019-11-19 04:08 - 000041344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2021-11-15 16:10 - 2019-11-19 04:08 - 000035704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2021-11-15 15:58 - 2018-05-22 23:59 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2021-11-15 15:58 - 2018-05-22 23:59 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2021-11-14 21:06 - 2021-01-20 15:25 - 000003732 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2021-11-14 21:06 - 2020-07-01 16:15 - 000002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2021-11-14 21:06 - 2020-07-01 16:15 - 000002388 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2021-11-14 21:03 - 2021-01-20 14:35 - 000004040 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1596061835
2021-11-14 20:31 - 2018-05-22 23:59 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-11-14 20:19 - 2018-05-22 23:59 - 000003902 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineUA
2021-11-14 20:19 - 2018-05-22 23:59 - 000003650 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineCore
2021-11-14 20:13 - 2018-04-14 14:20 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2021-11-05 12:07 - 2009-07-14 08:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2021-11-05 12:07 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2021-11-01 16:15 - 2020-03-14 21:31 - 000002061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-11-01 16:13 - 2018-04-29 17:13 - 000000000 ____D C:\Users\User\AppData\Roaming\qBittorrent
2021-10-29 23:02 - 2021-09-26 23:19 - 000000000 ____D C:\Users\User\Downloads\Star.Trek.Picard.S01.COMPLETE.REPACK.720p.AMZN.WEBRip.x264-GalaxyTV[TGx]
2021-10-29 21:32 - 2018-10-18 00:03 - 000000000 ____D C:\Users\User\Documents\LLB
2021-10-29 20:42 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF
2021-10-29 18:29 - 2018-04-13 12:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-10-26 18:15 - 2021-06-13 21:30 - 000000000 ____D C:\Users\User\Documents\Bet

==================== Files in the root of some directories ========

2020-02-20 05:48 - 2020-02-20 05:48 - 000000000 _____ () C:\Users\User\AppData\Local\oobelibMkey.log
2021-09-17 16:38 - 2021-09-17 16:38 - 000000218 _____ () C:\Users\User\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-11-09 13:15
==================== End of FRST.txt ========================
 

BefuddledB

Posts: 53   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021
Ran by User (15-11-2021 19:14:18)
Running from C:\Users\User\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X64) (2018-04-13 08:44:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2414739685-3642484520-4203288351-500 - Administrator - Disabled)
Guest (S-1-5-21-2414739685-3642484520-4203288351-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2414739685-3642484520-4203288351-1002 - Limited - Enabled)
User (S-1-5-21-2414739685-3642484520-4203288351-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
ApowerPDF V4.1.1.315 (HKLM-x32\...\{99A1CF84-3154-433D-9F73-0A4D4DACBA1A}_is1) (Version: 4.1.1.315 - Apowersoft LIMITED)
Apowersoft Online Launcher version 1.7.1 (HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.1 - APOWERSOFT LIMITED)
Aurora DVD Copy 3.1.2 (HKLM-x32\...\Aurora DVD Copy_is1) (Version: - Aurora software, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.9.2494 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 95.0.12827.70 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
calibre 64bit (HKLM\...\{7CA53963-20B2-4EF3-B166-C26852019564}) (Version: 3.30.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.82 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Dropbox (HKLM-x32\...\Dropbox) (Version: 135.4.4221 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.541.1 - Dropbox, Inc.) Hidden
FrostWire 6.8.4 (HKLM\...\FrostWire 6) (Version: 6.8.4.292 - FrostWire LLC)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.23 - The GnuPG Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Gpg4win (3.1.13) (HKLM-x32\...\Gpg4win) (Version: 3.1.13 - The Gpg4win Project)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.8.34.31 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.18.34.21 - HP Inc.)
Inkscape (HKLM\...\{776C087E-B714-4153-9414-79592EC61B4A}) (Version: 1.0.1 - Inkscape)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.12527.22045 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 89.0 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0 (x64 en-US)) (Version: 89.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12527.21986 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12527.21986 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12527.21986 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.21986 - Microsoft Corporation) Hidden
Office 2016 Permanent Ultimate Activator v1.2 (HKLM\...\Office 2016 Permanent Ultimate Activator v1.2_is1) (Version: v1.2 - )
Opera Stable 80.0.4170.63 (HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Opera 80.0.4170.63) (Version: 80.0.4170.63 - Opera Software)
PowerISO (HKLM-x32\...\PowerISO) (Version: - )
ProtonVPN (HKLM-x32\...\{CC56589D-2FE8-4B38-9024-0ABCD9F3CB0E}) (Version: 1.16.1 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.16.1) (Version: 1.16.1 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{BCB82CD9-F514-4F93-A6D9-F898494DC927}) (Version: 1.1.0 - Proton Technologies AG)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
qBittorrent 4.3.6 (HKLM-x32\...\qBittorrent) (Version: 4.3.6 - The qBittorrent project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.28162 - Realtek Semiconduct Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
RogueKiller version 15.1.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.1.3.0 - Adlice Software)
Skype version 8.61 (HKLM-x32\...\Skype_is1) (Version: 8.61 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.8.0 - Sophos Limited)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2414739685-3642484520-4203288351-1000_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-11-15] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-11-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-11-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2020-09-04] (g10 Code GmbH) [File not signed]
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2009-03-15] (PowerISO Computing, Inc.) [File not signed]
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital Technologies, Inc. -> Western Digital)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2005-10-07] () [File not signed]
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital Technologies, Inc. -> Western Digital)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-11-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-20] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2020-09-04] (g10 Code GmbH) [File not signed]
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2009-03-15] (PowerISO Computing, Inc.) [File not signed]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2005-10-07] () [File not signed]
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-11-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-20] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2009-03-15] (PowerISO Computing, Inc.) [File not signed]
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital Technologies, Inc. -> Western Digital)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2005-10-07] () [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-03-27 23:48 - 2019-03-27 23:48 - 000115200 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2021-11-15 16:11 - 2021-11-15 16:11 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2021-11-15 16:11 - 2021-11-15 16:11 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2021-11-15 16:11 - 2021-11-15 16:11 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2021-11-15 16:11 - 2021-11-15 16:11 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2021-11-15 16:11 - 2021-11-15 16:11 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2021-11-15 16:11 - 2021-11-15 16:11 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2021-11-15 16:11 - 2021-11-15 16:11 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll
2021-11-15 16:11 - 2021-11-15 16:11 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
2021-11-15 16:11 - 2021-11-15 16:11 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2021-11-15 16:11 - 2021-11-15 16:11 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2021-11-15 16:11 - 2021-11-15 16:11 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\msvcp140.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\MSVCP140.dll
2021-11-15 16:11 - 2021-11-15 16:11 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\ucrtbase.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\ucrtbase.DLL
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\ucrtbase.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\ucrtbase.DLL
2021-11-15 16:11 - 2021-11-15 16:11 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\vcruntime140.dll] C:\Program Files\AVAST Software\Avast\1033\avast.local_vc142.crt\VCRUNTIME140.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\vcruntime140.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\VCRUNTIME140.dll
2021-11-15 16:06 - 2021-11-15 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVAST Software\Avast\avast.local_vc142.crt\vcruntime140_1.dll] C:\Program Files\AVAST Software\Avast\defs\21111506\avast.local_vc142.crt\VCRUNTIME140_1.dll
2012-09-19 21:04 - 2012-09-19 21:04 - 001006080 ____R (Robert Simpson, et al.) [File not signed] [File is in use] C:\Program Files (x86)\Western Digital\WD SmartWare\System.Data.SQLite.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-2414739685-3642484520-4203288351-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
SearchScopes: HKU\S-1-5-21-2414739685-3642484520-4203288351-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
SearchScopes: HKU\S-1-5-21-2414739685-3642484520-4203288351-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://gr.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180508__yaie&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-15] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2414739685-3642484520-4203288351-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8E6E2B68-CA7B-43DB-BAE5-B07F82013E2A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{12CD2F71-B2EA-4F28-AB73-4E5CF32EF49E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{336A1C8D-D1B5-49E1-80BA-9DE349C88353}] => (Allow) C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FB478F12-AA9A-4C5D-BB7C-69D6CE0FE8C0}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{D2D089DB-96EB-485D-9113-D636DF6AD8E8}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{59CB665C-2310-40EA-AE21-579139775D0B}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe => No File
FirewallRules: [{613B0F5C-3DFC-475B-A169-0E90046BDCAF}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe => No File
FirewallRules: [TCP Query User{9AD1FC98-C438-408C-ABC3-605A8D79984E}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => No File
FirewallRules: [UDP Query User{21D347A6-6487-401C-A3F6-E8DA1118E98A}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => No File
FirewallRules: [TCP Query User{364F560B-FA0E-4313-A41C-968CEE5BA3F6}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => No File
FirewallRules: [UDP Query User{70EAF6CC-A943-40E3-B8D3-8A488D075D56}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => No File
FirewallRules: [TCP Query User{4296B873-7DC7-4649-925E-683452B52872}C:\program files (x86)\frostwire 6\frostwire.exe] => (Block) C:\program files (x86)\frostwire 6\frostwire.exe => No File
FirewallRules: [UDP Query User{7E1BA250-BA92-4FF9-888A-0B371C5A56AF}C:\program files (x86)\frostwire 6\frostwire.exe] => (Block) C:\program files (x86)\frostwire 6\frostwire.exe => No File
FirewallRules: [{D9CC29E9-3BDA-407E-88BC-FB3FAB628055}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EC17F222-80A8-4415-B039-79456B44F243}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F30EA7BC-3DEE-41C8-89C7-3DA0A434D396}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5D9B5B0F-3254-48BC-92B2-D344F2336181}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A14B8ABD-4D33-4DD4-B984-6836155421FA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{949AE098-5FDE-4F2B-9804-B0B5AEA5C14A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D6D34296-D8F1-4DA4-ABF8-DE71EAE6053A}C:\users\user\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\71.0.3770.228\opera.exe => No File
FirewallRules: [UDP Query User{991EF0CA-5C61-433D-93D9-23E980D8606E}C:\users\user\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\71.0.3770.228\opera.exe => No File
FirewallRules: [TCP Query User{5301100B-2CE9-4440-BC4B-51FB2343658E}C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [UDP Query User{B78EF03B-C613-47FF-8511-B17BC10D2EB1}C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [{63D4657D-0D01-48FC-837B-8BFA5E35E6C1}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe => No File
FirewallRules: [TCP Query User{8AFF0B22-B932-408E-B645-89525C3C225D}C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [UDP Query User{9D71299C-6870-489A-BDFB-7323A27CC84B}C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [{035FC5B4-933D-4220-A6AC-284CA4BC3B9E}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{BDA8946C-B85C-4292-B15F-8D3EC29DBDB5}C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [UDP Query User{F06C5C8B-F709-4B9B-89F8-1F38EFBE1F06}C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [{BE56BFF9-0A29-4326-9999-FA97F703EFA5}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{1F26B03A-371C-4207-ACE3-88B6B6E1E5E0}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{816DD2C7-955E-4E1D-AA6C-A7315E3DA9BC}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{6FD81F13-11D4-4741-B4B0-011F6CD81F75}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{77797EA1-1060-4421-A4E4-874E9AE33512}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FB93D60C-1054-40E0-9054-3C0D9BAE36B6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4038239C-D986-4A08-86D4-C648ECC8FB1D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{79EA397F-B896-4803-BE0B-EE293CB3E03D}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{C7B84C42-2DD5-47B4-83C0-7886A8A030D3}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{62E87F7A-38B7-4C43-B66A-34224D7F3EBB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{8F89464B-262D-4214-82FE-4B707ECA3135}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{B0569993-316B-499B-A988-631A4F89B135}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{6ACC7634-0ADD-4724-A136-370A423D7C83}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{BB5F00F1-488C-44AD-899A-C11454BB160E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

15-11-2021 18:48:53 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Standard VGA Graphics Adapter
Description: Standard VGA Graphics Adapter
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: vga
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/14/2021 08:30:07 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (11/14/2021 08:30:07 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (10/30/2021 11:40:51 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (10/30/2021 11:40:51 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/30/2021 11:24:44 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (10/30/2021 11:24:44 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/28/2021 11:42:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MBAMService.exe, version: 3.2.0.983, time stamp: 0x60cb5bd8
Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb67f
Exception code: 0xc0000005
Fault offset: 0x0000000000032ad4
Faulting process id: 0xdec
Faulting application start time: 0x01d794fc0d28e302
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 93773443-382f-11ec-be72-ac7289c252c1

Error: (10/28/2021 11:27:15 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.


System errors:
=============
Error: (11/15/2021 07:18:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (11/15/2021 06:06:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (11/15/2021 06:06:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WD Rules service terminated unexpectedly. It has done this 1 time(s).

Error: (11/15/2021 06:06:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (11/15/2021 06:06:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WD Drive Manager service terminated unexpectedly. It has done this 1 time(s).

Error: (11/15/2021 06:06:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The DbxSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/15/2021 06:06:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Genuine Software Integrity Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/15/2021 06:06:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
================Event[0]:

Date: 2018-07-13 17:31:16.023
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.271.925.0
Previous Signature Version:1.267.1524.0
Update Source:User
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:1.1.15000.2
Previous Engine Version:1.1.14800.3
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2018-07-13 17:31:16.023
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.15000.2
Previous Engine Version:1.1.14800.3
Update Source:User
Error Code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

==================== Memory info ===========================

BIOS: Hewlett-Packard F.1A 07/20/2011
Motherboard: Hewlett-Packard 1657
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 84%
Total physical RAM: 6091.86 MB
Available physical RAM: 943.09 MB
Total Virtual: 12181.86 MB
Available Virtual: 3005.28 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:292.87 GB) (Free:18.75 GB) NTFS
Drive d: (DATA) (Fixed) (Total:638.54 GB) (Free:362.65 GB) NTFS

\\?\Volume{69b854b3-3f47-11e8-8300-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3C7E929E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

Broni

Posts: 55,846   +504
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    4.5 KB · Views: 7

BefuddledB

Posts: 53   +0
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021
Ran by User (15-11-2021 20:22:32) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
2020-02-20 05:48 - 2020-02-20 05:48 - 000000000 _____ () C:\Users\User\AppData\Local\oobelibMkey.log
2021-09-17 16:38 - 2021-09-17 16:38 - 000000218 _____ () C:\Users\User\AppData\Local\recently-used.xbel
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll -> No File
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll -> No File
FirewallRules: [{59CB665C-2310-40EA-AE21-579139775D0B}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe => No File
FirewallRules: [{613B0F5C-3DFC-475B-A169-0E90046BDCAF}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe => No File
FirewallRules: [TCP Query User{9AD1FC98-C438-408C-ABC3-605A8D79984E}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => No File
FirewallRules: [UDP Query User{21D347A6-6487-401C-A3F6-E8DA1118E98A}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => No File
FirewallRules: [TCP Query User{364F560B-FA0E-4313-A41C-968CEE5BA3F6}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => No File
FirewallRules: [UDP Query User{70EAF6CC-A943-40E3-B8D3-8A488D075D56}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => No File
FirewallRules: [TCP Query User{4296B873-7DC7-4649-925E-683452B52872}C:\program files (x86)\frostwire 6\frostwire.exe] => (Block) C:\program files (x86)\frostwire 6\frostwire.exe => No File
FirewallRules: [UDP Query User{7E1BA250-BA92-4FF9-888A-0B371C5A56AF}C:\program files (x86)\frostwire 6\frostwire.exe] => (Block) C:\program files (x86)\frostwire 6\frostwire.exe => No File
FirewallRules: [TCP Query User{D6D34296-D8F1-4DA4-ABF8-DE71EAE6053A}C:\users\user\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\71.0.3770.228\opera.exe => No File
FirewallRules: [UDP Query User{991EF0CA-5C61-433D-93D9-23E980D8606E}C:\users\user\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\71.0.3770.228\opera.exe => No File
FirewallRules: [TCP Query User{5301100B-2CE9-4440-BC4B-51FB2343658E}C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [UDP Query User{B78EF03B-C613-47FF-8511-B17BC10D2EB1}C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [{63D4657D-0D01-48FC-837B-8BFA5E35E6C1}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe => No File
FirewallRules: [TCP Query User{8AFF0B22-B932-408E-B645-89525C3C225D}C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [UDP Query User{9D71299C-6870-489A-BDFB-7323A27CC84B}C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [{035FC5B4-933D-4220-A6AC-284CA4BC3B9E}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{BDA8946C-B85C-4292-B15F-8D3EC29DBDB5}C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [UDP Query User{F06C5C8B-F709-4B9B-89F8-1F38EFBE1F06}C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File

*****************

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
C:\Users\User\AppData\Local\oobelibMkey.log => moved successfully
C:\Users\User\AppData\Local\recently-used.xbel => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AIMP => removed successfully
HKLM\Software\Classes\CLSID\{1F77B17B-F531-44DB-ACA4-76ABB5010A28} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\AIMP => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{59CB665C-2310-40EA-AE21-579139775D0B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{613B0F5C-3DFC-475B-A169-0E90046BDCAF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9AD1FC98-C438-408C-ABC3-605A8D79984E}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{21D347A6-6487-401C-A3F6-E8DA1118E98A}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{364F560B-FA0E-4313-A41C-968CEE5BA3F6}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{70EAF6CC-A943-40E3-B8D3-8A488D075D56}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4296B873-7DC7-4649-925E-683452B52872}C:\program files (x86)\frostwire 6\frostwire.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7E1BA250-BA92-4FF9-888A-0B371C5A56AF}C:\program files (x86)\frostwire 6\frostwire.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D6D34296-D8F1-4DA4-ABF8-DE71EAE6053A}C:\users\user\appdata\local\programs\opera\71.0.3770.228\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{991EF0CA-5C61-433D-93D9-23E980D8606E}C:\users\user\appdata\local\programs\opera\71.0.3770.228\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5301100B-2CE9-4440-BC4B-51FB2343658E}C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B78EF03B-C613-47FF-8511-B17BC10D2EB1}C:\users\user\appdata\local\programs\opera\71.0.3770.284\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63D4657D-0D01-48FC-837B-8BFA5E35E6C1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8AFF0B22-B932-408E-B645-89525C3C225D}C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9D71299C-6870-489A-BDFB-7323A27CC84B}C:\users\user\appdata\local\programs\opera\72.0.3815.186\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{035FC5B4-933D-4220-A6AC-284CA4BC3B9E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BDA8946C-B85C-4292-B15F-8D3EC29DBDB5}C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F06C5C8B-F709-4B9B-89F8-1F38EFBE1F06}C:\users\user\appdata\local\programs\opera\73.0.3856.344\opera.exe" => removed successfully

==== End of Fixlog 20:22:33 ====
 

Broni

Posts: 55,846   +504
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 

BefuddledB

Posts: 53   +0
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Malwarebytes
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (96.0.4664.45)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
AVAST Software Avast wsc_proxy.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast aswToolsSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Browser Update 1.8.1065.0\AvastBrowserCrashHandler.exe
AVAST Software Browser Update 1.8.1065.0\AvastBrowserCrashHandler64.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast aswEngSrv.exe
AVAST Software Avast AvastUI.exe
AVAST Software Browser Application AvastBrowser.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

BefuddledB

Posts: 53   +0
Farbar Service Scanner Version: 03-11-2021
Ran by User (administrator) on 15-11-2021 at 22:38:29
Running from "C:\Users\User\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

BefuddledB

Posts: 53   +0
Code:
Sophos Scan & Clean
www.sophos.com

   Computer name . . . . : USER-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : User-PC\User
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2021-11-15 23:58:28
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 13m 54s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 128

   Objects scanned . . . : 2,434,108
   Files scanned . . . . : 72,744
   Remnants scanned  . . : 896,568 files / 1,464,796 keys

Malware _____________________________________________________________________

   C:\Users\User\Downloads\Adobe Acrobat XI Pro 11.0.22 FINAL + Crack [TechTools]\Setup.exe -> Quarantined
      Size . . . . . . . : 24,433,436 bytes
      Age  . . . . . . . : 930.2 days (2019-04-30 19:52:28)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 706978135A2803629E3347399127BE44EB92B0B79B476C03CC06B1C9B53053FB
      Product  . . . . . : conscience
      Version  . . . . . : 0.0.0.0
      LanguageID . . . . : 1033
    > Sophos . . . . . . : Generic ML PUA (PUA)
      Fuzzy  . . . . . . : 109.0


Suspicious files ____________________________________________________________

   C:\Users\User\Downloads\wrar306\FileZilla_3.1.5.1_win32-setup.exe
      Size . . . . . . . : 3,705,812 bytes
      Age  . . . . . . . : 1288.3 days (2018-05-07 16:50:33)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 23BB6396E7162C2AE773BBA0E5B1E529502C87F6B2A5CDCCDCE998C19FC8F016
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

   C:\Users\User\Downloads\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\adobe.snr.patch.v2.0-painter.exe (App/Generic-HN) -> Deleted
      Size . . . . . . . : 601,600 bytes
      Age  . . . . . . . : 634.8 days (2020-02-20 05:23:26)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 256C2A409C97448D168F3EB1BFB89AF3D259DFC05A510A3F464D8E4B348116D4
      Product  . . . . . : Universal Adobe Patcher
      Publisher  . . . . : PainteR
      Description  . . . : Universal Adobe Patcher
      Version  . . . . . : 2.0.0.0
      LanguageID . . . . : 1049
      Fuzzy  . . . . . . : 8.0
      References
         HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\User\Downloads\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\adobe.snr.patch.v2.0-painter.exe

   C:\Users\User\Downloads\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\ADOBE_ACROBAT_PRO_DC_V2015_MULTI-XFORCE\xf-acrodc2015.exe (App/Generic-LK) -> Deleted
      Size . . . . . . . : 111,104 bytes
      Age  . . . . . . . : 634.8 days (2020-02-20 05:27:27)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : B50816ECC6EC849FCB0ED0677C8A6B1F0867A74638679BCAFC4F63DCC5B2E1EF
      Fuzzy  . . . . . . : 14.0

   C:\Users\User\Downloads\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\Crack-Windows-DC\xf-acrodc2015.exe (App/Generic-LK) -> Deleted
      Size . . . . . . . : 111,104 bytes
      Age  . . . . . . . : 634.8 days (2020-02-20 05:43:20)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : B50816ECC6EC849FCB0ED0677C8A6B1F0867A74638679BCAFC4F63DCC5B2E1EF
      Fuzzy  . . . . . . : 14.0

   C:\Users\User\Downloads\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\xf-acrodc2015.exe (App/Generic-LK) -> Deleted
      Size . . . . . . . : 111,104 bytes
      Age  . . . . . . . : 634.8 days (2020-02-20 05:27:58)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : B50816ECC6EC849FCB0ED0677C8A6B1F0867A74638679BCAFC4F63DCC5B2E1EF
      Fuzzy  . . . . . . : 14.0
      References
         HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\User\Downloads\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\xf-acrodc2015.exe


Cookies _____________________________________________________________________

   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adhigh.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.appier.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:cxense.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ml314.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:mmstat.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:outbrain.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tremorhub.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\00IEIS9P.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\40EFBYRJ.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\5D2Y7MI2.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\7L9IS9LS.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\AJS1BM8R.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\FXRXOW8Q.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\QXLP2WI3.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\YSQ32S3X.txt
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\cookies.sqlite:ad.gt
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:360yield.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:acuityplatform.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:ad.gt
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:addthis.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:adfarm1.adition.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:adform.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:adnxs.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:adroll.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:ads.linkedin.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:ads.playground.xyz
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:ads.travelaudience.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:adsby.bidtheatre.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:adsrvr.org
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:adsymptotic.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:advertising.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:agkn.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:atdmt.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:bh.contextweb.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:bidr.io
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:bidswitch.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:bluekai.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:casalemedia.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:creative-serving.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:crwdcntrl.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:ctnsnet.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:d.adroll.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:demdex.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:dotomi.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:doubleclick.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:dpm.demdex.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:erne.co
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:eus.rubiconproject.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:everesttech.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:flashtalking.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:go.sonobi.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:ib.mookie1.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:imrworldwide.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:ipredictive.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:krxd.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:lijit.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:linksynergy.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:mathtag.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:ml314.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:mookie1.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:mxptint.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:openx.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:outbrain.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:owneriq.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:postrelease.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:pubmatic.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:rfihub.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:rlcdn.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:rubiconproject.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:scorecardresearch.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:simpli.fi
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:sitescout.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:skimresources.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:statcounter.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:sxp.smartclip.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:taboola.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:tapad.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:tidaltv.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:tremorhub.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:tribalfusion.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:turn.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:undertone.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:w55c.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:widgets.outbrain.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:yieldlab.net
 

BefuddledB

Posts: 53   +0
Code:
Sophos Scan & Clean
www.sophos.com

   Computer name . . . . : USER-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : User-PC\User
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2021-11-15 23:58:28
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 13m 54s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 128

   Objects scanned . . . : 2,434,108
   Files scanned . . . . : 72,744
   Remnants scanned  . . : 896,568 files / 1,464,796 keys

Malware _____________________________________________________________________

   C:\Users\User\Downloads\Adobe Acrobat XI Pro 11.0.22 FINAL + Crack [TechTools]\Setup.exe -> Quarantined
      Size . . . . . . . : 24,433,436 bytes
      Age  . . . . . . . : 930.2 days (2019-04-30 19:52:28)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 706978135A2803629E3347399127BE44EB92B0B79B476C03CC06B1C9B53053FB
      Product  . . . . . : conscience
      Version  . . . . . : 0.0.0.0
      LanguageID . . . . : 1033
    > Sophos . . . . . . : Generic ML PUA (PUA)
      Fuzzy  . . . . . . : 109.0


Suspicious files ____________________________________________________________

   C:\Users\User\Downloads\wrar306\FileZilla_3.1.5.1_win32-setup.exe
      Size . . . . . . . : 3,705,812 bytes
      Age  . . . . . . . : 1288.3 days (2018-05-07 16:50:33)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 23BB6396E7162C2AE773BBA0E5B1E529502C87F6B2A5CDCCDCE998C19FC8F016
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

   C:\Users\User\Downloads\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\adobe.snr.patch.v2.0-painter.exe (App/Generic-HN) -> Deleted
      Size . . . . . . . : 601,600 bytes
      Age  . . . . . . . : 634.8 days (2020-02-20 05:23:26)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 256C2A409C97448D168F3EB1BFB89AF3D259DFC05A510A3F464D8E4B348116D4
      Product  . . . . . : Universal Adobe Patcher
      Publisher  . . . . : PainteR
      Description  . . . : Universal Adobe Patcher
      Version  . . . . . : 2.0.0.0
      LanguageID . . . . : 1049
      Fuzzy  . . . . . . : 8.0
      References
         HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\User\Downloads\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\adobe.snr.patch.v2.0-painter.exe

   C:\Users\User\Downloads\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\ADOBE_ACROBAT_PRO_DC_V2015_MULTI-XFORCE\xf-acrodc2015.exe (App/Generic-LK) -> Deleted
      Size . . . . . . . : 111,104 bytes
      Age  . . . . . . . : 634.8 days (2020-02-20 05:27:27)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : B50816ECC6EC849FCB0ED0677C8A6B1F0867A74638679BCAFC4F63DCC5B2E1EF
      Fuzzy  . . . . . . : 14.0

   C:\Users\User\Downloads\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\Crack-Windows-DC\xf-acrodc2015.exe (App/Generic-LK) -> Deleted
      Size . . . . . . . : 111,104 bytes
      Age  . . . . . . . : 634.8 days (2020-02-20 05:43:20)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : B50816ECC6EC849FCB0ED0677C8A6B1F0867A74638679BCAFC4F63DCC5B2E1EF
      Fuzzy  . . . . . . : 14.0

   C:\Users\User\Downloads\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\xf-acrodc2015.exe (App/Generic-LK) -> Deleted
      Size . . . . . . . : 111,104 bytes
      Age  . . . . . . . : 634.8 days (2020-02-20 05:27:58)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : B50816ECC6EC849FCB0ED0677C8A6B1F0867A74638679BCAFC4F63DCC5B2E1EF
      Fuzzy  . . . . . . : 14.0
      References
         HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\User\Downloads\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\Adobe Acrobat PRO DC 2019.010.20098 + Crack [www.Tech-Tools.me]\xf-acrodc2015.exe


Cookies _____________________________________________________________________

   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adhigh.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.appier.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:cxense.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ml314.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:mmstat.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:outbrain.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tremorhub.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\00IEIS9P.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\40EFBYRJ.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\5D2Y7MI2.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\7L9IS9LS.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\AJS1BM8R.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\FXRXOW8Q.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\QXLP2WI3.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\YSQ32S3X.txt
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\cookies.sqlite:ad.gt
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:360yield.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:acuityplatform.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:ad.gt
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:addthis.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:adfarm1.adition.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:adform.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:adnxs.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:adroll.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:ads.linkedin.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:ads.playground.xyz
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:ads.travelaudience.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:adsby.bidtheatre.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:adsrvr.org
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:adsymptotic.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:advertising.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:agkn.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:atdmt.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:bh.contextweb.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:bidr.io
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:bidswitch.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:bluekai.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:casalemedia.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:creative-serving.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:crwdcntrl.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:ctnsnet.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:d.adroll.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:demdex.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:dotomi.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:doubleclick.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:dpm.demdex.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:erne.co
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:eus.rubiconproject.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:everesttech.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:flashtalking.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:go.sonobi.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:ib.mookie1.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:imrworldwide.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:ipredictive.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:krxd.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:lijit.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:linksynergy.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:mathtag.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:ml314.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:mookie1.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:mxptint.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:openx.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:outbrain.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:owneriq.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:postrelease.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:pubmatic.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:rfihub.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:rlcdn.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:rubiconproject.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:scorecardresearch.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:simpli.fi
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:sitescout.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:skimresources.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:statcounter.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:sxp.smartclip.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:taboola.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:tapad.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:tidaltv.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:tremorhub.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:tribalfusion.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:turn.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:undertone.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:w55c.net
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:widgets.outbrain.com
   C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Cookies:yieldlab.net
 

Broni

Posts: 55,846   +504
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.
 

BefuddledB

Posts: 53   +0
Computer is doing great, faster than it's been in a very long time. Thank you so much! Your consistency and diligence is truly remarkable!! I don't know how you do it man!

I have been unemployed for two years, and only had a serious job for about 8 months in the last four years. There is no way I could have paid to fix some of the problems you helped me with. Thank you for being an inspirational example of service!!
 

BefuddledB

Posts: 53   +0
Hi Broni,

I just started using my computer this weekend after the clean up and I found many issues. It can't read any USB drive, only the default browser works, all updates seem impossible like Avast, Windows updates etc. I tried uninstalling Malwarebytes and it brings "failed to uninstall" message. What should I do?